diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 7be79948ea..1c61f9451f 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -9503,7 +9503,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
- [ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
> [!NOTE]
-> Not all Policies in Policy CSP supported by Group Policy are ADMX-backed. For more details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> Not all Policies in Policy CSP supported by Group Policy are ADMX-backed. For more details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
## Policies in Policy CSP supported by HoloLens devices
- [Policies in Policy CSP supported by HoloLens 2](./policies-in-policy-csp-supported-by-hololens2.md)
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md
index 572eef454e..3ce6a65cc0 100644
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@@ -8,24 +8,24 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/27/2019
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ActiveXControls
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ActiveXControls policies
+## ActiveXControls policies
-
@@ -37,7 +37,7 @@ manager: aaroncz
-**ActiveXControls/ApprovedInstallationSites**
+**ActiveXControls/ApprovedInstallationSites**
@@ -62,11 +62,11 @@ manager: aaroncz
-This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved ActiveX Install sites specified by host URL.
+This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved ActiveX Install sites specified by host URL.
-If you enable this setting, the administrator can create a list of approved ActiveX Install sites specified by host URL.
+If you enable this setting, the administrator can create a list of approved ActiveX Install sites specified by host URL.
-If you disable or don't configure this policy setting, ActiveX controls prompt the user for administrative credentials before installation.
+If you disable or don't configure this policy setting, ActiveX controls prompt the user for administrative credentials before installation.
> [!Note]
> Wild card characters can't be used when specifying the host URLs.
@@ -74,7 +74,7 @@ If you disable or don't configure this policy setting, ActiveX controls prompt t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Approved Installation Sites for ActiveX Controls*
- GP name: *ApprovedActiveXInstallSites*
- GP path: *Windows Components/ActiveX Installer Service*
diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
index 05cbc1fcee..23b20c1db5 100644
--- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
+++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
@@ -8,24 +8,24 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/09/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_ActiveXInstallService
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_ActiveXInstallService policies
+## ADMX_ActiveXInstallService policies
-
@@ -37,7 +37,7 @@ manager: aaroncz
-**ADMX_ActiveXInstallService/AxISURLZonePolicies**
+**ADMX_ActiveXInstallService/AxISURLZonePolicies**
@@ -67,7 +67,7 @@ This policy setting controls the installation of ActiveX controls for sites in T
If you enable this policy setting, ActiveX controls are installed according to the settings defined by this policy setting.
-If you disable or don't configure this policy setting, ActiveX controls prompt the user before installation.
+If you disable or don't configure this policy setting, ActiveX controls prompt the user before installation.
If the trusted site uses the HTTPS protocol, this policy setting can also control how ActiveX Installer Service responds to certificate errors. By default all HTTPS connections must supply a server certificate that passes all validation criteria. If a trusted site has a certificate error but you want to trust it anyway, you can select the certificate errors that you want to ignore.
@@ -77,7 +77,7 @@ If the trusted site uses the HTTPS protocol, this policy setting can also contro
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Establish ActiveX installation policy for sites in Trusted zones*
- GP name: *AxISURLZonePolicies*
- GP path: *Windows Components\ActiveX Installer Service*
diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
index cf5b1966c0..a5cf7807f0 100644
--- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
+++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
@@ -8,24 +8,24 @@ ms.technology: windows
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 08/13/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_AddRemovePrograms
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## Policy CSP - ADMX_AddRemovePrograms
+## Policy CSP - ADMX_AddRemovePrograms
-
@@ -67,7 +67,7 @@ manager: aaroncz
-**ADMX_AddRemovePrograms/DefaultCategory**
+**ADMX_AddRemovePrograms/DefaultCategory**
@@ -89,7 +89,7 @@ manager: aaroncz
-The policy setting specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. You can use the Category box on the "Add New Programs" page to display programs in other categories.
+The policy setting specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. You can use the Category box on the "Add New Programs" page to display programs in other categories.
To use this setting, type the name of a category in the Category box for this setting. You must enter a category that is already defined in Add or Remove Programs. To define a category, use Software Installation.
@@ -101,7 +101,7 @@ If you disable this setting or don't configure it, all programs (Category: All)
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify default category for Add New Programs*
- GP name: *DefaultCategory*
- GP path: *Control Panel/Add or Remove Programs*
@@ -122,7 +122,7 @@ ADMX Info:
-**ADMX_AddRemovePrograms/NoAddFromCDorFloppy**
+**ADMX_AddRemovePrograms/NoAddFromCDorFloppy**
@@ -159,7 +159,7 @@ If you disable this setting or don't configure it, the "Add a program from CD-RO
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide the "Add a program from CD-ROM or floppy disk" option*
- GP name: *NoAddFromCDorFloppy*
- GP path: *Control Panel/Add or Remove Programs*
@@ -180,7 +180,7 @@ ADMX Info:
-**ADMX_AddRemovePrograms/NoAddFromInternet**
+**ADMX_AddRemovePrograms/NoAddFromInternet**
@@ -218,7 +218,7 @@ If you disable this setting or don't configure it, "Add programs from Microsoft"
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide the "Add programs from Microsoft" option*
- GP name: *NoAddFromInternet*
- GP path: *Control Panel/Add or Remove Programs*
@@ -239,7 +239,7 @@ ADMX Info:
-**ADMX_AddRemovePrograms/NoAddFromNetwork**
+**ADMX_AddRemovePrograms/NoAddFromNetwork**
@@ -266,9 +266,9 @@ ADMX Info:
-This policy setting prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them. Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files.
+This policy setting prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them. Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files.
-If you enable this setting, users can't tell which programs have been published by the system administrator, and they can't use Add or Remove Programs to install published programs. However, they can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the desktop or on the Start menu.
+If you enable this setting, users can't tell which programs have been published by the system administrator, and they can't use Add or Remove Programs to install published programs. However, they can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the desktop or on the Start menu.
If you disable this setting or don't configure it, "Add programs from your network" is available to all users.
@@ -279,7 +279,7 @@ If you disable this setting or don't configure it, "Add programs from your netwo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide the "Add programs from your network" option*
- GP name: *NoAddFromNetwork*
- GP path: *Control Panel/Add or Remove Programs*
@@ -299,7 +299,7 @@ ADMX Info:
-**ADMX_AddRemovePrograms/NoAddPage**
+**ADMX_AddRemovePrograms/NoAddPage**
@@ -334,7 +334,7 @@ If you disable this setting or don't configure it, the Add New Programs button i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide Add New Programs page*
- GP name: *NoAddPage*
- GP path: *Control Panel/Add or Remove Programs*
@@ -355,7 +355,7 @@ ADMX Info:
-**ADMX_AddRemovePrograms/NoAddRemovePrograms**
+**ADMX_AddRemovePrograms/NoAddRemovePrograms**
@@ -382,7 +382,7 @@ ADMX Info:
-This policy setting prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus. Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs.
+This policy setting prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus. Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs.
If you disable this setting or don't configure it, Add or Remove Programs is available to all users. When enabled, this setting takes precedence over the other settings in this folder. This setting doesn't prevent users from using other tools and methods to install or uninstall programs.
@@ -390,7 +390,7 @@ If you disable this setting or don't configure it, Add or Remove Programs is ava
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Add or Remove Programs*
- GP name: *NoAddRemovePrograms*
- GP path: *Control Panel/Add or Remove Programs*
@@ -411,7 +411,7 @@ ADMX Info:
-**ADMX_AddRemovePrograms/NoChooseProgramsPage**
+**ADMX_AddRemovePrograms/NoChooseProgramsPage**
@@ -438,7 +438,7 @@ ADMX Info:
-This policy setting removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users can't view or change the associated page. The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations.
+This policy setting removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users can't view or change the associated page. The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations.
If you disable this setting or don't configure it, the **Set Program Access and Defaults** button is available to all users. This setting doesn't prevent users from using other tools and methods to change program access or defaults. This setting doesn't prevent the Set Program Access and Defaults icon from appearing on the Start menu. See the "Remove Set Program Access and Defaults from Start menu" setting.
@@ -447,7 +447,7 @@ If you disable this setting or don't configure it, the **Set Program Access and
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide the Set Program Access and Defaults page*
- GP name: *NoChooseProgramsPage*
- GP path: *Control Panel/Add or Remove Programs*
@@ -468,7 +468,7 @@ ADMX Info:
-**ADMX_AddRemovePrograms/NoRemovePage**
+**ADMX_AddRemovePrograms/NoRemovePage**
@@ -503,7 +503,7 @@ If you disable this setting or don't configure it, the Change or Remove Programs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide Change or Remove Programs page*
- GP name: *NoRemovePage*
- GP path: *Control Panel/Add or Remove Programs*
@@ -524,7 +524,7 @@ ADMX Info:
-**ADMX_AddRemovePrograms/NoServices**
+**ADMX_AddRemovePrograms/NoServices**
@@ -562,7 +562,7 @@ If you disable this setting or don't configure it, "Set up services" appears onl
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Go directly to Components Wizard*
- GP name: *NoServices*
- GP path: *Control Panel/Add or Remove Programs*
@@ -583,7 +583,7 @@ ADMX Info:
-**ADMX_AddRemovePrograms/NoSupportInfo**
+**ADMX_AddRemovePrograms/NoSupportInfo**
@@ -620,7 +620,7 @@ If you disable this setting or don't configure it, the Support Info hyperlink ap
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Support Information*
- GP name: *NoSupportInfo*
- GP path: *Control Panel/Add or Remove Programs*
@@ -641,7 +641,7 @@ ADMX Info:
-**ADMX_AddRemovePrograms/NoWindowsSetupPage**
+**ADMX_AddRemovePrograms/NoWindowsSetupPage**
@@ -676,7 +676,7 @@ If you disable this setting or don't configure it, the Add/Remove Windows Compon
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide Add/Remove Windows Components page*
- GP name: *NoWindowsSetupPage*
- GP path: *Control Panel/Add or Remove Programs*
diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md
index 5dd95ce744..c775585c4c 100644
--- a/windows/client-management/mdm/policy-csp-admx-admpwd.md
+++ b/windows/client-management/mdm/policy-csp-admx-admpwd.md
@@ -8,24 +8,24 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/09/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_AdmPwd
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_AdmPwd policies
+## ADMX_AdmPwd policies
-
@@ -46,7 +46,7 @@ manager: aaroncz
-**ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy**
+**ADMX_AdmPwd/POL_AdmPwd_DontAllowPwdExpirationBehindPolicy**
@@ -78,7 +78,7 @@ When you disable or don't configure this setting, password expiration time may b
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow password expiration time longer than required by policy*
- GP name: *POL_AdmPwd_DontAllowPwdExpirationBehindPolicy*
- GP path: *Windows Components\AdmPwd*
@@ -89,7 +89,7 @@ ADMX Info:
-**ADMX_AdmPwd/POL_AdmPwd_Enabled**
+**ADMX_AdmPwd/POL_AdmPwd_Enabled**
@@ -123,7 +123,7 @@ If you disable or not configure this setting, local administrator password is NO
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable local admin password management*
- GP name: *POL_AdmPwd_Enabled*
- GP path: *Windows Components\AdmPwd*
@@ -135,7 +135,7 @@ ADMX Info:
-**ADMX_AdmPwd/POL_AdmPwd_AdminName**
+**ADMX_AdmPwd/POL_AdmPwd_AdminName**
@@ -168,7 +168,7 @@ When you disable or don't configure this setting, password expiration time may b
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Name of administrator account to manage*
- GP name: *POL_AdmPwd_AdminName*
- GP path: *Windows Components\AdmPwd*
@@ -181,7 +181,7 @@ ADMX Info:
-**ADMX_AdmPwd/POL_AdmPwd**
+**ADMX_AdmPwd/POL_AdmPwd**
@@ -217,7 +217,7 @@ If you disable or not configure this setting, local administrator password is NO
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Password Settings*
- GP name: *POL_AdmPwd*
- GP path: *Windows Components\AdmPwd*
diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md
index ecdf4b38bf..f1895c4781 100644
--- a/windows/client-management/mdm/policy-csp-admx-appcompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md
@@ -8,23 +8,23 @@ ms.technology: windows
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 08/20/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_AppCompat
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## Policy CSP - ADMX_AppCompat
+## Policy CSP - ADMX_AppCompat
-
@@ -69,7 +69,7 @@ manager: aaroncz
-**ADMX_AppCompat/AppCompatPrevent16BitMach**
+**ADMX_AppCompat/AppCompatPrevent16BitMach**
@@ -111,7 +111,7 @@ If the status is set to Not Configured, the OS falls back on a local policy set
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent access to 16-bit applications*
- GP name: *AppCompatPrevent16BitMach*
- GP path: *Windows Components/Application Compatibility*
@@ -123,7 +123,7 @@ ADMX Info:
-**ADMX_AppCompat/AppCompatRemoveProgramCompatPropPage**
+**ADMX_AppCompat/AppCompatRemoveProgramCompatPropPage**
@@ -159,7 +159,7 @@ Enabling this policy setting removes the property page from the context-menus, b
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Program Compatibility Property Page*
- GP name: *AppCompatRemoveProgramCompatPropPage*
- GP path: *Windows Components/Application Compatibility*
@@ -171,7 +171,7 @@ ADMX Info:
-**ADMX_AppCompat/AppCompatTurnOffApplicationImpactTelemetry**
+**ADMX_AppCompat/AppCompatTurnOffApplicationImpactTelemetry**
@@ -211,7 +211,7 @@ Disabling telemetry will take effect on any newly launched applications. To ensu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Application Telemetry*
- GP name: *AppCompatTurnOffApplicationImpactTelemetry*
- GP path: *Windows Components/Application Compatibility*
@@ -223,7 +223,7 @@ ADMX Info:
-**ADMX_AppCompat/AppCompatTurnOffSwitchBack**
+**ADMX_AppCompat/AppCompatTurnOffSwitchBack**
@@ -264,7 +264,7 @@ Reboot the system after changing the setting to ensure that your system accurate
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off SwitchBack Compatibility Engine*
- GP name: *AppCompatTurnOffSwitchBack*
- GP path: *Windows Components/Application Compatibility*
@@ -276,7 +276,7 @@ ADMX Info:
-**ADMX_AppCompat/AppCompatTurnOffEngine**
+**ADMX_AppCompat/AppCompatTurnOffEngine**
|Edition|Windows 10|Windows 11|
@@ -318,7 +318,7 @@ This option is useful to server administrators who require faster performance an
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Application Compatibility Engine*
- GP name: *AppCompatTurnOffEngine*
- GP path: *Windows Components/Application Compatibility*
@@ -330,7 +330,7 @@ ADMX Info:
-**ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_1**
+**ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_1**
@@ -362,7 +362,7 @@ This policy setting exists only for backward compatibility, and isn't valid for
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Program Compatibility Assistant*
- GP name: *AppCompatTurnOffProgramCompatibilityAssistant_1*
- GP path: *Windows Components/Application Compatibility*
@@ -374,7 +374,7 @@ ADMX Info:
-**ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_2**
+**ADMX_AppCompat/AppCompatTurnOffProgramCompatibilityAssistant_2**
@@ -404,7 +404,7 @@ This policy setting controls the state of the Program Compatibility Assistant (P
If you enable this policy setting, the PCA will be turned off. The user won't be presented with solutions to known compatibility issues when running applications. Turning off the PCA can be useful for system administrators who require better performance and are already aware of application compatibility issues.
-If you disable or don't configure this policy setting, the PCA will be turned on. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.
+If you disable or don't configure this policy setting, the PCA will be turned on. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.
> [!NOTE]
> The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service must be running for the PCA to run. These services can be configured by using the Services snap-in to the Microsoft Management Console.
@@ -413,7 +413,7 @@ If you disable or don't configure this policy setting, the PCA will be turned on
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Program Compatibility Assistant*
- GP name: *AppCompatTurnOffProgramCompatibilityAssistant_2*
- GP path: *Windows Components/Application Compatibility*
@@ -425,7 +425,7 @@ ADMX Info:
-**ADMX_AppCompat/AppCompatTurnOffUserActionRecord**
+**ADMX_AppCompat/AppCompatTurnOffUserActionRecord**
@@ -463,7 +463,7 @@ If you disable or don't configure this policy setting, Steps Recorder will be en
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Steps Recorder*
- GP name: *AppCompatTurnOffUserActionRecord*
- GP path: *Windows Components/Application Compatibility*
@@ -475,7 +475,7 @@ ADMX Info:
-**ADMX_AppCompat/AppCompatTurnOffProgramInventory**
+**ADMX_AppCompat/AppCompatTurnOffProgramInventory**
@@ -501,7 +501,7 @@ ADMX Info:
-This policy setting controls the state of the Inventory Collector.
+This policy setting controls the state of the Inventory Collector.
The Inventory Collector inventories applications, files, devices, and drivers on the system and sends the information to Microsoft. This information is used to help diagnose compatibility problems.
@@ -516,7 +516,7 @@ If you disable or don't configure this policy setting, the Inventory Collector w
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Inventory Collector*
- GP name: *AppCompatTurnOffProgramInventory*
- GP path: *Windows Components/Application Compatibility*
diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
index 3e30dc883a..b4efd495fa 100644
--- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/10/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_AppxPackageManager
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_AppxPackageManager policies
+## ADMX_AppxPackageManager policies
-
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_AppxPackageManager/AllowDeploymentInSpecialProfiles**
+**ADMX_AppxPackageManager/AllowDeploymentInSpecialProfiles**
@@ -62,9 +62,9 @@ manager: aaroncz
-This policy setting allows you to manage the deployment of Windows Store apps when the user is signed in using a special profile.
+This policy setting allows you to manage the deployment of Windows Store apps when the user is signed in using a special profile.
-Special profiles are the following user profiles where changes are discarded after the user signs off:
+Special profiles are the following user profiles where changes are discarded after the user signs off:
- Roaming user profiles to which the "Delete cached copies of roaming profiles" Group Policy setting applies.
- Mandatory user profiles and super-mandatory profiles, which are created by an administrator.
@@ -79,7 +79,7 @@ If you disable or don't configure this policy setting, Group Policy blocks deplo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow deployment operations in special profiles*
- GP name: *AllowDeploymentInSpecialProfiles*
- GP path: *Windows Components\App Package Deployment*
diff --git a/windows/client-management/mdm/policy-csp-admx-appxruntime.md b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
index 786dc5626b..262a774184 100644
--- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/10/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_AppXRuntime
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_AppXRuntime policies
+## ADMX_AppXRuntime policies
-
@@ -45,7 +45,7 @@ manager: aaroncz
-**ADMX_AppXRuntime/AppxRuntimeApplicationContentUriRules**
+**ADMX_AppXRuntime/AppxRuntimeApplicationContentUriRules**
@@ -81,7 +81,7 @@ If you disable or don't set this policy setting, Windows Store apps will only us
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on dynamic Content URI Rules for Windows store apps*
- GP name: *AppxRuntimeApplicationContentUriRules*
- GP path: *Windows Components\App runtime*
@@ -92,7 +92,7 @@ ADMX Info:
-**ADMX_AppXRuntime/AppxRuntimeBlockFileElevation**
+**ADMX_AppXRuntime/AppxRuntimeBlockFileElevation**
@@ -128,7 +128,7 @@ If you disable or don't configure this policy setting, Windows Store apps can op
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Block launching desktop apps associated with a file.*
- GP name: *AppxRuntimeBlockFileElevation*
- GP path: *Windows Components\App runtime*
@@ -139,7 +139,7 @@ ADMX Info:
-**ADMX_AppXRuntime/AppxRuntimeBlockHostedAppAccessWinRT**
+**ADMX_AppXRuntime/AppxRuntimeBlockHostedAppAccessWinRT**
@@ -177,7 +177,7 @@ If you disable or don't configure this policy setting, all Universal Windows app
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Block launching Universal Windows apps with Windows Runtime API access from hosted content.*
- GP name: *AppxRuntimeBlockHostedAppAccessWinRT*
- GP path: *Windows Components\App runtime*
@@ -188,7 +188,7 @@ ADMX Info:
-**ADMX_AppXRuntime/AppxRuntimeBlockProtocolElevation**
+**ADMX_AppXRuntime/AppxRuntimeBlockProtocolElevation**
@@ -215,7 +215,7 @@ ADMX Info:
-This policy setting lets you control whether Windows Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than Windows Store apps, there's a risk that a URI scheme launched by a Windows Store app might compromise the system by launching a desktop app.
+This policy setting lets you control whether Windows Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than Windows Store apps, there's a risk that a URI scheme launched by a Windows Store app might compromise the system by launching a desktop app.
If you enable this policy setting, Windows Store apps can't open URIs in the default desktop app for a URI scheme; they can open URIs only in other Windows Store apps.
@@ -227,7 +227,7 @@ If you disable or don't configure this policy setting, Windows Store apps can op
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Block launching desktop apps associated with a URI scheme*
- GP name: *AppxRuntimeBlockProtocolElevation*
- GP path: *Windows Components\App runtime*
diff --git a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
index 0b7733a5a2..b6f5e8e21f 100644
--- a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/10/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_AttachmentManager
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_AttachmentManager policies
+## ADMX_AttachmentManager policies
-
@@ -48,7 +48,7 @@ manager: aaroncz
-**ADMX_AttachmentManager/AM_EstimateFileHandlerRisk**
+**ADMX_AttachmentManager/AM_EstimateFileHandlerRisk**
@@ -89,7 +89,7 @@ If you don't configure this policy setting, Windows uses its default trust logic
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Trust logic for file attachments*
- GP name: *AM_EstimateFileHandlerRisk*
- GP path: *Windows Components\Attachment Manager*
@@ -100,7 +100,7 @@ ADMX Info:
-**ADMX_AttachmentManager/AM_SetFileRiskLevel**
+**ADMX_AttachmentManager/AM_SetFileRiskLevel**
@@ -141,7 +141,7 @@ If you don't configure this policy setting, Windows sets the default risk level
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Default risk level for file attachments*
- GP name: *AM_SetFileRiskLevel*
- GP path: *Windows Components\Attachment Manager*
@@ -152,7 +152,7 @@ ADMX Info:
-**ADMX_AttachmentManager/AM_SetHighRiskInclusion**
+**ADMX_AttachmentManager/AM_SetHighRiskInclusion**
@@ -189,7 +189,7 @@ If you don't configure this policy setting, Windows uses its built-in list of hi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Inclusion list for high risk file types*
- GP name: *AM_SetHighRiskInclusion*
- GP path: *Windows Components\Attachment Manager*
@@ -200,7 +200,7 @@ ADMX Info:
-**ADMX_AttachmentManager/AM_SetLowRiskInclusion**
+**ADMX_AttachmentManager/AM_SetLowRiskInclusion**
@@ -237,7 +237,7 @@ If you don't configure this policy setting, Windows uses its default trust logic
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Inclusion list for low file types*
- GP name: *AM_SetLowRiskInclusion*
- GP path: *Windows Components\Attachment Manager*
@@ -248,7 +248,7 @@ ADMX Info:
-**ADMX_AttachmentManager/AM_SetModRiskInclusion**
+**ADMX_AttachmentManager/AM_SetModRiskInclusion**
@@ -285,7 +285,7 @@ If you don't configure this policy setting, Windows uses its default trust logic
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Inclusion list for moderate risk file types*
- GP name: *AM_SetModRiskInclusion*
- GP path: *Windows Components\Attachment Manager*
diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
index d3fbdfca47..67cb8ce4bf 100644
--- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md
+++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/13/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_AuditSettings.
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_AuditSettings policies
+## ADMX_AuditSettings policies
-
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_AuditSettings/IncludeCmdLine**
+**ADMX_AuditSettings/IncludeCmdLine**
@@ -76,7 +76,7 @@ Default is Not configured.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Include command line in process creation events*
- GP name: *IncludeCmdLine*
- GP path: *System/Audit Process Creation*
diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md
index 52c73b763f..298c93aa7f 100644
--- a/windows/client-management/mdm/policy-csp-admx-bits.md
+++ b/windows/client-management/mdm/policy-csp-admx-bits.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 10/20/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Bits
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Bits policies
+## ADMX_Bits policies
-
@@ -75,7 +75,7 @@ manager: aaroncz
-**ADMX_Bits/BITS_DisableBranchCache**
+**ADMX_Bits/BITS_DisableBranchCache**
@@ -109,11 +109,11 @@ If you disable or don't configure this policy setting, the BITS client uses Wind
> [!NOTE]
> This policy setting doesn't affect the use of Windows Branch Cache by applications other than BITS. This policy setting doesn't apply to BITS transfers over SMB. This setting has no effect if the computer's administrative settings for Windows Branch Cache disable its use entirely.
-
+
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow the BITS client to use Windows Branch Cache*
- GP name: *BITS_DisableBranchCache*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -124,7 +124,7 @@ ADMX Info:
-**ADMX_Bits/BITS_DisablePeercachingClient**
+**ADMX_Bits/BITS_DisablePeercachingClient**
@@ -163,7 +163,7 @@ If you disable or don't configure this policy setting, the computer attempts to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow the computer to act as a BITS Peercaching client*
- GP name: *BITS_DisablePeercachingClient*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -174,7 +174,7 @@ ADMX Info:
-**ADMX_Bits/BITS_DisablePeercachingServer**
+**ADMX_Bits/BITS_DisablePeercachingServer**
@@ -213,7 +213,7 @@ If you disable or don't configure this policy setting, the computer will offer d
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow the computer to act as a BITS Peercaching server*
- GP name: *BITS_DisablePeercachingServer*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -225,7 +225,7 @@ ADMX Info:
-**ADMX_Bits/BITS_EnablePeercaching**
+**ADMX_Bits/BITS_EnablePeercaching**
@@ -263,7 +263,7 @@ If you disable or don't configure this policy setting, the BITS peer caching fea
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow BITS Peercaching*
- GP name: *BITS_EnablePeercaching*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -275,7 +275,7 @@ ADMX Info:
-**ADMX_Bits/BITS_MaxBandwidthServedForPeers**
+**ADMX_Bits/BITS_MaxBandwidthServedForPeers**
@@ -311,13 +311,13 @@ If you enable this policy setting, you can enter a value in bits per second (bps
If you disable this policy setting or don't configure it, the default value of 30 percent of the slowest active network interface will be used.
-> [!NOTE]
+> [!NOTE]
> This setting has no effect if the "Allow BITS peer caching" policy setting is disabled or not configured.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit the maximum network bandwidth used for Peercaching*
- GP name: *BITS_MaxBandwidthServedForPeers*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -328,7 +328,7 @@ ADMX Info:
-**ADMX_Bits/BITS_MaxBandwidthV2_Maintenance**
+**ADMX_Bits/BITS_MaxBandwidthV2_Maintenance**
@@ -368,7 +368,7 @@ If you disable or don't configure this policy setting, the limits defined for wo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers*
- GP name: *BITS_MaxBandwidthV2_Maintenance*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -380,7 +380,7 @@ ADMX Info:
-**ADMX_Bits/BITS_MaxBandwidthV2_Work**
+**ADMX_Bits/BITS_MaxBandwidthV2_Work**
@@ -417,7 +417,7 @@ If you disable or don't configure this policy setting, BITS uses all available u
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers*
- GP name: *BITS_MaxBandwidthV2_Work*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -429,7 +429,7 @@ ADMX Info:
-**ADMX_Bits/BITS_MaxCacheSize**
+**ADMX_Bits/BITS_MaxCacheSize**
@@ -467,7 +467,7 @@ If you disable or don't configure this policy setting, the default size of the B
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit the BITS Peercache size*
- GP name: *BITS_MaxCacheSize*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -478,7 +478,7 @@ ADMX Info:
-**ADMX_Bits/BITS_MaxContentAge**
+**ADMX_Bits/BITS_MaxContentAge**
@@ -516,7 +516,7 @@ If you disable or don't configure this policy setting, files that haven't been a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit the age of files in the BITS Peercache*
- GP name: *BITS_MaxContentAge*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -527,7 +527,7 @@ ADMX Info:
-**ADMX_Bits/BITS_MaxDownloadTime**
+**ADMX_Bits/BITS_MaxDownloadTime**
@@ -567,7 +567,7 @@ If you disable or don't configure this policy setting, the default value of 90 d
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit the maximum BITS job download time*
- GP name: *BITS_MaxDownloadTime*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -578,7 +578,7 @@ ADMX Info:
-**ADMX_Bits/BITS_MaxFilesPerJob**
+**ADMX_Bits/BITS_MaxFilesPerJob**
@@ -617,7 +617,7 @@ If you disable or don't configure this policy setting, BITS will use the default
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit the maximum number of files allowed in a BITS job*
- GP name: *BITS_MaxFilesPerJob*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -628,7 +628,7 @@ ADMX Info:
-**ADMX_Bits/BITS_MaxJobsPerMachine**
+**ADMX_Bits/BITS_MaxJobsPerMachine**
@@ -667,7 +667,7 @@ If you disable or don't configure this policy setting, BITS will use the default
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit the maximum number of BITS jobs for this computer*
- GP name: *BITS_MaxJobsPerMachine*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -678,7 +678,7 @@ ADMX Info:
-**ADMX_Bits/BITS_MaxJobsPerUser**
+**ADMX_Bits/BITS_MaxJobsPerUser**
@@ -717,7 +717,7 @@ If you disable or don't configure this policy setting, BITS will use the default
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit the maximum number of BITS jobs for each user*
- GP name: *BITS_MaxJobsPerUser*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
@@ -728,7 +728,7 @@ ADMX Info:
-**ADMX_Bits/BITS_MaxRangesPerFile**
+**ADMX_Bits/BITS_MaxRangesPerFile**
@@ -767,7 +767,7 @@ If you disable or don't configure this policy setting, BITS will limit ranges to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit the maximum number of ranges that can be added to the file in a BITS job*
- GP name: *BITS_MaxRangesPerFile*
- GP path: *Network\Background Intelligent Transfer Service (BITS)*
diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
index 86f2b2d508..67bdff96e4 100644
--- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
+++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/17/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_CipherSuiteOrder
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_CipherSuiteOrder policies
+## ADMX_CipherSuiteOrder policies
-
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_CipherSuiteOrder/SSLCipherSuiteOrder**
+**ADMX_CipherSuiteOrder/SSLCipherSuiteOrder**
@@ -77,7 +77,7 @@ For information about supported cipher suites, see [Cipher Suites in TLS/SSL (Sc
-ADMX Info:
+ADMX Info:
- GP Friendly name: *SSL Cipher Suite Order*
- GP name: *SSLCipherSuiteOrder*
- GP path: *Network/SSL Configuration Settings*
@@ -90,7 +90,7 @@ ADMX Info:
-**ADMX_CipherSuiteOrder/SSLCurveOrder**
+**ADMX_CipherSuiteOrder/SSLCurveOrder**
@@ -137,7 +137,7 @@ CertUtil.exe -DisplayEccCurve
-ADMX Info:
+ADMX Info:
- GP Friendly name: *ECC Curve Order*
- GP name: *SSLCurveOrder*
- GP path: *Network/SSL Configuration Settings*
diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md
index 8426131fb5..4f413d02e1 100644
--- a/windows/client-management/mdm/policy-csp-admx-com.md
+++ b/windows/client-management/mdm/policy-csp-admx-com.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/18/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_COM
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_COM policies
+## ADMX_COM policies
-
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_COM/AppMgmt_COM_SearchForCLSID_1**
+**ADMX_COM/AppMgmt_COM_SearchForCLSID_1**
@@ -79,7 +79,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Download missing COM components*
- GP name: *AppMgmt_COM_SearchForCLSID_1*
- GP path: *System*
@@ -92,7 +92,7 @@ ADMX Info:
-**ADMX_COM/AppMgmt_COM_SearchForCLSID_2**
+**ADMX_COM/AppMgmt_COM_SearchForCLSID_2**
@@ -131,7 +131,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Download missing COM components*
- GP name: *AppMgmt_COM_SearchForCLSID_2*
- GP path: *System*
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
index 55e7b8a33f..8abd39f58a 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/05/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_ControlPanel
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_ControlPanel policies
+## ADMX_ControlPanel policies
-
@@ -45,7 +45,7 @@ manager: aaroncz
-**ADMX_ControlPanel/DisallowCpls**
+**ADMX_ControlPanel/DisallowCpls**
@@ -83,7 +83,7 @@ To hide a Control Panel item, enable this policy setting and click Show to acces
If both the "Hide specified Control Panel items" setting and the "Show only specified Control Panel items" setting are enabled, the "Show only specified Control Panel items" setting is ignored.
> [!NOTE]
-> The Display Control Panel item cannot be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prevent users from modifying the computer's display settings use the "Disable Display Control Panel" setting instead.
+> The Display Control Panel item cannot be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prevent users from modifying the computer's display settings use the "Disable Display Control Panel" setting instead.
>
>To hide pages in the System Settings app, use the "Settings Page Visibility" setting under Computer Configuration.
@@ -91,7 +91,7 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide specified Control Panel items*
- GP name: *DisallowCpls*
- GP path: *Control Panel*
@@ -102,7 +102,7 @@ ADMX Info:
-**ADMX_ControlPanel/ForceClassicControlPanel**
+**ADMX_ControlPanel/ForceClassicControlPanel**
@@ -128,7 +128,7 @@ ADMX Info:
-This policy setting controls the default Control Panel view, whether by category or icons.
+This policy setting controls the default Control Panel view, whether by category or icons.
If this policy setting is enabled, the Control Panel opens to the icon view.
@@ -143,7 +143,7 @@ If this policy setting isn't configured, the Control Panel opens to the view use
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Always open All Control Panel Items when opening Control Panel*
- GP name: *ForceClassicControlPanel*
- GP path: *Control Panel*
@@ -154,7 +154,7 @@ ADMX Info:
-**ADMX_ControlPanel/NoControlPanel**
+**ADMX_ControlPanel/NoControlPanel**
@@ -202,7 +202,7 @@ If users try to select a Control Panel item from the Properties item on a contex
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit access to Control Panel and PC settings*
- GP name: *NoControlPanel*
- GP path: *Control Panel*
@@ -213,7 +213,7 @@ ADMX Info:
-**ADMX_ControlPanel/RestrictCpls**
+**ADMX_ControlPanel/RestrictCpls**
@@ -256,7 +256,7 @@ If both the "Hide specified Control Panel items" setting and the "Show only spec
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Show only specified Control Panel items*
- GP name: *RestrictCpls*
- GP path: *Control Panel*
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
index 637df89faf..c6ded79ee5 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/05/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_ControlPanelDisplay
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_ControlPanelDisplay policies
+## ADMX_ControlPanelDisplay policies
-
@@ -105,7 +105,7 @@ manager: aaroncz
-**ADMX_ControlPanelDisplay/CPL_Display_Disable**
+**ADMX_ControlPanelDisplay/CPL_Display_Disable**
@@ -141,7 +141,7 @@ Also, see the "Prohibit access to the Control Panel" (User Configuration\Adminis
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable the Display Control Panel*
- GP name: *CPL_Display_Disable*
- GP path: *Control Panel\Display*
@@ -152,7 +152,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Display_HideSettings**
+**ADMX_ControlPanelDisplay/CPL_Display_HideSettings**
@@ -186,7 +186,7 @@ This setting prevents users from using Control Panel to add, configure, or chang
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide Settings tab*
- GP name: *CPL_Display_HideSettings*
- GP path: *Control Panel\Display*
@@ -197,7 +197,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_DisableColorSchemeChoice**
+**ADMX_ControlPanelDisplay/CPL_Personalization_DisableColorSchemeChoice**
@@ -234,7 +234,7 @@ For Windows 7 and later, use the "Prevent changing color and appearance" setting
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing color scheme*
- GP name: *CPL_Personalization_DisableColorSchemeChoice*
- GP path: *Control Panel\Personalization*
@@ -245,7 +245,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_DisableThemeChange**
+**ADMX_ControlPanelDisplay/CPL_Personalization_DisableThemeChange**
@@ -283,7 +283,7 @@ If you disable or don't configure this setting, there's no effect.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing theme*
- GP name: *CPL_Personalization_DisableThemeChange*
- GP path: *Control Panel\Personalization*
@@ -294,7 +294,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_DisableVisualStyle**
+**ADMX_ControlPanelDisplay/CPL_Personalization_DisableVisualStyle**
@@ -329,7 +329,7 @@ When enabled on Windows XP and later systems, this setting prevents users and ap
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing visual style for windows and buttons*
- GP name: *CPL_Personalization_DisableVisualStyle*
- GP path: *Control Panel\Personalization*
@@ -340,7 +340,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_EnableScreenSaver**
+**ADMX_ControlPanelDisplay/CPL_Personalization_EnableScreenSaver**
@@ -379,7 +379,7 @@ Also, see the "Prevent changing Screen Saver" setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable screen saver*
- GP name: *CPL_Personalization_EnableScreenSaver*
- GP path: *Control Panel\Personalization*
@@ -390,7 +390,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_ForceDefaultLockScreen**
+**ADMX_ControlPanelDisplay/CPL_Personalization_ForceDefaultLockScreen**
@@ -431,7 +431,7 @@ This setting can be used in conjunction with the "Prevent changing lock screen a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Force a specific default lock screen and logon image*
- GP name: *CPL_Personalization_ForceDefaultLockScreen*
- GP path: *Control Panel\Personalization*
@@ -442,7 +442,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_LockFontSize**
+**ADMX_ControlPanelDisplay/CPL_Personalization_LockFontSize**
@@ -470,14 +470,14 @@ ADMX Info:
This setting prevents users from changing the size of the font in the windows and buttons displayed on their screens.
-If this setting is enabled, the "Font size" drop-down list on the Appearance tab in Display Properties is disabled.
+If this setting is enabled, the "Font size" drop-down list on the Appearance tab in Display Properties is disabled.
If you disable or don't configure this setting, a user may change the font size using the "Font size" drop-down list on the Appearance tab.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit selection of visual style font size*
- GP name: *CPL_Personalization_LockFontSize*
- GP path: *Control Panel\Personalization*
@@ -488,7 +488,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_NoChangingLockScreen**
+**ADMX_ControlPanelDisplay/CPL_Personalization_NoChangingLockScreen**
@@ -523,7 +523,7 @@ If you enable this setting, the user won't be able to change their lock screen a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing lock screen and logon image*
- GP name: *CPL_Personalization_NoChangingLockScreen*
- GP path: *Control Panel\Personalization*
@@ -534,7 +534,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_NoChangingStartMenuBackground**
+**ADMX_ControlPanelDisplay/CPL_Personalization_NoChangingStartMenuBackground**
@@ -573,7 +573,7 @@ If the "Force a specific Start background" policy is also set on a supported ver
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing start menu background*
- GP name: *CPL_Personalization_NoChangingStartMenuBackground*
- GP path: *Control Panel\Personalization*
@@ -584,7 +584,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_NoColorAppearanceUI**
+**ADMX_ControlPanelDisplay/CPL_Personalization_NoColorAppearanceUI**
@@ -621,7 +621,7 @@ For systems prior to Windows Vista, this setting hides the Appearance and Themes
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing color and appearance*
- GP name: *CPL_Personalization_NoColorAppearanceUI*
- GP path: *Control Panel\Personalization*
@@ -632,7 +632,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_NoDesktopBackgroundUI**
+**ADMX_ControlPanelDisplay/CPL_Personalization_NoDesktopBackgroundUI**
@@ -674,7 +674,7 @@ Also, see the "Allow only bitmapped wallpaper" setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing desktop background*
- GP name: *CPL_Personalization_NoDesktopBackgroundUI*
- GP path: *Control Panel\Personalization*
@@ -685,7 +685,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_NoDesktopIconsUI**
+**ADMX_ControlPanelDisplay/CPL_Personalization_NoDesktopIconsUI**
@@ -722,7 +722,7 @@ For systems prior to Windows Vista, this setting also hides the Desktop tab in t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing desktop icons*
- GP name: *CPL_Personalization_NoDesktopIconsUI*
- GP path: *Control Panel\Personalization*
@@ -733,7 +733,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_NoLockScreen**
+**ADMX_ControlPanelDisplay/CPL_Personalization_NoLockScreen**
@@ -768,7 +768,7 @@ If you disable or don't configure this policy setting, users that aren't require
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not display the lock screen*
- GP name: *CPL_Personalization_NoLockScreen*
- GP path: *Control Panel\Personalization*
@@ -779,7 +779,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_NoMousePointersUI**
+**ADMX_ControlPanelDisplay/CPL_Personalization_NoMousePointersUI**
@@ -814,7 +814,7 @@ If you enable this setting, none of the mouse pointer scheme settings can be cha
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing mouse pointers*
- GP name: *CPL_Personalization_NoMousePointersUI*
- GP path: *Control Panel\Personalization*
@@ -825,7 +825,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_NoScreenSaverUI**
+**ADMX_ControlPanelDisplay/CPL_Personalization_NoScreenSaverUI**
@@ -858,7 +858,7 @@ This setting also prevents users from using Control Panel to add, configure, or
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing screen saver*
- GP name: *CPL_Personalization_NoScreenSaverUI*
- GP path: *Control Panel\Personalization*
@@ -869,7 +869,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_NoSoundSchemeUI**
+**ADMX_ControlPanelDisplay/CPL_Personalization_NoSoundSchemeUI**
@@ -904,7 +904,7 @@ If you enable this setting, none of the Sound Scheme settings can be changed by
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changing sounds*
- GP name: *CPL_Personalization_NoSoundSchemeUI*
- GP path: *Control Panel\Personalization*
@@ -915,7 +915,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_PersonalColors**
+**ADMX_ControlPanelDisplay/CPL_Personalization_PersonalColors**
@@ -950,7 +950,7 @@ If this setting is enabled, the background and accent colors of Windows will be
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Force a specific background and accent color*
- GP name: *CPL_Personalization_PersonalColors*
- GP path: *Control Panel\Personalization*
@@ -961,7 +961,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_ScreenSaverIsSecure**
+**ADMX_ControlPanelDisplay/CPL_Personalization_ScreenSaverIsSecure**
@@ -1003,7 +1003,7 @@ To ensure that a computer will be password protected, enable the "Enable Screen
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Password protect the screen saver*
- GP name: *CPL_Personalization_ScreenSaverIsSecure*
- GP path: *Control Panel\Personalization*
@@ -1014,7 +1014,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_ScreenSaverTimeOut**
+**ADMX_ControlPanelDisplay/CPL_Personalization_ScreenSaverTimeOut**
@@ -1057,7 +1057,7 @@ When not configured, whatever wait time is set on the client through the Screen
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Screen saver timeout*
- GP name: *CPL_Personalization_ScreenSaverTimeOut*
- GP path: *Control Panel\Personalization*
@@ -1068,7 +1068,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_SetScreenSaver**
+**ADMX_ControlPanelDisplay/CPL_Personalization_SetScreenSaver**
@@ -1110,7 +1110,7 @@ If the specified screen saver isn't installed on a computer to which this settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Force specific screen saver*
- GP name: *CPL_Personalization_SetScreenSaver*
- GP path: *Control Panel\Personalization*
@@ -1121,7 +1121,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_SetTheme**
+**ADMX_ControlPanelDisplay/CPL_Personalization_SetTheme**
@@ -1156,7 +1156,7 @@ If you disable or don't configure this setting, the default theme will be applie
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Load a specific theme*
- GP name: *CPL_Personalization_SetTheme*
- GP path: *Control Panel\Personalization*
@@ -1167,7 +1167,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_SetVisualStyle**
+**ADMX_ControlPanelDisplay/CPL_Personalization_SetVisualStyle**
@@ -1211,7 +1211,7 @@ If you disable or don't configure this setting, the users can select the visual
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Force a specific visual style file or force Windows Classic*
- GP name: *CPL_Personalization_SetVisualStyle*
- GP path: *Control Panel\Personalization*
@@ -1222,7 +1222,7 @@ ADMX Info:
-**ADMX_ControlPanelDisplay/CPL_Personalization_StartBackground**
+**ADMX_ControlPanelDisplay/CPL_Personalization_StartBackground**
@@ -1257,7 +1257,7 @@ If this setting is set to a nonzero value, then Start uses the specified backgro
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Force a specific Start background*
- GP name: *CPL_Personalization_StartBackground*
- GP path: *Control Panel\Personalization*
diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md
index b7c40099e2..4b3d4c1dbb 100644
--- a/windows/client-management/mdm/policy-csp-admx-cpls.md
+++ b/windows/client-management/mdm/policy-csp-admx-cpls.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/26/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Cpls
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Cpls policies
+## ADMX_Cpls policies
-
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_Cpls/UseDefaultTile**
+**ADMX_Cpls/UseDefaultTile**
@@ -64,7 +64,7 @@ manager: aaroncz
This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.
-> [!NOTE]
+> [!NOTE]
> The default account picture is stored at `%PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg.` The default guest picture is stored at `%PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg.` If the default pictures do not exist, an empty frame is displayed.
If you enable this policy setting, the default user account picture will display for all users on the system with no customization allowed.
@@ -75,7 +75,7 @@ If you disable or do not configure this policy setting, users will be able to cu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Apply the default account picture to all users*
- GP name: *UseDefaultTile*
- GP path: *Control Panel/User Accounts*
diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
index b72ed7c028..57942466a8 100644
--- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/11/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_CredentialProviders
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_CredentialProviders policies
+## ADMX_CredentialProviders policies
-
@@ -42,7 +42,7 @@ manager: aaroncz
-**ADMX_CredentialProviders/AllowDomainDelayLock**
+**ADMX_CredentialProviders/AllowDomainDelayLock**
@@ -83,7 +83,7 @@ If you don't configure this policy setting on a workgroup device, a user on a Co
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow users to select when a password is required when resuming from connected standby*
- GP name: *AllowDomainDelayLock*
- GP path: *System\Logon*
@@ -94,7 +94,7 @@ ADMX Info:
-**ADMX_CredentialProviders/DefaultCredentialProvider**
+**ADMX_CredentialProviders/DefaultCredentialProvider**
@@ -132,7 +132,7 @@ If you disable or don't configure this policy setting, the system picks the defa
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Assign a default credential provider*
- GP name: *DefaultCredentialProvider*
- GP path: *System\Logon*
@@ -144,7 +144,7 @@ ADMX Info:
-**ADMX_CredentialProviders/ExcludedCredentialProviders**
+**ADMX_CredentialProviders/ExcludedCredentialProviders**
@@ -170,7 +170,7 @@ ADMX Info:
-This policy setting allows the administrator to exclude the specified credential providers from use during authentication.
+This policy setting allows the administrator to exclude the specified credential providers from use during authentication.
> [!NOTE]
> Credential providers are used to process and validate user credentials during logon or when authentication is required. Windows Vista provides two default credential providers: Password and Smart Card. An administrator can install additional credential providers for different sets of credentials (for example, to support biometric authentication).
@@ -182,7 +182,7 @@ If you disable or do not configure this policy, all installed and otherwise enab
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Exclude credential providers*
- GP name: *ExcludedCredentialProviders*
- GP path: *System\Logon*
diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md
index fb4a63852b..2cf519f5a6 100644
--- a/windows/client-management/mdm/policy-csp-admx-credssp.md
+++ b/windows/client-management/mdm/policy-csp-admx-credssp.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/12/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_CredSsp
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_CredSsp policies
+## ADMX_CredSsp policies
-
@@ -66,7 +66,7 @@ manager: aaroncz
-**ADMX_CredSsp/AllowDefCredentialsWhenNTLMOnly**
+**ADMX_CredSsp/AllowDefCredentialsWhenNTLMOnly**
@@ -113,7 +113,7 @@ If you disable or don't configure (by default) this policy setting, delegation o
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow delegating default credentials with NTLM-only server authentication*
- GP name: *AllowDefCredentialsWhenNTLMOnly*
- GP path: *System\Credentials Delegation*
@@ -124,7 +124,7 @@ ADMX Info:
-**ADMX_CredSsp/AllowDefaultCredentials**
+**ADMX_CredSsp/AllowDefaultCredentials**
@@ -175,7 +175,7 @@ https://go.microsoft.com/fwlink/?LinkId=301508
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow delegating default credentials*
- GP name: *AllowDefaultCredentials*
- GP path: *System\Credentials Delegation*
@@ -186,7 +186,7 @@ ADMX Info:
-**ADMX_CredSsp/AllowEncryptionOracle**
+**ADMX_CredSsp/AllowEncryptionOracle**
@@ -218,7 +218,7 @@ Some versions of the CredSSP protocol are vulnerable to an encryption oracle att
If you enable this policy setting, CredSSP version support will be selected based on the following options:
-- Force Updated Clients: Client applications that use CredSSP won't be able to fall back to the insecure versions and services using CredSSP won't accept unpatched clients.
+- Force Updated Clients: Client applications that use CredSSP won't be able to fall back to the insecure versions and services using CredSSP won't accept unpatched clients.
> [!NOTE]
> This setting should not be deployed until all remote hosts support the newest version.
@@ -232,7 +232,7 @@ For more information about the vulnerability and servicing requirements for prot
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Encryption Oracle Remediation*
- GP name: *AllowEncryptionOracle*
- GP path: *System\Credentials Delegation*
@@ -243,7 +243,7 @@ ADMX Info:
-**ADMX_CredSsp/AllowFreshCredentials**
+**ADMX_CredSsp/AllowFreshCredentials**
@@ -291,7 +291,7 @@ If you disable this policy setting, delegation of fresh credentials isn't permit
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow delegating fresh credentials*
- GP name: *AllowFreshCredentials*
- GP path: *System\Credentials Delegation*
@@ -302,7 +302,7 @@ ADMX Info:
-**ADMX_CredSsp/AllowFreshCredentialsWhenNTLMOnly**
+**ADMX_CredSsp/AllowFreshCredentialsWhenNTLMOnly**
@@ -350,7 +350,7 @@ If you disable this policy setting, delegation of fresh credentials isn't permit
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow delegating fresh credentials with NTLM-only server authentication*
- GP name: *AllowFreshCredentialsWhenNTLMOnly*
- GP path: *System\Credentials Delegation*
@@ -361,7 +361,7 @@ ADMX Info:
-**ADMX_CredSsp/AllowSavedCredentials**
+**ADMX_CredSsp/AllowSavedCredentials**
@@ -409,7 +409,7 @@ If you disable this policy setting, delegation of saved credentials isn't permit
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow delegating saved credentials*
- GP name: *AllowSavedCredentials*
- GP path: *System\Credentials Delegation*
@@ -420,7 +420,7 @@ ADMX Info:
-**ADMX_CredSsp/AllowSavedCredentialsWhenNTLMOnly**
+**ADMX_CredSsp/AllowSavedCredentialsWhenNTLMOnly**
@@ -468,7 +468,7 @@ If you disable this policy setting, delegation of saved credentials isn't permit
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow delegating saved credentials with NTLM-only server authentication*
- GP name: *AllowSavedCredentialsWhenNTLMOnly*
- GP path: *System\Credentials Delegation*
@@ -479,7 +479,7 @@ ADMX Info:
-**ADMX_CredSsp/DenyDefaultCredentials**
+**ADMX_CredSsp/DenyDefaultCredentials**
@@ -525,7 +525,7 @@ This policy setting can be used in combination with the "Allow delegating defaul
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Deny delegating default credentials*
- GP name: *DenyDefaultCredentials*
- GP path: *System\Credentials Delegation*
@@ -536,7 +536,7 @@ ADMX Info:
-**ADMX_CredSsp/DenyFreshCredentials**
+**ADMX_CredSsp/DenyFreshCredentials**
@@ -582,7 +582,7 @@ This policy setting can be used in combination with the "Allow delegating fresh
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Deny delegating fresh credentials*
- GP name: *DenyFreshCredentials*
- GP path: *System\Credentials Delegation*
@@ -593,7 +593,7 @@ ADMX Info:
-**ADMX_CredSsp/DenySavedCredentials**
+**ADMX_CredSsp/DenySavedCredentials**
@@ -639,7 +639,7 @@ This policy setting can be used in combination with the "Allow delegating saved
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Deny delegating saved credentials*
- GP name: *DenySavedCredentials*
- GP path: *System\Credentials Delegation*
@@ -650,7 +650,7 @@ ADMX Info:
-**ADMX_CredSsp/RestrictedRemoteAdministration**
+**ADMX_CredSsp/RestrictedRemoteAdministration**
@@ -697,7 +697,7 @@ If you disable or don't configure this policy setting, Restricted Admin and Remo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict delegation of credentials to remote servers*
- GP name: *RestrictedRemoteAdministration*
- GP path: *System\Credentials Delegation*
diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md
index 68623bfc04..79273f0d0d 100644
--- a/windows/client-management/mdm/policy-csp-admx-credui.md
+++ b/windows/client-management/mdm/policy-csp-admx-credui.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/09/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_CredUI
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_CredUI policies
+## ADMX_CredUI policies
-
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_CredUI/EnableSecureCredentialPrompting**
+**ADMX_CredUI/EnableSecureCredentialPrompting**
@@ -77,7 +77,7 @@ If you disable or don't configure this policy setting, users will enter Windows
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Require trusted path for credential entry*
- GP name: *EnableSecureCredentialPrompting*
- GP path: *Windows Components\Credential User Interface*
@@ -88,7 +88,7 @@ ADMX Info:
-**ADMX_CredUI/NoLocalPasswordResetQuestions**
+**ADMX_CredUI/NoLocalPasswordResetQuestions**
@@ -120,7 +120,7 @@ Available in the latest Windows 10 Insider Preview Build. If you turn on this po
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent the use of security questions for local accounts*
- GP name: *NoLocalPasswordResetQuestions*
- GP path: *Windows Components\Credential User Interface*
diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
index 0d6a23d272..fa7c64184c 100644
--- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
+++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/26/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_CtrlAltDel
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_CtrlAltDel policies
+## ADMX_CtrlAltDel policies
-
@@ -45,7 +45,7 @@ manager: aaroncz
-**ADMX_CtrlAltDel/DisableChangePassword**
+**ADMX_CtrlAltDel/DisableChangePassword**
@@ -81,7 +81,7 @@ However, users will still be able to change their password when prompted by the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Change Password*
- GP name: *DisableChangePassword*
- GP path: *System/Ctrl+Alt+Del Options*
@@ -93,7 +93,7 @@ ADMX Info:
-**ADMX_CtrlAltDel/DisableLockComputer**
+**ADMX_CtrlAltDel/DisableLockComputer**
@@ -133,7 +133,7 @@ If you disable or don't configure this policy setting, users will be able to loc
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Lock Computer*
- GP name: *DisableLockWorkstation*
- GP path: *System/Ctrl+Alt+Del Options*
@@ -144,7 +144,7 @@ ADMX Info:
-**ADMX_CtrlAltDel/DisableTaskMgr**
+**ADMX_CtrlAltDel/DisableTaskMgr**
|Edition|Windows 10|Windows 11|
@@ -180,7 +180,7 @@ If you disable or don't configure this policy setting, users can access Task Man
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Task Manager*
- GP name: *DisableTaskMgr*
- GP path: *System/Ctrl+Alt+Del Options*
@@ -191,7 +191,7 @@ ADMX Info:
-**ADMX_CtrlAltDel/NoLogoff**
+**ADMX_CtrlAltDel/NoLogoff**
@@ -228,7 +228,7 @@ If you disable or don't configure this policy setting, users can see and select
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Logoff*
- GP name: *NoLogoff*
- GP path: *System/Ctrl+Alt+Del Options*
diff --git a/windows/client-management/mdm/policy-csp-admx-datacollection.md b/windows/client-management/mdm/policy-csp-admx-datacollection.md
index 18b990f41a..ad4439b4a3 100644
--- a/windows/client-management/mdm/policy-csp-admx-datacollection.md
+++ b/windows/client-management/mdm/policy-csp-admx-datacollection.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/01/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_DataCollection policies
+## ADMX_DataCollection policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_DataCollection/CommercialIdPolicy**
+**ADMX_DataCollection/CommercialIdPolicy**
@@ -72,7 +72,7 @@ If you disable or don't configure this policy setting, then Microsoft won't be a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure the Commercial ID*
- GP name: *CommercialIdPolicy*
- GP path: *Windows Components\Data Collection and Preview Builds*
diff --git a/windows/client-management/mdm/policy-csp-admx-dcom.md b/windows/client-management/mdm/policy-csp-admx-dcom.md
index f826ec41b1..71f294c190 100644
--- a/windows/client-management/mdm/policy-csp-admx-dcom.md
+++ b/windows/client-management/mdm/policy-csp-admx-dcom.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/08/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_DCOM
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DCOM policies
+## ADMX_DCOM policies
-
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList**
+**ADMX_DCOM/DCOMActivationSecurityCheckAllowLocalList**
@@ -66,10 +66,10 @@ manager: aaroncz
This policy setting allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list.
-
+
If you enable this policy setting, and DCOM doesn't find an explicit entry for a DCOM server application ID (appid) in the "Define Activation Security Check exemptions" policy (if enabled). Then DCOM will look for an entry in the locally configured list.
-If you disable this policy setting, DCOM won't look in the locally configured DCOM activation security check exemption list.
+If you disable this policy setting, DCOM won't look in the locally configured DCOM activation security check exemption list.
If you don't configure this policy setting, DCOM will only look in the locally configured exemption list if the "Define Activation Security Check exemptions" policy isn't configured.
@@ -79,7 +79,7 @@ If you don't configure this policy setting, DCOM will only look in the locally c
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow local activation security check exemptions*
- GP name: *DCOMActivationSecurityCheckAllowLocalList*
- GP path: *Windows Components\AppCompat!AllowLocalActivationSecurityCheckExemptionList*
@@ -90,7 +90,7 @@ ADMX Info:
-**ADMX_DCOM/DCOMActivationSecurityCheckExemptionList**
+**ADMX_DCOM/DCOMActivationSecurityCheckExemptionList**
@@ -116,42 +116,42 @@ ADMX Info:
-This policy setting allows you to view and change a list of DCOM server application IDs (app IDs), which are exempted from the DCOM Activation security check.
-DCOM uses two such lists, one configured via Group Policy through this policy setting, and the other via the actions of local computer administrators.
-DCOM ignores the second list when this policy setting is configured, unless the "Allow local activation security check exemptions" policy is enabled.
+This policy setting allows you to view and change a list of DCOM server application IDs (app IDs), which are exempted from the DCOM Activation security check.
+DCOM uses two such lists, one configured via Group Policy through this policy setting, and the other via the actions of local computer administrators.
+DCOM ignores the second list when this policy setting is configured, unless the "Allow local activation security check exemptions" policy is enabled.
DCOM server application IDs added to this policy must be listed in curly brace format.
For example, `{b5dcb061-cefb-42e0-a1be-e6a6438133fe}`.
-If you enter a non-existent or improperly formatted application, ID DCOM will add it to the list without checking for errors.
+If you enter a non-existent or improperly formatted application, ID DCOM will add it to the list without checking for errors.
-If you add an application ID to this list and set its value to one, DCOM won't enforce the Activation security check for that DCOM server.
-If you add an application ID to this list and set its value to 0, DCOM will always enforce the Activation security check for that DCOM server regardless of local
+If you add an application ID to this list and set its value to one, DCOM won't enforce the Activation security check for that DCOM server.
+If you add an application ID to this list and set its value to 0, DCOM will always enforce the Activation security check for that DCOM server regardless of local
settings.
-If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings.
-
+If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings.
+
If you disable this policy setting, the application ID exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used.
-If you don't configure this policy setting, the application ID exemption list defined by local computer administrators is used.
+If you don't configure this policy setting, the application ID exemption list defined by local computer administrators is used.
->[!Note]
+>[!Note]
> The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process.
-
-This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults. If the DCOM server's custom launch permission contains explicit DENY entries, then the object activations that would have previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead.
-The proper action in this situation is to reconfigure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short term as an application compatibility deployment aid.
-DCOM servers added to this exemption list are only exempted if their custom launch permissions don't contain specific LocalLaunch, RemoteLaunch, LocalActivate, or RemoteActivate grant or deny entries for any users or groups.
+This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults. If the DCOM server's custom launch permission contains explicit DENY entries, then the object activations that would have previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead.
+
+The proper action in this situation is to reconfigure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short term as an application compatibility deployment aid.
+DCOM servers added to this exemption list are only exempted if their custom launch permissions don't contain specific LocalLaunch, RemoteLaunch, LocalActivate, or RemoteActivate grant or deny entries for any users or groups.
> [!NOTE]
> Exemptions for DCOM Server Application IDs added to this list will apply to both 32-bit and 64-bit versions of the server if present.
->
+>
> [!NOTE]
> This policy setting applies to all sites in Trusted zones.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow local activation security check exemptions*
- GP name: *DCOMActivationSecurityCheckExemptionList*
- GP path: *Windows Components\AppCompat!ListBox_Support_ActivationSecurityCheckExemptionList*
diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md
index c18835be26..11ae41955a 100644
--- a/windows/client-management/mdm/policy-csp-admx-desktop.md
+++ b/windows/client-management/mdm/policy-csp-admx-desktop.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/02/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Desktop
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Desktop policies
+## ADMX_Desktop policies
-
@@ -120,7 +120,7 @@ manager: aaroncz
-**ADMX_Desktop/AD_EnableFilter**
+**ADMX_Desktop/AD_EnableFilter**
@@ -158,7 +158,7 @@ To see the filter bar, open Network Locations, click Entire Network, and then cl
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable filter in Find dialog box*
- GP name: *AD_EnableFilter*
- GP path: *Desktop\Active Directory*
@@ -169,7 +169,7 @@ ADMX Info:
-**ADMX_Desktop/AD_HideDirectoryFolder**
+**ADMX_Desktop/AD_HideDirectoryFolder**
@@ -209,7 +209,7 @@ This setting is designed to let users search Active Directory but not tempt them
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide Active Directory folder*
- GP name: *AD_HideDirectoryFolder*
- GP path: *Desktop\Active Directory*
@@ -220,7 +220,7 @@ ADMX Info:
-**ADMX_Desktop/AD_QueryLimit**
+**ADMX_Desktop/AD_QueryLimit**
@@ -258,7 +258,7 @@ This setting is designed to protect the network and the domain controller from t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Maximum size of Active Directory searches*
- GP name: *AD_QueryLimit*
- GP path: *Desktop\Active Directory*
@@ -269,7 +269,7 @@ ADMX Info:
-**ADMX_Desktop/ForceActiveDesktopOn**
+**ADMX_Desktop/ForceActiveDesktopOn**
@@ -307,7 +307,7 @@ If you disable this setting or don't configure it, Active Desktop is disabled by
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Active Desktop*
- GP name: *ForceActiveDesktopOn*
- GP path: *Desktop\Desktop*
@@ -318,7 +318,7 @@ ADMX Info:
-**ADMX_Desktop/NoActiveDesktop**
+**ADMX_Desktop/NoActiveDesktop**
@@ -357,7 +357,7 @@ If you disable this setting or don't configure it, Active Desktop is disabled by
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable Active Desktop*
- GP name: *NoActiveDesktop*
- GP path: *Desktop\Desktop*
@@ -368,7 +368,7 @@ ADMX Info:
-**ADMX_Desktop/NoActiveDesktopChanges**
+**ADMX_Desktop/NoActiveDesktopChanges**
@@ -401,7 +401,7 @@ This setting is a comprehensive one that locks down the configuration you establ
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit changes*
- GP name: *NoActiveDesktopChanges*
- GP path: *Desktop\Desktop*
@@ -412,7 +412,7 @@ ADMX Info:
-**ADMX_Desktop/NoDesktop**
+**ADMX_Desktop/NoDesktop**
@@ -448,7 +448,7 @@ Also, see "Items displayed in Places Bar" in User Configuration\Administrative T
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide and disable all items on the desktop*
- GP name: *NoDesktop*
- GP path: *Desktop*
@@ -459,7 +459,7 @@ ADMX Info:
-**ADMX_Desktop/NoDesktopCleanupWizard**
+**ADMX_Desktop/NoDesktopCleanupWizard**
@@ -498,7 +498,7 @@ If you disable this setting or don't configure it, the default behavior of the D
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove the Desktop Cleanup Wizard*
- GP name: *NoDesktopCleanupWizard*
- GP path: *Desktop*
@@ -509,7 +509,7 @@ ADMX Info:
-**ADMX_Desktop/NoInternetIcon**
+**ADMX_Desktop/NoInternetIcon**
@@ -543,7 +543,7 @@ This setting doesn't prevent the user from starting Internet Explorer by using o
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide Internet Explorer icon on desktop*
- GP name: *NoInternetIcon*
- GP path: *Desktop*
@@ -554,7 +554,7 @@ ADMX Info:
-**ADMX_Desktop/NoMyComputerIcon**
+**ADMX_Desktop/NoMyComputerIcon**
@@ -595,7 +595,7 @@ If you don't configure this setting, the default is to display Computer as usual
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Computer icon on the desktop*
- GP name: *NoMyComputerIcon*
- GP path: *Desktop*
@@ -606,7 +606,7 @@ ADMX Info:
-**ADMX_Desktop/NoMyDocumentsIcon**
+**ADMX_Desktop/NoMyDocumentsIcon**
@@ -646,7 +646,7 @@ This setting doesn't remove the My Documents icon from the Start menu. To do so,
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove My Documents icon on the desktop*
- GP name: *NoMyDocumentsIcon*
- GP path: *Desktop*
@@ -657,7 +657,7 @@ ADMX Info:
-**ADMX_Desktop/NoNetHood**
+**ADMX_Desktop/NoNetHood**
@@ -694,7 +694,7 @@ This setting only affects the desktop icon. It doesn't prevent users from connec
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide Network Locations icon on desktop*
- GP name: *NoNetHood*
- GP path: *Desktop*
@@ -705,7 +705,7 @@ ADMX Info:
-**ADMX_Desktop/NoPropertiesMyComputer**
+**ADMX_Desktop/NoPropertiesMyComputer**
@@ -741,7 +741,7 @@ If you disable or don't configure this setting, the Properties option is display
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Properties from the Computer icon context menu*
- GP name: *NoPropertiesMyComputer*
- GP path: *Desktop*
@@ -752,7 +752,7 @@ ADMX Info:
-**ADMX_Desktop/NoPropertiesMyDocuments**
+**ADMX_Desktop/NoPropertiesMyDocuments**
@@ -791,7 +791,7 @@ If you disable or don't configure this policy setting, the Properties menu comma
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Properties from the Documents icon context menu*
- GP name: *NoPropertiesMyDocuments*
- GP path: *Desktop*
@@ -802,7 +802,7 @@ ADMX Info:
-**ADMX_Desktop/NoRecentDocsNetHood**
+**ADMX_Desktop/NoRecentDocsNetHood**
@@ -838,7 +838,7 @@ If you enable this setting, shared folders aren't added to Network Locations aut
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not add shares of recently opened documents to Network Locations*
- GP name: *NoRecentDocsNetHood*
- GP path: *Desktop*
@@ -849,7 +849,7 @@ ADMX Info:
-**ADMX_Desktop/NoRecycleBinIcon**
+**ADMX_Desktop/NoRecycleBinIcon**
@@ -887,7 +887,7 @@ This setting doesn't prevent the user from using other methods to gain access to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Recycle Bin icon from desktop*
- GP name: *NoRecycleBinIcon*
- GP path: *Desktop*
@@ -898,7 +898,7 @@ ADMX Info:
-**ADMX_Desktop/NoRecycleBinProperties**
+**ADMX_Desktop/NoRecycleBinProperties**
@@ -934,7 +934,7 @@ If you disable or don't configure this setting, the Properties option is display
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Properties from the Recycle Bin context menu*
- GP name: *NoRecycleBinProperties*
- GP path: *Desktop*
@@ -945,7 +945,7 @@ ADMX Info:
-**ADMX_Desktop/NoSaveSettings**
+**ADMX_Desktop/NoSaveSettings**
@@ -979,7 +979,7 @@ If you enable this setting, users can change the desktop, but some changes, such
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Don't save settings at exit*
- GP name: *NoSaveSettings*
- GP path: *Desktop*
@@ -990,7 +990,7 @@ ADMX Info:
-**ADMX_Desktop/NoWindowMinimizingShortcuts**
+**ADMX_Desktop/NoWindowMinimizingShortcuts**
@@ -1025,7 +1025,7 @@ If you disable or don't configure this policy, this window minimizing and restor
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Aero Shake window minimizing mouse gesture*
- GP name: *NoWindowMinimizingShortcuts*
- GP path: *Desktop*
@@ -1036,7 +1036,7 @@ ADMX Info:
-**ADMX_Desktop/Wallpaper**
+**ADMX_Desktop/Wallpaper**
@@ -1078,7 +1078,7 @@ Also, see the "Allow only bitmapped wallpaper" in the same location, and the "Pr
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Desktop Wallpaper*
- GP name: *Wallpaper*
- GP path: *Desktop\Desktop*
@@ -1089,7 +1089,7 @@ ADMX Info:
-**ADMX_Desktop/sz_ATC_DisableAdd**
+**ADMX_Desktop/sz_ATC_DisableAdd**
@@ -1124,7 +1124,7 @@ Also, see the "Disable all items" setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit adding items*
- GP name: *sz_ATC_DisableAdd*
- GP path: *Desktop\Desktop*
@@ -1135,7 +1135,7 @@ ADMX Info:
-**ADMX_Desktop/sz_ATC_DisableClose**
+**ADMX_Desktop/sz_ATC_DisableClose**
@@ -1174,7 +1174,7 @@ If you enable this setting, items added to the desktop can't be closed; they alw
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit closing items*
- GP name: *sz_ATC_DisableClose*
- GP path: *Desktop\Desktop*
@@ -1185,7 +1185,7 @@ ADMX Info:
-**ADMX_Desktop/sz_ATC_DisableDel**
+**ADMX_Desktop/sz_ATC_DisableDel**
@@ -1223,7 +1223,7 @@ Also, see the "Prohibit closing items" and "Disable all items" settings.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit deleting items*
- GP name: *sz_ATC_DisableDel*
- GP path: *Desktop\Desktop*
@@ -1234,7 +1234,7 @@ ADMX Info:
-**ADMX_Desktop/sz_ATC_DisableEdit**
+**ADMX_Desktop/sz_ATC_DisableEdit**
@@ -1268,7 +1268,7 @@ This setting disables the Properties button on the Web tab in Display in Control
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit editing items*
- GP name: *sz_ATC_DisableEdit*
- GP path: *Desktop\Desktop*
@@ -1279,7 +1279,7 @@ ADMX Info:
-**ADMX_Desktop/sz_ATC_NoComponents**
+**ADMX_Desktop/sz_ATC_NoComponents**
@@ -1305,7 +1305,7 @@ ADMX Info:
-Removes Active Desktop content and prevents users from adding Active Desktop content.
+Removes Active Desktop content and prevents users from adding Active Desktop content.
This setting removes all Active Desktop items from the desktop. It also removes the Web tab from Display in Control Panel. As a result, users can't add Web pages or pictures from the Internet or an intranet to the desktop.
@@ -1316,7 +1316,7 @@ This setting removes all Active Desktop items from the desktop. It also removes
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable all items*
- GP name: *sz_ATC_NoComponents*
- GP path: *Desktop\Desktop*
@@ -1327,7 +1327,7 @@ ADMX Info:
-**ADMX_Desktop/sz_AdminComponents_Title**
+**ADMX_Desktop/sz_AdminComponents_Title**
@@ -1369,7 +1369,7 @@ You can also use this setting to delete particular Web-based items from users' d
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Add/Delete items*
- GP name: *sz_AdminComponents_Title*
- GP path: *Desktop\Desktop*
@@ -1380,7 +1380,7 @@ ADMX Info:
-**ADMX_Desktop/sz_DB_DragDropClose**
+**ADMX_Desktop/sz_DB_DragDropClose**
@@ -1422,7 +1422,7 @@ Also, see the "Prohibit adjusting desktop toolbars" setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent adding, dragging, dropping and closing the Taskbar's toolbars*
- GP name: *sz_DB_DragDropClose*
- GP path: *Desktop*
@@ -1433,7 +1433,7 @@ ADMX Info:
-**ADMX_Desktop/sz_DB_Moving**
+**ADMX_Desktop/sz_DB_Moving**
@@ -1472,7 +1472,7 @@ Also, see the "Prevent adding, dragging, dropping and closing the Taskbar's tool
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit adjusting desktop toolbars*
- GP name: *sz_DB_Moving*
- GP path: *Desktop*
@@ -1483,7 +1483,7 @@ ADMX Info:
-**ADMX_Desktop/sz_DWP_NoHTMLPaper**
+**ADMX_Desktop/sz_DWP_NoHTMLPaper**
@@ -1517,7 +1517,7 @@ Also, see the "Desktop Wallpaper" and the "Prevent changing wallpaper" (in User
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow only bitmapped wallpaper*
- GP name: *sz_DWP_NoHTMLPaper*
- GP path: *Desktop\Desktop*
diff --git a/windows/client-management/mdm/policy-csp-admx-devicecompat.md b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
index b2ca71c22d..8ccf1c2d4b 100644
--- a/windows/client-management/mdm/policy-csp-admx-devicecompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/09/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_DeviceCompat
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DeviceCompat policies
+## ADMX_DeviceCompat policies
-
@@ -38,7 +38,7 @@ manager: aaroncz
-**ADMX_DeviceCompat/DeviceFlags**
+**ADMX_DeviceCompat/DeviceFlags**
@@ -69,7 +69,7 @@ Changes behavior of Microsoft bus drivers to work with specific devices.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Device compatibility settings*
- GP name: *DeviceFlags*
- GP path: *Windows Components\Device and Driver Compatibility*
@@ -80,7 +80,7 @@ ADMX Info:
-**ADMX_DeviceCompat/DriverShims**
+**ADMX_DeviceCompat/DriverShims**
@@ -111,7 +111,7 @@ Changes behavior of third-party drivers to work around incompatibilities introdu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Driver compatibility settings*
- GP name: *DriverShims*
- GP path: *Windows Components\Device and Driver Compatibility*
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
index d39a25209b..c94e2ce590 100644
--- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/08/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -18,16 +18,16 @@ manager: aaroncz
> Group Policy-based deployment of Windows Defender Application Control policies only supports single-policy format WDAC policies. To use WDAC on devices running Windows 10 1903 and greater, or Windows 11, we recommend using an alternative method for [policy deployment](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DeviceGuard policies
+## ADMX_DeviceGuard policies
-
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_DeviceGuard/ConfigCIPolicy**
+**ADMX_DeviceGuard/ConfigCIPolicy**
@@ -65,24 +65,24 @@ manager: aaroncz
-This policy setting lets you deploy a Code Integrity Policy to a machine to control what is allowed to run on that machine.
+This policy setting lets you deploy a Code Integrity Policy to a machine to control what is allowed to run on that machine.
-If you deploy a Code Integrity Policy, Windows will restrict what can run in both kernel mode and on the Windows Desktop based on the policy.
+If you deploy a Code Integrity Policy, Windows will restrict what can run in both kernel mode and on the Windows Desktop based on the policy.
-To enable this policy, the machine must be rebooted.
+To enable this policy, the machine must be rebooted.
The file path must be either a UNC path (for example, `\\ServerName\ShareName\SIPolicy.p7b`),
-or a locally valid path (for example, `C:\FolderName\SIPolicy.p7b)`.
+or a locally valid path (for example, `C:\FolderName\SIPolicy.p7b)`.
-The local machine account (LOCAL SYSTEM) must have access permission to the policy file.
-If using a signed and protected policy, then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either:
+The local machine account (LOCAL SYSTEM) must have access permission to the policy file.
+If using a signed and protected policy, then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either:
-- First update the policy to a non-protected policy and then disable the setting. (or)
+- First update the policy to a non-protected policy and then disable the setting. (or)
- Disable the setting and then remove the policy from each computer, with a physically present user.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Deploy Windows Defender Application Control*
- GP name: *ConfigCIPolicy*
- GP path: *Windows Components/DeviceGuard!DeployConfigCIPolicy*
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
index 1da8e03482..9af3ba1dd7 100644
--- a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/19/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_DeviceInstallation
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DeviceInstallation policies
+## ADMX_DeviceInstallation policies
-
@@ -57,7 +57,7 @@ manager: aaroncz
-**ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall**
+**ADMX_DeviceInstallation/DeviceInstall_AllowAdminInstall**
@@ -93,7 +93,7 @@ If you disable or don't configure this policy setting, members of the Administra
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow administrators to override Device Installation Restriction policies*
- GP name: *DeviceInstall_AllowAdminInstall*
- GP path: *System\Device Installation\Device Installation Restrictions*
@@ -104,7 +104,7 @@ ADMX Info:
-**ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText**
+**ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_DetailText**
@@ -140,7 +140,7 @@ If you disable or don't configure this policy setting, Windows displays a defaul
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display a custom message when installation is prevented by a policy setting*
- GP name: *DeviceInstall_DeniedPolicy_DetailText*
- GP path: *System\Device Installation\Device Installation Restrictions*
@@ -151,7 +151,7 @@ ADMX Info:
-**ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText**
+**ADMX_DeviceInstallation/DeviceInstall_DeniedPolicy_SimpleText**
@@ -187,7 +187,7 @@ If you disable or don't configure this policy setting, Windows displays a defaul
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display a custom message title when device installation is prevented by a policy setting*
- GP name: *DeviceInstall_DeniedPolicy_SimpleText*
- GP path: *System\Device Installation\Device Installation Restrictions*
@@ -198,7 +198,7 @@ ADMX Info:
-**ADMX_DeviceInstallation/DeviceInstall_InstallTimeout**
+**ADMX_DeviceInstallation/DeviceInstall_InstallTimeout**
@@ -224,7 +224,7 @@ ADMX Info:
-This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete.
+This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete.
If you enable this policy setting, Windows waits for the number of seconds you specify before terminating the installation.
@@ -234,7 +234,7 @@ If you disable or don't configure this policy setting, Windows waits 240 seconds
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure device installation time-out*
- GP name: *DeviceInstall_InstallTimeout*
- GP path: *System\Device Installation*
@@ -245,7 +245,7 @@ ADMX Info:
-**ADMX_DeviceInstallation/DeviceInstall_Policy_RebootTime**
+**ADMX_DeviceInstallation/DeviceInstall_Policy_RebootTime**
@@ -284,7 +284,7 @@ If you disable or don't configure this policy setting, the system doesn't force
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Time (in seconds) to force reboot when required for policy changes to take effect*
- GP name: *DeviceInstall_Policy_RebootTime*
- GP path: *System\Device Installation\Device Installation Restrictions*
@@ -295,7 +295,7 @@ ADMX Info:
-**ADMX_DeviceInstallation/DeviceInstall_Removable_Deny**
+**ADMX_DeviceInstallation/DeviceInstall_Removable_Deny**
@@ -330,7 +330,7 @@ If you disable or don't configure this policy setting, Windows can install and u
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent installation of removable devices*
- GP name: *DeviceInstall_Removable_Deny*
- GP path: *System\Device Installation\Device Installation Restrictions*
@@ -341,7 +341,7 @@ ADMX Info:
-**ADMX_DeviceInstallation/DeviceInstall_SystemRestore**
+**ADMX_DeviceInstallation/DeviceInstall_SystemRestore**
@@ -367,7 +367,7 @@ ADMX Info:
-This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity, such as the installation of an unsigned driver. A system restore point enables you to more easily restore your system to its state before the activity.
+This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity, such as the installation of an unsigned driver. A system restore point enables you to more easily restore your system to its state before the activity.
If you enable this policy setting, Windows doesn't create a system restore point when one would normally be created.
@@ -377,7 +377,7 @@ If you disable or don't configure this policy setting, Windows creates a system
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point*
- GP name: *DeviceInstall_SystemRestore*
- GP path: *System\Device Installation*
@@ -388,7 +388,7 @@ ADMX Info:
-**ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser**
+**ADMX_DeviceInstallation/DriverInstall_Classes_AllowUser**
@@ -425,7 +425,7 @@ If you disable or don't configure this policy setting, only members of the Admin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow non-administrators to install drivers for these device setup classes*
- GP name: *DriverInstall_Classes_AllowUser*
- GP path: *System\Device Installation*
diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md
index d4559a5746..8949638451 100644
--- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md
+++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/19/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_DeviceSetup
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DeviceSetup policies
+## ADMX_DeviceSetup policies
-
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_DeviceSetup/DeviceInstall_BalloonTips**
+**ADMX_DeviceSetup/DeviceInstall_BalloonTips**
@@ -75,7 +75,7 @@ If you disable or don't configure this policy setting, "Found New Hardware" ball
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off "Found New Hardware" balloons during device installation*
- GP name: *DeviceInstall_BalloonTips*
- GP path: *System\Device Installation*
@@ -86,7 +86,7 @@ ADMX Info:
-**ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration**
+**ADMX_DeviceSetup/DriverSearchPlaces_SearchOrderConfiguration**
@@ -117,7 +117,7 @@ This policy setting allows you to specify the order in which Windows searches so
If you enable this policy setting, you can select whether Windows searches for drivers on Windows Update unconditionally, only if necessary, or not at all.
>[!Note]
-> Searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows won't continually search for updates.
+> Searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows won't continually search for updates.
This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. If the setting for searching is enabled and only when needed is specified, then Windows will search for a driver only if a driver isn't locally available on the system.
@@ -126,7 +126,7 @@ If you disable or don't configure this policy setting, members of the Administra
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify search order for device driver source locations*
- GP name: *DriverSearchPlaces_SearchOrderConfiguration*
- GP path: *System\Device Installation*
diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md
index 3a36dd326e..9c1dcdd1e6 100644
--- a/windows/client-management/mdm/policy-csp-admx-dfs.md
+++ b/windows/client-management/mdm/policy-csp-admx-dfs.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/08/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_DFS
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DFS policies
+## ADMX_DFS policies
-
@@ -35,7 +35,7 @@ manager: aaroncz
-**ADMX_DFS/DFSDiscoverDC**
+**ADMX_DFS/DFSDiscoverDC**
@@ -61,12 +61,12 @@ manager: aaroncz
-This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network.
-By default, a DFS client attempts to discover domain controllers every 15 minutes.
+This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network.
+By default, a DFS client attempts to discover domain controllers every 15 minutes.
-If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers. This value is specified in minutes.
+If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers. This value is specified in minutes.
-If you disable or don't configure this policy setting, the default value of 15 minutes applies.
+If you disable or don't configure this policy setting, the default value of 15 minutes applies.
> [!NOTE]
> The minimum value you can select is 15 minutes. If you try to set this setting to a value less than 15 minutes, the default value of 15 minutes is applied.
@@ -74,7 +74,7 @@ If you disable or don't configure this policy setting, the default value of 15 m
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure how often a DFS client discovers domain controllers*
- GP name: *DFSDiscoverDC*
- GP path: *Windows Components\ActiveX Installer Service*
diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md
index 4cb25e95d8..a43f70ad88 100644
--- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md
+++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/31/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_DigitalLocker
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DigitalLocker policies
+## ADMX_DigitalLocker policies
-
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1**
+**ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_1**
@@ -76,7 +76,7 @@ If you disable or don't configure this setting, Digital Locker can be run.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow Digital Locker to run*
- GP name: *Digitalx_DiableApplication_TitleText_1*
- GP path: *Windows Components/Digital Locker*
@@ -87,7 +87,7 @@ ADMX Info:
-**ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2**
+**ADMX_DigitalLocker/Digitalx_DiableApplication_TitleText_2**
@@ -125,7 +125,7 @@ If you disable or don't configure this setting, Digital Locker can be run.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow Digital Locker to run*
- GP name: *Digitalx_DiableApplication_TitleText_2*
- GP path: *Windows Components/Digital Locker*
diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
index 9262266a8d..fc24e4e3f1 100644
--- a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
+++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/08/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_DiskDiagnostic
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DiskDiagnostic policies
+## ADMX_DiskDiagnostic policies
-
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_DiskDiagnostic/DfdAlertPolicy**
+**ADMX_DiskDiagnostic/DfdAlertPolicy**
@@ -69,11 +69,11 @@ This policy setting substitutes custom alert text in the disk diagnostic message
If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
-If you disable or don't configure this policy setting, Windows displays the default alert text in the disk diagnostic message.
+If you disable or don't configure this policy setting, Windows displays the default alert text in the disk diagnostic message.
-No reboots or service restarts are required for this policy setting to take effect, whereas changes take effect immediately.
+No reboots or service restarts are required for this policy setting to take effect, whereas changes take effect immediately.
-This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed.
+This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed.
The DPS can be configured with the Services snap-in to the Microsoft Management Console.
> [!NOTE]
@@ -82,7 +82,7 @@ The DPS can be configured with the Services snap-in to the Microsoft Management
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure custom alert text*
- GP name: *DfdAlertPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic*
@@ -94,7 +94,7 @@ ADMX Info:
-**ADMX_DiskDiagnostic/WdiScenarioExecutionPolicy**
+**ADMX_DiskDiagnostic/WdiScenarioExecutionPolicy**
@@ -120,27 +120,27 @@ ADMX Info:
-This policy setting determines the execution level for S.M.A.R.T.-based disk diagnostics.
+This policy setting determines the execution level for S.M.A.R.T.-based disk diagnostics.
Self-Monitoring And Reporting Technology (S.M.A.R.T.) is a standard mechanism for storage devices to report faults to Windows. A disk that reports a S.M.A.R.T. fault may need to be repaired or replaced. The Diagnostic Policy Service (DPS) detects and logs S.M.A.R.T. faults to the event log when they occur.
-
-If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss.
-If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken.
+If you enable this policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss.
-If you don't configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
+If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken.
+
+If you don't configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
No reboots or service restarts are required for this policy setting to take effect, whereas changes take effect immediately.
-This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
> [!NOTE]
> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed.
-
+
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure execution level*
- GP name: *WdiScenarioExecutionPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic*
diff --git a/windows/client-management/mdm/policy-csp-admx-disknvcache.md b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
index 92b5a4725e..ac201214f4 100644
--- a/windows/client-management/mdm/policy-csp-admx-disknvcache.md
+++ b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/12/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -18,12 +18,12 @@ manager: aaroncz
-## ADMX_DiskNVCache policies
+## ADMX_DiskNVCache policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -36,14 +36,14 @@ manager: aaroncz
-
ADMX_DiskNVCache/SolidStatePolicy
-
+
-**ADMX_DiskNVCache/BootResumePolicy**
+**ADMX_DiskNVCache/BootResumePolicy**
|Edition|Windows 10|Windows 11|
@@ -68,20 +68,20 @@ manager: aaroncz
-This policy setting turns off the boot and resumes optimizations for the hybrid hard disks in the system.
+This policy setting turns off the boot and resumes optimizations for the hybrid hard disks in the system.
-If you enable this policy setting, the system doesn't use the non-volatile (NV) cache to optimize boot and resume.
+If you enable this policy setting, the system doesn't use the non-volatile (NV) cache to optimize boot and resume.
-The system determines the data that will be stored in the NV cache to optimize boot and resume.
+The system determines the data that will be stored in the NV cache to optimize boot and resume.
-The required data is stored in the NV cache during shutdown and hibernate, respectively. This storage in such a location might cause a slight increase in the time taken for shutdown and hibernate. If you don't configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations.
+The required data is stored in the NV cache during shutdown and hibernate, respectively. This storage in such a location might cause a slight increase in the time taken for shutdown and hibernate. If you don't configure this policy setting, the default behavior is observed and the NV cache is used for boot and resume optimizations.
This policy setting is applicable only if the NV cache feature is on.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off boot and resume optimizations*
- GP name: *BootResumePolicy*
- GP path: *System\Disk NV Cache*
@@ -91,7 +91,7 @@ ADMX Info:
-**ADMX_DiskNVCache/FeatureOffPolicy**
+**ADMX_DiskNVCache/FeatureOffPolicy**
|Edition|Windows 10|Windows 11|
@@ -116,20 +116,20 @@ ADMX Info:
-This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system.
+This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system.
-To check if you have hybrid hard disks in the system, from Device Manager, right-click the disk drive and select Properties. The NV cache can be used to optimize boot and resume by reading data from the cache while the disks are spinning up. The NV cache can also be used to reduce the power consumption of the system by keeping the disks spun down while satisfying reads and writes from the cache.
+To check if you have hybrid hard disks in the system, from Device Manager, right-click the disk drive and select Properties. The NV cache can be used to optimize boot and resume by reading data from the cache while the disks are spinning up. The NV cache can also be used to reduce the power consumption of the system by keeping the disks spun down while satisfying reads and writes from the cache.
-If you enable this policy setting, the system won't manage the NV cache and won't enable NV cache power saving mode.
+If you enable this policy setting, the system won't manage the NV cache and won't enable NV cache power saving mode.
-If you disable this policy setting, the system will manage the NV cache on the disks if the other policy settings for the NV cache are appropriately configured.
+If you disable this policy setting, the system will manage the NV cache on the disks if the other policy settings for the NV cache are appropriately configured.
This policy setting will take effect on next boot. If you don't configure this policy setting, the default behavior is to turn on support for the NV cache.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off non-volatile cache feature*
- GP name: *FeatureOffPolicy*
- GP path: *System\Disk NV Cache*
@@ -141,7 +141,7 @@ ADMX Info:
-**ADMX_DiskNVCache/SolidStatePolicy**
+**ADMX_DiskNVCache/SolidStatePolicy**
|Edition|Windows 10|Windows 11|
@@ -166,13 +166,13 @@ ADMX Info:
-This policy setting turns off the solid state mode for the hybrid hard disks.
+This policy setting turns off the solid state mode for the hybrid hard disks.
-If you enable this policy setting, frequently written files such as the file system metadata and registry may not be stored in the NV cache.
+If you enable this policy setting, frequently written files such as the file system metadata and registry may not be stored in the NV cache.
If you disable this policy setting, the system will store frequently written data into the non-volatile (NV) cache. This storage allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power.
-This can cause increased wear of the NV cache. If you don't configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache.
+This can cause increased wear of the NV cache. If you don't configure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache.
>[!Note]
> This policy setting is applicable only if the NV cache feature is on.
@@ -181,7 +181,7 @@ This can cause increased wear of the NV cache. If you don't configure this poli
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off solid state mode*
- GP name: *SolidStatePolicy*
- GP path: *System\Disk NV Cache*
diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md
index bc75db6e4a..e8fc059eb7 100644
--- a/windows/client-management/mdm/policy-csp-admx-diskquota.md
+++ b/windows/client-management/mdm/policy-csp-admx-diskquota.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/12/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -18,14 +18,14 @@ manager: aaroncz
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DiskQuota policies
+## ADMX_DiskQuota policies
@@ -53,7 +53,7 @@ manager: aaroncz
-**ADMX_DiskQuota/DQ_RemovableMedia**
+**ADMX_DiskQuota/DQ_RemovableMedia**
|Edition|Windows 10|Windows 11|
@@ -78,16 +78,16 @@ manager: aaroncz
-This policy setting extends the disk quota policies in this folder to NTFS file system volumes on the removable media.
+This policy setting extends the disk quota policies in this folder to NTFS file system volumes on the removable media.
-If you disable or don't configure this policy setting, the disk quota policies established in this folder apply to fixed-media NTFS volumes only.
+If you disable or don't configure this policy setting, the disk quota policies established in this folder apply to fixed-media NTFS volumes only.
When this policy setting is applied, the computer will apply the disk quota to both fixed and removable media.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Apply policy to removable media*
- GP name: *DQ_RemovableMedia*
- GP path: *System\Disk Quotas*
@@ -99,7 +99,7 @@ ADMX Info:
-**ADMX_DiskQuota/DQ_Enable**
+**ADMX_DiskQuota/DQ_Enable**
|Edition|Windows 10|Windows 11|
@@ -124,24 +124,24 @@ ADMX Info:
-This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer, and prevents users from changing the setting.
+This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer, and prevents users from changing the setting.
If you enable this policy setting, disk quota management is turned on, and users can't turn it off.
-If you disable the policy setting, disk quota management is turned off, and users can't turn it on. When this policy setting isn't configured then the disk quota management is turned off by default, and the administrators can turn it on.
+If you disable the policy setting, disk quota management is turned off, and users can't turn it on. When this policy setting isn't configured then the disk quota management is turned off by default, and the administrators can turn it on.
To prevent users from changing the setting while a setting is in effect, the system disables the "Enable quota management" option on the Quota tab of NTFS volumes.
-This policy setting turns on disk quota management but doesn't establish or enforce a particular disk quota limit.
+This policy setting turns on disk quota management but doesn't establish or enforce a particular disk quota limit.
-To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit.
+To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit.
To turn on or turn off disk quota management without specifying a setting, in My Computer, right-click the name of an NTFS volume, click Properties, click the Quota tab, and then click "Enable quota management."
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable disk quotas*
- GP name: *DQ_Enable*
- GP path: *System\Disk Quotas*
@@ -154,7 +154,7 @@ ADMX Info:
-**ADMX_DiskQuota/DQ_Enforce**
+**ADMX_DiskQuota/DQ_Enforce**
|Edition|Windows 10|Windows 11|
@@ -179,22 +179,22 @@ ADMX Info:
-This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting.
+This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting.
-If you enable this policy setting, disk quota limits are enforced.
+If you enable this policy setting, disk quota limits are enforced.
-If you disable this policy setting, disk quota limits aren't enforced. When you enable or disable this policy setting, the system disables the "Deny disk space to users exceed quota limit" option on the Quota tab. Therefore, the administrators can't make changes while the setting is in effect.
+If you disable this policy setting, disk quota limits aren't enforced. When you enable or disable this policy setting, the system disables the "Deny disk space to users exceed quota limit" option on the Quota tab. Therefore, the administrators can't make changes while the setting is in effect.
-If you don't configure this policy setting, the disk quota limit isn't enforced by default, but administrators can change the setting. Enforcement is optional. When users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes. However, the users can continue to write to the volume as long as physical space is available.
+If you don't configure this policy setting, the disk quota limit isn't enforced by default, but administrators can change the setting. Enforcement is optional. When users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes. However, the users can continue to write to the volume as long as physical space is available.
-This policy setting overrides user settings that enable or disable quota enforcement on their volumes.
+This policy setting overrides user settings that enable or disable quota enforcement on their volumes.
To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volume as the quota limit.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enforce disk quota limit*
- GP name: *DQ_Enforce*
- GP path: *System\Disk Quotas*
@@ -207,7 +207,7 @@ ADMX Info:
-**ADMX_DiskQuota/DQ_LogEventOverLimit**
+**ADMX_DiskQuota/DQ_LogEventOverLimit**
|Edition|Windows 10|Windows 11|
@@ -232,13 +232,13 @@ ADMX Info:
-This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume, and prevents users from changing the logging setting.
+This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume, and prevents users from changing the logging setting.
-If you enable this policy setting, the system records an event when the user reaches their limit.
+If you enable this policy setting, the system records an event when the user reaches their limit.
-If you disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators can't change the setting while a setting is in effect. If you don't configure this policy setting, no events are recorded, but administrators can use the Quota tab option to change the setting.
+If you disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators can't change the setting while a setting is in effect. If you don't configure this policy setting, no events are recorded, but administrators can use the Quota tab option to change the setting.
-This policy setting is independent of the enforcement policy settings for disk quotas. As a result, you can direct the system to log an event, regardless of whether or not you choose to enforce the disk quota limit. Also, this policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their limit, because their status in the Quota Entries window changes.
+This policy setting is independent of the enforcement policy settings for disk quotas. As a result, you can direct the system to log an event, regardless of whether or not you choose to enforce the disk quota limit. Also, this policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their limit, because their status in the Quota Entries window changes.
To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab.
@@ -246,7 +246,7 @@ To find the logging option, in My Computer, right-click the name of an NTFS file
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Log event when quota limit is exceeded*
- GP name: *DQ_LogEventOverLimit*
- GP path: *System\Disk Quotas*
@@ -258,7 +258,7 @@ ADMX Info:
-**ADMX_DiskQuota/DQ_LogEventOverThreshold**
+**ADMX_DiskQuota/DQ_LogEventOverThreshold**
|Edition|Windows 10|Windows 11|
@@ -283,20 +283,20 @@ ADMX Info:
-This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.
+This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.
If you enable this policy setting, the system records an event.
-If you disable this policy setting, no event is recorded. When you enable or disable this policy setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab so that administrators can't change logging while a policy setting is in effect.
+If you disable this policy setting, no event is recorded. When you enable or disable this policy setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab so that administrators can't change logging while a policy setting is in effect.
-If you don't configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting. This policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their warning level because their status in the Quota Entries window changes.
+If you don't configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting. This policy setting doesn't affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they've reached their warning level because their status in the Quota Entries window changes.
To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quota tab.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Log event when quota warning level is exceeded*
- GP name: *DQ_LogEventOverThreshold*
- GP path: *System\Disk Quotas*
@@ -309,7 +309,7 @@ ADMX Info:
-**ADMX_DiskQuota/DQ_Limit**
+**ADMX_DiskQuota/DQ_Limit**
|Edition|Windows 10|Windows 11|
@@ -334,20 +334,20 @@ ADMX Info:
-This policy setting specifies the default disk quota limit and warning level for new users of the volume.
-This policy setting determines how much disk space can be used by each user on each of the NTFS file system volumes on a computer. It also specifies the warning level, the point at which the user's status in the Quota Entries window changes to indicate that the user is approaching the disk quota limit.
+This policy setting specifies the default disk quota limit and warning level for new users of the volume.
+This policy setting determines how much disk space can be used by each user on each of the NTFS file system volumes on a computer. It also specifies the warning level, the point at which the user's status in the Quota Entries window changes to indicate that the user is approaching the disk quota limit.
-This setting overrides new users’ settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab.
-This policy setting applies to all new users as soon as they write to the volume. It doesn't affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties).
+This setting overrides new users’ settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab.
+This policy setting applies to all new users as soon as they write to the volume. It doesn't affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Volume Properties).
-If you disable or don't configure this policy setting, the disk space available to users isn't limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level. When you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it's reasonable for the range of volumes in the group.
+If you disable or don't configure this policy setting, the disk space available to users isn't limited. The disk quota management feature uses the physical space on each volume as its quota limit and warning level. When you select a limit, remember that the same limit applies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it's reasonable for the range of volumes in the group.
This policy setting is effective only when disk quota management is enabled on the volume. Also, if disk quotas aren't enforced, users can exceed the quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to write to the volume.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify default quota limit and warning level*
- GP name: *DQ_Limit*
- GP path: *System\Disk Quotas*
diff --git a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
index 7efbc6544a..5742590ba3 100644
--- a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
+++ b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 03/22/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_DistributedLinkTracking
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DistributedLinkTracking policies
+## ADMX_DistributedLinkTracking policies
-
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_DistributedLinkTracking/DLT_AllowDomainMode**
+**ADMX_DistributedLinkTracking/DLT_AllowDomainMode**
@@ -62,11 +62,11 @@ manager: aaroncz
-This policy specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on domain controllers.
+This policy specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on domain controllers.
The DLT client enables programs to track linked files that are moved within an NTFS volume, to another NTFS volume on the same computer, or to an NTFS volume on another computer.
-The DLT client can more reliably track links when allowed to use the DLT server.
+The DLT client can more reliably track links when allowed to use the DLT server.
This policy shouldn't be set unless the DLT server is running on all domain controllers in the domain.
> [!NOTE]
@@ -75,7 +75,7 @@ This policy shouldn't be set unless the DLT server is running on all domain cont
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow Distributed Link Tracking clients to use domain resources*
- GP name: *DLT_AllowDomainMode*
- GP path: *Windows\System!DLT_AllowDomainMode*
diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
index 8af9f82bc0..715acff1bb 100644
--- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md
+++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/12/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_DnsClient
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DnsClient policies
+## ADMX_DnsClient policies
-
@@ -99,7 +99,7 @@ manager: aaroncz
-**ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries**
+**ADMX_DnsClient/DNS_AllowFQDNNetBiosQueries**
|Edition|Windows 10|Windows 11|
@@ -134,7 +134,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow NetBT queries for fully qualified domain names*
- GP name: *DNS_AllowFQDNNetBiosQueries*
- GP path: *Network/DNS Client*
@@ -145,7 +145,7 @@ ADMX Info:
-**ADMX_DnsClient/DNS_AppendToMultiLabelName**
+**ADMX_DnsClient/DNS_AppendToMultiLabelName**
|Edition|Windows 10|Windows 11|
@@ -187,7 +187,7 @@ If you don't configure this policy setting, computers will use their local DNS c
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow DNS suffix appending to unqualified multi-label name queries*
- GP name: *DNS_AppendToMultiLabelName*
- GP path: *Network/DNS Client*
@@ -199,7 +199,7 @@ ADMX Info:
-**ADMX_DnsClient/DNS_Domain**
+**ADMX_DnsClient/DNS_Domain**
|Edition|Windows 10|Windows 11|
@@ -226,7 +226,7 @@ ADMX Info:
This policy setting specifies a connection-specific DNS suffix. This policy setting supersedes local connection-specific DNS suffixes, and those configured using DHCP. To use this policy setting, click Enabled, and then enter a string value representing the DNS suffix.
-If you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by computers that receive this policy setting.
+If you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by computers that receive this policy setting.
If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied connection specific DNS suffix, if configured.
@@ -234,7 +234,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Connection-specific DNS suffix*
- GP name: *DNS_Domain*
- GP path: *Network/DNS Client*
@@ -246,7 +246,7 @@ ADMX Info:
-**ADMX_DnsClient/DNS_DomainNameDevolutionLevel**
+**ADMX_DnsClient/DNS_DomainNameDevolutionLevel**
|Edition|Windows 10|Windows 11|
@@ -279,7 +279,7 @@ The DNS client appends DNS suffixes to the single-label, unqualified domain name
Devolution isn't enabled if a global suffix search list is configured using Group Policy.
-If a global suffix search list isn't configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries:
+If a global suffix search list isn't configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries:
- The primary DNS suffix, as specified on the Computer Name tab of the System control panel.
- Each connection-specific DNS suffix, assigned either through DHCP or specified in the DNS suffix for this connection box on the DNS tab in the Advanced TCP/IP Settings dialog box for each connection.
@@ -298,7 +298,7 @@ If you disable this policy setting or don't configure it, DNS clients use the de
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Primary DNS suffix devolution level*
- GP name: *DNS_DomainNameDevolutionLevel*
- GP path: *Network/DNS Client*
@@ -346,7 +346,7 @@ If this policy setting is disabled, or if this policy setting isn't configured,
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off IDN encoding*
- GP name: *DNS_IdnEncoding*
- GP path: *Network/DNS Client*
@@ -393,7 +393,7 @@ If this policy setting is disabled, or if this policy setting isn't configured,
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IDN mapping*
- GP name: *DNS_IdnMapping*
- GP path: *Network/DNS Client*
@@ -434,7 +434,7 @@ This policy setting defines the DNS servers to which a computer sends queries wh
To use this policy setting, click Enabled, and then enter a space-delimited list of IP addresses in the available field. To use this policy setting, you must enter at least one IP address.
-If you enable this policy setting, the list of DNS servers is applied to all network connections used by computers that receive this policy setting.
+If you enable this policy setting, the list of DNS servers is applied to all network connections used by computers that receive this policy setting.
If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied list of DNS servers, if configured.
@@ -442,7 +442,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *DNS servers*
- GP name: *DNS_NameServer*
- GP path: *Network/DNS Client*
@@ -491,7 +491,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prefer link local responses over DNS when received over a network with higher precedence*
- GP name: *DNS_PreferLocalResponsesOverLowerOrderDns*
- GP path: *Network/DNS Client*
@@ -545,7 +545,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Primary DNS suffix*
- GP name: *DNS_PrimaryDnsSuffix*
- GP path: *Network/DNS Client*
@@ -598,7 +598,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Register DNS records with connection-specific DNS suffix*
- GP name: *DNS_RegisterAdapterName*
- GP path: *Network/DNS Client*
@@ -652,7 +652,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Register PTR records*
- GP name: *DNS_RegisterReverseLookup*
- GP path: *Network/DNS Client*
@@ -699,7 +699,7 @@ If you disable this policy setting, computers may not use dynamic DNS registrati
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Dynamic update*
- GP name: *DNS_RegistrationEnabled*
- GP path: *Network/DNS Client*
@@ -750,7 +750,7 @@ If you disable this policy setting, existing (A) resource records that contain c
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Replace addresses in conflicts*
- GP name: *DNS_RegistrationOverwritesInConflict*
- GP path: *Network/DNS Client*
@@ -804,7 +804,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Registration refresh interval*
- GP name: *DNS_RegistrationRefreshInterval*
- GP path: *Network/DNS Client*
@@ -853,7 +853,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *TTL value for A and PTR records*
- GP name: *DNS_RegistrationTtl*
- GP path: *Network/DNS Client*
@@ -906,7 +906,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *DNS suffix search list*
- GP name: *DNS_SearchList*
- GP path: *Network/DNS Client*
@@ -954,7 +954,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off smart multi-homed name resolution*
- GP name: *DNS_SmartMultiHomedNameResolution*
- GP path: *Network/DNS Client*
@@ -993,9 +993,9 @@ ADMX Info:
This policy setting specifies that the DNS client should prefer responses from link local name resolution protocols on non-domain networks over DNS responses when issuing queries for flat names. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT).
-If you enable this policy setting, the DNS client will prefer DNS responses, followed by LLMNR, followed by NetBT for all networks.
+If you enable this policy setting, the DNS client will prefer DNS responses, followed by LLMNR, followed by NetBT for all networks.
-If you disable this policy setting, or if you don't configure this policy setting, the DNS client will prefer link local responses for flat name queries on non-domain networks.
+If you disable this policy setting, or if you don't configure this policy setting, the DNS client will prefer link local responses for flat name queries on non-domain networks.
> [!NOTE]
> This policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured.
@@ -1003,7 +1003,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off smart protocol reordering*
- GP name: *DNS_SmartProtocolReorder*
- GP path: *Network/DNS Client*
@@ -1056,7 +1056,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Update security level*
- GP name: *DNS_UpdateSecurityLevel*
- GP path: *Network/DNS Client*
@@ -1105,7 +1105,7 @@ If you disable this policy setting, or if you don't configure this policy settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Update top level domain zones*
- GP name: *DNS_UpdateTopLevelDomainZones*
- GP path: *Network/DNS Client*
@@ -1170,7 +1170,7 @@ If you disable this policy setting, DNS clients don't attempt to resolve names t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Primary DNS suffix devolution*
- GP name: *DNS_UseDomainNameDevolution*
- GP path: *Network/DNS Client*
@@ -1219,7 +1219,7 @@ If you disable this policy setting, or you don't configure this policy setting,
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off multicast name resolution*
- GP name: *Turn_Off_Multicast*
- GP path: *Network/DNS Client*
diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md
index 920a8c9d98..1389553a9d 100644
--- a/windows/client-management/mdm/policy-csp-admx-dwm.md
+++ b/windows/client-management/mdm/policy-csp-admx-dwm.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/31/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_DWM
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_DWM policies
+## ADMX_DWM policies
-
@@ -51,7 +51,7 @@ manager: aaroncz
-**ADMX_DWM/DwmDefaultColorizationColor_1**
+**ADMX_DWM/DwmDefaultColorizationColor_1**
@@ -77,11 +77,11 @@ manager: aaroncz
-This policy setting controls the default color for window frames when the user doesn't specify a color.
+This policy setting controls the default color for window frames when the user doesn't specify a color.
-If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user doesn't specify a color.
+If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user doesn't specify a color.
-If you disable or don't configure this policy setting, the default internal color is used, if the user doesn't specify a color.
+If you disable or don't configure this policy setting, the default internal color is used, if the user doesn't specify a color.
> [!NOTE]
> This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by users.
@@ -89,7 +89,7 @@ If you disable or don't configure this policy setting, the default internal colo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify a default color*
- GP name: *DwmDefaultColorizationColor_1*
- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
@@ -101,7 +101,7 @@ ADMX Info:
-**ADMX_DWM/DwmDefaultColorizationColor_2**
+**ADMX_DWM/DwmDefaultColorizationColor_2**
@@ -127,11 +127,11 @@ ADMX Info:
-This policy setting controls the default color for window frames when the user doesn't specify a color.
+This policy setting controls the default color for window frames when the user doesn't specify a color.
-If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user doesn't specify a color.
+If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user doesn't specify a color.
-If you disable or don't configure this policy setting, the default internal color is used, if the user doesn't specify a color.
+If you disable or don't configure this policy setting, the default internal color is used, if the user doesn't specify a color.
> [!NOTE]
> This policy setting can be used in conjunction with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by users.
@@ -140,7 +140,7 @@ If you disable or don't configure this policy setting, the default internal colo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify a default color*
- GP name: *DwmDefaultColorizationColor_2*
- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
@@ -151,7 +151,7 @@ ADMX Info:
-**ADMX_DWM/DwmDisallowAnimations_1**
+**ADMX_DWM/DwmDisallowAnimations_1**
@@ -177,11 +177,11 @@ ADMX Info:
-This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows.
+This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows.
-If you enable this policy setting, window animations are turned off.
+If you enable this policy setting, window animations are turned off.
-If you disable or don't configure this policy setting, window animations are turned on.
+If you disable or don't configure this policy setting, window animations are turned on.
Changing this policy setting requires a sign out for it to be applied.
@@ -189,7 +189,7 @@ Changing this policy setting requires a sign out for it to be applied.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow window animations*
- GP name: *DwmDisallowAnimations_1*
- GP path: *Windows Components/Desktop Window Manager*
@@ -200,7 +200,7 @@ ADMX Info:
-**ADMX_DWM/DwmDisallowAnimations_2**
+**ADMX_DWM/DwmDisallowAnimations_2**
@@ -226,11 +226,11 @@ ADMX Info:
-This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows.
+This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows.
-If you enable this policy setting, window animations are turned off.
+If you enable this policy setting, window animations are turned off.
-If you disable or don't configure this policy setting, window animations are turned on.
+If you disable or don't configure this policy setting, window animations are turned on.
Changing this policy setting requires out a sign for it to be applied.
@@ -238,7 +238,7 @@ Changing this policy setting requires out a sign for it to be applied.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow window animations*
- GP name: *DwmDisallowAnimations_2*
- GP path: *Windows Components/Desktop Window Manager*
@@ -249,7 +249,7 @@ ADMX Info:
-**ADMX_DWM/DwmDisallowColorizationColorChanges_1**
+**ADMX_DWM/DwmDisallowColorizationColorChanges_1**
@@ -275,11 +275,11 @@ ADMX Info:
-This policy setting controls the ability to change the color of window frames.
+This policy setting controls the ability to change the color of window frames.
-If you enable this policy setting, you prevent users from changing the default window frame color.
+If you enable this policy setting, you prevent users from changing the default window frame color.
-If you disable or don't configure this policy setting, you allow users to change the default window frame color.
+If you disable or don't configure this policy setting, you allow users to change the default window frame color.
> [!NOTE]
> This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that cannot be changed by users.
@@ -288,7 +288,7 @@ If you disable or don't configure this policy setting, you allow users to change
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow color changes*
- GP name: *DwmDisallowColorizationColorChanges_1*
- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
@@ -299,7 +299,7 @@ ADMX Info:
-**ADMX_DWM/DwmDisallowColorizationColorChanges_2**
+**ADMX_DWM/DwmDisallowColorizationColorChanges_2**
@@ -325,19 +325,19 @@ ADMX Info:
-This policy setting controls the ability to change the color of window frames.
+This policy setting controls the ability to change the color of window frames.
-If you enable this policy setting, you prevent users from changing the default window frame color.
+If you enable this policy setting, you prevent users from changing the default window frame color.
-If you disable or don't configure this policy setting, you allow users to change the default window frame color.
+If you disable or don't configure this policy setting, you allow users to change the default window frame color.
-> [!NOTE]
+> [!NOTE]
> This policy setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for window frames that cannot be changed by users.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow color changes*
- GP name: *DwmDisallowColorizationColorChanges_2*
- GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md
index c08bae6677..ba2cd014d7 100644
--- a/windows/client-management/mdm/policy-csp-admx-eaime.md
+++ b/windows/client-management/mdm/policy-csp-admx-eaime.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/19/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_EAIME
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_EAIME policies
+## ADMX_EAIME policies
-
@@ -69,7 +69,7 @@ manager: aaroncz
-**ADMX_EAIME/L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList**
+**ADMX_EAIME/L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList**
@@ -110,7 +110,7 @@ This policy setting applies to Japanese Microsoft IME only.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not include Non-Publishing Standard Glyph in the candidate list*
- GP name: *L_DoNotIncludeNonPublishingStandardGlyphInTheCandidateList*
- GP path: *Windows Components\IME*
@@ -121,7 +121,7 @@ ADMX Info:
-**ADMX_EAIME/L_RestrictCharacterCodeRangeOfConversion**
+**ADMX_EAIME/L_RestrictCharacterCodeRangeOfConversion**
@@ -174,7 +174,7 @@ This policy setting applies to Japanese Microsoft IME only.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict character code range of conversion*
- GP name: *L_RestrictCharacterCodeRangeOfConversion*
- GP path: *Windows Components\IME*
@@ -185,7 +185,7 @@ ADMX Info:
-**ADMX_EAIME/L_TurnOffCustomDictionary**
+**ADMX_EAIME/L_TurnOffCustomDictionary**
@@ -228,7 +228,7 @@ This policy setting is applied to Japanese Microsoft IME.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off custom dictionary*
- GP name: *L_TurnOffCustomDictionary*
- GP path: *Windows Components\IME*
@@ -239,7 +239,7 @@ ADMX Info:
-**ADMX_EAIME/L_TurnOffHistorybasedPredictiveInput**
+**ADMX_EAIME/L_TurnOffHistorybasedPredictiveInput**
@@ -279,7 +279,7 @@ This policy setting applies to Japanese Microsoft IME only.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off history-based predictive input*
- GP name: *L_TurnOffHistorybasedPredictiveInput*
- GP path: *Windows Components\IME*
@@ -290,7 +290,7 @@ ADMX Info:
-**ADMX_EAIME/L_TurnOffInternetSearchIntegration**
+**ADMX_EAIME/L_TurnOffInternetSearchIntegration**
@@ -333,7 +333,7 @@ This policy setting applies to Japanese Microsoft IME.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Internet search integration*
- GP name: *L_TurnOffInternetSearchIntegration*
- GP path: *Windows Components\IME*
@@ -344,7 +344,7 @@ ADMX Info:
-**ADMX_EAIME/L_TurnOffOpenExtendedDictionary**
+**ADMX_EAIME/L_TurnOffOpenExtendedDictionary**
@@ -384,7 +384,7 @@ This policy setting is applied to Japanese Microsoft IME.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Open Extended Dictionary*
- GP name: *L_TurnOffOpenExtendedDictionary*
- GP path: *Windows Components\IME*
@@ -395,7 +395,7 @@ ADMX Info:
-**ADMX_EAIME/L_TurnOffSavingAutoTuningDataToFile**
+**ADMX_EAIME/L_TurnOffSavingAutoTuningDataToFile**
@@ -433,7 +433,7 @@ This policy setting applies to Japanese Microsoft IME only.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off saving auto-tuning data to file*
- GP name: *L_TurnOffSavingAutoTuningDataToFile*
- GP path: *Windows Components\IME*
@@ -444,7 +444,7 @@ ADMX Info:
-**ADMX_EAIME/L_TurnOnCloudCandidate**
+**ADMX_EAIME/L_TurnOnCloudCandidate**
@@ -484,7 +484,7 @@ This Policy setting applies to Microsoft CHS Pinyin IME and JPN IME.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on cloud candidate*
- GP name: *L_TurnOnCloudCandidate*
- GP path: *Windows Components\IME*
@@ -495,7 +495,7 @@ ADMX Info:
-**ADMX_EAIME/L_TurnOnCloudCandidateCHS**
+**ADMX_EAIME/L_TurnOnCloudCandidateCHS**
@@ -535,7 +535,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on cloud candidate for CHS*
- GP name: *L_TurnOnCloudCandidateCHS*
- GP path: *Windows Components\IME*
@@ -546,7 +546,7 @@ ADMX Info:
-**ADMX_EAIME/L_TurnOnLexiconUpdate**
+**ADMX_EAIME/L_TurnOnLexiconUpdate**
@@ -586,7 +586,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on lexicon update*
- GP name: *L_TurnOnLexiconUpdate*
- GP path: *Windows Components\IME*
@@ -597,7 +597,7 @@ ADMX Info:
-**ADMX_EAIME/L_TurnOnLiveStickers**
+**ADMX_EAIME/L_TurnOnLiveStickers**
@@ -637,7 +637,7 @@ This Policy setting applies only to Microsoft CHS Pinyin IME.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on Live Sticker*
- GP name: *L_TurnOnLiveStickers*
- GP path: *Windows Components\IME*
@@ -648,7 +648,7 @@ ADMX Info:
-**ADMX_EAIME/L_TurnOnMisconversionLoggingForMisconversionReport**
+**ADMX_EAIME/L_TurnOnMisconversionLoggingForMisconversionReport**
@@ -686,7 +686,7 @@ This policy setting applies to Japanese Microsoft IME and Traditional Chinese IM
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on misconversion logging for misconversion report*
- GP name: *L_TurnOnMisconversionLoggingForMisconversionReport*
- GP path: *Windows Components\IME*
diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
index 21c1fdf20f..312784a826 100644
--- a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
+++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/02/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_EncryptFilesonMove
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_EncryptFilesonMove policies
+## ADMX_EncryptFilesonMove policies
-
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_EncryptFilesonMove/NoEncryptOnMove**
+**ADMX_EncryptFilesonMove/NoEncryptOnMove**
@@ -74,7 +74,7 @@ This setting applies only to files moved within a volume. When files are moved t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not automatically encrypt files moved to encrypted folders*
- GP name: *NoEncryptOnMove*
- GP path: *System*
diff --git a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
index 01470abcbe..2cd9d4fc8a 100644
--- a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
+++ b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/23/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_EnhancedStorage
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_EnhancedStorage policies
+## ADMX_EnhancedStorage policies
-
@@ -51,7 +51,7 @@ manager: aaroncz
-**ADMX_EnhancedStorage/ApprovedEnStorDevices**
+**ADMX_EnhancedStorage/ApprovedEnStorDevices**
@@ -86,7 +86,7 @@ If you disable or don't configure this policy setting, all Enhanced Storage devi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure list of Enhanced Storage devices usable on your computer*
- GP name: *ApprovedEnStorDevices*
- GP path: *System\Enhanced Storage Access*
@@ -97,7 +97,7 @@ ADMX Info:
-**ADMX_EnhancedStorage/ApprovedSilos**
+**ADMX_EnhancedStorage/ApprovedSilos**
@@ -132,7 +132,7 @@ If you disable or don't configure this policy setting, all IEEE 1667 silos on En
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure list of IEEE 1667 silos usable on your computer*
- GP name: *ApprovedSilos*
- GP path: *System\Enhanced Storage Access*
@@ -143,7 +143,7 @@ ADMX Info:
-**ADMX_EnhancedStorage/DisablePasswordAuthentication**
+**ADMX_EnhancedStorage/DisablePasswordAuthentication**
@@ -178,7 +178,7 @@ If you disable or don't configure this policy setting, a password can be used to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow password authentication of Enhanced Storage devices*
- GP name: *DisablePasswordAuthentication*
- GP path: *System\Enhanced Storage Access*
@@ -189,7 +189,7 @@ ADMX Info:
-**ADMX_EnhancedStorage/DisallowLegacyDiskDevices**
+**ADMX_EnhancedStorage/DisallowLegacyDiskDevices**
@@ -224,7 +224,7 @@ If you disable or don't configure this policy setting, non-Enhanced Storage remo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow non-Enhanced Storage removable devices*
- GP name: *DisallowLegacyDiskDevices*
- GP path: *System\Enhanced Storage Access*
@@ -235,7 +235,7 @@ ADMX Info:
-**ADMX_EnhancedStorage/LockDeviceOnMachineLock**
+**ADMX_EnhancedStorage/LockDeviceOnMachineLock**
@@ -273,7 +273,7 @@ If you disable or don't configure this policy setting, the Enhanced Storage devi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Lock Enhanced Storage when the computer is locked*
- GP name: *LockDeviceOnMachineLock*
- GP path: *System\Enhanced Storage Access*
@@ -284,7 +284,7 @@ ADMX Info:
-**ADMX_EnhancedStorage/RootHubConnectedEnStorDevices**
+**ADMX_EnhancedStorage/RootHubConnectedEnStorDevices**
@@ -319,7 +319,7 @@ If you disable or don't configure this policy setting, USB Enhanced Storage devi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow only USB root hub connected Enhanced Storage devices*
- GP name: *RootHubConnectedEnStorDevices*
- GP path: *System\Enhanced Storage Access*
diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
index 75e7132a34..99cd501256 100644
--- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/23/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_ErrorReporting policies
+## ADMX_ErrorReporting policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -120,7 +120,7 @@ manager: aaroncz
-**ADMX_ErrorReporting/PCH_AllOrNoneDef**
+**ADMX_ErrorReporting/PCH_AllOrNoneDef**
@@ -161,7 +161,7 @@ For related information, see the Configure Error Reporting and Report Operating
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Default application reporting settings*
- GP name: *PCH_AllOrNoneDef*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -172,7 +172,7 @@ ADMX Info:
-**ADMX_ErrorReporting/PCH_AllOrNoneEx**
+**ADMX_ErrorReporting/PCH_AllOrNoneEx**
@@ -209,7 +209,7 @@ If you disable or don't configure this policy setting, the Default application r
-ADMX Info:
+ADMX Info:
- GP Friendly name: *List of applications to never report errors for*
- GP name: *PCH_AllOrNoneEx*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -220,7 +220,7 @@ ADMX Info:
-**ADMX_ErrorReporting/PCH_AllOrNoneInc**
+**ADMX_ErrorReporting/PCH_AllOrNoneInc**
@@ -267,7 +267,7 @@ This setting will be ignored if the 'Configure Error Reporting' setting is disab
-ADMX Info:
+ADMX Info:
- GP Friendly name: *List of applications to always report errors for*
- GP name: *PCH_AllOrNoneInc*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -278,7 +278,7 @@ ADMX Info:
-**ADMX_ErrorReporting/PCH_ConfigureReport**
+**ADMX_ErrorReporting/PCH_ConfigureReport**
@@ -329,7 +329,7 @@ See related policy settings Display Error Notification (same folder as this poli
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Error Reporting*
- GP name: *PCH_ConfigureReport*
- GP path: *Windows Components\Windows Error Reporting*
@@ -340,7 +340,7 @@ ADMX Info:
-**ADMX_ErrorReporting/PCH_ReportOperatingSystemFaults**
+**ADMX_ErrorReporting/PCH_ReportOperatingSystemFaults**
@@ -379,7 +379,7 @@ See also the Configure Error Reporting policy setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Report operating system errors*
- GP name: *PCH_ReportOperatingSystemFaults*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -390,7 +390,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerArchive_1**
+**ADMX_ErrorReporting/WerArchive_1**
@@ -425,7 +425,7 @@ If you disable or don't configure this policy setting, no Windows Error Reportin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Report Archive*
- GP name: *WerArchive_1*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -436,7 +436,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerArchive_2**
+**ADMX_ErrorReporting/WerArchive_2**
@@ -471,7 +471,7 @@ If you disable or don't configure this policy setting, no Windows Error Reportin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Report Archive*
- GP name: *WerArchive_2*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -482,7 +482,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerAutoApproveOSDumps_1**
+**ADMX_ErrorReporting/WerAutoApproveOSDumps_1**
@@ -517,7 +517,7 @@ If you disable this policy setting, then all memory dumps are uploaded according
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Automatically send memory dumps for OS-generated error reports*
- GP name: *WerAutoApproveOSDumps_1*
- GP path: *Windows Components\Windows Error Reporting*
@@ -528,7 +528,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerAutoApproveOSDumps_2**
+**ADMX_ErrorReporting/WerAutoApproveOSDumps_2**
@@ -561,7 +561,7 @@ If you enable or don't configure this policy setting, any memory dumps generated
If you disable this policy setting, then all memory dumps are uploaded according to the default consent and notification settings.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Automatically send memory dumps for OS-generated error reports*
- GP name: *WerAutoApproveOSDumps_2*
- GP path: *Windows Components\Windows Error Reporting*
@@ -572,7 +572,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerBypassDataThrottling_1**
+**ADMX_ErrorReporting/WerBypassDataThrottling_1**
@@ -607,7 +607,7 @@ If you disable or don't configure this policy setting, WER throttles data by def
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not throttle additional data*
- GP name: *WerBypassDataThrottling_1*
- GP path: *Windows Components\Windows Error Reporting*
@@ -618,7 +618,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerBypassDataThrottling_2**
+**ADMX_ErrorReporting/WerBypassDataThrottling_2**
@@ -653,7 +653,7 @@ If you disable or don't configure this policy setting, WER throttles data by def
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not throttle additional data*
- GP name: *WerBypassDataThrottling_2*
- GP path: *Windows Components\Windows Error Reporting*
@@ -664,7 +664,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerBypassNetworkCostThrottling_1**
+**ADMX_ErrorReporting/WerBypassNetworkCostThrottling_1**
@@ -699,7 +699,7 @@ If you disable or don't configure this policy setting, WER doesn't send data, bu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Send data when on connected to a restricted/costed network*
- GP name: *WerBypassNetworkCostThrottling_1*
- GP path: *Windows Components\Windows Error Reporting*
@@ -710,7 +710,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerBypassNetworkCostThrottling_2**
+**ADMX_ErrorReporting/WerBypassNetworkCostThrottling_2**
@@ -745,7 +745,7 @@ If you disable or don't configure this policy setting, WER doesn't send data, bu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Send data when on connected to a restricted/costed network*
- GP name: *WerBypassNetworkCostThrottling_2*
- GP path: *Windows Components\Windows Error Reporting*
@@ -756,7 +756,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerBypassPowerThrottling_1**
+**ADMX_ErrorReporting/WerBypassPowerThrottling_1**
@@ -791,7 +791,7 @@ If you disable or don't configure this policy setting, WER checks for solutions
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Send additional data when on battery power*
- GP name: *WerBypassPowerThrottling_1*
- GP path: *Windows Components\Windows Error Reporting*
@@ -802,7 +802,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerBypassPowerThrottling_2**
+**ADMX_ErrorReporting/WerBypassPowerThrottling_2**
@@ -837,7 +837,7 @@ If you disable or don't configure this policy setting, WER checks for solutions
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Send additional data when on battery power*
- GP name: *WerBypassPowerThrottling_2*
- GP path: *Windows Components\Windows Error Reporting*
@@ -848,7 +848,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerCER**
+**ADMX_ErrorReporting/WerCER**
@@ -883,7 +883,7 @@ If you disable or don't configure this policy setting, Windows Error Reporting s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Corporate Windows Error Reporting*
- GP name: *WerCER*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -894,7 +894,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerConsentCustomize_1**
+**ADMX_ErrorReporting/WerConsentCustomize_1**
@@ -935,7 +935,7 @@ If you disable or don't configure this policy setting, then the default consent
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Customize consent settings*
- GP name: *WerConsentCustomize_1*
- GP path: *Windows Components\Windows Error Reporting\Consent*
@@ -946,7 +946,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerConsentOverride_1**
+**ADMX_ErrorReporting/WerConsentOverride_1**
@@ -981,7 +981,7 @@ If you disable or don't configure this policy setting, custom consent policy set
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ignore custom consent settings*
- GP name: *WerConsentOverride_1*
- GP path: *Windows Components\Windows Error Reporting\Consent*
@@ -992,7 +992,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerConsentOverride_2**
+**ADMX_ErrorReporting/WerConsentOverride_2**
@@ -1027,7 +1027,7 @@ If you disable or don't configure this policy setting, custom consent policy set
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ignore custom consent settings*
- GP name: *WerConsentOverride_2*
- GP path: *Windows Components\Windows Error Reporting\Consent*
@@ -1038,7 +1038,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerDefaultConsent_1**
+**ADMX_ErrorReporting/WerDefaultConsent_1**
@@ -1078,7 +1078,7 @@ If this policy setting is disabled or not configured, then the consent level def
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Default consent*
- GP name: *WerDefaultConsent_1*
- GP path: *Windows Components\Windows Error Reporting\Consent*
@@ -1089,7 +1089,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerDefaultConsent_2**
+**ADMX_ErrorReporting/WerDefaultConsent_2**
@@ -1129,7 +1129,7 @@ If this policy setting is disabled or not configured, then the consent level def
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Default consent*
- GP name: *WerDefaultConsent_2*
- GP path: *Windows Components\Windows Error Reporting\Consent*
@@ -1140,7 +1140,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerDisable_1**
+**ADMX_ErrorReporting/WerDisable_1**
@@ -1175,7 +1175,7 @@ If you disable or don't configure this policy setting, the Turn off Windows Erro
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable Windows Error Reporting*
- GP name: *WerDisable_1*
- GP path: *Windows Components\Windows Error Reporting*
@@ -1186,7 +1186,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerExlusion_1**
+**ADMX_ErrorReporting/WerExlusion_1**
@@ -1222,7 +1222,7 @@ If you disable or don't configure this policy setting, errors are reported on al
-ADMX Info:
+ADMX Info:
- GP Friendly name: *List of applications to be excluded*
- GP name: *WerExlusion_1*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -1233,7 +1233,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerExlusion_2**
+**ADMX_ErrorReporting/WerExlusion_2**
@@ -1268,7 +1268,7 @@ If you disable or don't configure this policy setting, errors are reported on al
-ADMX Info:
+ADMX Info:
- GP Friendly name: *List of applications to be excluded*
- GP name: *WerExlusion_2*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -1279,7 +1279,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerNoLogging_1**
+**ADMX_ErrorReporting/WerNoLogging_1**
@@ -1314,7 +1314,7 @@ If you disable or don't configure this policy setting, Windows Error Reporting e
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable logging*
- GP name: *WerNoLogging_1*
- GP path: *Windows Components\Windows Error Reporting*
@@ -1325,7 +1325,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerNoLogging_2**
+**ADMX_ErrorReporting/WerNoLogging_2**
@@ -1360,7 +1360,7 @@ If you disable or don't configure this policy setting, Windows Error Reporting e
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable logging*
- GP name: *WerNoLogging_2*
- GP path: *Windows Components\Windows Error Reporting*
@@ -1371,7 +1371,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerNoSecondLevelData_1**
+**ADMX_ErrorReporting/WerNoSecondLevelData_1**
@@ -1406,7 +1406,7 @@ If you disable or don't configure this policy setting, then consent policy setti
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not send additional data*
- GP name: *WerNoSecondLevelData_1*
- GP path: *Windows Components\Windows Error Reporting*
@@ -1417,7 +1417,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerQueue_1**
+**ADMX_ErrorReporting/WerQueue_1**
@@ -1454,7 +1454,7 @@ If you disable or don't configure this policy setting, Windows Error Reporting r
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Report Queue*
- GP name: *WerQueue_1*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -1465,7 +1465,7 @@ ADMX Info:
-**ADMX_ErrorReporting/WerQueue_2**
+**ADMX_ErrorReporting/WerQueue_2**
@@ -1502,7 +1502,7 @@ If you disable or don't configure this policy setting, Windows Error Reporting r
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Report Queue*
- GP name: *WerQueue_2*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
index 627492ca73..69bed35231 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/17/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -18,13 +18,13 @@ manager: aaroncz
-## ADMX_EventForwarding policies
+## ADMX_EventForwarding policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -40,7 +40,7 @@ manager: aaroncz
-**ADMX_EventForwarding/ForwarderResourceUsage**
+**ADMX_EventForwarding/ForwarderResourceUsage**
@@ -78,7 +78,7 @@ This setting applies across all subscriptions for the forwarder (source computer
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure forwarder resource usage*
- GP name: *ForwarderResourceUsage*
- GP path: *Windows Components/Event Forwarding*
@@ -91,7 +91,7 @@ ADMX Info:
-**ADMX_EventForwarding/SubscriptionManager**
+**ADMX_EventForwarding/SubscriptionManager**
@@ -121,7 +121,7 @@ This policy setting allows you to configure the server address, refresh interval
If you enable this policy setting, you can configure the Source Computer to contact a specific FQDN (Fully Qualified Domain Name) or IP Address and request subscription specifics.
-Use the following syntax when using the HTTPS protocol:
+Use the following syntax when using the HTTPS protocol:
``` syntax
Server=https://:5986/wsman/SubscriptionManager/WEC,Refresh=,IssuerCA=.
@@ -135,7 +135,7 @@ If you disable or don't configure this policy setting, the Event Collector compu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure target Subscription Manager*
- GP name: *SubscriptionManager*
- GP path: *Windows Components/Event Forwarding*
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md
index 471b6a5631..10643c83b8 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventlog.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/01/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_EventLog policies
+## ADMX_EventLog policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -96,7 +96,7 @@ manager: aaroncz
-**ADMX_EventLog/Channel_LogEnabled**
+**ADMX_EventLog/Channel_LogEnabled**
@@ -126,7 +126,7 @@ This policy setting turns on logging.
If you enable or don't configure this policy setting, then events can be written to this log.
-If the policy setting is disabled, then no new events can be logged.
+If the policy setting is disabled, then no new events can be logged.
>[!Note]
> Events can always be read from the log, regardless of this policy setting.
@@ -134,7 +134,7 @@ If the policy setting is disabled, then no new events can be logged.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on logging*
- GP name: *Channel_LogEnabled*
- GP path: *Windows Components\Event Log Service\Setup*
@@ -145,7 +145,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_LogFilePath_1**
+**ADMX_EventLog/Channel_LogFilePath_1**
@@ -180,7 +180,7 @@ If you disable or don't configure this policy setting, the Event Log uses the fo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Control the location of the log file*
- GP name: *Channel_LogFilePath_1*
- GP path: *Windows Components\Event Log Service\Application*
@@ -191,7 +191,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_LogFilePath_2**
+**ADMX_EventLog/Channel_LogFilePath_2**
@@ -226,7 +226,7 @@ If you disable or don't configure this policy setting, the Event Log uses the fo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Control the location of the log file*
- GP name: *Channel_LogFilePath_2*
- GP path: *Windows Components\Event Log Service\Security*
@@ -237,7 +237,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_LogFilePath_3**
+**ADMX_EventLog/Channel_LogFilePath_3**
@@ -272,7 +272,7 @@ If you disable or don't configure this policy setting, the Event Log uses the fo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Control the location of the log file*
- GP name: *Channel_LogFilePath_3*
- GP path: *Windows Components\Event Log Service\Setup*
@@ -283,7 +283,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_LogFilePath_4**
+**ADMX_EventLog/Channel_LogFilePath_4**
@@ -318,7 +318,7 @@ If you disable or don't configure this policy setting, the Event Log uses the fo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on logging*
- GP name: *Channel_LogFilePath_4*
- GP path: *Windows Components\Event Log Service\System*
@@ -329,7 +329,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_LogMaxSize_3**
+**ADMX_EventLog/Channel_LogMaxSize_3**
@@ -364,7 +364,7 @@ If you disable or don't configure this policy setting, the maximum size of the l
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the maximum log file size (KB)*
- GP name: *Channel_LogMaxSize_3*
- GP path: *Windows Components\Event Log Service\Setup*
@@ -375,7 +375,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_AutoBackup_1**
+**ADMX_EventLog/Channel_Log_AutoBackup_1**
@@ -412,7 +412,7 @@ If you don't configure this policy setting and the "Retain old events" policy se
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Back up log automatically when full*
- GP name: *Channel_Log_AutoBackup_1*
- GP path: *Windows Components\Event Log Service\Application*
@@ -423,7 +423,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_AutoBackup_2**
+**ADMX_EventLog/Channel_Log_AutoBackup_2**
@@ -460,7 +460,7 @@ If you don't configure this policy setting and the "Retain old events" policy se
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Back up log automatically when full*
- GP name: *Channel_Log_AutoBackup_2*
- GP path: *Windows Components\Event Log Service\Security*
@@ -471,7 +471,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_AutoBackup_3**
+**ADMX_EventLog/Channel_Log_AutoBackup_3**
@@ -508,7 +508,7 @@ If you don't configure this policy setting and the "Retain old events" policy se
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Back up log automatically when full*
- GP name: *Channel_Log_AutoBackup_3*
- GP path: *Windows Components\Event Log Service\Setup*
@@ -519,7 +519,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_AutoBackup_4**
+**ADMX_EventLog/Channel_Log_AutoBackup_4**
@@ -556,7 +556,7 @@ If you don't configure this policy setting and the "Retain old events" policy se
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Back up log automatically when full*
- GP name: *Channel_Log_AutoBackup_4*
- GP path: *Windows Components\Event Log Service\System*
@@ -567,7 +567,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_FileLogAccess_1**
+**ADMX_EventLog/Channel_Log_FileLogAccess_1**
@@ -605,7 +605,7 @@ If you disable or don't configure this policy setting, all authenticated users a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure log access*
- GP name: *Channel_Log_FileLogAccess_1*
- GP path: *Windows Components\Event Log Service\Application*
@@ -616,7 +616,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_FileLogAccess_2**
+**ADMX_EventLog/Channel_Log_FileLogAccess_2**
@@ -654,7 +654,7 @@ If you disable or don't configure this policy setting, only system software and
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure log access*
- GP name: *Channel_Log_FileLogAccess_2*
- GP path: *Windows Components\Event Log Service\Security*
@@ -665,7 +665,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_FileLogAccess_3**
+**ADMX_EventLog/Channel_Log_FileLogAccess_3**
@@ -703,7 +703,7 @@ If you disable or don't configure this policy setting, all authenticated users a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure log access*
- GP name: *Channel_Log_FileLogAccess_3*
- GP path: *Windows Components\Event Log Service\Setup*
@@ -714,7 +714,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_FileLogAccess_4**
+**ADMX_EventLog/Channel_Log_FileLogAccess_4**
@@ -752,7 +752,7 @@ If you disable or don't configure this policy setting, only system software and
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure log access*
- GP name: *Channel_Log_FileLogAccess_4*
- GP path: *Windows Components\Event Log Service\System*
@@ -763,7 +763,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_FileLogAccess_5**
+**ADMX_EventLog/Channel_Log_FileLogAccess_5**
@@ -800,7 +800,7 @@ If you don't configure this policy setting, the previous policy setting configur
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure log access (legacy)*
- GP name: *Channel_Log_FileLogAccess_5*
- GP path: *Windows Components\Event Log Service\Application*
@@ -811,7 +811,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_FileLogAccess_6**
+**ADMX_EventLog/Channel_Log_FileLogAccess_6**
@@ -848,7 +848,7 @@ If you don't configure this policy setting, the previous policy setting configur
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure log access (legacy)*
- GP name: *Channel_Log_FileLogAccess_6*
- GP path: *Windows Components\Event Log Service\Security*
@@ -859,7 +859,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_FileLogAccess_7**
+**ADMX_EventLog/Channel_Log_FileLogAccess_7**
@@ -896,7 +896,7 @@ If you don't configure this policy setting, the previous policy setting configur
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure log access (legacy)*
- GP name: *Channel_Log_FileLogAccess_7*
- GP path: *Windows Components\Event Log Service\Setup*
@@ -907,7 +907,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_FileLogAccess_8**
+**ADMX_EventLog/Channel_Log_FileLogAccess_8**
@@ -944,7 +944,7 @@ If you don't configure this policy setting, the previous policy setting configur
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure log access (legacy)*
- GP name: *Channel_Log_FileLogAccess_8*
- GP path: *Windows Components\Event Log Service\System*
@@ -955,7 +955,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_Retention_2**
+**ADMX_EventLog/Channel_Log_Retention_2**
@@ -993,7 +993,7 @@ If you disable or don't configure this policy setting and a log file reaches its
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Control Event Log behavior when the log file reaches its maximum size*
- GP name: *Channel_Log_Retention_2*
- GP path: *Windows Components\Event Log Service\Security*
@@ -1004,7 +1004,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_Retention_3**
+**ADMX_EventLog/Channel_Log_Retention_3**
@@ -1042,7 +1042,7 @@ If you disable or don't configure this policy setting and a log file reaches its
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Control Event Log behavior when the log file reaches its maximum size*
- GP name: *Channel_Log_Retention_3*
- GP path: *Windows Components\Event Log Service\Setup*
@@ -1053,7 +1053,7 @@ ADMX Info:
-**ADMX_EventLog/Channel_Log_Retention_4**
+**ADMX_EventLog/Channel_Log_Retention_4**
@@ -1092,7 +1092,7 @@ If you disable or don't configure this policy setting and a log file reaches its
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Control Event Log behavior when the log file reaches its maximum size*
- GP name: *Channel_Log_Retention_4*
- GP path: *Windows Components\Event Log Service\System*
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlogging.md b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
index 03921b2021..f3ddf95086 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventlogging.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/12/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_EventLogging
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_EventLogging policies
+## ADMX_EventLogging policies
-
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_EventLogging/EnableProtectedEventLogging**
+**ADMX_EventLogging/EnableProtectedEventLogging**
@@ -62,18 +62,18 @@ manager: aaroncz
-This policy setting lets you configure Protected Event Logging.
+This policy setting lets you configure Protected Event Logging.
-If you enable this policy setting, components that support it will use the certificate you supply to encrypt potentially sensitive event log data before writing it to the event log. Data will be encrypted using the Cryptographic Message Syntax (CMS) standard and the public key you provide.
+If you enable this policy setting, components that support it will use the certificate you supply to encrypt potentially sensitive event log data before writing it to the event log. Data will be encrypted using the Cryptographic Message Syntax (CMS) standard and the public key you provide.
-You can use the `Unprotect-CmsMessage` PowerShell cmdlet to decrypt these encrypted messages, if you have access to the private key corresponding to the public key that they were encrypted with.
+You can use the `Unprotect-CmsMessage` PowerShell cmdlet to decrypt these encrypted messages, if you have access to the private key corresponding to the public key that they were encrypted with.
If you disable or don't configure this policy setting, components won't encrypt event log messages before writing them to the event log.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Protected Event Logging*
- GP name: *EnableProtectedEventLogging*
- GP path: *Windows Components\Event Logging*
diff --git a/windows/client-management/mdm/policy-csp-admx-eventviewer.md b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
index a3979738bd..c1933ed0ae 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventviewer.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/13/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_EventViewer
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_EventViewer policies
+## ADMX_EventViewer policies
-
@@ -42,7 +42,7 @@ manager: aaroncz
-**ADMX_EventViewer/EventViewer_RedirectionProgram**
+**ADMX_EventViewer/EventViewer_RedirectionProgram**
@@ -71,10 +71,10 @@ manager: aaroncz
This program is the one that will be invoked when the user clicks the `events.asp` link.
-
-
+
+
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Events.asp program*
- GP name: *EventViewer_RedirectionProgram*
- GP path: *Windows Components\Event Viewer*
@@ -85,7 +85,7 @@ ADMX Info:
-**ADMX_EventViewer/EventViewer_RedirectionProgramCommandLineParameters**
+**ADMX_EventViewer/EventViewer_RedirectionProgramCommandLineParameters**
@@ -116,7 +116,7 @@ This program specifies the command line parameters that will be passed to the `e
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Events.asp program command line parameters*
- GP name: *EventViewer_RedirectionProgramCommandLineParameters*
- GP path: *Windows Components\Event Viewer*
@@ -127,7 +127,7 @@ ADMX Info:
-**ADMX_EventViewer/EventViewer_RedirectionURL**
+**ADMX_EventViewer/EventViewer_RedirectionURL**
@@ -157,10 +157,10 @@ This URL is the one that will be passed to the Description area in the Event Pro
Change this value if you want to use a different Web server to handle event information requests.
-
+
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Events.asp URL*
- GP name: *EventViewer_RedirectionURL*
- GP path: *Windows Components\Event Viewer*
diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md
index c3be668f23..d4ff8dc1d6 100644
--- a/windows/client-management/mdm/policy-csp-admx-explorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-explorer.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/08/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_Explorer policies
+## ADMX_Explorer policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -48,7 +48,7 @@ manager: aaroncz
-**ADMX_Explorer/AdminInfoUrl**
+**ADMX_Explorer/AdminInfoUrl**
@@ -79,7 +79,7 @@ This policy setting sets the target of the More Information link that will be di
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set a support web page link*
- GP name: *AdminInfoUrl*
- GP path: *Windows Components\File Explorer*
@@ -90,7 +90,7 @@ ADMX Info:
-**ADMX_Explorer/AlwaysShowClassicMenu**
+**ADMX_Explorer/AlwaysShowClassicMenu**
@@ -123,13 +123,13 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting co
If you enable this policy setting, the menu bar will be displayed in File Explorer.
-If you disable or don't configure this policy setting, the menu bar won't be displayed in File Explorer.
+If you disable or don't configure this policy setting, the menu bar won't be displayed in File Explorer.
> [!NOTE]
> When the menu bar is not displayed, users can access the menu bar by pressing the 'ALT' key.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display the menu bar in File Explorer*
- GP name: *AlwaysShowClassicMenu*
- GP path: *Windows Components\File Explorer*
@@ -140,7 +140,7 @@ ADMX Info:
-**ADMX_Explorer/DisableRoamedProfileInit**
+**ADMX_Explorer/DisableRoamedProfileInit**
@@ -173,7 +173,7 @@ If you enable this policy setting on a machine that doesn't contain all programs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not reinitialize a pre-existing roamed user profile when it is loaded on a machine for the first time*
- GP name: *DisableRoamedProfileInit*
- GP path: *Windows Components\File Explorer*
@@ -184,7 +184,7 @@ ADMX Info:
-**ADMX_Explorer/PreventItemCreationInUsersFilesFolder**
+**ADMX_Explorer/PreventItemCreationInUsersFilesFolder**
@@ -222,7 +222,7 @@ If you disable or don't configure this policy setting, users will be able to add
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent users from adding files to the root of their Users Files folder.*
- GP name: *PreventItemCreationInUsersFilesFolder*
- GP path: *Windows Components\File Explorer*
@@ -233,7 +233,7 @@ ADMX Info:
-**ADMX_Explorer/TurnOffSPIAnimations**
+**ADMX_Explorer/TurnOffSPIAnimations**
@@ -259,14 +259,14 @@ ADMX Info:
-This policy is similar to settings directly available to computer users.
+This policy is similar to settings directly available to computer users.
Disabling animations can improve usability for users with some visual disabilities, and also improve performance and battery life in some scenarios.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off common control and window animations*
- GP name: *TurnOffSPIAnimations*
- GP path: *Windows Components\File Explorer*
diff --git a/windows/client-management/mdm/policy-csp-admx-externalboot.md b/windows/client-management/mdm/policy-csp-admx-externalboot.md
index 7d85473280..aa80019348 100644
--- a/windows/client-management/mdm/policy-csp-admx-externalboot.md
+++ b/windows/client-management/mdm/policy-csp-admx-externalboot.md
@@ -8,23 +8,23 @@ ms.technology: windows
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/13/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_ExternalBoot
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## Policy CSP - ADMX_ExternalBoot
+## Policy CSP - ADMX_ExternalBoot
-
@@ -44,7 +44,7 @@ manager: aaroncz
-**ADMX_ExternalBoot/PortableOperatingSystem_Hibernate**
+**ADMX_ExternalBoot/PortableOperatingSystem_Hibernate**
@@ -70,9 +70,9 @@ manager: aaroncz
-This policy specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace.
+This policy specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace.
-If you enable this setting, Windows, when started from a Windows To Go workspace, can hibernate the PC.
+If you enable this setting, Windows, when started from a Windows To Go workspace, can hibernate the PC.
If you disable or don't configure this setting, Windows, when started from a Windows To Go workspace, and can't hibernate the PC.
@@ -81,7 +81,7 @@ If you disable or don't configure this setting, Windows, when started from a Win
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow hibernate (S4) when starting from a Windows To Go workspace*
- GP name: *PortableOperatingSystem_Hibernate*
- GP path: *Windows Components\Portable Operating System*
@@ -93,7 +93,7 @@ ADMX Info:
-**ADMX_ExternalBoot/PortableOperatingSystem_Sleep**
+**ADMX_ExternalBoot/PortableOperatingSystem_Sleep**
@@ -119,16 +119,16 @@ ADMX Info:
-This policy specifies whether the PC can use standby sleep states (S1-S3) when starting from a Windows To Go workspace.
+This policy specifies whether the PC can use standby sleep states (S1-S3) when starting from a Windows To Go workspace.
-If you enable this setting, Windows, when started from a Windows To Go workspace, can't use standby states to make the PC sleep.
+If you enable this setting, Windows, when started from a Windows To Go workspace, can't use standby states to make the PC sleep.
If you disable or don't configure this setting, Windows, when started from a Windows To Go workspace, can use standby states to make the PC sleep.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disallow standby sleep states (S1-S3) when starting from a Windows to Go workspace*
- GP name: *PortableOperatingSystem_Sleep*
- GP path: *Windows Components\Portable Operating System*
@@ -140,7 +140,7 @@ ADMX Info:
-**ADMX_ExternalBoot/PortableOperatingSystem_Launcher**
+**ADMX_ExternalBoot/PortableOperatingSystem_Launcher**
@@ -166,18 +166,18 @@ ADMX Info:
-This policy setting controls whether the PC will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the Windows To Go Startup Options Control Panel item.
+This policy setting controls whether the PC will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the Windows To Go Startup Options Control Panel item.
-If you enable this setting, booting to Windows To Go when a USB device is connected will be enabled, and users won't be able to make changes using the Windows To Go Startup Options Control Panel item.
+If you enable this setting, booting to Windows To Go when a USB device is connected will be enabled, and users won't be able to make changes using the Windows To Go Startup Options Control Panel item.
-If you disable this setting, booting to Windows To Go when a USB device is connected won't be enabled unless a user configures the option manually in the BIOS or other boot order configuration.
+If you disable this setting, booting to Windows To Go when a USB device is connected won't be enabled unless a user configures the option manually in the BIOS or other boot order configuration.
If you don't configure this setting, users who are members of the Administrators group can make changes using the Windows To Go Startup Options Control Panel item.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Windows To Go Default Startup Options*
- GP name: *PortableOperatingSystem_Launcher*
- GP path: *Windows Components\Portable Operating System*
diff --git a/windows/client-management/mdm/policy-csp-admx-filerecovery.md b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
index e81f6e1043..dd97d2502c 100644
--- a/windows/client-management/mdm/policy-csp-admx-filerecovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
@@ -8,17 +8,17 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 03/24/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_FileRecovery
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -33,7 +33,7 @@ manager: aaroncz
-**ADMX_FileRecovery/WdiScenarioExecutionPolicy**
+**ADMX_FileRecovery/WdiScenarioExecutionPolicy**
@@ -65,7 +65,7 @@ manager: aaroncz
-ADMX Info:
+ADMX Info:
- GP ADMX file name: *FileRecovery.admx*
diff --git a/windows/client-management/mdm/policy-csp-admx-filerevocation.md b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
index 6cf18b696b..2d1ca7ea36 100644
--- a/windows/client-management/mdm/policy-csp-admx-filerevocation.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
@@ -8,17 +8,17 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/13/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_FileRevocation
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -34,7 +34,7 @@ manager: aaroncz
-**ADMX_FileRevocation/DelegatedPackageFamilyNames**
+**ADMX_FileRevocation/DelegatedPackageFamilyNames**
@@ -58,14 +58,14 @@ manager: aaroncz
-Windows Runtime applications can protect content that has been associated with an enterprise identifier (EID), but can only revoke access to content it protected. To allow an application to revoke access to all content on the device that is protected by a particular enterprise, add an entry to the list on a new line that contains the enterprise identifier, separated by a comma, and the Package Family Name of the application. The EID must be an internet domain belonging to the enterprise in standard international domain name format.
-Example value: `Contoso.com,ContosoIT.HumanResourcesApp_m5g0r7arhahqy`
+Windows Runtime applications can protect content that has been associated with an enterprise identifier (EID), but can only revoke access to content it protected. To allow an application to revoke access to all content on the device that is protected by a particular enterprise, add an entry to the list on a new line that contains the enterprise identifier, separated by a comma, and the Package Family Name of the application. The EID must be an internet domain belonging to the enterprise in standard international domain name format.
+Example value: `Contoso.com,ContosoIT.HumanResourcesApp_m5g0r7arhahqy`
-If you enable this policy setting, the application identified by the Package Family Name will be permitted to revoke access to all content protected using the specified EID on the device.
+If you enable this policy setting, the application identified by the Package Family Name will be permitted to revoke access to all content protected using the specified EID on the device.
-If you disable or don't configure this policy setting, the only Windows Runtime applications that can revoke access to all enterprise-protected content on the device are Windows Mail and the user-selected mailto protocol handler app.
+If you disable or don't configure this policy setting, the only Windows Runtime applications that can revoke access to all enterprise-protected content on the device are Windows Mail and the user-selected mailto protocol handler app.
-Any other Windows Runtime application will only be able to revoke access to content it protected.
+Any other Windows Runtime application will only be able to revoke access to content it protected.
> [!NOTE]
> Information the user should notice even if skimmingFile revocation applies to all content protected under the same second level domain as the provided enterprise identifier. Therefore, revoking an enterprise ID of `mail.contoso.com` will revoke the user’s access to all content protected under the contoso.com hierarchy.
@@ -73,7 +73,7 @@ Any other Windows Runtime application will only be able to revoke access to cont
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow Windows Runtime apps to revoke enterprise data.*
- GP name: *DelegatedPackageFamilyNames*
- GP path: *Windows Components\File Revocation*
diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
index 5f9d1741bd..8f899f3c25 100644
--- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
+++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/02/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_FileServerVSSProvider
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_FileServerVSSProvider policies
+## ADMX_FileServerVSSProvider policies
-
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_FileServerVSSProvider/Pol_EncryptProtocol**
+**ADMX_FileServerVSSProvider/Pol_EncryptProtocol**
@@ -66,7 +66,7 @@ This policy setting determines whether the RPC protocol messages used by VSS for
VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares.
-By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted.
+By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted.
> [!NOTE]
> To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service.
@@ -74,7 +74,7 @@ By default, the RPC protocol message between File Server VSS provider and File S
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers.*
- GP name: *Pol_EncryptProtocol*
- GP path: *System/File Share Shadow Copy Provider*
diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md
index e5c5587bc2..2d5728c871 100644
--- a/windows/client-management/mdm/policy-csp-admx-filesys.md
+++ b/windows/client-management/mdm/policy-csp-admx-filesys.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/02/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,14 +17,14 @@ manager: aaroncz
-## ADMX_FileSys policies
+## ADMX_FileSys policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
@@ -57,7 +57,7 @@ manager: aaroncz
-**ADMX_FileSys/DisableCompression**
+**ADMX_FileSys/DisableCompression**
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
@@ -81,13 +81,13 @@ manager: aaroncz
-Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files.
+Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow compression on all NTFS volumes*
- GP name: *DisableCompression*
- GP path: *System/Filesystem/NTFS*
@@ -98,7 +98,7 @@ ADMX Info:
-**ADMX_FileSys/DisableDeleteNotification**
+**ADMX_FileSys/DisableDeleteNotification**
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
@@ -131,7 +131,7 @@ A value of 1 will disable delete notifications for all volumes.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable delete notifications on all volumes*
- GP name: *DisableDeleteNotification*
- GP path: *System/Filesystem*
@@ -142,7 +142,7 @@ ADMX Info:
-**ADMX_FileSys/DisableEncryption**
+**ADMX_FileSys/DisableEncryption**
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
@@ -166,12 +166,12 @@ ADMX Info:
-Encryption can add to the processing overhead of filesystem operations.
+Encryption can add to the processing overhead of filesystem operations.
Enabling this setting will prevent access to and creation of encrypted files.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow encryption on all NTFS volumes*
- GP name: *DisableEncryption*
- GP path: *System/Filesystem/NTFS*
@@ -182,7 +182,7 @@ ADMX Info:
-**ADMX_FileSys/EnablePagefileEncryption**
+**ADMX_FileSys/EnablePagefileEncryption**
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
@@ -206,14 +206,14 @@ ADMX Info:
-Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations.
+Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations.
Enabling this setting will cause the page files to be encrypted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable NTFS pagefile encryption*
- GP name: *EnablePagefileEncryption*
- GP path: *System/Filesystem/NTFS*
@@ -224,7 +224,7 @@ ADMX Info:
-**ADMX_FileSys/LongPathsEnabled**
+**ADMX_FileSys/LongPathsEnabled**
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
@@ -248,14 +248,14 @@ ADMX Info:
-Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it.
+Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it.
Enabling this setting will cause the long paths to be accessible within the process.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Win32 long paths*
- GP name: *LongPathsEnabled*
- GP path: *System/Filesystem*
@@ -266,7 +266,7 @@ ADMX Info:
-**ADMX_FileSys/ShortNameCreationSettings**
+**ADMX_FileSys/ShortNameCreationSettings**
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
@@ -292,14 +292,14 @@ ADMX Info:
This policy setting provides control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system.
-If you enable short names on all volumes, then short names will always be generated. If you disable them on all volumes, then they'll never be generated. If you set short name creation to be configurable on a per volume basis, then an on-disk flag will determine whether or not short names are created on a given volume.
+If you enable short names on all volumes, then short names will always be generated. If you disable them on all volumes, then they'll never be generated. If you set short name creation to be configurable on a per volume basis, then an on-disk flag will determine whether or not short names are created on a given volume.
If you disable short name creation on all data volumes, then short names will only be generated for files created on the system volume.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Short name creation options*
- GP name: *ShortNameCreationSettings*
- GP path: *System/Filesystem/NTFS*
@@ -310,7 +310,7 @@ ADMX Info:
-**ADMX_FileSys/SymlinkEvaluation**
+**ADMX_FileSys/SymlinkEvaluation**
|Edition|Windows 10|Windows 11|
@@ -335,7 +335,7 @@ ADMX Info:
-Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links:
+Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links:
- Local Link to a Local Target
- Local Link to a Remote Target
@@ -350,7 +350,7 @@ For more information, see the Windows Help section.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Selectively allow the evaluation of a symbolic link*
- GP name: *SymlinkEvaluation*
- GP path: *System/Filesystem*
@@ -361,7 +361,7 @@ ADMX Info:
-**ADMX_FileSys/TxfDeprecatedFunctionality**
+**ADMX_FileSys/TxfDeprecatedFunctionality**
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
@@ -391,7 +391,7 @@ TXF deprecated features included savepoints, secondary RM, miniversion and roll
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable / disable TXF deprecated features*
- GP name: *TxfDeprecatedFunctionality*
- GP path: *System/Filesystem/NTFS*
diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
index cca8d67c3b..05ff42da70 100644
--- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md
+++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/02/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_FolderRedirection policies
+## ADMX_FolderRedirection policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -54,7 +54,7 @@ manager: aaroncz
-**ADMX_FolderRedirection/DisableFRAdminPin**
+**ADMX_FolderRedirection/DisableFRAdminPin**
|Edition|Windows 10|Windows 11|
@@ -81,12 +81,12 @@ manager: aaroncz
This policy setting allows you to control whether all redirected shell folders, such as Contacts, Documents, Desktop, Favorites, Music, Pictures, Videos, Start Menu, and AppData\Roaming, are available offline by default.
-If you enable this policy setting, users must manually select the files they wish to make available offline.
+If you enable this policy setting, users must manually select the files they wish to make available offline.
-If you disable or don't configure this policy setting, redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline.
+If you disable or don't configure this policy setting, redirected shell folders are automatically made available offline. All subfolders within the redirected folders are also made available offline.
> [!NOTE]
-> This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface.
+> This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface.
>
> Don't enable this policy setting if users will need access to their redirected files if the network or server holding the redirected files becomes unavailable.
>
@@ -95,7 +95,7 @@ If you disable or don't configure this policy setting, redirected shell folders
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not automatically make all redirected folders available offline*
- GP name: *DisableFRAdminPin*
- GP path: *System/Folder Redirection*
@@ -106,7 +106,7 @@ ADMX Info:
-**ADMX_FolderRedirection/DisableFRAdminPinByFolder**
+**ADMX_FolderRedirection/DisableFRAdminPinByFolder**
|Edition|Windows 10|Windows 11|
@@ -145,7 +145,7 @@ If you disable or don't configure this policy setting, all redirected shell fold
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not automatically make specific redirected folders available offline*
- GP name: *DisableFRAdminPinByFolder*
- GP path: *System/Folder Redirection*
@@ -156,7 +156,7 @@ ADMX Info:
-**ADMX_FolderRedirection/FolderRedirectionEnableCacheRename**
+**ADMX_FolderRedirection/FolderRedirectionEnableCacheRename**
@@ -191,7 +191,7 @@ If you disable or don't configure this policy setting, when the path to a redire
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable optimized move of contents in Offline Files cache on Folder Redirection server path change*
- GP name: *FolderRedirectionEnableCacheRename*
- GP path: *System/Folder Redirection*
@@ -202,7 +202,7 @@ ADMX Info:
-**ADMX_FolderRedirection/LocalizeXPRelativePaths_1**
+**ADMX_FolderRedirection/LocalizeXPRelativePaths_1**
@@ -240,7 +240,7 @@ If you disable or not configure this policy setting, Windows Vista, Windows 7, W
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use localized subfolder names when redirecting Start Menu and My Documents*
- GP name: *LocalizeXPRelativePaths_1*
- GP path: *System/Folder Redirection*
@@ -251,7 +251,7 @@ ADMX Info:
-**ADMX_FolderRedirection/LocalizeXPRelativePaths_2**
+**ADMX_FolderRedirection/LocalizeXPRelativePaths_2**
@@ -289,7 +289,7 @@ If you disable or not configure this policy setting, Windows Vista, Windows 7, W
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use localized subfolder names when redirecting Start Menu and My Documents*
- GP name: *LocalizeXPRelativePaths_2*
- GP path: *System/Folder Redirection*
@@ -300,7 +300,7 @@ ADMX Info:
-**ADMX_FolderRedirection/PrimaryComputer_FR_1**
+**ADMX_FolderRedirection/PrimaryComputer_FR_1**
|Edition|Windows 10|Windows 11|
@@ -339,7 +339,7 @@ If you disable or don't configure this policy setting and the user has redirecte
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Redirect folders on primary computers only*
- GP name: *PrimaryComputer_FR_1*
- GP path: *System/Folder Redirection*
@@ -350,7 +350,7 @@ ADMX Info:
-**ADMX_FolderRedirection/PrimaryComputer_FR_2**
+**ADMX_FolderRedirection/PrimaryComputer_FR_2**
|Edition|Windows 10|Windows 11|
@@ -390,7 +390,7 @@ If you disable or don't configure this policy setting and the user has redirecte
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Redirect folders on primary computers only*
- GP name: *PrimaryComputer_FR_2*
- GP path: *System/Folder Redirection*
diff --git a/windows/client-management/mdm/policy-csp-admx-framepanes.md b/windows/client-management/mdm/policy-csp-admx-framepanes.md
index a30e0b8b87..437fd608d9 100644
--- a/windows/client-management/mdm/policy-csp-admx-framepanes.md
+++ b/windows/client-management/mdm/policy-csp-admx-framepanes.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/14/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_FramePanes
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_FramePanes policies
+## ADMX_FramePanes policies
-
@@ -31,14 +31,14 @@ manager: aaroncz
-
ADMX_FramePanes/NoPreviewPane
-
+
-**ADMX_FramePanes/NoReadingPane**
+**ADMX_FramePanes/NoReadingPane**
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
@@ -62,23 +62,23 @@ manager: aaroncz
-This policy setting shows or hides the Details Pane in File Explorer.
+This policy setting shows or hides the Details Pane in File Explorer.
-If you enable this policy setting and configure it to hide the pane, the Details Pane in File Explorer is hidden and can't be turned on by the user.
+If you enable this policy setting and configure it to hide the pane, the Details Pane in File Explorer is hidden and can't be turned on by the user.
-If you enable this policy setting and configure it to show the pane, the Details Pane is always visible and can't be hidden by the user.
+If you enable this policy setting and configure it to show the pane, the Details Pane is always visible and can't be hidden by the user.
> [!NOTE]
-> This has a side effect of not being able to toggle to the Preview Pane since the two can't be displayed at the same time.
+> This has a side effect of not being able to toggle to the Preview Pane since the two can't be displayed at the same time.
If you disable, or don't configure this policy setting, the Details Pane is hidden by default and can be displayed by the user.
This setting is the default policy setting.
-
+
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on or off details pane*
- GP name: *NoReadingPane*
- GP path: *Windows Components\File Explorer\Explorer Frame Pane*
@@ -89,7 +89,7 @@ ADMX Info:
-**ADMX_FramePanes/NoPreviewPane**
+**ADMX_FramePanes/NoPreviewPane**
|Edition|Windows 10|Windows 11|
@@ -114,16 +114,16 @@ ADMX Info:
-Hides the Preview Pane in File Explorer.
+Hides the Preview Pane in File Explorer.
-If you enable this policy setting, the Preview Pane in File Explorer is hidden and can't be turned on by the user.
+If you enable this policy setting, the Preview Pane in File Explorer is hidden and can't be turned on by the user.
If you disable, or don't configure this setting, the Preview Pane is hidden by default and can be displayed by the user.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Preview Pane*
- GP name: *NoPreviewPane*
- GP path: *Windows Components\File Explorer\Explorer Frame Pane*
diff --git a/windows/client-management/mdm/policy-csp-admx-fthsvc.md b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
index d571a60d05..6856dfed28 100644
--- a/windows/client-management/mdm/policy-csp-admx-fthsvc.md
+++ b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/15/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_FTHSVC
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_FTHSVC policies
+## ADMX_FTHSVC policies
-
@@ -35,7 +35,7 @@ manager: aaroncz
-**ADMX_FTHSVC/WdiScenarioExecutionPolicy**
+**ADMX_FTHSVC/WdiScenarioExecutionPolicy**
@@ -61,23 +61,23 @@ manager: aaroncz
-This policy setting permits or prohibits the Diagnostic Policy Service (DPS) from automatically resolving any heap corruption problems.
+This policy setting permits or prohibits the Diagnostic Policy Service (DPS) from automatically resolving any heap corruption problems.
-If you enable this policy setting, the DPS detects, troubleshoots, and attempts to resolve automatically any heap corruption problems.
+If you enable this policy setting, the DPS detects, troubleshoots, and attempts to resolve automatically any heap corruption problems.
-If you disable this policy setting, Windows can't detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS.
+If you disable this policy setting, Windows can't detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS.
-If you don't configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default.
+If you don't configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default.
-This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
-This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed.
-The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
+This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed.
+The DPS can be configured with the Services snap-in to the Microsoft Management Console.
No system restart or service restart is required for this policy setting to take effect: changes take effect immediately.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Scenario Execution Level*
- GP name: *WdiScenarioExecutionPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Fault Tolerant Heap*
diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md
index 51540ef8ab..e4d46bbd5e 100644
--- a/windows/client-management/mdm/policy-csp-admx-globalization.md
+++ b/windows/client-management/mdm/policy-csp-admx-globalization.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/14/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_Globalization policies
+## ADMX_Globalization policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -105,7 +105,7 @@ manager: aaroncz
-**ADMX_Globalization/BlockUserInputMethodsForSignIn**
+**ADMX_Globalization/BlockUserInputMethodsForSignIn**
@@ -143,7 +143,7 @@ If the policy is disabled or not configured, then the user will be able to use i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disallow copying of user input methods to the system account for sign-in*
- GP name: *BlockUserInputMethodsForSignIn*
- GP path: *System\Locale Services*
@@ -154,7 +154,7 @@ ADMX Info:
-**ADMX_Globalization/CustomLocalesNoSelect_1**
+**ADMX_Globalization/CustomLocalesNoSelect_1**
@@ -197,7 +197,7 @@ To set this policy setting on a per-user basis, make sure that you don't configu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disallow selection of Custom Locales*
- GP name: *CustomLocalesNoSelect_1*
- GP path: *System\Locale Services*
@@ -208,7 +208,7 @@ ADMX Info:
-**ADMX_Globalization/CustomLocalesNoSelect_2**
+**ADMX_Globalization/CustomLocalesNoSelect_2**
@@ -251,7 +251,7 @@ To set this policy setting on a per-user basis, make sure that you don't configu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disallow selection of Custom Locales*
- GP name: *CustomLocalesNoSelect_2*
- GP path: *System\Locale Services*
@@ -262,7 +262,7 @@ ADMX Info:
-**ADMX_Globalization/HideAdminOptions**
+**ADMX_Globalization/HideAdminOptions**
@@ -305,7 +305,7 @@ If you disable or don't configure this policy setting, the user can see the Admi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide Regional and Language Options administrative options*
- GP name: *HideAdminOptions*
- GP path: *Control Panel\Regional and Language Options*
@@ -316,7 +316,7 @@ ADMX Info:
-**ADMX_Globalization/HideCurrentLocation**
+**ADMX_Globalization/HideCurrentLocation**
@@ -356,7 +356,7 @@ If you disable or don't configure this policy setting, the user sees the option
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide the geographic location option*
- GP name: *HideCurrentLocation*
- GP path: *Control Panel\Regional and Language Options*
@@ -367,7 +367,7 @@ ADMX Info:
-**ADMX_Globalization/HideLanguageSelection**
+**ADMX_Globalization/HideLanguageSelection**
@@ -406,7 +406,7 @@ If you enable this policy setting, the user doesn't see the option for changing
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide the select language group options*
- GP name: *HideLanguageSelection*
- GP path: *Control Panel\Regional and Language Options*
@@ -417,7 +417,7 @@ ADMX Info:
-**ADMX_Globalization/HideLocaleSelectAndCustomize**
+**ADMX_Globalization/HideLocaleSelectAndCustomize**
@@ -454,7 +454,7 @@ If you disable or don't configure this policy setting, the user sees the regiona
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide user locale selection and customization options*
- GP name: *HideLocaleSelectAndCustomize*
- GP path: *Control Panel\Regional and Language Options*
@@ -465,7 +465,7 @@ ADMX Info:
-**ADMX_Globalization/ImplicitDataCollectionOff_1**
+**ADMX_Globalization/ImplicitDataCollectionOff_1**
@@ -514,7 +514,7 @@ This policy setting is related to the "Turn off handwriting personalization" pol
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off automatic learning*
- GP name: *ImplicitDataCollectionOff_1*
- GP path: *Control Panel\Regional and Language Options\Handwriting personalization*
@@ -525,7 +525,7 @@ ADMX Info:
-**ADMX_Globalization/ImplicitDataCollectionOff_2**
+**ADMX_Globalization/ImplicitDataCollectionOff_2**
@@ -568,13 +568,13 @@ This policy setting is related to the "Turn off handwriting personalization" pol
> [!NOTE]
> The amount of stored ink is limited to 50 MB and the amount of text information to approximately 5 MB. When these limits are reached and new data is collected, old data is deleted to make room for more recent data.
->
+>
> Handwriting personalization works only for Microsoft handwriting recognizers, and not with third-party recognizers.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off automatic learning*
- GP name: *ImplicitDataCollectionOff_2*
- GP path: *Control Panel\Regional and Language Options\Handwriting personalization*
@@ -585,7 +585,7 @@ ADMX Info:
-**ADMX_Globalization/LocaleSystemRestrict**
+**ADMX_Globalization/LocaleSystemRestrict**
@@ -622,7 +622,7 @@ If you disable or don't configure this policy setting, administrators can select
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict system locales*
- GP name: *LocaleSystemRestrict*
- GP path: *System\Locale Services*
@@ -633,7 +633,7 @@ ADMX Info:
-**ADMX_Globalization/LocaleUserRestrict_1**
+**ADMX_Globalization/LocaleUserRestrict_1**
@@ -672,7 +672,7 @@ If you disable or don't configure this policy setting, users can select any loca
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict user locales*
- GP name: *LocaleUserRestrict_1*
- GP path: *System\Locale Services*
@@ -683,7 +683,7 @@ ADMX Info:
-**ADMX_Globalization/LocaleUserRestrict_2**
+**ADMX_Globalization/LocaleUserRestrict_2**
@@ -724,7 +724,7 @@ If this policy setting is enabled at the computer level, it can't be disabled by
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict user locales*
- GP name: *LocaleUserRestrict_2*
- GP path: *System\Locale Services*
@@ -735,7 +735,7 @@ ADMX Info:
-**ADMX_Globalization/LockMachineUILanguage**
+**ADMX_Globalization/LockMachineUILanguage**
@@ -772,7 +772,7 @@ If you disable or don't configure this policy setting, the user can specify whic
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restricts the UI language Windows uses for all logged users*
- GP name: *LockMachineUILanguage*
- GP path: *Control Panel\Regional and Language Options*
@@ -783,7 +783,7 @@ ADMX Info:
-**ADMX_Globalization/LockUserUILanguage**
+**ADMX_Globalization/LockUserUILanguage**
@@ -822,7 +822,7 @@ To enable this policy setting in Windows Server 2003, Windows XP, or Windows 200
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restricts the UI languages Windows should use for the selected user*
- GP name: *LockUserUILanguage*
- GP path: *Control Panel\Regional and Language Options*
@@ -833,7 +833,7 @@ ADMX Info:
-**ADMX_Globalization/PreventGeoIdChange_1**
+**ADMX_Globalization/PreventGeoIdChange_1**
@@ -872,7 +872,7 @@ To set this policy setting on a per-user basis, make sure that the per-computer
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disallow changing of geographic location*
- GP name: *PreventGeoIdChange_1*
- GP path: *System\Locale Services*
@@ -883,7 +883,7 @@ ADMX Info:
-**ADMX_Globalization/PreventGeoIdChange_2**
+**ADMX_Globalization/PreventGeoIdChange_2**
@@ -922,7 +922,7 @@ To set this policy setting on a per-user basis, make sure that the per-computer
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disallow changing of geographic location*
- GP name: *PreventGeoIdChange_2*
- GP path: *System\Locale Services*
@@ -933,7 +933,7 @@ ADMX Info:
-**ADMX_Globalization/PreventUserOverrides_1**
+**ADMX_Globalization/PreventUserOverrides_1**
@@ -976,7 +976,7 @@ To set this policy on a per-user basis, make sure that the per-computer policy i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disallow user override of locale settings*
- GP name: *PreventUserOverrides_1*
- GP path: *System\Locale Services*
@@ -987,7 +987,7 @@ ADMX Info:
-**ADMX_Globalization/PreventUserOverrides_2**
+**ADMX_Globalization/PreventUserOverrides_2**
@@ -1030,7 +1030,7 @@ To set this policy on a per-user basis, make sure that the per-computer policy i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disallow user override of locale settings*
- GP name: *PreventUserOverrides_2*
- GP path: *System\Locale Services*
@@ -1041,7 +1041,7 @@ ADMX Info:
-**ADMX_Globalization/RestrictUILangSelect**
+**ADMX_Globalization/RestrictUILangSelect**
@@ -1078,7 +1078,7 @@ If you disable or don't configure this policy setting, the logged-on user can ac
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict selection of Windows menus and dialogs language*
- GP name: *RestrictUILangSelect*
- GP path: *Control Panel\Regional and Language Options*
@@ -1089,7 +1089,7 @@ ADMX Info:
-**ADMX_Globalization/TurnOffAutocorrectMisspelledWords**
+**ADMX_Globalization/TurnOffAutocorrectMisspelledWords**
@@ -1127,7 +1127,7 @@ The availability and function of this setting is dependent on supported language
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off autocorrect misspelled words*
- GP name: *TurnOffAutocorrectMisspelledWords*
- GP path: *Control Panel\Regional and Language Options*
@@ -1138,7 +1138,7 @@ ADMX Info:
-**ADMX_Globalization/TurnOffHighlightMisspelledWords**
+**ADMX_Globalization/TurnOffHighlightMisspelledWords**
@@ -1177,7 +1177,7 @@ The availability and function of this setting is dependent on supported language
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off highlight misspelled words*
- GP name: *TurnOffHighlightMisspelledWords*
- GP path: *Control Panel\Regional and Language Options*
@@ -1188,7 +1188,7 @@ ADMX Info:
-**ADMX_Globalization/TurnOffInsertSpace**
+**ADMX_Globalization/TurnOffInsertSpace**
@@ -1226,7 +1226,7 @@ The availability and function of this setting is dependent on supported language
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off insert a space after selecting a text prediction*
- GP name: *TurnOffInsertSpace*
- GP path: *Control Panel\Regional and Language Options*
@@ -1237,7 +1237,7 @@ ADMX Info:
-**ADMX_Globalization/TurnOffOfferTextPredictions**
+**ADMX_Globalization/TurnOffOfferTextPredictions**
@@ -1276,7 +1276,7 @@ The availability and function of this setting is dependent on supported language
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off offer text predictions as I type*
- GP name: *TurnOffOfferTextPredictions*
- GP path: *Control Panel\Regional and Language Options*
@@ -1287,7 +1287,7 @@ ADMX Info:
-**ADMX_Globalization/Y2K**
+**ADMX_Globalization/Y2K**
@@ -1326,7 +1326,7 @@ If you disable or don't configure this policy setting, Windows doesn't interpret
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Century interpretation for Year 2000*
- GP name: *Y2K*
- GP path: *System*
diff --git a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
index 986333d80f..9aa335af87 100644
--- a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/21/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_GroupPolicy
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_GroupPolicy policies
+## ADMX_GroupPolicy policies
-
@@ -161,7 +161,7 @@ manager: aaroncz
-**ADMX_GroupPolicy/AllowX-ForestPolicy-and-RUP**
+**ADMX_GroupPolicy/AllowX-ForestPolicy-and-RUP**
@@ -207,7 +207,7 @@ If you disable this policy setting, the behavior is the same as if it isn't conf
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow cross-forest user policy and roaming user profiles*
- GP name: *AllowX-ForestPolicy-and-RUP*
- GP path: *System\Group Policy*
@@ -218,7 +218,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_AppMgmt**
+**ADMX_GroupPolicy/CSE_AppMgmt**
@@ -260,7 +260,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure software Installation policy processing*
- GP name: *CSE_AppMgmt*
- GP path: *System\Group Policy*
@@ -271,7 +271,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_DiskQuota**
+**ADMX_GroupPolicy/CSE_DiskQuota**
@@ -315,7 +315,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure disk quota policy processing*
- GP name: *CSE_DiskQuota*
- GP path: *System\Group Policy*
@@ -326,7 +326,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_EFSRecovery**
+**ADMX_GroupPolicy/CSE_EFSRecovery**
@@ -370,7 +370,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure EFS recovery policy processing*
- GP name: *CSE_EFSRecovery*
- GP path: *System\Group Policy*
@@ -381,7 +381,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_FolderRedirection**
+**ADMX_GroupPolicy/CSE_FolderRedirection**
@@ -423,7 +423,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure folder redirection policy processing*
- GP name: *CSE_FolderRedirection*
- GP path: *System\Group Policy*
@@ -434,7 +434,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_IEM**
+**ADMX_GroupPolicy/CSE_IEM**
@@ -478,7 +478,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Internet Explorer Maintenance policy processing*
- GP name: *CSE_IEM*
- GP path: *System\Group Policy*
@@ -489,7 +489,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_IPSecurity**
+**ADMX_GroupPolicy/CSE_IPSecurity**
@@ -533,7 +533,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure IP security policy processing*
- GP name: *CSE_IPSecurity*
- GP path: *System\Group Policy*
@@ -544,7 +544,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_Registry**
+**ADMX_GroupPolicy/CSE_Registry**
@@ -584,7 +584,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure registry policy processing*
- GP name: *CSE_Registry*
- GP path: *System\Group Policy*
@@ -595,7 +595,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_Scripts**
+**ADMX_GroupPolicy/CSE_Scripts**
@@ -637,7 +637,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure scripts policy processing*
- GP name: *CSE_Scripts*
- GP path: *System\Group Policy*
@@ -648,7 +648,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_Security**
+**ADMX_GroupPolicy/CSE_Security**
@@ -690,7 +690,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure security policy processing*
- GP name: *CSE_Security*
- GP path: *System\Group Policy*
@@ -701,7 +701,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_Wired**
+**ADMX_GroupPolicy/CSE_Wired**
@@ -747,7 +747,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure wired policy processing*
- GP name: *CSE_Wired*
- GP path: *System\Group Policy*
@@ -758,7 +758,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CSE_Wireless**
+**ADMX_GroupPolicy/CSE_Wireless**
@@ -804,7 +804,7 @@ The "Process even if the Group Policy objects have not changed" option updates a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure wireless policy processing*
- GP name: *CSE_Wireless*
- GP path: *System\Group Policy*
@@ -815,7 +815,7 @@ ADMX Info:
-**ADMX_GroupPolicy/CorpConnSyncWaitTime**
+**ADMX_GroupPolicy/CorpConnSyncWaitTime**
@@ -851,7 +851,7 @@ If you disable or don't configure this policy setting, Group Policy will use the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify workplace connectivity wait time for policy processing*
- GP name: *CorpConnSyncWaitTime*
- GP path: *System\Group Policy*
@@ -862,7 +862,7 @@ ADMX Info:
-**ADMX_GroupPolicy/DenyRsopToInteractiveUser_1**
+**ADMX_GroupPolicy/DenyRsopToInteractiveUser_1**
@@ -907,7 +907,7 @@ If you disable or don't configure this policy setting, interactive users can gen
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Determine if interactive users can generate Resultant Set of Policy data*
- GP name: *DenyRsopToInteractiveUser_1*
- GP path: *System\Group Policy*
@@ -918,7 +918,7 @@ ADMX Info:
-**ADMX_GroupPolicy/DenyRsopToInteractiveUser_2**
+**ADMX_GroupPolicy/DenyRsopToInteractiveUser_2**
@@ -963,7 +963,7 @@ If you disable or don't configure this policy setting, interactive users can gen
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Determine if interactive users can generate Resultant Set of Policy data*
- GP name: *DenyRsopToInteractiveUser_2*
- GP path: *System\Group Policy*
@@ -974,7 +974,7 @@ ADMX Info:
-**ADMX_GroupPolicy/DisableAOACProcessing**
+**ADMX_GroupPolicy/DisableAOACProcessing**
@@ -1006,7 +1006,7 @@ This policy setting prevents the Group Policy Client Service from stopping when
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Group Policy Client Service AOAC optimization*
- GP name: *DisableAOACProcessing*
- GP path: *System\Group Policy*
@@ -1017,7 +1017,7 @@ ADMX Info:
-**ADMX_GroupPolicy/DisableAutoADMUpdate**
+**ADMX_GroupPolicy/DisableAutoADMUpdate**
@@ -1064,7 +1064,7 @@ Files will always be copied to the GPO if they have a later timestamp.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off automatic update of ADM files*
- GP name: *DisableAutoADMUpdate*
- GP path: *System\Group Policy*
@@ -1075,7 +1075,7 @@ ADMX Info:
-**ADMX_GroupPolicy/DisableBackgroundPolicy**
+**ADMX_GroupPolicy/DisableBackgroundPolicy**
@@ -1114,7 +1114,7 @@ If you disable or don't configure this policy setting, updates can be applied wh
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off background refresh of Group Policy*
- GP name: *DisableBackgroundPolicy*
- GP path: *System\Group Policy*
@@ -1125,7 +1125,7 @@ ADMX Info:
-**ADMX_GroupPolicy/DisableLGPOProcessing**
+**ADMX_GroupPolicy/DisableLGPOProcessing**
@@ -1166,7 +1166,7 @@ If you disable or don't configure this policy setting, Local GPOs continue to be
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Local Group Policy Objects processing*
- GP name: *DisableLGPOProcessing*
- GP path: *System\Group Policy*
@@ -1177,7 +1177,7 @@ ADMX Info:
-**ADMX_GroupPolicy/DisableUsersFromMachGP**
+**ADMX_GroupPolicy/DisableUsersFromMachGP**
@@ -1221,7 +1221,7 @@ Also, see the "Set Group Policy refresh interval for computers" policy setting t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove users' ability to invoke machine policy refresh*
- GP name: *DisableUsersFromMachGP*
- GP path: *System\Group Policy*
@@ -1232,7 +1232,7 @@ ADMX Info:
-**ADMX_GroupPolicy/EnableCDP**
+**ADMX_GroupPolicy/EnableCDP**
@@ -1270,7 +1270,7 @@ If you don't configure this policy setting, the default behavior depends on the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Continue experiences on this device*
- GP name: *EnableCDP*
- GP path: *System\Group Policy*
@@ -1281,7 +1281,7 @@ ADMX Info:
-**ADMX_GroupPolicy/EnableLogonOptimization**
+**ADMX_GroupPolicy/EnableLogonOptimization**
@@ -1321,7 +1321,7 @@ If you disable this policy setting, the Group Policy client won't cache applicab
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Group Policy Caching*
- GP name: *EnableLogonOptimization*
- GP path: *System\Group Policy*
@@ -1332,7 +1332,7 @@ ADMX Info:
-**ADMX_GroupPolicy/EnableLogonOptimizationOnServerSKU**
+**ADMX_GroupPolicy/EnableLogonOptimizationOnServerSKU**
@@ -1372,7 +1372,7 @@ If you disable or don't configure this policy setting, the Group Policy client w
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Group Policy Caching for Servers*
- GP name: *EnableLogonOptimizationOnServerSKU*
- GP path: *System\Group Policy*
@@ -1383,7 +1383,7 @@ ADMX Info:
-**ADMX_GroupPolicy/EnableMMX**
+**ADMX_GroupPolicy/EnableMMX**
@@ -1421,7 +1421,7 @@ If you don't configure this policy setting, the default behavior depends on the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Phone-PC linking on this device*
- GP name: *EnableMMX*
- GP path: *System\Group Policy*
@@ -1432,7 +1432,7 @@ ADMX Info:
-**ADMX_GroupPolicy/EnforcePoliciesOnly**
+**ADMX_GroupPolicy/EnforcePoliciesOnly**
@@ -1475,7 +1475,7 @@ In Group Policy Object Editor, preferences have a red icon to distinguish them f
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enforce Show Policies Only*
- GP name: *EnforcePoliciesOnly*
- GP path: *System\Group Policy*
@@ -1486,7 +1486,7 @@ ADMX Info:
-**ADMX_GroupPolicy/FontMitigation**
+**ADMX_GroupPolicy/FontMitigation**
@@ -1512,7 +1512,7 @@ ADMX Info:
-This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the %windir%\Fonts directory.
+This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the %windir%\Fonts directory.
This feature can be configured to be in three modes: On, Off, and Audit. By default, it's Off and no fonts are blocked. If you aren't ready to deploy this feature into your organization, you can run it in Audit mode to see if blocking untrusted fonts causes any usability or compatibility issues.
@@ -1520,7 +1520,7 @@ This feature can be configured to be in three modes: On, Off, and Audit. By defa
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Untrusted Font Blocking*
- GP name: *DisableUsersFromMachGP*
- GP path: *System\Mitigation Options*
@@ -1531,7 +1531,7 @@ ADMX Info:
-**ADMX_GroupPolicy/GPDCOptions**
+**ADMX_GroupPolicy/GPDCOptions**
@@ -1576,7 +1576,7 @@ If you disable this setting or don't configure it, the Group Policy Object Edito
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Group Policy domain controller selection*
- GP name: *GPDCOptions*
- GP path: *System\Group Policy*
@@ -1587,7 +1587,7 @@ ADMX Info:
-**ADMX_GroupPolicy/GPTransferRate_1**
+**ADMX_GroupPolicy/GPTransferRate_1**
@@ -1634,7 +1634,7 @@ Also, see the "Do not detect slow network connections" and related policies in C
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Group Policy slow link detection*
- GP name: *GPTransferRate_1*
- GP path: *System\Group Policy*
@@ -1645,7 +1645,7 @@ ADMX Info:
-**ADMX_GroupPolicy/GPTransferRate_2**
+**ADMX_GroupPolicy/GPTransferRate_2**
@@ -1683,7 +1683,7 @@ If you disable this setting or don't configure it, the system uses the default v
This setting appears in the Computer Configuration and User Configuration folders. The setting in Computer Configuration defines a slow link for policies in the Computer Configuration folder. The setting in User Configuration defines a slow link for settings in the User Configuration folder.
-Also, see the "Do not detect slow network connections" and related policies in Computer Configuration\Administrative Templates\System\User Profile.
+Also, see the "Do not detect slow network connections" and related policies in Computer Configuration\Administrative Templates\System\User Profile.
> [!NOTE]
> If the profile server has IP connectivity, the connection speed setting is used. If the profile server doesn't have IP connectivity, the SMB timing is used.
@@ -1692,7 +1692,7 @@ Also, see the "Do not detect slow network connections" and related policies in C
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Group Policy slow link detection*
- GP name: *GPTransferRate_2*
- GP path: *System\Group Policy*
@@ -1703,7 +1703,7 @@ ADMX Info:
-**ADMX_GroupPolicy/GroupPolicyRefreshRate**
+**ADMX_GroupPolicy/GroupPolicyRefreshRate**
@@ -1752,7 +1752,7 @@ This setting is only used when the "Turn off background refresh of Group Policy"
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Group Policy refresh interval for computers*
- GP name: *GroupPolicyRefreshRate*
- GP path: *System\Group Policy*
@@ -1763,7 +1763,7 @@ ADMX Info:
-**ADMX_GroupPolicy/GroupPolicyRefreshRateDC**
+**ADMX_GroupPolicy/GroupPolicyRefreshRateDC**
@@ -1806,7 +1806,7 @@ This setting also lets you specify how much the actual update interval varies. T
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Group Policy refresh interval for domain controllers*
- GP name: *GroupPolicyRefreshRateDC*
- GP path: *System\Group Policy*
@@ -1817,7 +1817,7 @@ ADMX Info:
-**ADMX_GroupPolicy/GroupPolicyRefreshRateUser**
+**ADMX_GroupPolicy/GroupPolicyRefreshRateUser**
@@ -1868,7 +1868,7 @@ This setting also lets you specify how much the actual update interval varies. T
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Group Policy refresh interval for users*
- GP name: *GroupPolicyRefreshRateUser*
- GP path: *System\Group Policy*
@@ -1879,7 +1879,7 @@ ADMX Info:
-**ADMX_GroupPolicy/LogonScriptDelay**
+**ADMX_GroupPolicy/LogonScriptDelay**
@@ -1921,7 +1921,7 @@ If you don't configure this policy setting, Group Policy will wait five minutes
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Logon Script Delay*
- GP name: *LogonScriptDelay*
- GP path: *System\Group Policy*
@@ -1932,7 +1932,7 @@ ADMX Info:
-**ADMX_GroupPolicy/NewGPODisplayName**
+**ADMX_GroupPolicy/NewGPODisplayName**
@@ -1970,7 +1970,7 @@ If this setting is Disabled or Not Configured, the default display name of New G
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set default name for new Group Policy objects*
- GP name: *NewGPODisplayName*
- GP path: *System\Group Policy*
@@ -1981,7 +1981,7 @@ ADMX Info:
-**ADMX_GroupPolicy/NewGPOLinksDisabled**
+**ADMX_GroupPolicy/NewGPOLinksDisabled**
@@ -2017,7 +2017,7 @@ If you disable this setting or don't configure it, new Group Policy object links
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Create new Group Policy Object links disabled by default*
- GP name: *NewGPOLinksDisabled*
- GP path: *System\Group Policy*
@@ -2028,7 +2028,7 @@ ADMX Info:
-**ADMX_GroupPolicy/OnlyUseLocalAdminFiles**
+**ADMX_GroupPolicy/OnlyUseLocalAdminFiles**
@@ -2080,7 +2080,7 @@ If you disable or don't configure this setting, the Group Policy Object Editor s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Always use local ADM files for Group Policy Object Editor*
- GP name: *OnlyUseLocalAdminFiles*
- GP path: *System\Group Policy*
@@ -2091,7 +2091,7 @@ ADMX Info:
-**ADMX_GroupPolicy/ProcessMitigationOptions**
+**ADMX_GroupPolicy/ProcessMitigationOptions**
@@ -2139,7 +2139,7 @@ Setting flags not specified here to any value other than ? results in undefined
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Process Mitigation Options*
- GP name: *ProcessMitigationOptions*
- GP path: *System\Mitigation Options*
@@ -2150,7 +2150,7 @@ ADMX Info:
-**ADMX_GroupPolicy/RSoPLogging**
+**ADMX_GroupPolicy/RSoPLogging**
@@ -2191,7 +2191,7 @@ If you disable or don't configure this setting, RSoP logging is turned on. By de
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Resultant Set of Policy logging*
- GP name: *RSoPLogging*
- GP path: *System\Group Policy*
@@ -2202,7 +2202,7 @@ ADMX Info:
-**ADMX_GroupPolicy/ResetDfsClientInfoDuringRefreshPolicy**
+**ADMX_GroupPolicy/ResetDfsClientInfoDuringRefreshPolicy**
@@ -2234,7 +2234,7 @@ Enabling this setting will cause the Group Policy Client to connect to the same
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable AD/DFS domain controller synchronization during policy refresh*
- GP name: *ResetDfsClientInfoDuringRefreshPolicy*
- GP path: *System\Group Policy*
@@ -2245,7 +2245,7 @@ ADMX Info:
-**ADMX_GroupPolicy/SlowLinkDefaultForDirectAccess**
+**ADMX_GroupPolicy/SlowLinkDefaultForDirectAccess**
@@ -2286,7 +2286,7 @@ If you disable this setting or don't configure it, Group Policy will evaluate th
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Direct Access connections as a fast network connection*
- GP name: *SlowLinkDefaultForDirectAccess*
- GP path: *System\Group Policy*
@@ -2297,7 +2297,7 @@ ADMX Info:
-**ADMX_GroupPolicy/SlowlinkDefaultToAsync**
+**ADMX_GroupPolicy/SlowlinkDefaultToAsync**
@@ -2341,7 +2341,7 @@ If you disable or don't configure this policy setting, detecting a slow network
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Change Group Policy processing to run asynchronously when a slow network connection is detected.*
- GP name: *SlowlinkDefaultToAsync*
- GP path: *System\Group Policy*
@@ -2352,7 +2352,7 @@ ADMX Info:
-**ADMX_GroupPolicy/SyncWaitTime**
+**ADMX_GroupPolicy/SyncWaitTime**
@@ -2388,7 +2388,7 @@ If you disable or don't configure this policy setting, Group Policy will use the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify startup policy processing wait time*
- GP name: *SyncWaitTime*
- GP path: *System\Group Policy*
@@ -2399,7 +2399,7 @@ ADMX Info:
-**ADMX_GroupPolicy/UserPolicyMode**
+**ADMX_GroupPolicy/UserPolicyMode**
@@ -2443,7 +2443,7 @@ If you disable this setting or don't configure it, the user's Group Policy Objec
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure user Group Policy loopback processing mode*
- GP name: *UserPolicyMode*
- GP path: *System\Group Policy*
diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md
index ef05d2efca..5b79e7bc70 100644
--- a/windows/client-management/mdm/policy-csp-admx-help.md
+++ b/windows/client-management/mdm/policy-csp-admx-help.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/03/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Help
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Help policies
+## ADMX_Help policies
-
@@ -44,7 +44,7 @@ manager: aaroncz
-**ADMX_Help/DisableHHDEP**
+**ADMX_Help/DisableHHDEP**
@@ -82,7 +82,7 @@ If you disable or don't configure this policy setting, DEP is turned on for HTML
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Data Execution Prevention for HTML Help Executable*
- GP name: *DisableHHDEP*
- GP path: *System*
@@ -93,7 +93,7 @@ ADMX Info:
-**ADMX_Help/HelpQualifiedRootDir_Comp**
+**ADMX_Help/HelpQualifiedRootDir_Comp**
@@ -143,7 +143,7 @@ For more options, see the "Restrict these programs from being launched from Help
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict potentially unsafe HTML Help functions to specified folders*
- GP name: *HelpQualifiedRootDir_Comp*
- GP path: *System*
@@ -154,7 +154,7 @@ ADMX Info:
-**ADMX_Help/RestrictRunFromHelp**
+**ADMX_Help/RestrictRunFromHelp**
@@ -188,14 +188,14 @@ If you disable or don't configure this policy setting, users can run all applica
> [!NOTE]
> You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\Security Settings.
->
+>
> This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict these programs from being launched from Help*
- GP name: *RestrictRunFromHelp*
- GP path: *System*
@@ -206,7 +206,7 @@ ADMX Info:
-**ADMX_Help/RestrictRunFromHelp_Comp**
+**ADMX_Help/RestrictRunFromHelp_Comp**
@@ -240,13 +240,13 @@ If you disable or don't configure this policy setting, users can run all applica
> [!NOTE]
> You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configuration\Security Settings.
->
+>
> This policy setting is available under Computer Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from Help.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict these programs from being launched from Help*
- GP name: *RestrictRunFromHelp_Comp*
- GP path: *System*
diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
index e013dc38ab..b6f574c6fd 100644
--- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
+++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/03/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_HelpAndSupport
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_HelpAndSupport policies
+## ADMX_HelpAndSupport policies
-
@@ -44,7 +44,7 @@ manager: aaroncz
-**ADMX_HelpAndSupport/ActiveHelp**
+**ADMX_HelpAndSupport/ActiveHelp**
@@ -80,7 +80,7 @@ If you disable or don't configure this policy setting, the default behavior appl
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Active Help*
- GP name: *ActiveHelp*
- GP path: *Windows Components/Online Assistance*
@@ -91,7 +91,7 @@ ADMX Info:
-**ADMX_HelpAndSupport/HPExplicitFeedback**
+**ADMX_HelpAndSupport/HPExplicitFeedback**
@@ -129,7 +129,7 @@ Users can use the control to provide feedback on the quality and usefulness of t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Help Ratings*
- GP name: *HPExplicitFeedback*
- GP path: *System/Internet Communication Management/Internet Communication settings*
@@ -140,7 +140,7 @@ ADMX Info:
-**ADMX_HelpAndSupport/HPImplicitFeedback**
+**ADMX_HelpAndSupport/HPImplicitFeedback**
|Edition|Windows 10|Windows 11|
@@ -175,7 +175,7 @@ If you disable or don't configure this policy setting, users can turn on the Hel
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Help Experience Improvement Program*
- GP name: *HPImplicitFeedback*
- GP path: *System/Internet Communication Management/Internet Communication settings*
@@ -186,7 +186,7 @@ ADMX Info:
-**ADMX_HelpAndSupport/HPOnlineAssistance**
+**ADMX_HelpAndSupport/HPOnlineAssistance**
@@ -222,7 +222,7 @@ If you disable or don't configure this policy setting, users can access online a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows Online*
- GP name: *HPOnlineAssistance*
- GP path: *System/Internet Communication Management/Internet Communication settings*
diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
index ba8121417b..5cca69dccd 100644
--- a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
+++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/15/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_HotSpotAuth
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_HotSpotAuth policies
+## ADMX_HotSpotAuth policies
-
@@ -35,7 +35,7 @@ manager: aaroncz
-**ADMX_HotSpotAuth/HotspotAuth_Enable**
+**ADMX_HotSpotAuth/HotspotAuth_Enable**
@@ -61,20 +61,20 @@ manager: aaroncz
-This policy setting defines whether WLAN hotspots are probed for Wireless Internet Service Provider roaming (WISPr) protocol support.
+This policy setting defines whether WLAN hotspots are probed for Wireless Internet Service Provider roaming (WISPr) protocol support.
-- If a WLAN hotspot supports the WISPr protocol, users can submit credentials when manually connecting to the network.
+- If a WLAN hotspot supports the WISPr protocol, users can submit credentials when manually connecting to the network.
-- If authentication is successful, users will be connected automatically on subsequent attempts. Credentials can also be configured by network operators.
+- If authentication is successful, users will be connected automatically on subsequent attempts. Credentials can also be configured by network operators.
-- If you enable this policy setting, or if you don't configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol support.
+- If you enable this policy setting, or if you don't configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol support.
- If you disable this policy setting, WLAN hotspots aren't probed for WISPr protocol support, and users can only authenticate with WLAN hotspots using a web browser.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Hotspot Authentication*
- GP name: *HotspotAuth_Enable*
- GP path: *Network\Hotspot Authentication*
diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md
index 9e9178ac7a..43f52c3ab7 100644
--- a/windows/client-management/mdm/policy-csp-admx-icm.md
+++ b/windows/client-management/mdm/policy-csp-admx-icm.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/17/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_ICM
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_ICM policies
+## ADMX_ICM policies
-
@@ -110,7 +110,7 @@ manager: aaroncz
-**ADMX_ICM/CEIPEnable**
+**ADMX_ICM/CEIPEnable**
@@ -148,7 +148,7 @@ If you don't configure this policy setting, the administrator can use the Proble
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows Customer Experience Improvement Program*
- GP name: *CEIPEnable*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -159,7 +159,7 @@ ADMX Info:
-**ADMX_ICM/CertMgr_DisableAutoRootUpdates**
+**ADMX_ICM/CertMgr_DisableAutoRootUpdates**
@@ -185,7 +185,7 @@ ADMX Info:
-This policy setting specifies whether to automatically update root certificates using the Windows Update website.
+This policy setting specifies whether to automatically update root certificates using the Windows Update website.
Typically, a certificate is used when you use a secure website or when you send and receive secure email. Anyone can issue certificates, but to have transactions that are as secure as possible, certificates must be issued by a trusted certificate authority (CA). Microsoft has included a list in Windows XP and other products of companies and organizations that it considers trusted authorities.
@@ -197,7 +197,7 @@ If you disable or don't configure this policy setting, your computer will contac
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Automatic Root Certificates Update*
- GP name: *CertMgr_DisableAutoRootUpdates*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -208,7 +208,7 @@ ADMX Info:
-**ADMX_ICM/DisableHTTPPrinting_1**
+**ADMX_ICM/DisableHTTPPrinting_1**
@@ -249,7 +249,7 @@ If you disable or don't configure this policy setting, users can choose to print
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off printing over HTTP*
- GP name: *DisableHTTPPrinting_1*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -260,7 +260,7 @@ ADMX Info:
-**ADMX_ICM/DisableWebPnPDownload_1**
+**ADMX_ICM/DisableWebPnPDownload_1**
@@ -303,7 +303,7 @@ If you disable or don't configure this policy setting, users can download print
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off downloading of print drivers over HTTP*
- GP name: *DisableWebPnPDownload_1*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -314,7 +314,7 @@ ADMX Info:
-**ADMX_ICM/DriverSearchPlaces_DontSearchWindowsUpdate**
+**ADMX_ICM/DriverSearchPlaces_DontSearchWindowsUpdate**
@@ -357,7 +357,7 @@ Also see "Turn off Windows Update device driver search prompt" in "Administrativ
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows Update device driver searching*
- GP name: *DriverSearchPlaces_DontSearchWindowsUpdate*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -368,7 +368,7 @@ ADMX Info:
-**ADMX_ICM/EventViewer_DisableLinks**
+**ADMX_ICM/EventViewer_DisableLinks**
@@ -408,7 +408,7 @@ Also, see "Events.asp URL", "Events.asp program", and "Events.asp Program Comman
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Event Viewer "Events.asp" links*
- GP name: *EventViewer_DisableLinks*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -419,7 +419,7 @@ ADMX Info:
-**ADMX_ICM/HSS_HeadlinesPolicy**
+**ADMX_ICM/HSS_HeadlinesPolicy**
@@ -459,7 +459,7 @@ You might want to enable this policy setting for users who don't have Internet a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Help and Support Center "Did you know?" content*
- GP name: *HSS_HeadlinesPolicy*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -470,7 +470,7 @@ ADMX Info:
-**ADMX_ICM/HSS_KBSearchPolicy**
+**ADMX_ICM/HSS_KBSearchPolicy**
@@ -508,7 +508,7 @@ If you disable or don't configure this policy setting, the Knowledge Base is sea
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Help and Support Center Microsoft Knowledge Base search*
- GP name: *HSS_KBSearchPolicy*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -519,7 +519,7 @@ ADMX Info:
-**ADMX_ICM/InternetManagement_RestrictCommunication_1**
+**ADMX_ICM/InternetManagement_RestrictCommunication_1**
@@ -557,7 +557,7 @@ If you don't configure this policy setting, all of the policy settings in the "I
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict Internet communication*
- GP name: *InternetManagement_RestrictCommunication_1*
- GP path: *System\Internet Communication Management*
@@ -568,7 +568,7 @@ ADMX Info:
-**ADMX_ICM/InternetManagement_RestrictCommunication_2**
+**ADMX_ICM/InternetManagement_RestrictCommunication_2**
@@ -605,7 +605,7 @@ If you don't configure this policy setting, all of the policy settings in the "I
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict Internet communication*
- GP name: *InternetManagement_RestrictCommunication_2*
- GP path: *System\Internet Communication Management*
@@ -616,7 +616,7 @@ ADMX Info:
-**ADMX_ICM/NC_ExitOnISP**
+**ADMX_ICM/NC_ExitOnISP**
@@ -652,7 +652,7 @@ If you disable or don't configure this policy setting, users can connect to Micr
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com*
- GP name: *NC_ExitOnISP*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -663,7 +663,7 @@ ADMX Info:
-**ADMX_ICM/NC_NoRegistration**
+**ADMX_ICM/NC_NoRegistration**
@@ -701,7 +701,7 @@ Registration is optional and involves submitting some personal information to Mi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Registration if URL connection is referring to Microsoft.com*
- GP name: *NC_NoRegistration*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -712,7 +712,7 @@ ADMX Info:
-**ADMX_ICM/PCH_DoNotReport**
+**ADMX_ICM/PCH_DoNotReport**
@@ -746,7 +746,7 @@ If you enable this policy setting, users aren't given the option to report error
If you disable or don't configure this policy setting, the errors may be reported to Microsoft via the Internet or to a corporate file share.
-This policy setting overrides any user setting made from the Control Panel for error reporting.
+This policy setting overrides any user setting made from the Control Panel for error reporting.
Also see the "Configure Error Reporting", "Display Error Notification" and "Disable Windows Error Reporting" policy settings under Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting.
@@ -754,7 +754,7 @@ Also see the "Configure Error Reporting", "Display Error Notification" and "Disa
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows Error Reporting*
- GP name: *PCH_DoNotReport*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -765,7 +765,7 @@ ADMX Info:
-**ADMX_ICM/RemoveWindowsUpdate_ICM**
+**ADMX_ICM/RemoveWindowsUpdate_ICM**
@@ -804,7 +804,7 @@ If you disable or don't configure this policy setting, users can access the Wind
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off access to all Windows Update features*
- GP name: *RemoveWindowsUpdate_ICM*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -815,7 +815,7 @@ ADMX Info:
-**ADMX_ICM/SearchCompanion_DisableFileUpdates**
+**ADMX_ICM/SearchCompanion_DisableFileUpdates**
@@ -856,7 +856,7 @@ If you disable or don't configure this policy setting, Search Companion download
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Search Companion content file updates*
- GP name: *SearchCompanion_DisableFileUpdates*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -867,7 +867,7 @@ ADMX Info:
-**ADMX_ICM/ShellNoUseInternetOpenWith_1**
+**ADMX_ICM/ShellNoUseInternetOpenWith_1**
@@ -905,7 +905,7 @@ If you disable or don't configure this policy setting, the user is allowed to us
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Internet File Association service*
- GP name: *ShellNoUseInternetOpenWith_1*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -916,7 +916,7 @@ ADMX Info:
-**ADMX_ICM/ShellNoUseInternetOpenWith_2**
+**ADMX_ICM/ShellNoUseInternetOpenWith_2**
@@ -954,7 +954,7 @@ If you disable or don't configure this policy setting, the user is allowed to us
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Internet File Association service*
- GP name: *ShellNoUseInternetOpenWith_2*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -965,7 +965,7 @@ ADMX Info:
-**ADMX_ICM/ShellNoUseStoreOpenWith_1**
+**ADMX_ICM/ShellNoUseStoreOpenWith_1**
@@ -1003,7 +1003,7 @@ If you disable or don't configure this policy setting, the user is allowed to us
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off access to the Store*
- GP name: *ShellNoUseStoreOpenWith_1*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -1014,7 +1014,7 @@ ADMX Info:
-**ADMX_ICM/ShellNoUseStoreOpenWith_2**
+**ADMX_ICM/ShellNoUseStoreOpenWith_2**
@@ -1052,7 +1052,7 @@ If you disable or don't configure this policy setting, the user is allowed to us
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off access to the Store*
- GP name: *ShellNoUseStoreOpenWith_2*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -1063,7 +1063,7 @@ ADMX Info:
-**ADMX_ICM/ShellPreventWPWDownload_1**
+**ADMX_ICM/ShellPreventWPWDownload_1**
@@ -1101,7 +1101,7 @@ For more information, including details on specifying service providers in the r
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Internet download for Web publishing and online ordering wizards*
- GP name: *ShellPreventWPWDownload_1*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -1112,7 +1112,7 @@ ADMX Info:
-**ADMX_ICM/ShellRemoveOrderPrints_1**
+**ADMX_ICM/ShellRemoveOrderPrints_1**
@@ -1148,7 +1148,7 @@ If you disable or don't configure this policy setting, the task is displayed.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the "Order Prints" picture task*
- GP name: *ShellRemoveOrderPrints_1*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -1159,7 +1159,7 @@ ADMX Info:
-**ADMX_ICM/ShellRemoveOrderPrints_2**
+**ADMX_ICM/ShellRemoveOrderPrints_2**
@@ -1197,7 +1197,7 @@ If you disable or don't configure this policy setting, the task is displayed.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the "Order Prints" picture task*
- GP name: *ShellRemoveOrderPrints_2*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -1208,7 +1208,7 @@ ADMX Info:
-**ADMX_ICM/ShellRemovePublishToWeb_1**
+**ADMX_ICM/ShellRemovePublishToWeb_1**
@@ -1244,7 +1244,7 @@ If you enable this policy setting, these tasks are removed from the File and Fol
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the "Publish to Web" task for files and folders*
- GP name: *ShellRemovePublishToWeb_1*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -1255,7 +1255,7 @@ ADMX Info:
-**ADMX_ICM/ShellRemovePublishToWeb_2**
+**ADMX_ICM/ShellRemovePublishToWeb_2**
@@ -1293,7 +1293,7 @@ If you disable or don't configure this policy setting, the tasks are shown.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the "Publish to Web" task for files and folders*
- GP name: *ShellRemovePublishToWeb_2*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -1304,7 +1304,7 @@ ADMX Info:
-**ADMX_ICM/WinMSG_NoInstrumentation_1**
+**ADMX_ICM/WinMSG_NoInstrumentation_1**
@@ -1344,7 +1344,7 @@ If you disable this policy setting, Windows Messenger collects anonymous usage i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the Windows Messenger Customer Experience Improvement Program*
- GP name: *WinMSG_NoInstrumentation_1*
- GP path: *System\Internet Communication Management\Internet Communication settings*
@@ -1355,7 +1355,7 @@ ADMX Info:
-**ADMX_ICM/WinMSG_NoInstrumentation_2**
+**ADMX_ICM/WinMSG_NoInstrumentation_2**
@@ -1397,7 +1397,7 @@ If you don't configure this policy setting, users have the choice to opt in and
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the Windows Messenger Customer Experience Improvement Program*
- GP name: *WinMSG_NoInstrumentation_2*
- GP path: *System\Internet Communication Management\Internet Communication settings*
diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md
index cdae65ef17..5fe898725d 100644
--- a/windows/client-management/mdm/policy-csp-admx-iis.md
+++ b/windows/client-management/mdm/policy-csp-admx-iis.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/17/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_IIS
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_IIS policies
+## ADMX_IIS policies
-
@@ -35,7 +35,7 @@ manager: aaroncz
-**ADMX_IIS/PreventIISInstall**
+**ADMX_IIS/PreventIISInstall**
@@ -61,11 +61,11 @@ manager: aaroncz
-This policy setting prevents installation of Internet Information Services (IIS) on this computer.
+This policy setting prevents installation of Internet Information Services (IIS) on this computer.
-If you enable this policy setting, Internet Information Services (IIS) can't be installed, and you'll not be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS can't be installed because of this Group Policy setting.
+If you enable this policy setting, Internet Information Services (IIS) can't be installed, and you'll not be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS can't be installed because of this Group Policy setting.
-Enabling this setting won't have any effect on IIS, if IIS is already installed on the computer.
+Enabling this setting won't have any effect on IIS, if IIS is already installed on the computer.
If you disable or don't configure this policy setting, IIS can be installed, and all the programs and applications that require IIS to run."
@@ -73,7 +73,7 @@ If you disable or don't configure this policy setting, IIS can be installed, and
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent IIS installation*
- GP name: *PreventIISInstall*
- GP path: *Windows Components\Internet Information Services*
diff --git a/windows/client-management/mdm/policy-csp-admx-iscsi.md b/windows/client-management/mdm/policy-csp-admx-iscsi.md
index e4938d1f67..222b1c9128 100644
--- a/windows/client-management/mdm/policy-csp-admx-iscsi.md
+++ b/windows/client-management/mdm/policy-csp-admx-iscsi.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/17/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_iSCSI
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_iSCSI policies
+## ADMX_iSCSI policies
-
@@ -42,7 +42,7 @@ manager: aaroncz
-**ADMX_iSCSI/iSCSIGeneral_RestrictAdditionalLogins**
+**ADMX_iSCSI/iSCSIGeneral_RestrictAdditionalLogins**
@@ -68,7 +68,7 @@ manager: aaroncz
-If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed.
+If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed.
If disabled then new iSNS servers may be added and thus new targets discovered via those iSNS servers; existing iSNS servers may be removed.
@@ -76,7 +76,7 @@ If disabled then new iSNS servers may be added and thus new targets discovered v
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow manual configuration of iSNS servers*
- GP name: *iSCSIGeneral_RestrictAdditionalLogins*
- GP path: *System\iSCSI\iSCSI Target Discovery*
@@ -87,7 +87,7 @@ ADMX Info:
-**ADMX_iSCSI/iSCSIGeneral_ChangeIQNName**
+**ADMX_iSCSI/iSCSIGeneral_ChangeIQNName**
@@ -113,14 +113,14 @@ ADMX Info:
-If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed.
+If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed.
If disabled then new target portals may be added and thus new targets discovered on those portals; existing target portals may be removed.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow manual configuration of target portals*
- GP name: *iSCSIGeneral_ChangeIQNName*
- GP path: *System\iSCSI\iSCSI Target Discovery*
@@ -131,7 +131,7 @@ ADMX Info:
-**ADMX_iSCSI/iSCSISecurity_ChangeCHAPSecret**
+**ADMX_iSCSI/iSCSISecurity_ChangeCHAPSecret**
@@ -157,7 +157,7 @@ ADMX Info:
-If enabled then don't allow the initiator CHAP secret to be changed.
+If enabled then don't allow the initiator CHAP secret to be changed.
If disabled then the initiator CHAP secret may be changed.
@@ -165,7 +165,7 @@ If disabled then the initiator CHAP secret may be changed.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow changes to initiator CHAP secret*
- GP name: *iSCSISecurity_ChangeCHAPSecret*
- GP path: *System\iSCSI\iSCSI Security*
diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md
index ec99d97b12..d2b53dc391 100644
--- a/windows/client-management/mdm/policy-csp-admx-kdc.md
+++ b/windows/client-management/mdm/policy-csp-admx-kdc.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/13/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_kdc
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_kdc policies
+## ADMX_kdc policies
-
@@ -51,7 +51,7 @@ manager: aaroncz
-**ADMX_kdc/CbacAndArmor**
+**ADMX_kdc/CbacAndArmor**
@@ -79,20 +79,20 @@ manager: aaroncz
This policy setting allows you to configure a domain controller to support claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication.
-If you enable this policy setting, client computers that support claims and compound authentication for Dynamic Access Control and are Kerberos armor-aware will use this feature for Kerberos authentication messages. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain.
+If you enable this policy setting, client computers that support claims and compound authentication for Dynamic Access Control and are Kerberos armor-aware will use this feature for Kerberos authentication messages. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain.
If you disable or don't configure this policy setting, the domain controller doesn't support claims, compound authentication or armoring.
If you configure the "Not supported" option, the domain controller doesn't support claims, compound authentication or armoring, which is the default behavior for domain controllers running Windows Server 2008 R2 or earlier operating systems.
> [!NOTE]
-> For the following options of this KDC policy to be effective, the Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must be enabled on supported systems. If the Kerberos policy setting isn't enabled, Kerberos authentication messages won't use these features.
+> For the following options of this KDC policy to be effective, the Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must be enabled on supported systems. If the Kerberos policy setting isn't enabled, Kerberos authentication messages won't use these features.
-If you configure "Supported", the domain controller supports claims, compound authentication and Kerberos armoring. The domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic Access Control and Kerberos armoring.
+If you configure "Supported", the domain controller supports claims, compound authentication and Kerberos armoring. The domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic Access Control and Kerberos armoring.
**Domain functional level requirements**
-For the options "Always provide claims" and "Fail unarmored authentication requests", when the domain functional level is set to Windows Server 2008 R2 or earlier, then domain controllers behave as if the "Supported" option is selected.
+For the options "Always provide claims" and "Fail unarmored authentication requests", when the domain functional level is set to Windows Server 2008 R2 or earlier, then domain controllers behave as if the "Supported" option is selected.
When the domain functional level is set to Windows Server 2012 then the domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynamic Access Control and Kerberos armoring, and:
@@ -114,7 +114,7 @@ Impact on domain controller performance when this policy setting is enabled:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *KDC support for claims, compound authentication and Kerberos armoring*
- GP name: *CbacAndArmor*
- GP path: *System/KDC*
@@ -125,7 +125,7 @@ ADMX Info:
-**ADMX_kdc/ForestSearch**
+**ADMX_kdc/ForestSearch**
@@ -163,7 +163,7 @@ To ensure consistent behavior, this policy setting must be supported and set ide
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use forest search order*
- GP name: *ForestSearch*
- GP path: *System/KDC*
@@ -174,7 +174,7 @@ ADMX Info:
-**ADMX_kdc/PKINITFreshness**
+**ADMX_kdc/PKINITFreshness**
@@ -216,7 +216,7 @@ If you disable or not configure this policy setting, then the DC will never offe
-ADMX Info:
+ADMX Info:
- GP Friendly name: *KDC support for PKInit Freshness Extension*
- GP name: *PKINITFreshness*
- GP path: *System/KDC*
@@ -227,7 +227,7 @@ ADMX Info:
-**ADMX_kdc/RequestCompoundId**
+**ADMX_kdc/RequestCompoundId**
@@ -256,9 +256,9 @@ ADMX Info:
This policy setting allows you to configure a domain controller to request compound authentication.
> [!NOTE]
-> For a domain controller to request compound authentication, the policy "KDC support for claims, compound authentication, and Kerberos armoring" must be configured and enabled.
+> For a domain controller to request compound authentication, the policy "KDC support for claims, compound authentication, and Kerberos armoring" must be configured and enabled.
-If you enable this policy setting, domain controllers will request compound authentication. The returned service ticket will contain compound authentication only when the account is explicitly configured. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain.
+If you enable this policy setting, domain controllers will request compound authentication. The returned service ticket will contain compound authentication only when the account is explicitly configured. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain.
If you disable or don't configure this policy setting, domain controllers will return service tickets that contain compound authentication anytime the client sends a compound authentication request regardless of the account configuration.
@@ -266,7 +266,7 @@ If you disable or don't configure this policy setting, domain controllers will r
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Request compound authentication*
- GP name: *RequestCompoundId*
- GP path: *System/KDC*
@@ -277,7 +277,7 @@ ADMX Info:
-**ADMX_kdc/TicketSizeThreshold**
+**ADMX_kdc/TicketSizeThreshold**
@@ -313,7 +313,7 @@ If you disable or don't configure this policy setting, the threshold value defau
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Warning for large Kerberos tickets*
- GP name: *TicketSizeThreshold*
- GP path: *System/KDC*
@@ -324,7 +324,7 @@ ADMX Info:
-**ADMX_kdc/emitlili**
+**ADMX_kdc/emitlili**
@@ -365,7 +365,7 @@ If you disable or don't configure this policy setting, the domain controller doe
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Provide information about previous logons to client computers*
- GP name: *emitlili*
- GP path: *System/KDC*
diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md
index 3cbff4ed32..4f524e196b 100644
--- a/windows/client-management/mdm/policy-csp-admx-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/12/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Kerberos
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Kerberos policies
+## ADMX_Kerberos policies
-
@@ -57,7 +57,7 @@ manager: aaroncz
-**ADMX_Kerberos/AlwaysSendCompoundId**
+**ADMX_Kerberos/AlwaysSendCompoundId**
@@ -86,9 +86,9 @@ manager: aaroncz
This policy setting controls whether a device always sends a compound authentication request when the resource domain requests compound identity.
> [!NOTE]
-> For a domain controller to request compound authentication, the policies "KDC support for claims, compound authentication, and Kerberos armoring" and "Request compound authentication" must be configured and enabled in the resource account domain.
+> For a domain controller to request compound authentication, the policies "KDC support for claims, compound authentication, and Kerberos armoring" and "Request compound authentication" must be configured and enabled in the resource account domain.
-If you enable this policy setting and the resource domain requests compound authentication, devices that support compound authentication always send a compound authentication request.
+If you enable this policy setting and the resource domain requests compound authentication, devices that support compound authentication always send a compound authentication request.
If you disable or don't configure this policy setting and the resource domain requests compound authentication, devices will send a non-compounded authentication request first then a compound authentication request when the service requests compound authentication.
@@ -96,7 +96,7 @@ If you disable or don't configure this policy setting and the resource domain re
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Always send compound authentication first*
- GP name: *AlwaysSendCompoundId*
- GP path: *System\Kerberos*
@@ -107,7 +107,7 @@ ADMX Info:
-**ADMX_Kerberos/DevicePKInitEnabled**
+**ADMX_Kerberos/DevicePKInitEnabled**
@@ -150,7 +150,7 @@ If you don't configure this policy setting, Automatic will be used.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Support device authentication using certificate*
- GP name: *DevicePKInitEnabled*
- GP path: *System\Kerberos*
@@ -161,7 +161,7 @@ ADMX Info:
-**ADMX_Kerberos/HostToRealm**
+**ADMX_Kerberos/HostToRealm**
@@ -199,7 +199,7 @@ If you don't configure this policy setting, the system uses the host name-to-Ker
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define host name-to-Kerberos realm mappings*
- GP name: *HostToRealm*
- GP path: *System\Kerberos*
@@ -210,7 +210,7 @@ ADMX Info:
-**ADMX_Kerberos/KdcProxyDisableServerRevocationCheck**
+**ADMX_Kerberos/KdcProxyDisableServerRevocationCheck**
@@ -238,7 +238,7 @@ ADMX Info:
This policy setting allows you to disable revocation check for the SSL certificate of the targeted KDC proxy server.
-If you enable this policy setting, revocation check for the SSL certificate of the KDC proxy server is ignored by the Kerberos client. This policy setting should only be used in troubleshooting KDC proxy connections.
+If you enable this policy setting, revocation check for the SSL certificate of the KDC proxy server is ignored by the Kerberos client. This policy setting should only be used in troubleshooting KDC proxy connections.
> [!WARNING]
> When revocation check is ignored, the server represented by the certificate isn't guaranteed valid.
@@ -248,7 +248,7 @@ If you disable or don't configure this policy setting, the Kerberos client enfor
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable revocation checking for the SSL certificate of KDC proxy servers*
- GP name: *KdcProxyDisableServerRevocationCheck*
- GP path: *System\Kerberos*
@@ -259,7 +259,7 @@ ADMX Info:
-**ADMX_Kerberos/KdcProxyServer**
+**ADMX_Kerberos/KdcProxyServer**
@@ -295,7 +295,7 @@ If you disable or don't configure this policy setting, the Kerberos client doesn
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify KDC proxy servers for Kerberos clients*
- GP name: *KdcProxyServer*
- GP path: *System\Kerberos*
@@ -306,7 +306,7 @@ ADMX Info:
-**ADMX_Kerberos/MitRealms**
+**ADMX_Kerberos/MitRealms**
@@ -344,7 +344,7 @@ If you don't configure this policy setting, the system uses the interoperable Ke
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define interoperable Kerberos V5 realm settings*
- GP name: *MitRealms*
- GP path: *System\Kerberos*
@@ -355,7 +355,7 @@ ADMX Info:
-**ADMX_Kerberos/ServerAcceptsCompound**
+**ADMX_Kerberos/ServerAcceptsCompound**
@@ -399,7 +399,7 @@ If you don't configure this policy setting, Automatic will be used.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Support compound authentication*
- GP name: *ServerAcceptsCompound*
- GP path: *System\Kerberos*
@@ -410,7 +410,7 @@ ADMX Info:
-**ADMX_Kerberos/StrictTarget**
+**ADMX_Kerberos/StrictTarget**
@@ -446,7 +446,7 @@ If you disable or don't configure this policy setting, any service is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Require strict target SPN match on remote procedure calls*
- GP name: *StrictTarget*
- GP path: *System\Kerberos*
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
index 3fe3659069..dc10178f76 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/13/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_LanmanServer
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_LanmanServer policies
+## ADMX_LanmanServer policies
-
@@ -45,7 +45,7 @@ manager: aaroncz
-**ADMX_LanmanServer/Pol_CipherSuiteOrder**
+**ADMX_LanmanServer/Pol_CipherSuiteOrder**
@@ -77,12 +77,12 @@ If you enable this policy setting, cipher suites are prioritized in the order sp
If you enable this policy setting and don't specify at least one supported cipher suite, or if you disable or don't configure this policy setting, the default cipher suite order is used.
-SMB 3.11 cipher suites:
+SMB 3.11 cipher suites:
- AES_128_GCM
- AES_128_CCM
-SMB 3.0 and 3.02 cipher suites:
+SMB 3.0 and 3.02 cipher suites:
- AES_128_CCM
@@ -97,7 +97,7 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Cipher suite order*
- GP name: *Pol_CipherSuiteOrder*
- GP path: *Network/Lanman Server*
@@ -112,7 +112,7 @@ ADMX Info:
-**ADMX_LanmanServer/Pol_HashPublication**
+**ADMX_LanmanServer/Pol_HashPublication**
@@ -158,7 +158,7 @@ In circumstances where this policy setting is enabled, you can also select the f
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hash Publication for BranchCache*
- GP name: *Pol_HashPublication*
- GP path: *Network/Lanman Server*
@@ -173,7 +173,7 @@ ADMX Info:
-**ADMX_LanmanServer/Pol_HashSupportVersion**
+**ADMX_LanmanServer/Pol_HashSupportVersion**
@@ -199,7 +199,7 @@ ADMX Info:
-This policy setting specifies whether the BranchCache hash generation service supports version 1 (V1) hashes, version 2 (V2) hashes, or both V1 and V2 hashes. Hashes, also called content information, are created based on the data in shared folders where BranchCache is enabled.
+This policy setting specifies whether the BranchCache hash generation service supports version 1 (V1) hashes, version 2 (V2) hashes, or both V1 and V2 hashes. Hashes, also called content information, are created based on the data in shared folders where BranchCache is enabled.
If you specify only one version that is supported, content information for that version is the only type that is generated by BranchCache, and it's the only type of content information that can be retrieved by client computers. For example, if you enable support for V1 hashes, BranchCache generates only V1 hashes and client computers can retrieve only V1 hashes.
@@ -221,7 +221,7 @@ Hash version supported:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hash Version support for BranchCache*
- GP name: *Pol_HashSupportVersion*
- GP path: *Network/Lanman Server*
@@ -232,7 +232,7 @@ ADMX Info:
-**ADMX_LanmanServer/Pol_HonorCipherSuiteOrder**
+**ADMX_LanmanServer/Pol_HonorCipherSuiteOrder**
@@ -271,7 +271,7 @@ If you disable or don't configure this policy setting, the SMB server will selec
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Honor cipher suite order*
- GP name: *Pol_HonorCipherSuiteOrder*
- GP path: *Network/Lanman Server*
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
index 969840fdeb..34e0398ccb 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/08/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_LanmanWorkstation
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_LanmanWorkstation policies
+## ADMX_LanmanWorkstation policies
-
@@ -42,7 +42,7 @@ manager: aaroncz
-**ADMX_LanmanWorkstation/Pol_CipherSuiteOrder**
+**ADMX_LanmanWorkstation/Pol_CipherSuiteOrder**
@@ -99,7 +99,7 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Cipher suite order*
- GP name: *Pol_CipherSuiteOrder*
- GP path: *Network\Lanman Workstation*
@@ -110,7 +110,7 @@ ADMX Info:
-**ADMX_LanmanWorkstation/Pol_EnableHandleCachingForCAFiles**
+**ADMX_LanmanWorkstation/Pol_EnableHandleCachingForCAFiles**
@@ -149,7 +149,7 @@ If you disable or don't configure this policy setting, Windows will prevent use
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Handle Caching on Continuous Availability Shares*
- GP name: *Pol_EnableHandleCachingForCAFiles*
- GP path: *Network\Lanman Workstation*
@@ -160,7 +160,7 @@ ADMX Info:
-**ADMX_LanmanWorkstation/Pol_EnableOfflineFilesforCAShares**
+**ADMX_LanmanWorkstation/Pol_EnableOfflineFilesforCAShares**
@@ -199,7 +199,7 @@ If you disable or don't configure this policy setting, Windows will prevent use
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Offline Files Availability on Continuous Availability Shares*
- GP name: *Pol_EnableOfflineFilesforCAShares*
- GP path: *Network\Lanman Workstation*
diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
index 2f421ddce0..b90860b1c9 100644
--- a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
+++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/17/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_LeakDiagnostic
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_LeakDiagnostic policies
+## ADMX_LeakDiagnostic policies
-
@@ -35,7 +35,7 @@ manager: aaroncz
-**ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy**
+**ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy**
@@ -61,17 +61,17 @@ manager: aaroncz
-This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault.
+This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault.
-If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
+If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters.
-If you disable or don't configure this policy setting, Windows displays the default alert text in the disk diagnostic message.
+If you disable or don't configure this policy setting, Windows displays the default alert text in the disk diagnostic message.
-No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
+No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
-This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed.
+This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios aren't executed.
-The DPS can be configured with the Services snap-in to the Microsoft Management Console.
+The DPS can be configured with the Services snap-in to the Microsoft Management Console.
> [!NOTE]
> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed.
@@ -80,7 +80,7 @@ The DPS can be configured with the Services snap-in to the Microsoft Management
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure custom alert text*
- GP name: *WdiScenarioExecutionPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic*
diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
index ac18bf4c6f..ef3ba218ba 100644
--- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/04/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_LinkLayerTopologyDiscovery
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_LinkLayerTopologyDiscovery policies
+## ADMX_LinkLayerTopologyDiscovery policies
-
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO**
+**ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO**
@@ -77,7 +77,7 @@ If you disable or don't configure this policy setting, the default behavior of L
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on Mapper I/O (LLTDIO) driver*
- GP name: *LLTD_EnableLLTDIO*
- GP path: *Network/Link-Layer Topology Discovery*
@@ -88,7 +88,7 @@ ADMX Info:
-**ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr**
+**ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr**
@@ -126,7 +126,7 @@ If you disable or don't configure this policy setting, the default behavior for
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on Responder (RSPNDR) driver*
- GP name: *LLTD_EnableRspndr*
- GP path: *Network/Link-Layer Topology Discovery*
diff --git a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
index 6557e565a3..7fc5ce709f 100644
--- a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
+++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/20/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -18,15 +18,15 @@ manager: aaroncz
> Some information relates to pre-released products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_LocationProviderAdm policies
+## ADMX_LocationProviderAdm policies
-
@@ -38,7 +38,7 @@ manager: aaroncz
-**ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1**
+**ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1**
@@ -64,16 +64,16 @@ manager: aaroncz
-This policy setting turns off the Windows Location Provider feature for this computer.
+This policy setting turns off the Windows Location Provider feature for this computer.
-- If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer won't be able to use the Windows Location Provider feature.
+- If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer won't be able to use the Windows Location Provider feature.
- If you disable or don't configure this policy setting, all programs on this computer can use the Windows Location Provider feature.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows Location Provider*
- GP name: *DisableWindowsLocationProvider_1*
- GP path: *Windows Components\Location and Sensors\Windows Location Provider*
diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md
index 3386f503ec..3c827dc424 100644
--- a/windows/client-management/mdm/policy-csp-admx-logon.md
+++ b/windows/client-management/mdm/policy-csp-admx-logon.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/21/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Logon
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Logon policies
+## ADMX_Logon policies
-
@@ -78,7 +78,7 @@ manager: aaroncz
-**ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin**
+**ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin**
@@ -113,7 +113,7 @@ If you disable or don't configure this policy setting, the user may choose to sh
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Block user from showing account details on sign-in*
- GP name: *BlockUserFromShowingAccountDetailsOnSignin*
- GP path: *System\Logon*
@@ -124,7 +124,7 @@ ADMX Info:
-**ADMX_Logon/DisableAcrylicBackgroundOnLogon**
+**ADMX_Logon/DisableAcrylicBackgroundOnLogon**
@@ -160,7 +160,7 @@ If you disable or don't configure this policy, the logon background image adopts
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Show clear logon background*
- GP name: *DisableAcrylicBackgroundOnLogon*
- GP path: *System\Logon*
@@ -171,7 +171,7 @@ ADMX Info:
-**ADMX_Logon/DisableExplorerRunLegacy_1**
+**ADMX_Logon/DisableExplorerRunLegacy_1**
@@ -210,7 +210,7 @@ This policy setting appears in the Computer Configuration and User Configuration
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not process the legacy run list*
- GP name: *DisableExplorerRunLegacy_1*
- GP path: *System\Logon*
@@ -221,7 +221,7 @@ ADMX Info:
-**ADMX_Logon/DisableExplorerRunLegacy_2**
+**ADMX_Logon/DisableExplorerRunLegacy_2**
@@ -260,7 +260,7 @@ This policy setting appears in the Computer Configuration and User Configuration
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not process the legacy run list*
- GP name: *DisableExplorerRunLegacy_2*
- GP path: *System\Logon*
@@ -271,7 +271,7 @@ ADMX Info:
-**ADMX_Logon/DisableExplorerRunOnceLegacy_1**
+**ADMX_Logon/DisableExplorerRunOnceLegacy_1**
@@ -314,7 +314,7 @@ This policy setting appears in the Computer Configuration and User Configuration
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not process the run once list*
- GP name: *DisableExplorerRunOnceLegacy_1*
- GP path: *System\Logon*
@@ -325,7 +325,7 @@ ADMX Info:
-**ADMX_Logon/DisableExplorerRunOnceLegacy_2**
+**ADMX_Logon/DisableExplorerRunOnceLegacy_2**
@@ -368,7 +368,7 @@ This policy setting appears in the Computer Configuration and User Configuration
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not process the run once list*
- GP name: *DisableExplorerRunOnceLegacy_2*
- GP path: *System\Logon*
@@ -379,7 +379,7 @@ ADMX Info:
-**ADMX_Logon/DisableStatusMessages**
+**ADMX_Logon/DisableStatusMessages**
@@ -415,7 +415,7 @@ If you disable or don't configure this policy setting, the system displays the m
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Boot / Shutdown / Logon / Logoff status messages*
- GP name: *DisableStatusMessages*
- GP path: *System*
@@ -426,7 +426,7 @@ ADMX Info:
-**ADMX_Logon/DontEnumerateConnectedUsers**
+**ADMX_Logon/DontEnumerateConnectedUsers**
@@ -462,7 +462,7 @@ If you disable or don't configure this policy setting, connected users will be e
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not enumerate connected users on domain-joined computers*
- GP name: *DontEnumerateConnectedUsers*
- GP path: *System\Logon*
@@ -473,7 +473,7 @@ ADMX Info:
-**ADMX_Logon/NoWelcomeTips_1**
+**ADMX_Logon/NoWelcomeTips_1**
@@ -519,7 +519,7 @@ This setting applies only to Windows. It doesn't affect the "Configure Your Serv
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not display the Getting Started welcome screen at logon*
- GP name: *NoWelcomeTips_1*
- GP path: *System*
@@ -531,7 +531,7 @@ ADMX Info:
-**ADMX_Logon/NoWelcomeTips_2**
+**ADMX_Logon/NoWelcomeTips_2**
@@ -575,7 +575,7 @@ If you disable or don't configure this policy, the welcome screen is displayed e
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not display the Getting Started welcome screen at logon*
- GP name: *NoWelcomeTips_2*
- GP path: *System\Logon*
@@ -586,7 +586,7 @@ ADMX Info:
-**ADMX_Logon/Run_1**
+**ADMX_Logon/Run_1**
@@ -629,7 +629,7 @@ Also, see the "Do not process the legacy run list" and the "don't process the ru
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Run these programs at user logon*
- GP name: *Run_1*
- GP path: *System\Logon*
@@ -640,7 +640,7 @@ ADMX Info:
-**ADMX_Logon/Run_2**
+**ADMX_Logon/Run_2**
@@ -684,7 +684,7 @@ Also, see the "Do not process the legacy run list" and the "don't process the ru
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Run these programs at user logon*
- GP name: *Run_2*
- GP path: *System\Logon*
@@ -695,7 +695,7 @@ ADMX Info:
-**ADMX_Logon/SyncForegroundPolicy**
+**ADMX_Logon/SyncForegroundPolicy**
@@ -742,14 +742,14 @@ If you disable or don't configure this policy setting and users sign in to a cli
> [!NOTE]
>
-> - If you want to guarantee the application of Folder Redirection, Software Installation, or roaming user profile settings in just one sign in, enable this policy setting to ensure that Windows waits for the network to be available before applying policy.
+> - If you want to guarantee the application of Folder Redirection, Software Installation, or roaming user profile settings in just one sign in, enable this policy setting to ensure that Windows waits for the network to be available before applying policy.
> - If Folder Redirection policy will apply during the next sign in, security policies will be applied asynchronously during the next update cycle, if network connectivity is available.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Always wait for the network at computer startup and logon*
- GP name: *SyncForegroundPolicy*
- GP path: *System\Logon*
@@ -760,7 +760,7 @@ ADMX Info:
-**ADMX_Logon/UseOEMBackground**
+**ADMX_Logon/UseOEMBackground**
@@ -796,7 +796,7 @@ If you disable or don't configure this policy setting, Windows uses the default
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Always use custom logon background*
- GP name: *UseOEMBackground*
- GP path: *System\Logon*
@@ -807,7 +807,7 @@ ADMX Info:
-**ADMX_Logon/VerboseStatus**
+**ADMX_Logon/VerboseStatus**
@@ -848,7 +848,7 @@ If you disable or don't configure this policy setting, only the default status m
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display highly detailed status messages*
- GP name: *VerboseStatus*
- GP path: *System*
diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index 88b2c471c4..3a821fae29 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/19/2022
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_MicrosoftDefenderAntivirus
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_MicrosoftDefenderAntivirus policies
+## ADMX_MicrosoftDefenderAntivirus policies
-
@@ -311,7 +311,7 @@ manager: aaroncz
-**ADMX_MicrosoftDefenderAntivirus/AllowFastServiceStartup**
+**ADMX_MicrosoftDefenderAntivirus/AllowFastServiceStartup**
@@ -347,7 +347,7 @@ If you disable this setting, the antimalware service will load as a low priority
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow antimalware service to startup with normal priority*
- GP name: *AllowFastServiceStartup*
- GP path: *Windows Components\Microsoft Defender Antivirus*
@@ -358,7 +358,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/DisableAntiSpywareDefender**
+**ADMX_MicrosoftDefenderAntivirus/DisableAntiSpywareDefender**
@@ -398,7 +398,7 @@ Enabling or disabling this policy may lead to unexpected or unsupported behavior
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Microsoft Defender Antivirus*
- GP name: *DisableAntiSpywareDefender*
- GP path: *Windows Components\Microsoft Defender Antivirus*
@@ -409,7 +409,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/DisableAutoExclusions**
+**ADMX_MicrosoftDefenderAntivirus/DisableAutoExclusions**
@@ -445,7 +445,7 @@ If you enable this policy setting, Microsoft Defender Antivirus won't exclude pr
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Auto Exclusions*
- GP name: *DisableAutoExclusions*
- GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions*
@@ -456,7 +456,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/DisableBlockAtFirstSeen**
+**ADMX_MicrosoftDefenderAntivirus/DisableBlockAtFirstSeen**
@@ -486,7 +486,7 @@ This feature ensures the device checks in real time with the Microsoft Active Pr
If you enable this feature, the Block at First Sight setting is turned on.
If you disable this feature, the Block at First Sight setting is turned off.
-
+
This feature requires these Policy settings to be set as follows:
- MAPS -> The “Join Microsoft MAPS” must be enabled or the “Block at First Sight” feature won't function.
@@ -497,7 +497,7 @@ This feature requires these Policy settings to be set as follows:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure the 'Block at First Sight' feature*
- GP name: *DisableBlockAtFirstSeen*
- GP path: *Windows Components\Microsoft Defender Antivirus\MAPS*
@@ -508,7 +508,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/DisableLocalAdminMerge**
+**ADMX_MicrosoftDefenderAntivirus/DisableLocalAdminMerge**
@@ -544,7 +544,7 @@ If you disable this setting, only items defined by Policy will be used in the re
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local administrator merge behavior for lists*
- GP name: *DisableLocalAdminMerge*
- GP path: *Windows Components\Microsoft Defender Antivirus*
@@ -555,7 +555,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/DisableRealtimeMonitoring**
+**ADMX_MicrosoftDefenderAntivirus/DisableRealtimeMonitoring**
@@ -593,7 +593,7 @@ If you disable or don't configure this policy setting, Microsoft Defender Antivi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off real-time protection*
- GP name: *DisableRealtimeMonitoring*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -604,7 +604,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/DisableRoutinelyTakingAction**
+**ADMX_MicrosoftDefenderAntivirus/DisableRoutinelyTakingAction**
@@ -640,7 +640,7 @@ If you disable or don't configure this policy setting, Microsoft Defender Antivi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off routine remediation*
- GP name: *DisableRoutinelyTakingAction*
- GP path: *Windows Components\Microsoft Defender Antivirus*
@@ -651,7 +651,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Exclusions_Extensions**
+**ADMX_MicrosoftDefenderAntivirus/Exclusions_Extensions**
@@ -683,7 +683,7 @@ This policy setting allows you to specify a list of file types that should be ex
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Extension Exclusions*
- GP name: *Exclusions_Extensions*
- GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions*
@@ -694,7 +694,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Exclusions_Paths**
+**ADMX_MicrosoftDefenderAntivirus/Exclusions_Paths**
@@ -728,7 +728,7 @@ As an example, a path might be defined as: "c:\Windows" to exclude all files in
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Path Exclusions*
- GP name: *Exclusions_Paths*
- GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions*
@@ -739,7 +739,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Exclusions_Processes**
+**ADMX_MicrosoftDefenderAntivirus/Exclusions_Processes**
@@ -771,7 +771,7 @@ This policy setting allows you to disable scheduled and real-time scanning for a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Process Exclusions*
- GP name: *Exclusions_Processes*
- GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions*
@@ -782,7 +782,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_ASROnlyExclusions**
+**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_ASROnlyExclusions**
@@ -829,7 +829,7 @@ You can configure ASR rules in the "Configure Attack Surface Reduction rules" GP
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Exclude files and paths from Attack Surface Reduction Rules*
- GP name: *ExploitGuard_ASR_ASROnlyExclusions*
- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Attack Surface Reduction*
@@ -840,7 +840,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_Rules**
+**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ASR_Rules**
@@ -885,7 +885,7 @@ The following status IDs are permitted under the value column:
- 1 (Block)
- 0 (Off)
- 2 (Audit)
-
+
Example:
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 0
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 1
@@ -903,7 +903,7 @@ You can exclude folders or files in the "Exclude files and paths from Attack Sur
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Attack Surface Reduction rules*
- GP name: *ExploitGuard_ASR_Rules*
- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Attack Surface Reduction*
@@ -914,7 +914,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_AllowedApplications**
+**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_AllowedApplications**
@@ -946,7 +946,7 @@ These applications are allowed to modify or delete files in controlled folder ac
Microsoft Defender Antivirus automatically determines which applications should be trusted. You can configure this setting to add other applications.
-Enabled:
+Enabled:
Specify other allowed applications in the Options section.
Disabled:
@@ -963,7 +963,7 @@ Default system folders are automatically guarded, but you can add folders in the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure allowed applications*
- GP name: *ExploitGuard_ControlledFolderAccess_AllowedApplications*
- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access*
@@ -974,7 +974,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_ProtectedFolders**
+**ADMX_MicrosoftDefenderAntivirus/ExploitGuard_ControlledFolderAccess_ProtectedFolders**
@@ -1004,7 +1004,7 @@ Specify additional folders that should be guarded by the Controlled folder acces
Files in these folders can't be modified or deleted by untrusted applications.
-Default system folders are automatically protected. You can configure this setting to add more folders.
+Default system folders are automatically protected. You can configure this setting to add more folders.
The list of default system folders that are protected is shown in Windows Security.
Enabled:
@@ -1024,7 +1024,7 @@ Microsoft Defender Antivirus automatically determines which applications can be
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure protected folders*
- GP name: *ExploitGuard_ControlledFolderAccess_ProtectedFolders*
- GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access*
@@ -1035,7 +1035,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/MpEngine_EnableFileHashComputation**
+**ADMX_MicrosoftDefenderAntivirus/MpEngine_EnableFileHashComputation**
@@ -1076,7 +1076,7 @@ Same as Disabled.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable file hash computation feature*
- GP name: *MpEngine_EnableFileHashComputation*
- GP path: *Windows Components\Microsoft Defender Antivirus\MpEngine*
@@ -1087,7 +1087,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_DisableSignatureRetirement**
+**ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_DisableSignatureRetirement**
@@ -1123,7 +1123,7 @@ If you disable this setting, definition retirement will be disabled.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on definition retirement*
- GP name: *Nis_Consumers_IPS_DisableSignatureRetirement*
- GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System*
@@ -1134,7 +1134,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid**
+**ADMX_MicrosoftDefenderAntivirus/Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid**
@@ -1166,7 +1166,7 @@ This policy setting defines more definition sets to enable for network traffic i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify additional definition sets for network traffic inspection*
- GP name: *Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid*
- GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System*
@@ -1177,7 +1177,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Nis_DisableProtocolRecognition**
+**ADMX_MicrosoftDefenderAntivirus/Nis_DisableProtocolRecognition**
@@ -1213,7 +1213,7 @@ If you disable this setting, protocol recognition will be disabled.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on protocol recognition*
- GP name: *Nis_DisableProtocolRecognition*
- GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System*
@@ -1224,7 +1224,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/ProxyBypass**
+**ADMX_MicrosoftDefenderAntivirus/ProxyBypass**
@@ -1260,7 +1260,7 @@ If you disable or don't configure this setting, the proxy server won't be bypass
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define addresses to bypass proxy server*
- GP name: *ProxyBypass*
- GP path: *Windows Components\Microsoft Defender Antivirus*
@@ -1271,7 +1271,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/ProxyPacUrl**
+**ADMX_MicrosoftDefenderAntivirus/ProxyPacUrl**
@@ -1313,7 +1313,7 @@ If you disable or don't configure this setting, the proxy will skip over this fa
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define proxy auto-config (.pac) for connecting to the network*
- GP name: *ProxyPacUrl*
- GP path: *Windows Components\Microsoft Defender Antivirus*
@@ -1324,7 +1324,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/ProxyServer**
+**ADMX_MicrosoftDefenderAntivirus/ProxyServer**
@@ -1366,7 +1366,7 @@ If you disable or don't configure this setting, the proxy will skip over this fa
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define proxy server for connecting to the network*
- GP name: *ProxyServer*
- GP path: *Windows Components\Microsoft Defender Antivirus*
@@ -1377,7 +1377,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Quarantine_LocalSettingOverridePurgeItemsAfterDelay**
+**ADMX_MicrosoftDefenderAntivirus/Quarantine_LocalSettingOverridePurgeItemsAfterDelay**
@@ -1413,7 +1413,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for the removal of items from Quarantine folder*
- GP name: *Quarantine_LocalSettingOverridePurgeItemsAfterDelay*
- GP path: *Windows Components\Microsoft Defender Antivirus\Quarantine*
@@ -1424,7 +1424,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Quarantine_PurgeItemsAfterDelay**
+**ADMX_MicrosoftDefenderAntivirus/Quarantine_PurgeItemsAfterDelay**
@@ -1460,7 +1460,7 @@ If you disable or don't configure this setting, items will be kept in the quaran
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure removal of items from Quarantine folder*
- GP name: *Quarantine_PurgeItemsAfterDelay*
- GP path: *Windows Components\Microsoft Defender Antivirus\Quarantine*
@@ -1471,7 +1471,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RandomizeScheduleTaskTimes**
+**ADMX_MicrosoftDefenderAntivirus/RandomizeScheduleTaskTimes**
@@ -1507,7 +1507,7 @@ If you disable this setting, scheduled tasks will begin at the specified start t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Randomize scheduled task times*
- GP name: *RandomizeScheduleTaskTimes*
- GP path: *Windows Components\Microsoft Defender Antivirus*
@@ -1518,7 +1518,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableBehaviorMonitoring**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableBehaviorMonitoring**
@@ -1554,7 +1554,7 @@ If you disable this setting, behavior monitoring will be disabled.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on behavior monitoring*
- GP name: *RealtimeProtection_DisableBehaviorMonitoring*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -1565,7 +1565,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableIOAVProtection**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableIOAVProtection**
@@ -1601,7 +1601,7 @@ If you disable this setting, scanning for all downloaded files and attachments w
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Scan all downloaded files and attachments*
- GP name: *RealtimeProtection_DisableIOAVProtection*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -1612,7 +1612,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableOnAccessProtection**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableOnAccessProtection**
@@ -1648,7 +1648,7 @@ If you disable this setting, monitoring for file and program activity will be di
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Monitor file and program activity on your computer*
- GP name: *RealtimeProtection_DisableOnAccessProtection*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -1659,7 +1659,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableRawWriteNotification**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableRawWriteNotification**
@@ -1695,7 +1695,7 @@ If you disable this setting, raw write notifications be disabled.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on raw volume write notifications*
- GP name: *RealtimeProtection_DisableRawWriteNotification*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -1706,7 +1706,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableScanOnRealtimeEnable**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_DisableScanOnRealtimeEnable**
@@ -1742,7 +1742,7 @@ If you disable this setting, a process scan won't be initiated when real-time pr
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on process scanning whenever real-time protection is enabled*
- GP name: *RealtimeProtection_DisableScanOnRealtimeEnable*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -1753,7 +1753,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_IOAVMaxSize**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_IOAVMaxSize**
@@ -1789,7 +1789,7 @@ If you disable or don't configure this setting, a default size will be applied.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define the maximum size of downloaded files and attachments to be scanned*
- GP name: *RealtimeProtection_IOAVMaxSize*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -1800,7 +1800,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring**
@@ -1836,7 +1836,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for turn on behavior monitoring*
- GP name: *RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -1847,7 +1847,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableIOAVProtection**
@@ -1883,7 +1883,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for scanning all downloaded files and attachments*
- GP name: *RealtimeProtection_LocalSettingOverrideDisableIOAVProtection*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -1894,7 +1894,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection**
@@ -1930,7 +1930,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for monitoring file and program activity on your computer*
- GP name: *RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -1941,7 +1941,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring**
@@ -1977,7 +1977,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override to turn on real-time protection*
- GP name: *RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -1988,7 +1988,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideRealtimeScanDirection**
+**ADMX_MicrosoftDefenderAntivirus/RealtimeProtection_LocalSettingOverrideRealtimeScanDirection**
@@ -2024,7 +2024,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for monitoring for incoming and outgoing file activity*
- GP name: *RealtimeProtection_LocalSettingOverrideRealtimeScanDirection*
- GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
@@ -2035,7 +2035,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Remediation_LocalSettingOverrideScan_ScheduleTime**
+**ADMX_MicrosoftDefenderAntivirus/Remediation_LocalSettingOverrideScan_ScheduleTime**
@@ -2071,7 +2071,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for the time of day to run a scheduled full scan to complete remediation*
- GP name: *Remediation_LocalSettingOverrideScan_ScheduleTime*
- GP path: *Windows Components\Microsoft Defender Antivirus\Remediation*
@@ -2082,7 +2082,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleDay**
+**ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleDay**
@@ -2113,7 +2113,7 @@ This policy setting allows you to specify the day of the week on which to perfor
This setting can be configured with the following ordinal number values:
- (0x0) Every Day
-- (0x1) Sunday
+- (0x1) Sunday
- (0x2) Monday
- (0x3) Tuesday
- (0x4) Wednesday
@@ -2130,7 +2130,7 @@ If you disable or don't configure this setting, a scheduled full scan to complet
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the day of the week to run a scheduled full scan to complete remediation*
- GP name: *Remediation_Scan_ScheduleDay*
- GP path: *Windows Components\Microsoft Defender Antivirus\Remediation*
@@ -2141,7 +2141,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleTime**
+**ADMX_MicrosoftDefenderAntivirus/Remediation_Scan_ScheduleTime**
@@ -2177,7 +2177,7 @@ If you disable or don't configure this setting, a scheduled full scan to complet
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the time of day to run a scheduled full scan to complete remediation*
- GP name: *Remediation_Scan_ScheduleTime*
- GP path: *Windows Components\Microsoft Defender Antivirus\Remediation*
@@ -2188,7 +2188,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Reporting_AdditionalActionTimeout**
+**ADMX_MicrosoftDefenderAntivirus/Reporting_AdditionalActionTimeout**
@@ -2220,7 +2220,7 @@ This policy setting configures the time in minutes before a detection in the "ad
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure time out for detections requiring additional action*
- GP name: *Reporting_AdditionalActionTimeout*
- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
@@ -2231,7 +2231,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Reporting_CriticalFailureTimeout**
+**ADMX_MicrosoftDefenderAntivirus/Reporting_CriticalFailureTimeout**
@@ -2263,7 +2263,7 @@ This policy setting configures the time in minutes before a detection in the “
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure time out for detections in critically failed state*
- GP name: *Reporting_CriticalFailureTimeout*
- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
@@ -2274,7 +2274,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Reporting_DisableEnhancedNotifications**
+**ADMX_MicrosoftDefenderAntivirus/Reporting_DisableEnhancedNotifications**
@@ -2310,7 +2310,7 @@ If you enable this setting, Microsoft Defender Antivirus enhanced notifications
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off enhanced notifications*
- GP name: *Reporting_DisableEnhancedNotifications*
- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
@@ -2319,7 +2319,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Reporting_Disablegenericreports**
+**ADMX_MicrosoftDefenderAntivirus/Reporting_Disablegenericreports**
@@ -2356,7 +2356,7 @@ If you disable this setting, Watson events won't be sent.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Watson events*
- GP name: *Reporting_Disablegenericreports*
- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
@@ -2367,7 +2367,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Reporting_NonCriticalTimeout**
+**ADMX_MicrosoftDefenderAntivirus/Reporting_NonCriticalTimeout**
@@ -2399,7 +2399,7 @@ This policy setting configures the time in minutes before a detection in the "no
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure time out for detections in non-critical failed state*
- GP name: *Reporting_NonCriticalTimeout*
- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
@@ -2407,7 +2407,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Reporting_RecentlyCleanedTimeout**
+**ADMX_MicrosoftDefenderAntivirus/Reporting_RecentlyCleanedTimeout**
@@ -2440,7 +2440,7 @@ This policy setting configures the time in minutes before a detection in the "co
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure time out for detections in recently remediated state*
- GP name: *Reporting_RecentlyCleanedTimeout*
- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
@@ -2451,7 +2451,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingComponents**
+**ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingComponents**
@@ -2483,7 +2483,7 @@ This policy configures Windows software trace preprocessor (WPP Software Tracing
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Windows software trace preprocessor components*
- GP name: *Reporting_WppTracingComponents*
- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
@@ -2494,7 +2494,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingLevel**
+**ADMX_MicrosoftDefenderAntivirus/Reporting_WppTracingLevel**
@@ -2520,7 +2520,7 @@ ADMX Info:
-This policy allows you to configure tracing levels for Windows software trace preprocessor (WPP Software Tracing).
+This policy allows you to configure tracing levels for Windows software trace preprocessor (WPP Software Tracing).
Tracing levels are defined as:
@@ -2533,7 +2533,7 @@ Tracing levels are defined as:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure WPP tracing level*
- GP name: *Reporting_WppTracingLevel*
- GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
@@ -2544,7 +2544,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_AllowPause**
+**ADMX_MicrosoftDefenderAntivirus/Scan_AllowPause**
@@ -2580,7 +2580,7 @@ If you disable this setting, users won't be able to pause scans.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow users to pause scan*
- GP name: *Scan_AllowPause*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -2591,7 +2591,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxDepth**
+**ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxDepth**
@@ -2627,7 +2627,7 @@ If you disable or don't configure this setting, archive files will be scanned to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the maximum depth to scan archive files*
- GP name: *Scan_ArchiveMaxDepth*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -2638,7 +2638,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxSize**
+**ADMX_MicrosoftDefenderAntivirus/Scan_ArchiveMaxSize**
@@ -2674,7 +2674,7 @@ If you disable or don't configure this setting, archive files will be scanned ac
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the maximum size of archive files to be scanned*
- GP name: *Scan_ArchiveMaxSize*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -2686,7 +2686,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableArchiveScanning**
+**ADMX_MicrosoftDefenderAntivirus/Scan_DisableArchiveScanning**
@@ -2722,7 +2722,7 @@ If you disable this setting, archive files won't be scanned.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Scan archive files*
- GP name: *Scan_DisableArchiveScanning*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -2733,7 +2733,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableEmailScanning**
+**ADMX_MicrosoftDefenderAntivirus/Scan_DisableEmailScanning**
@@ -2769,7 +2769,7 @@ If you disable or don't configure this setting, e-mail scanning will be disabled
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on e-mail scanning*
- GP name: *Scan_DisableEmailScanning*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -2780,7 +2780,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableHeuristics**
+**ADMX_MicrosoftDefenderAntivirus/Scan_DisableHeuristics**
@@ -2816,7 +2816,7 @@ If you disable this setting, heuristics will be disabled.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on heuristics*
- GP name: *Scan_DisableHeuristics*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -2827,7 +2827,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisablePackedExeScanning**
+**ADMX_MicrosoftDefenderAntivirus/Scan_DisablePackedExeScanning**
@@ -2863,7 +2863,7 @@ If you disable this setting, packed executables won't be scanned.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Scan packed executables*
- GP name: *Scan_DisablePackedExeScanning*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -2874,7 +2874,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableRemovableDriveScanning**
+**ADMX_MicrosoftDefenderAntivirus/Scan_DisableRemovableDriveScanning**
@@ -2910,7 +2910,7 @@ If you disable or don't configure this setting, removable drives won't be scanne
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Scan removable drives*
- GP name: *Scan_DisableRemovableDriveScanning*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -2921,7 +2921,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableReparsePointScanning**
+**ADMX_MicrosoftDefenderAntivirus/Scan_DisableReparsePointScanning**
@@ -2947,7 +2947,7 @@ ADMX Info:
-This policy setting allows you to configure reparse point scanning. If you allow reparse points to be scanned, there's a possible risk of recursion. However, the engine supports following reparse points to a maximum depth so at worst scanning could be slowed. Reparse point scanning is disabled by default and this setting is the recommended state for this functionality.
+This policy setting allows you to configure reparse point scanning. If you allow reparse points to be scanned, there's a possible risk of recursion. However, the engine supports following reparse points to a maximum depth so at worst scanning could be slowed. Reparse point scanning is disabled by default and this setting is the recommended state for this functionality.
If you enable this setting, reparse point scanning will be enabled.
@@ -2957,7 +2957,7 @@ If you disable or don't configure this setting, reparse point scanning will be d
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on reparse point scanning*
- GP name: *Scan_DisableReparsePointScanning*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -2968,7 +2968,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableRestorePoint**
+**ADMX_MicrosoftDefenderAntivirus/Scan_DisableRestorePoint**
@@ -2994,7 +2994,7 @@ ADMX Info:
-This policy setting allows you to create a system restore point on the computer on a daily basis prior to cleaning.
+This policy setting allows you to create a system restore point on the computer on a daily basis prior to cleaning.
If you enable this setting, a system restore point will be created.
@@ -3004,7 +3004,7 @@ If you disable or don't configure this setting, a system restore point won't be
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Create a system restore point*
- GP name: *Scan_DisableRestorePoint*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3050,7 +3050,7 @@ If you disable or don't configure this setting, mapped network drives won't be s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Run full scan on mapped network drives*
- GP name: *Scan_DisableScanningMappedNetworkDrivesForFullScan*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3061,7 +3061,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningNetworkFiles**
+**ADMX_MicrosoftDefenderAntivirus/Scan_DisableScanningNetworkFiles**
@@ -3097,7 +3097,7 @@ If you disable or don't configure this setting, network files won't be scanned.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Scan network files*
- GP name: *Scan_DisableScanningNetworkFiles*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3108,7 +3108,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideAvgCPULoadFactor**
+**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideAvgCPULoadFactor**
@@ -3144,7 +3144,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for maximum percentage of CPU utilization*
- GP name: *Scan_LocalSettingOverrideAvgCPULoadFactor*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3155,7 +3155,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScanParameters**
+**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScanParameters**
@@ -3191,7 +3191,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for the scan type to use for a scheduled scan*
- GP name: *Scan_LocalSettingOverrideScanParameters*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3202,7 +3202,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleDay**
+**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleDay**
@@ -3238,7 +3238,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for schedule scan day*
- GP name: *Scan_LocalSettingOverrideScheduleDay*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3249,7 +3249,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleQuickScantime**
+**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleQuickScantime**
@@ -3285,7 +3285,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for scheduled quick scan time*
- GP name: *Scan_LocalSettingOverrideScheduleQuickScantime*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3296,7 +3296,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleTime**
+**ADMX_MicrosoftDefenderAntivirus/Scan_LocalSettingOverrideScheduleTime**
@@ -3332,7 +3332,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for scheduled scan time*
- GP name: *Scan_LocalSettingOverrideScheduleTime*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3343,7 +3343,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_LowCpuPriority**
+**ADMX_MicrosoftDefenderAntivirus/Scan_LowCpuPriority**
@@ -3373,13 +3373,13 @@ This policy setting allows you to enable or disable low CPU priority for schedul
If you enable this setting, low CPU priority will be used during scheduled scans.
-If you disable or don't configure this setting, not changes will be made to CPU priority for scheduled scans.
+If you disable or don't configure this setting, not changes will be made to CPU priority for scheduled scans.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure low CPU priority for scheduled scans*
- GP name: *Scan_LowCpuPriority*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3390,7 +3390,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_MissedScheduledScanCountBeforeCatchup**
+**ADMX_MicrosoftDefenderAntivirus/Scan_MissedScheduledScanCountBeforeCatchup**
@@ -3426,7 +3426,7 @@ If you disable or don't configure this setting, a catch-up scan will occur after
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define the number of days after which a catch-up scan is forced*
- GP name: *Scan_MissedScheduledScanCountBeforeCatchup*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3437,7 +3437,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_PurgeItemsAfterDelay**
+**ADMX_MicrosoftDefenderAntivirus/Scan_PurgeItemsAfterDelay**
@@ -3473,7 +3473,7 @@ If you disable or don't configure this setting, items will be kept in the scan h
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on removal of items from scan history folder*
- GP name: *Scan_PurgeItemsAfterDelay*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3484,7 +3484,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_QuickScanInterval**
+**ADMX_MicrosoftDefenderAntivirus/Scan_QuickScanInterval**
@@ -3520,7 +3520,7 @@ If you disable or don't configure this setting, a quick scan will run at a defau
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the interval to run quick scans per day*
- GP name: *Scan_QuickScanInterval*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3531,7 +3531,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_ScanOnlyIfIdle**
+**ADMX_MicrosoftDefenderAntivirus/Scan_ScanOnlyIfIdle**
@@ -3567,7 +3567,7 @@ If you disable this setting, scheduled scans will run at the scheduled time.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Start the scheduled scan only when computer is on but not in use*
- GP name: *Scan_ScanOnlyIfIdle*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3578,7 +3578,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleDay**
+**ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleDay**
@@ -3609,7 +3609,7 @@ This policy setting allows you to specify the day of the week on which to perfor
This setting can be configured with the following ordinal number values:
- (0x0) Every Day
-- (0x1) Sunday
+- (0x1) Sunday
- (0x2) Monday
- (0x3) Tuesday
- (0x4) Wednesday
@@ -3626,7 +3626,7 @@ If you disable or don't configure this setting, a scheduled scan will run at a d
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the day of the week to run a scheduled scan*
- GP name: *Scan_ScheduleDay*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3637,7 +3637,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleTime**
+**ADMX_MicrosoftDefenderAntivirus/Scan_ScheduleTime**
@@ -3673,7 +3673,7 @@ If you disable or don't configure this setting, a scheduled scan will run at a d
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the time of day to run a scheduled scan*
- GP name: *Scan_ScheduleTime*
- GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
@@ -3684,7 +3684,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/ServiceKeepAlive**
+**ADMX_MicrosoftDefenderAntivirus/ServiceKeepAlive**
@@ -3720,7 +3720,7 @@ If you disable or don't configure this setting, the antimalware service will be
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow antimalware service to remain running always*
- GP name: *ServiceKeepAlive*
- GP path: *Windows Components\Microsoft Defender Antivirus*
@@ -3731,7 +3731,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ASSignatureDue**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ASSignatureDue**
@@ -3769,7 +3769,7 @@ If you disable or don't configure this setting, spyware security intelligence wi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define the number of days before spyware security intelligence is considered out of date*
- GP name: *SignatureUpdate_ASSignatureDue*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -3780,7 +3780,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_AVSignatureDue**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_AVSignatureDue**
@@ -3816,7 +3816,7 @@ If you disable or don't configure this setting, virus security intelligence will
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define the number of days before virus security intelligence is considered out of date*
- GP name: *SignatureUpdate_AVSignatureDue*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -3827,7 +3827,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DefinitionUpdateFileSharesSources**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DefinitionUpdateFileSharesSources**
@@ -3863,7 +3863,7 @@ If you disable or don't configure this setting, the list will remain empty by de
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define file shares for downloading security intelligence updates*
- GP name: *SignatureUpdate_DefinitionUpdateFileSharesSources*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -3874,7 +3874,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScanOnUpdate**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScanOnUpdate**
@@ -3910,7 +3910,7 @@ If you disable this setting, a scan won't start following a security intelligenc
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on scan after security intelligence update*
- GP name: *SignatureUpdate_DisableScanOnUpdate*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -3921,7 +3921,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScheduledSignatureUpdateonBattery**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableScheduledSignatureUpdateonBattery**
@@ -3957,7 +3957,7 @@ If you disable this setting, security intelligence updates will be turned off wh
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow security intelligence updates when running on battery power*
- GP name: *SignatureUpdate_DisableScheduledSignatureUpdateonBattery*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -3968,7 +3968,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableUpdateOnStartupWithoutEngine**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_DisableUpdateOnStartupWithoutEngine**
@@ -4004,7 +4004,7 @@ If you disable this setting, security intelligence updates won't be initiated on
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Initiate security intelligence update on startup*
- GP name: *SignatureUpdate_DisableUpdateOnStartupWithoutEngine*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -4015,7 +4015,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_FallbackOrder**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_FallbackOrder**
@@ -4053,7 +4053,7 @@ If you disable or don't configure this setting, security intelligence update sou
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define the order of sources for downloading security intelligence updates*
- GP name: *SignatureUpdate_FallbackOrder*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -4064,7 +4064,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ForceUpdateFromMU**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ForceUpdateFromMU**
@@ -4100,7 +4100,7 @@ If you disable or don't configure this setting, security intelligence updates wi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow security intelligence updates from Microsoft Update*
- GP name: *SignatureUpdate_ForceUpdateFromMU*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -4111,7 +4111,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_RealtimeSignatureDelivery**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_RealtimeSignatureDelivery**
@@ -4147,7 +4147,7 @@ If you disable this setting, real-time security intelligence updates will be dis
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow real-time security intelligence updates based on reports to Microsoft MAPS*
- GP name: *SignatureUpdate_RealtimeSignatureDelivery*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -4158,7 +4158,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleDay**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleDay**
@@ -4189,7 +4189,7 @@ This policy setting allows you to specify the day of the week on which to check
This setting can be configured with the following ordinal number values:
- (0x0) Every Day (default)
-- (0x1) Sunday
+- (0x1) Sunday
- (0x2) Monday
- (0x3) Tuesday
- (0x4) Wednesday
@@ -4206,7 +4206,7 @@ If you disable or don't configure this setting, the check for security intellige
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the day of the week to check for security intelligence updates*
- GP name: *SignatureUpdate_ScheduleDay*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -4217,7 +4217,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleTime**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_ScheduleTime**
@@ -4253,7 +4253,7 @@ If you disable or don't configure this setting, the check for security intellig
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the time to check for security intelligence updates*
- GP name: *SignatureUpdate_ScheduleTime*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -4264,7 +4264,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SharedSignaturesLocation**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SharedSignaturesLocation**
@@ -4290,7 +4290,7 @@ ADMX Info:
-This policy setting allows you to define the security intelligence location for VDI-configured computers.
+This policy setting allows you to define the security intelligence location for VDI-configured computers.
If you disable or don't configure this setting, security intelligence will be referred from the default local source.
@@ -4298,7 +4298,7 @@ If you disable or don't configure this setting, security intelligence will be re
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define security intelligence location for VDI clients.*
- GP name: *SignatureUpdate_SharedSignaturesLocation*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -4306,7 +4306,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureDisableNotification**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureDisableNotification**
@@ -4345,7 +4345,7 @@ If you disable this setting, the antimalware service won't receive notifications
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow notifications to disable security intelligence based reports to Microsoft MAPS*
- GP name: *SignatureUpdate_SignatureDisableNotification*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -4356,7 +4356,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureUpdateCatchupInterval**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_SignatureUpdateCatchupInterval**
@@ -4392,7 +4392,7 @@ If you disable or don't configure this setting, a catch-up security intelligence
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Define the number of days after which a catch-up security intelligence update is required*
- GP name: *SignatureUpdate_SignatureUpdateCatchupInterval*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -4403,7 +4403,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_UpdateOnStartup**
+**ADMX_MicrosoftDefenderAntivirus/SignatureUpdate_UpdateOnStartup**
@@ -4439,7 +4439,7 @@ If you disable this setting or don't configure this setting, a check for new sec
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Check for the latest virus and spyware security intelligence on startup*
- GP name: *SignatureUpdate_UpdateOnStartup*
- GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
@@ -4450,7 +4450,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/SpynetReporting**
+**ADMX_MicrosoftDefenderAntivirus/SpynetReporting**
@@ -4493,14 +4493,14 @@ Advanced membership, in addition to basic information, will send more informatio
If you enable this setting, you'll join Microsoft MAPS with the membership specified.
If you disable or don't configure this setting, you won't join Microsoft MAPS.
-
+
In Windows 10, Basic membership is no longer available, so setting the value to 1 or 2 enrolls the device into Advanced membership.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Join Microsoft MAPS*
- GP name: *SpynetReporting*
- GP path: *Windows Components\Microsoft Defender Antivirus\MAPS*
@@ -4511,7 +4511,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Spynet_LocalSettingOverrideSpynetReporting**
+**ADMX_MicrosoftDefenderAntivirus/Spynet_LocalSettingOverrideSpynetReporting**
@@ -4547,7 +4547,7 @@ If you disable or don't configure this setting, Policy will take priority over t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure local setting override for reporting to Microsoft MAPS*
- GP name: *Spynet_LocalSettingOverrideSpynetReporting*
- GP path: *Windows Components\Microsoft Defender Antivirus\MAPS*
@@ -4559,7 +4559,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/Threats_ThreatIdDefaultAction**
+**ADMX_MicrosoftDefenderAntivirus/Threats_ThreatIdDefaultAction**
@@ -4597,7 +4597,7 @@ Valid remediation action values are:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify threats upon which default action should not be taken when detected*
- GP name: *Threats_ThreatIdDefaultAction*
- GP path: *Windows Components\Microsoft Defender Antivirus\Threats*
@@ -4608,7 +4608,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_CustomDefaultActionToastString**
+**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_CustomDefaultActionToastString**
@@ -4644,7 +4644,7 @@ If you disable or don't configure this setting, there will be no extra text disp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display additional text to clients when they need to perform an action*
- GP name: *UX_Configuration_CustomDefaultActionToastString*
- GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface*
@@ -4655,7 +4655,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_Notification_Suppress**
+**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_Notification_Suppress**
@@ -4691,7 +4691,7 @@ If you enable this setting, Microsoft Defender Antivirus notifications won't dis
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Suppress all notifications*
- GP name: *UX_Configuration_Notification_Suppress*
- GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface*
@@ -4702,7 +4702,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_SuppressRebootNotification**
+**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_SuppressRebootNotification**
@@ -4736,7 +4736,7 @@ If you enable this setting, AM UI won't show reboot notifications.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Suppresses reboot notifications*
- GP name: *UX_Configuration_SuppressRebootNotification*
- GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface*
@@ -4747,7 +4747,7 @@ ADMX Info:
-**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_UILockdown**
+**ADMX_MicrosoftDefenderAntivirus/UX_Configuration_UILockdown**
@@ -4781,7 +4781,7 @@ If you enable this setting, AM UI won't be available to users.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable headless UI mode*
- GP name: *UX_Configuration_UILockdown*
- GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface*
diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md
index 1d1d07a118..3a4aea21b9 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmc.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmc.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/03/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_MMC
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_MMC policies
+## ADMX_MMC policies
-
@@ -47,7 +47,7 @@ manager: aaroncz
-**ADMX_MMC/MMC_ActiveXControl**
+**ADMX_MMC/MMC_ActiveXControl**
@@ -93,7 +93,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *ActiveX Control*
- GP name: *MMC_ActiveXControl*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -104,7 +104,7 @@ ADMX Info:
-**ADMX_MMC/MMC_ExtendView**
+**ADMX_MMC/MMC_ExtendView**
@@ -150,7 +150,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Extended View (Web View)*
- GP name: *MMC_ExtendView*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -161,7 +161,7 @@ ADMX Info:
-**ADMX_MMC/MMC_LinkToWeb**
+**ADMX_MMC/MMC_LinkToWeb**
@@ -207,7 +207,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Link to Web Address*
- GP name: *MMC_LinkToWeb*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -218,7 +218,7 @@ ADMX Info:
-**ADMX_MMC/MMC_Restrict_Author**
+**ADMX_MMC/MMC_Restrict_Author**
@@ -258,7 +258,7 @@ If you disable this setting or don't configure it, users can enter author mode a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict the user from entering author mode*
- GP name: *MMC_Restrict_Author*
- GP path: *Windows Components\Microsoft Management Console*
@@ -269,7 +269,7 @@ ADMX Info:
-**ADMX_MMC/MMC_Restrict_To_Permitted_Snapins**
+**ADMX_MMC/MMC_Restrict_To_Permitted_Snapins**
@@ -314,7 +314,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict users to the explicitly permitted list of snap-ins*
- GP name: *MMC_Restrict_To_Permitted_Snapins*
- GP path: *Windows Components\Microsoft Management Console*
diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
index 1dc887ce45..f38ed1f299 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/13/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_MMCSnapins
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_MMCSnapins policies
+## ADMX_MMCSnapins policies
-
@@ -344,7 +344,7 @@ manager: aaroncz
-**ADMX_MMCSnapins/MMC_ADMComputers_1**
+**ADMX_MMCSnapins/MMC_ADMComputers_1**
@@ -370,17 +370,17 @@ manager: aaroncz
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited. It can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited. It can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -388,7 +388,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Administrative Templates (Computers)*
- GP name: *MMC_ADMComputers_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -399,7 +399,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ADMComputers_2**
+**ADMX_MMCSnapins/MMC_ADMComputers_2**
@@ -425,17 +425,17 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited. It can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited. It can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -443,7 +443,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Administrative Templates (Computers)*
- GP name: *MMC_ADMComputers_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
@@ -455,7 +455,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ADMUsers_1**
+**ADMX_MMCSnapins/MMC_ADMUsers_1**
@@ -481,17 +481,17 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -499,7 +499,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Administrative Templates (Users)*
- GP name: *MMC_ADMUsers_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -511,7 +511,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ADMUsers_2**
+**ADMX_MMCSnapins/MMC_ADMUsers_2**
@@ -537,17 +537,17 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -555,7 +555,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Administrative Templates (Users)*
- GP name: *MMC_ADMUsers_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
@@ -567,7 +567,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ADSI**
+**ADMX_MMCSnapins/MMC_ADSI**
@@ -593,17 +593,17 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -611,7 +611,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *ADSI Edit*
- GP name: *MMC_ADSI*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -623,7 +623,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ActiveDirDomTrusts**
+**ADMX_MMCSnapins/MMC_ActiveDirDomTrusts**
@@ -649,17 +649,17 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -667,7 +667,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Active Directory Domains and Trusts*
- GP name: *MMC_ActiveDirDomTrusts*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -679,7 +679,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ActiveDirSitesServices**
+**ADMX_MMCSnapins/MMC_ActiveDirSitesServices**
@@ -705,17 +705,17 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -723,7 +723,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Active Directory Sites and Services*
- GP name: *MMC_ActiveDirSitesServices*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -735,7 +735,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ActiveDirUsersComp**
+**ADMX_MMCSnapins/MMC_ActiveDirUsersComp**
@@ -761,17 +761,17 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted. It can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -779,7 +779,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Active Directory Users and Computers*
- GP name: *MMC_ActiveDirUsersComp*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -791,7 +791,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_AppleTalkRouting**
+**ADMX_MMCSnapins/MMC_AppleTalkRouting**
@@ -817,17 +817,17 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -835,7 +835,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *AppleTalk Routing*
- GP name: *MMC_AppleTalkRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -847,7 +847,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_AuthMan**
+**ADMX_MMCSnapins/MMC_AuthMan**
@@ -873,17 +873,17 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -891,7 +891,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Authorization Manager*
- GP name: *MMC_AuthMan*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -903,7 +903,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_CertAuth**
+**ADMX_MMCSnapins/MMC_CertAuth**
@@ -929,17 +929,17 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
@@ -947,7 +947,7 @@ When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Certification Authority*
- GP name: *MMC_CertAuth*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -959,7 +959,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_CertAuthPolSet**
+**ADMX_MMCSnapins/MMC_CertAuthPolSet**
@@ -985,24 +985,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Certification Authority Policy Settings*
- GP name: *MMC_CertAuthPolSet*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -1014,7 +1014,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_Certs**
+**ADMX_MMCSnapins/MMC_Certs**
@@ -1040,24 +1040,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Certificates*
- GP name: *MMC_Certs*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1069,7 +1069,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_CertsTemplate**
+**ADMX_MMCSnapins/MMC_CertsTemplate**
@@ -1095,24 +1095,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Certificate Templates*
- GP name: *MMC_CertsTemplate*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1124,7 +1124,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ComponentServices**
+**ADMX_MMCSnapins/MMC_ComponentServices**
@@ -1150,24 +1150,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Component Services*
- GP name: *MMC_ComponentServices*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1179,7 +1179,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ComputerManagement**
+**ADMX_MMCSnapins/MMC_ComputerManagement**
@@ -1205,24 +1205,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Computer Management*
- GP name: *MMC_ComputerManagement*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1234,7 +1234,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ConnectionSharingNAT**
+**ADMX_MMCSnapins/MMC_ConnectionSharingNAT**
@@ -1260,24 +1260,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Connection Sharing (NAT)*
- GP name: *MMC_ConnectionSharingNAT*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -1289,7 +1289,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_DCOMCFG**
+**ADMX_MMCSnapins/MMC_DCOMCFG**
@@ -1315,24 +1315,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *DCOM Configuration Extension*
- GP name: *MMC_DCOMCFG*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -1344,7 +1344,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_DFS**
+**ADMX_MMCSnapins/MMC_DFS**
@@ -1370,24 +1370,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Distributed File System*
- GP name: *MMC_DFS*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1399,7 +1399,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_DHCPRelayMgmt**
+**ADMX_MMCSnapins/MMC_DHCPRelayMgmt**
@@ -1425,24 +1425,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *DHCP Relay Management*
- GP name: *MMC_DHCPRelayMgmt*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -1454,7 +1454,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_DeviceManager_1**
+**ADMX_MMCSnapins/MMC_DeviceManager_1**
@@ -1480,24 +1480,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Device Manager*
- GP name: *MMC_DeviceManager_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -1509,7 +1509,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_DeviceManager_2**
+**ADMX_MMCSnapins/MMC_DeviceManager_2**
@@ -1535,24 +1535,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Device Manager*
- GP name: *MMC_DeviceManager_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1564,7 +1564,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_DiskDefrag**
+**ADMX_MMCSnapins/MMC_DiskDefrag**
@@ -1590,24 +1590,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disk Defragmenter*
- GP name: *MMC_DiskDefrag*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1619,7 +1619,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_DiskMgmt**
+**ADMX_MMCSnapins/MMC_DiskMgmt**
@@ -1645,24 +1645,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disk Management*
- GP name: *MMC_DiskMgmt*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1674,7 +1674,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_EnterprisePKI**
+**ADMX_MMCSnapins/MMC_EnterprisePKI**
@@ -1700,24 +1700,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enterprise PKI*
- GP name: *MMC_EnterprisePKI*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1729,7 +1729,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_EventViewer_1**
+**ADMX_MMCSnapins/MMC_EventViewer_1**
@@ -1755,24 +1755,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Event Viewer*
- GP name: *MMC_EventViewer_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -1784,7 +1784,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_EventViewer_2**
+**ADMX_MMCSnapins/MMC_EventViewer_2**
@@ -1810,24 +1810,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Event Viewer (Windows Vista)*
- GP name: *MMC_EventViewer_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -1839,7 +1839,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_EventViewer_3**
+**ADMX_MMCSnapins/MMC_EventViewer_3**
@@ -1865,24 +1865,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Event Viewer*
- GP name: *MMC_EventViewer_3*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1894,7 +1894,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_EventViewer_4**
+**ADMX_MMCSnapins/MMC_EventViewer_4**
@@ -1920,24 +1920,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Event Viewer (Windows Vista)*
- GP name: *MMC_EventViewer_4*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -1950,7 +1950,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_EventViewer_2**
+**ADMX_MMCSnapins/MMC_EventViewer_2**
@@ -1976,24 +1976,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Event Viewer (Windows Vista)*
- GP name: *MMC_EventViewer_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -2005,7 +2005,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_FAXService**
+**ADMX_MMCSnapins/MMC_FAXService**
@@ -2031,24 +2031,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *FAX Service*
- GP name: *MMC_FAXService*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -2060,7 +2060,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_FailoverClusters**
+**ADMX_MMCSnapins/MMC_FailoverClusters**
@@ -2086,24 +2086,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Failover Clusters Manager*
- GP name: *MMC_FailoverClusters*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -2115,7 +2115,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_FolderRedirection_1**
+**ADMX_MMCSnapins/MMC_FolderRedirection_1**
@@ -2141,24 +2141,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Folder Redirection*
- GP name: *MMC_FolderRedirection_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -2170,7 +2170,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_FolderRedirection_2**
+**ADMX_MMCSnapins/MMC_FolderRedirection_2**
@@ -2196,24 +2196,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Folder Redirection*
- GP name: *MMC_FolderRedirection_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
@@ -2225,7 +2225,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_FrontPageExt**
+**ADMX_MMCSnapins/MMC_FrontPageExt**
@@ -2251,24 +2251,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *FrontPage Server Extensions*
- GP name: *MMC_FrontPageExt*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -2280,7 +2280,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_GroupPolicyManagementSnapIn**
+**ADMX_MMCSnapins/MMC_GroupPolicyManagementSnapIn**
@@ -2306,24 +2306,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Group Policy Management*
- GP name: *MMC_GroupPolicyManagementSnapIn*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
@@ -2335,7 +2335,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_GroupPolicySnapIn**
+**ADMX_MMCSnapins/MMC_GroupPolicySnapIn**
@@ -2361,24 +2361,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Group Policy Object Editor*
- GP name: *MMC_GroupPolicySnapIn*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
@@ -2390,7 +2390,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_GroupPolicyTab**
+**ADMX_MMCSnapins/MMC_GroupPolicyTab**
@@ -2435,7 +2435,7 @@ When the Group Policy tab is inaccessible, it doesn't appear in the site, domain
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Group Policy tab for Active Directory Tools*
- GP name: *MMC_GroupPolicyTab*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
@@ -2447,7 +2447,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_HRA**
+**ADMX_MMCSnapins/MMC_HRA**
@@ -2473,24 +2473,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Health Registration Authority (HRA)*
- GP name: *MMC_HRA*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -2502,7 +2502,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IAS**
+**ADMX_MMCSnapins/MMC_IAS**
@@ -2528,24 +2528,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Internet Authentication Service (IAS)*
- GP name: *MMC_IAS*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -2557,7 +2557,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IASLogging**
+**ADMX_MMCSnapins/MMC_IASLogging**
@@ -2583,24 +2583,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IAS Logging*
- GP name: *MMC_IASLogging*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -2612,7 +2612,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IEMaintenance_1**
+**ADMX_MMCSnapins/MMC_IEMaintenance_1**
@@ -2638,24 +2638,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Internet Explorer Maintenance*
- GP name: *MMC_IEMaintenance_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -2667,7 +2667,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IEMaintenance_2**
+**ADMX_MMCSnapins/MMC_IEMaintenance_2**
@@ -2693,24 +2693,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Internet Explorer Maintenance*
- GP name: *MMC_IEMaintenance_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
@@ -2722,7 +2722,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IGMPRouting**
+**ADMX_MMCSnapins/MMC_IGMPRouting**
@@ -2748,24 +2748,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IGMP Routing*
- GP name: *MMC_IGMPRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -2777,7 +2777,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IIS**
+**ADMX_MMCSnapins/MMC_IIS**
@@ -2803,24 +2803,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Internet Information Services*
- GP name: *MMC_IIS*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -2832,7 +2832,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IPRouting**
+**ADMX_MMCSnapins/MMC_IPRouting**
@@ -2858,24 +2858,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IP Routing*
- GP name: *MMC_IPRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -2887,7 +2887,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IPSecManage_GP**
+**ADMX_MMCSnapins/MMC_IPSecManage_GP**
@@ -2913,24 +2913,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IP Security Policy Management*
- GP name: *MMC_IPSecManage_GP*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -2942,7 +2942,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IPXRIPRouting**
+**ADMX_MMCSnapins/MMC_IPXRIPRouting**
@@ -2968,24 +2968,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IPX RIP Routing*
- GP name: *MMC_IPXRIPRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -2997,7 +2997,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IPXRouting**
+**ADMX_MMCSnapins/MMC_IPXRouting**
@@ -3023,24 +3023,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IPX Routing*
- GP name: *MMC_IPXRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -3052,7 +3052,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IPXSAPRouting**
+**ADMX_MMCSnapins/MMC_IPXSAPRouting**
@@ -3078,24 +3078,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IPX SAP Routing*
- GP name: *MMC_IPXSAPRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -3107,7 +3107,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IndexingService**
+**ADMX_MMCSnapins/MMC_IndexingService**
@@ -3133,24 +3133,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Indexing Service*
- GP name: *MMC_IndexingService*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -3162,7 +3162,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IpSecManage**
+**ADMX_MMCSnapins/MMC_IpSecManage**
@@ -3188,24 +3188,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IP Security Policy Management*
- GP name: *MMC_IpSecManage*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -3217,7 +3217,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_IpSecMonitor**
+**ADMX_MMCSnapins/MMC_IpSecMonitor**
@@ -3243,24 +3243,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IP Security Monitor*
- GP name: *MMC_IpSecMonitor*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -3272,7 +3272,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_LocalUsersGroups**
+**ADMX_MMCSnapins/MMC_LocalUsersGroups**
@@ -3298,24 +3298,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Local Users and Groups*
- GP name: *MMC_LocalUsersGroups*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -3327,7 +3327,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_LogicalMappedDrives**
+**ADMX_MMCSnapins/MMC_LogicalMappedDrives**
@@ -3353,24 +3353,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Logical and Mapped Drives*
- GP name: *MMC_LogicalMappedDrives*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -3382,7 +3382,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_NPSUI**
+**ADMX_MMCSnapins/MMC_NPSUI**
@@ -3408,24 +3408,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Network Policy Server (NPS)*
- GP name: *MMC_NPSUI*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -3437,7 +3437,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_NapSnap**
+**ADMX_MMCSnapins/MMC_NapSnap**
@@ -3463,24 +3463,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *NAP Client Configuration*
- GP name: *MMC_NapSnap*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -3492,7 +3492,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_NapSnap_GP**
+**ADMX_MMCSnapins/MMC_NapSnap_GP**
@@ -3518,24 +3518,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *NAP Client Configuration*
- GP name: *MMC_NapSnap_GP*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -3547,7 +3547,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_Net_Framework**
+**ADMX_MMCSnapins/MMC_Net_Framework**
@@ -3573,24 +3573,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *.Net Framework Configuration*
- GP name: *MMC_Net_Framework*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -3602,7 +3602,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_OCSP**
+**ADMX_MMCSnapins/MMC_OCSP**
@@ -3628,24 +3628,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Online Responder*
- GP name: *MMC_OCSP*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -3657,7 +3657,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_OSPFRouting**
+**ADMX_MMCSnapins/MMC_OSPFRouting**
@@ -3683,24 +3683,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *OSPF Routing*
- GP name: *MMC_OSPFRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -3712,7 +3712,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_PerfLogsAlerts**
+**ADMX_MMCSnapins/MMC_PerfLogsAlerts**
@@ -3738,24 +3738,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Performance Logs and Alerts*
- GP name: *MMC_PerfLogsAlerts*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -3767,7 +3767,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_PublicKey**
+**ADMX_MMCSnapins/MMC_PublicKey**
@@ -3793,24 +3793,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Public Key Policies*
- GP name: *MMC_PublicKey*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -3822,7 +3822,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_QoSAdmission**
+**ADMX_MMCSnapins/MMC_QoSAdmission**
@@ -3848,24 +3848,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *QoS Admission Control*
- GP name: *MMC_QoSAdmission*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -3877,7 +3877,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_RAS_DialinUser**
+**ADMX_MMCSnapins/MMC_RAS_DialinUser**
@@ -3903,24 +3903,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *RAS Dialin - User Node*
- GP name: *MMC_RAS_DialinUser*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -3932,7 +3932,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_RIPRouting**
+**ADMX_MMCSnapins/MMC_RIPRouting**
@@ -3958,24 +3958,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *RIP Routing*
- GP name: *MMC_RIPRouting*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -3987,7 +3987,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_RIS**
+**ADMX_MMCSnapins/MMC_RIS**
@@ -4013,24 +4013,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remote Installation Services*
- GP name: *MMC_RIS*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -4042,7 +4042,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_RRA**
+**ADMX_MMCSnapins/MMC_RRA**
@@ -4068,24 +4068,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Routing and Remote Access*
- GP name: *MMC_RRA*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -4097,7 +4097,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_RSM**
+**ADMX_MMCSnapins/MMC_RSM**
@@ -4123,24 +4123,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Removable Storage Management*
- GP name: *MMC_RSM*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -4152,7 +4152,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_RemStore**
+**ADMX_MMCSnapins/MMC_RemStore**
@@ -4178,24 +4178,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Removable Storage*
- GP name: *MMC_RemStore*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -4207,7 +4207,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_RemoteAccess**
+**ADMX_MMCSnapins/MMC_RemoteAccess**
@@ -4233,24 +4233,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remote Access*
- GP name: *MMC_RemoteAccess*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -4262,7 +4262,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_RemoteDesktop**
+**ADMX_MMCSnapins/MMC_RemoteDesktop**
@@ -4288,24 +4288,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remote Desktops*
- GP name: *MMC_RemoteDesktop*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -4317,7 +4317,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ResultantSetOfPolicySnapIn**
+**ADMX_MMCSnapins/MMC_ResultantSetOfPolicySnapIn**
@@ -4343,24 +4343,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Resultant Set of Policy snap-in*
- GP name: *MMC_ResultantSetOfPolicySnapIn*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
@@ -4372,7 +4372,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_Routing**
+**ADMX_MMCSnapins/MMC_Routing**
@@ -4398,24 +4398,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Routing*
- GP name: *MMC_Routing*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -4427,7 +4427,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SCA**
+**ADMX_MMCSnapins/MMC_SCA**
@@ -4453,24 +4453,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Security Configuration and Analysis*
- GP name: *MMC_SCA*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -4482,7 +4482,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SMTPProtocol**
+**ADMX_MMCSnapins/MMC_SMTPProtocol**
@@ -4508,24 +4508,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *SMTP Protocol*
- GP name: *MMC_SMTPProtocol*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -4537,7 +4537,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SNMP**
+**ADMX_MMCSnapins/MMC_SNMP**
@@ -4563,24 +4563,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *SNMP*
- GP name: *MMC_SNMP*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -4592,7 +4592,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ScriptsMachine_1**
+**ADMX_MMCSnapins/MMC_ScriptsMachine_1**
@@ -4618,24 +4618,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Scripts (Startup/Shutdown)*
- GP name: *MMC_ScriptsMachine_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -4647,7 +4647,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ScriptsMachine_2**
+**ADMX_MMCSnapins/MMC_ScriptsMachine_2**
@@ -4673,24 +4673,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Scripts (Startup/Shutdown)*
- GP name: *MMC_ScriptsMachine_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
@@ -4702,7 +4702,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ScriptsUser_1**
+**ADMX_MMCSnapins/MMC_ScriptsUser_1**
@@ -4728,24 +4728,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Scripts (Logon/Logoff)*
- GP name: *MMC_ScriptsUser_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -4757,7 +4757,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ScriptsUser_2**
+**ADMX_MMCSnapins/MMC_ScriptsUser_2**
@@ -4783,24 +4783,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Scripts (Logon/Logoff)*
- GP name: *MMC_ScriptsUser_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
@@ -4812,7 +4812,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SecuritySettings_1**
+**ADMX_MMCSnapins/MMC_SecuritySettings_1**
@@ -4838,24 +4838,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Security Settings*
- GP name: *MMC_SecuritySettings_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -4867,7 +4867,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SecuritySettings_2**
+**ADMX_MMCSnapins/MMC_SecuritySettings_2**
@@ -4893,24 +4893,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Security Settings*
- GP name: *MMC_SecuritySettings_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
@@ -4922,7 +4922,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SecurityTemplates**
+**ADMX_MMCSnapins/MMC_SecurityTemplates**
@@ -4948,24 +4948,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Security Templates*
- GP name: *MMC_SecurityTemplates*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -4977,7 +4977,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SendConsoleMessage**
+**ADMX_MMCSnapins/MMC_SendConsoleMessage**
@@ -5003,24 +5003,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Send Console Message*
- GP name: *MMC_SendConsoleMessage*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -5032,7 +5032,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ServerManager**
+**ADMX_MMCSnapins/MMC_ServerManager**
@@ -5058,24 +5058,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Server Manager*
- GP name: *MMC_ServerManager*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -5087,7 +5087,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_ServiceDependencies**
+**ADMX_MMCSnapins/MMC_ServiceDependencies**
@@ -5113,24 +5113,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Service Dependencies*
- GP name: *MMC_ServiceDependencies*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -5142,7 +5142,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_Services**
+**ADMX_MMCSnapins/MMC_Services**
@@ -5168,24 +5168,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Services*
- GP name: *MMC_Services*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -5197,7 +5197,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SharedFolders**
+**ADMX_MMCSnapins/MMC_SharedFolders**
@@ -5223,24 +5223,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Shared Folders*
- GP name: *MMC_SharedFolders*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -5252,7 +5252,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SharedFolders_Ext**
+**ADMX_MMCSnapins/MMC_SharedFolders_Ext**
@@ -5278,24 +5278,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Shared Folders Ext*
- GP name: *MMC_SharedFolders_Ext*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -5307,7 +5307,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_1**
+**ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_1**
@@ -5333,24 +5333,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Software Installation (Computers)*
- GP name: *MMC_SoftwareInstalationComputers_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -5362,7 +5362,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_2**
+**ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_2**
@@ -5388,24 +5388,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Software Installation (Computers)*
- GP name: *MMC_SoftwareInstalationComputers_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
@@ -5417,7 +5417,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_1**
+**ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_1**
@@ -5443,24 +5443,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Software Installation (Users)*
- GP name: *MMC_SoftwareInstallationUsers_1*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -5472,7 +5472,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_2**
+**ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_2**
@@ -5498,24 +5498,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Software Installation (Users)*
- GP name: *MMC_SoftwareInstallationUsers_2*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
@@ -5527,7 +5527,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SysInfo**
+**ADMX_MMCSnapins/MMC_SysInfo**
@@ -5553,24 +5553,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *System Information*
- GP name: *MMC_SysInfo*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -5582,7 +5582,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_SysProp**
+**ADMX_MMCSnapins/MMC_SysProp**
@@ -5608,24 +5608,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *System Properties*
- GP name: *MMC_SysProp*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
@@ -5637,7 +5637,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_TPMManagement**
+**ADMX_MMCSnapins/MMC_TPMManagement**
@@ -5663,24 +5663,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *TPM Management*
- GP name: *MMC_TPMManagement*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -5692,7 +5692,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_Telephony**
+**ADMX_MMCSnapins/MMC_Telephony**
@@ -5718,24 +5718,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Telephony*
- GP name: *MMC_Telephony*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -5747,7 +5747,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_TerminalServices**
+**ADMX_MMCSnapins/MMC_TerminalServices**
@@ -5773,24 +5773,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remote Desktop Services Configuration*
- GP name: *MMC_TerminalServices*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -5802,7 +5802,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_WMI**
+**ADMX_MMCSnapins/MMC_WMI**
@@ -5828,24 +5828,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *WMI Control*
- GP name: *MMC_WMI*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -5857,7 +5857,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_WindowsFirewall**
+**ADMX_MMCSnapins/MMC_WindowsFirewall**
@@ -5883,24 +5883,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Windows Firewall with Advanced Security*
- GP name: *MMC_WindowsFirewall*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -5912,7 +5912,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_WindowsFirewall_GP**
+**ADMX_MMCSnapins/MMC_WindowsFirewall_GP**
@@ -5938,24 +5938,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Windows Firewall with Advanced Security*
- GP name: *MMC_WindowsFirewall_GP*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -5967,7 +5967,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_WiredNetworkPolicy**
+**ADMX_MMCSnapins/MMC_WiredNetworkPolicy**
@@ -5993,24 +5993,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Wired Network (IEEE 802.3) Policies*
- GP name: *MMC_WiredNetworkPolicy*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
@@ -6022,7 +6022,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_WirelessMon**
+**ADMX_MMCSnapins/MMC_WirelessMon**
@@ -6048,24 +6048,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Wireless Monitor*
- GP name: *MMC_WirelessMon*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
@@ -6077,7 +6077,7 @@ ADMX Info:
-**ADMX_MMCSnapins/MMC_WirelessNetworkPolicy**
+**ADMX_MMCSnapins/MMC_WirelessNetworkPolicy**
@@ -6103,24 +6103,24 @@ ADMX Info:
-This policy setting permits or prohibits the use of this snap-in.
+This policy setting permits or prohibits the use of this snap-in.
-If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
+If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
-If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
+If you disable this policy setting, the snap-in is prohibited and can't be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed stating that policy is prohibiting the use of this snap-in.
-If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
+If this policy setting isn't configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is permitted or prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is enabled, users can't use any snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this policy setting. If this policy setting isn't configured or disabled, this snap-in is prohibited.
-- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
+- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, disable this policy setting. If this policy setting isn't configured or enabled, the snap-in is permitted.
When a snap-in is prohibited, it doesn't appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in doesn't appear.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Wireless Network (IEEE 802.11) Policies*
- GP name: *MMC_WirelessNetworkPolicy*
- GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
index 462bfc2801..81d5a4b84e 100644
--- a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
+++ b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/20/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_MobilePCMobilityCenter
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_MobilePCMobilityCenter policies
+## ADMX_MobilePCMobilityCenter policies
-
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_MobilePCMobilityCenter/MobilityCenterEnable_1**
+**ADMX_MobilePCMobilityCenter/MobilityCenterEnable_1**
@@ -65,10 +65,10 @@ manager: aaroncz
-This policy setting turns off Windows Mobility Center.
+This policy setting turns off Windows Mobility Center.
-- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file doesn't launch it.
-- If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it.
+- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file doesn't launch it.
+- If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it.
If you don't configure this policy setting, Windows Mobility Center is on by default.
@@ -76,7 +76,7 @@ If you don't configure this policy setting, Windows Mobility Center is on by def
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows Mobility Center*
- GP name: *MobilityCenterEnable_1*
- GP path: *Windows Components\Windows Mobility Center*
@@ -87,7 +87,7 @@ ADMX Info:
-**ADMX_MobilePCMobilityCenter/MobilityCenterEnable_2**
+**ADMX_MobilePCMobilityCenter/MobilityCenterEnable_2**
@@ -113,10 +113,10 @@ ADMX Info:
-This policy setting turns off Windows Mobility Center.
+This policy setting turns off Windows Mobility Center.
-- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file doesn't launch it.
-- If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it.
+- If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file doesn't launch it.
+- If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it.
If you don't configure this policy setting, Windows Mobility Center is on by default.
@@ -124,7 +124,7 @@ If you don't configure this policy setting, Windows Mobility Center is on by def
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows Mobility Center*
- GP name: *MobilityCenterEnable_2*
- GP path: *Windows Components\Windows Mobility Center*
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
index a0b6581b36..c7d35a8a94 100644
--- a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
+++ b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/20/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_MobilePCPresentationSettings
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_MobilePCPresentationSettings policies
+## ADMX_MobilePCPresentationSettings policies
-
@@ -66,16 +66,16 @@ manager: aaroncz
-This policy setting turns off Windows presentation settings.
+This policy setting turns off Windows presentation settings.
-If you enable this policy setting, Windows presentation settings can't be invoked.
+If you enable this policy setting, Windows presentation settings can't be invoked.
-If you disable this policy setting, Windows presentation settings can be invoked.
+If you disable this policy setting, Windows presentation settings can be invoked.
-The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image.
+The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image.
> [!NOTE]
-> Users will be able to customize their system settings for presentations in Windows Mobility Center.
+> Users will be able to customize their system settings for presentations in Windows Mobility Center.
If you do not configure this policy setting, Windows presentation settings can be invoked.
@@ -83,7 +83,7 @@ If you do not configure this policy setting, Windows presentation settings can b
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows presentation settings*
- GP name: *PresentationSettingsEnable_1*
- GP path: *Windows Components\Presentation Settings*
@@ -94,7 +94,7 @@ ADMX Info:
-**ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_2**
+**ADMX_MobilePCPresentationSettings/PresentationSettingsEnable_2**
@@ -120,16 +120,16 @@ ADMX Info:
-This policy setting turns off Windows presentation settings.
+This policy setting turns off Windows presentation settings.
-If you enable this policy setting, Windows presentation settings can't be invoked.
+If you enable this policy setting, Windows presentation settings can't be invoked.
-If you disable this policy setting, Windows presentation settings can be invoked.
+If you disable this policy setting, Windows presentation settings can be invoked.
-The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image.
+The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image.
> [!NOTE]
-> Users will be able to customize their system settings for presentations in Windows Mobility Center.
+> Users will be able to customize their system settings for presentations in Windows Mobility Center.
If you do not configure this policy setting, Windows presentation settings can be invoked.
@@ -137,7 +137,7 @@ If you do not configure this policy setting, Windows presentation settings can b
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows presentation settings*
- GP name: *PresentationSettingsEnable_2*
- GP path: *Windows Components\Presentation Settings*
diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
index a706344772..f7b0c1a284 100644
--- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/14/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_MSAPolicy
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_MSAPolicy policies
+## ADMX_MSAPolicy policies
-
@@ -35,7 +35,7 @@ manager: aaroncz
-**ADMX_MSAPolicy/MicrosoftAccount_DisableUserAuth**
+**ADMX_MSAPolicy/MicrosoftAccount_DisableUserAuth**
@@ -73,7 +73,7 @@ By default, this setting is Disabled. This setting doesn't affect whether users
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Block all consumer Microsoft account user authentication*
- GP name: *MicrosoftAccount_DisableUserAuth*
- GP path: *Windows Components\Microsoft account*
diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md
index 039423c269..39849c2465 100644
--- a/windows/client-management/mdm/policy-csp-admx-msched.md
+++ b/windows/client-management/mdm/policy-csp-admx-msched.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/08/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_msched
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_msched policies
+## ADMX_msched policies
-
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_msched/ActivationBoundaryPolicy**
+**ADMX_msched/ActivationBoundaryPolicy**
@@ -75,7 +75,7 @@ If you disable or don't configure this policy setting, the daily scheduled time
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Automatic Maintenance Activation Boundary*
- GP name: *ActivationBoundaryPolicy*
- GP path: *Windows Components\Maintenance Scheduler*
@@ -86,7 +86,7 @@ ADMX Info:
-**ADMX_msched/RandomDelayPolicy**
+**ADMX_msched/RandomDelayPolicy**
@@ -126,7 +126,7 @@ If you disable this policy setting, no random delay will be applied to Automatic
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Automatic Maintenance Random Delay*
- GP name: *RandomDelayPolicy*
- GP path: *Windows Components\Maintenance Scheduler*
diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md
index 3cf6d8ccbd..3b3aa7336b 100644
--- a/windows/client-management/mdm/policy-csp-admx-msdt.md
+++ b/windows/client-management/mdm/policy-csp-admx-msdt.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/09/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_MSDT
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_MSDT policies
+## ADMX_MSDT policies
-
@@ -41,7 +41,7 @@ manager: aaroncz
-**ADMX_MSDT/MsdtSupportProvider**
+**ADMX_MSDT/MsdtSupportProvider**
@@ -83,7 +83,7 @@ No reboots or service restarts are required for this policy setting to take effe
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider*
- GP name: *MsdtSupportProvider*
- GP path: *System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool*
@@ -94,7 +94,7 @@ ADMX Info:
-**ADMX_MSDT/MsdtToolDownloadPolicy**
+**ADMX_MSDT/MsdtToolDownloadPolicy**
@@ -148,7 +148,7 @@ The DPS can be configured with the Services snap-in to the Microsoft Management
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Support Diagnostic Tool: Restrict tool download*
- GP name: *MsdtToolDownloadPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool*
@@ -159,7 +159,7 @@ ADMX Info:
-**ADMX_MSDT/WdiScenarioExecutionPolicy**
+**ADMX_MSDT/WdiScenarioExecutionPolicy**
@@ -201,7 +201,7 @@ This policy setting will only take effect when the Diagnostic Policy Service (DP
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Support Diagnostic Tool: Configure execution level*
- GP name: *WdiScenarioExecutionPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool*
diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md
index ee2aa88f20..5fb8466e78 100644
--- a/windows/client-management/mdm/policy-csp-admx-msi.md
+++ b/windows/client-management/mdm/policy-csp-admx-msi.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/16/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_MSI
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_MSI policies
+## ADMX_MSI policies
-
@@ -103,7 +103,7 @@ manager: aaroncz
-**ADMX_MSI/AllowLockdownBrowse**
+**ADMX_MSI/AllowLockdownBrowse**
@@ -143,7 +143,7 @@ If you disable or don't configure this policy setting, by default, only system a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow users to browse for source while elevated*
- GP name: *AllowLockdownBrowse*
- GP path: *Windows Components\Windows Installer*
@@ -155,7 +155,7 @@ ADMX Info:
-**ADMX_MSI/AllowLockdownMedia**
+**ADMX_MSI/AllowLockdownMedia**
@@ -195,7 +195,7 @@ Also, see the "Prevent removable media source for any install" policy setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow users to use media source while elevated*
- GP name: *AllowLockdownMedia*
- GP path: *Windows Components\Windows Installer*
@@ -207,7 +207,7 @@ ADMX Info:
-**ADMX_MSI/AllowLockdownPatch**
+**ADMX_MSI/AllowLockdownPatch**
@@ -244,7 +244,7 @@ This policy setting doesn't affect installations that run in the user's security
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow users to patch elevated products*
- GP name: *AllowLockdownPatch*
- GP path: *Windows Components\Windows Installer*
@@ -256,7 +256,7 @@ ADMX Info:
-**ADMX_MSI/DisableAutomaticApplicationShutdown**
+**ADMX_MSI/DisableAutomaticApplicationShutdown**
@@ -298,7 +298,7 @@ If you disable or don't configure this policy setting, Windows Installer will us
-ADMX Info:
+ADMX Info:
- GGP Friendly name: *Prohibit use of Restart Manager*
- GP name: *DisableAutomaticApplicationShutdown*
- GP path: *Windows Components\Windows Installer*
@@ -310,7 +310,7 @@ ADMX Info:
-**ADMX_MSI/DisableBrowse**
+**ADMX_MSI/DisableBrowse**
@@ -352,7 +352,7 @@ Also, see the "Enable user to browse for source while elevated" policy setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove browse dialog box for new source*
- GP name: *DisableBrowse*
- GP path: *Windows Components\Windows Installer*
@@ -364,7 +364,7 @@ ADMX Info:
-**ADMX_MSI/DisableFlyweightPatching**
+**ADMX_MSI/DisableFlyweightPatching**
@@ -400,7 +400,7 @@ If you disable or don't configure this policy setting, it enables faster applica
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit flyweight patching*
- GP name: *DisableFlyweightPatching*
- GP path: *Windows Components\Windows Installer*
@@ -412,7 +412,7 @@ ADMX Info:
-**ADMX_MSI/DisableLoggingFromPackage**
+**ADMX_MSI/DisableLoggingFromPackage**
@@ -452,7 +452,7 @@ If you disable or don't configure this policy setting, Windows Installer will au
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off logging via package settings*
- GP name: *DisableLoggingFromPackage*
- GP path: *Windows Components\Windows Installer*
@@ -464,7 +464,7 @@ ADMX Info:
-**ADMX_MSI/DisableMSI**
+**ADMX_MSI/DisableMSI**
@@ -494,7 +494,7 @@ This policy setting restricts the use of Windows Installer.
If you enable this policy setting, you can prevent users from installing software on their systems or permit users to install only those programs offered by a system administrator. You can use the options in the Disable Windows Installer box to establish an installation setting.
-- The "Never" option indicates Windows Installer is fully enabled. Users can install and upgrade software.
+- The "Never" option indicates Windows Installer is fully enabled. Users can install and upgrade software.
- The "For non-managed applications only" option permits users to install only those programs that a system administrator assigns (offers on the desktop) or publishes (adds them to Add or Remove Programs). This option's induced behavior is the default behavior of Windows Installer on Windows Server 2003 family when the policy isn't configured.
@@ -506,7 +506,7 @@ This policy setting affects Windows Installer only. It doesn't prevent users fro
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows Installer*
- GP name: *DisableMSI*
- GP path: *Windows Components\Windows Installer*
@@ -518,7 +518,7 @@ ADMX Info:
-**ADMX_MSI/DisableMedia**
+**ADMX_MSI/DisableMedia**
@@ -558,7 +558,7 @@ Also, see the "Enable user to use media source while elevated" and "Hide the 'Ad
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent removable media source for any installation*
- GP name: *DisableMedia*
- GP path: *Windows Components\Windows Installer*
@@ -570,7 +570,7 @@ ADMX Info:
-**ADMX_MSI/DisablePatch**
+**ADMX_MSI/DisablePatch**
@@ -611,7 +611,7 @@ Also, see the "Enable user to patch elevated products" policy setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent users from using Windows Installer to install updates and upgrades*
- GP name: *DisablePatch*
- GP path: *Windows Components\Windows Installer*
@@ -623,7 +623,7 @@ ADMX Info:
-**ADMX_MSI/DisableRollback_1**
+**ADMX_MSI/DisableRollback_1**
@@ -660,7 +660,7 @@ This policy setting appears in the Computer Configuration and User Configuration
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit rollback*
- GP name: *DisableRollback_1*
- GP path: *Windows Components\Windows Installer*
@@ -672,7 +672,7 @@ ADMX Info:
-**ADMX_MSI/DisableRollback_2**
+**ADMX_MSI/DisableRollback_2**
@@ -710,7 +710,7 @@ This policy setting appears in the Computer Configuration and User Configuration
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit rollback*
- GP name: *DisableRollback_2*
- GP path: *Windows Components\Windows Installer*
@@ -722,7 +722,7 @@ ADMX Info:
-**ADMX_MSI/DisableSharedComponent**
+**ADMX_MSI/DisableSharedComponent**
@@ -758,7 +758,7 @@ If you disable or don't configure this policy setting, by default, the shared co
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off shared components*
- GP name: *DisableSharedComponent*
- GP path: *Windows Components\Windows Installer*
@@ -770,7 +770,7 @@ ADMX Info:
-**ADMX_MSI/MSILogging**
+**ADMX_MSI/MSILogging**
@@ -808,7 +808,7 @@ If you disable or don't configure this policy setting, Windows Installer logs th
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the types of events Windows Installer records in its transaction log*
- GP name: *MSILogging*
- GP path: *Windows Components\Windows Installer*
@@ -821,7 +821,7 @@ ADMX Info:
-**ADMX_MSI/MSI_DisableLUAPatching**
+**ADMX_MSI/MSI_DisableLUAPatching**
@@ -859,7 +859,7 @@ If you disable or don't configure this policy setting, users without administrat
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit non-administrators from applying vendor signed updates*
- GP name: *MSI_DisableLUAPatching*
- GP path: *Windows Components\Windows Installer*
@@ -872,7 +872,7 @@ ADMX Info:
-**ADMX_MSI/MSI_DisablePatchUninstall**
+**ADMX_MSI/MSI_DisablePatchUninstall**
@@ -910,7 +910,7 @@ If you disable or don't configure this policy setting, a user can remove an upda
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit removal of updates*
- GP name: *MSI_DisablePatchUninstall*
- GP path: *Windows Components\Windows Installer*
@@ -923,7 +923,7 @@ ADMX Info:
-**ADMX_MSI/MSI_DisableSRCheckPoints**
+**ADMX_MSI/MSI_DisableSRCheckPoints**
@@ -959,7 +959,7 @@ If you disable or don't configure this policy setting, by default, the Windows I
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off creation of System Restore checkpoints*
- GP name: *MSI_DisableSRCheckPoints*
- GP path: *Windows Components\Windows Installer*
@@ -972,7 +972,7 @@ ADMX Info:
-**ADMX_MSI/MSI_DisableUserInstalls**
+**ADMX_MSI/MSI_DisableUserInstalls**
@@ -1008,7 +1008,7 @@ If you enable this policy setting and "Hide User Installs" is selected, the inst
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit User Installs*
- GP name: *MSI_DisableUserInstalls*
- GP path: *Windows Components\Windows Installer*
@@ -1021,7 +1021,7 @@ ADMX Info:
-**ADMX_MSI/MSI_EnforceUpgradeComponentRules**
+**ADMX_MSI/MSI_EnforceUpgradeComponentRules**
@@ -1063,7 +1063,7 @@ If you disable or don't configure this policy setting, the Windows Installer wil
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enforce upgrade component rules*
- GP name: *MSI_EnforceUpgradeComponentRules*
- GP path: *Windows Components\Windows Installer*
@@ -1075,7 +1075,7 @@ ADMX Info:
-**ADMX_MSI/MSI_MaxPatchCacheSize**
+**ADMX_MSI/MSI_MaxPatchCacheSize**
@@ -1117,7 +1117,7 @@ If you disable or don't configure this policy setting, the Windows Installer wil
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Control maximum size of baseline file cache*
- GP name: *MSI_MaxPatchCacheSize*
- GP path: *Windows Components\Windows Installer*
@@ -1129,7 +1129,7 @@ ADMX Info:
-**ADMX_MSI/MsiDisableEmbeddedUI**
+**ADMX_MSI/MsiDisableEmbeddedUI**
@@ -1165,7 +1165,7 @@ If you disable or don't configure this policy setting, embedded UI is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent embedded UI*
- GP name: *MsiDisableEmbeddedUI*
- GP path: *Windows Components\Windows Installer*
@@ -1177,7 +1177,7 @@ ADMX Info:
-**ADMX_MSI/SafeForScripting**
+**ADMX_MSI/SafeForScripting**
@@ -1215,7 +1215,7 @@ This policy setting is designed for enterprises that use Web-based tools to dist
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent Internet Explorer security prompt for Windows Installer scripts*
- GP name: *SafeForScripting*
- GP path: *Windows Components\Windows Installer*
@@ -1227,7 +1227,7 @@ ADMX Info:
-**ADMX_MSI/SearchOrder**
+**ADMX_MSI/SearchOrder**
@@ -1269,7 +1269,7 @@ To exclude a file source, omit or delete the letter representing that source typ
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify the order in which Windows Installer searches for installation files*
- GP name: *SearchOrder*
- GP path: *Windows Components\Windows Installer*
@@ -1281,7 +1281,7 @@ ADMX Info:
-**ADMX_MSI/TransformsSecure**
+**ADMX_MSI/TransformsSecure**
@@ -1323,7 +1323,7 @@ If you disable this policy setting, Windows Installer stores transform files in
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Save copies of transform files in a secure location on workstation*
- GP name: *TransformsSecure*
- GP path: *Windows Components\Windows Installer*
diff --git a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
index b1d046c306..61e75b0ddd 100644
--- a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/20/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_MsiFileRecovery
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_MsiFileRecovery policies
+## ADMX_MsiFileRecovery policies
-
@@ -35,7 +35,7 @@ manager: aaroncz
-**ADMX_MsiFileRecovery/WdiScenarioExecutionPolicy**
+**ADMX_MsiFileRecovery/WdiScenarioExecutionPolicy**
@@ -61,21 +61,21 @@ manager: aaroncz
-This policy setting allows you to configure the recovery behavior for corrupted MSI files to one of three states:
+This policy setting allows you to configure the recovery behavior for corrupted MSI files to one of three states:
- Prompt for Resolution: Detection, troubleshooting, and recovery of corrupted MSI applications will be turned on. Windows will prompt the user with a dialog-box when application reinstallation is required.
-This behavior is the default recovery behavior on Windows client.
+This behavior is the default recovery behavior on Windows client.
-- Silent: Detection, troubleshooting, and notification of MSI application to reinstall will occur with no UI. Windows will log an event when corruption is determined and will suggest the application that should be reinstalled. This behavior is recommended for headless operation and is the default recovery behavior on Windows server.
+- Silent: Detection, troubleshooting, and notification of MSI application to reinstall will occur with no UI. Windows will log an event when corruption is determined and will suggest the application that should be reinstalled. This behavior is recommended for headless operation and is the default recovery behavior on Windows server.
-- Troubleshooting Only: Detection and verification of file corruption will be performed without UI.
-Recovery isn't attempted.
+- Troubleshooting Only: Detection and verification of file corruption will be performed without UI.
+Recovery isn't attempted.
-- If you enable this policy setting, the recovery behavior for corrupted files is set to either the Prompt For Resolution (default on Windows client), Silent (default on Windows server), or Troubleshooting Only.
+- If you enable this policy setting, the recovery behavior for corrupted files is set to either the Prompt For Resolution (default on Windows client), Silent (default on Windows server), or Troubleshooting Only.
-- If you disable this policy setting, the troubleshooting and recovery behavior for corrupted files will be disabled. No troubleshooting or resolution will be attempted.
+- If you disable this policy setting, the troubleshooting and recovery behavior for corrupted files will be disabled. No troubleshooting or resolution will be attempted.
-If you don't configure this policy setting, the recovery behavior for corrupted files will be set to the default recovery behavior. No system or service restarts are required for changes to this policy setting to take immediate effect after a Group Policy refresh.
+If you don't configure this policy setting, the recovery behavior for corrupted files will be set to the default recovery behavior. No system or service restarts are required for changes to this policy setting to take immediate effect after a Group Policy refresh.
> [!NOTE]
> This policy setting will take effect only when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, system file recovery will not be attempted. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
@@ -84,7 +84,7 @@ If you don't configure this policy setting, the recovery behavior for corrupted
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure MSI Corrupted File Recovery behavior*
- GP name: *WdiScenarioExecutionPolicy*
- GP path: *System\Troubleshooting and Diagnostics\MSI Corrupted File Recovery*
diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md
index 7bfd8617d3..229f7683ad 100644
--- a/windows/client-management/mdm/policy-csp-admx-nca.md
+++ b/windows/client-management/mdm/policy-csp-admx-nca.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/14/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_nca
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_nca policies
+## ADMX_nca policies
-
@@ -56,7 +56,7 @@ manager: aaroncz
-**ADMX_nca/CorporateResources**
+**ADMX_nca/CorporateResources**
@@ -82,11 +82,11 @@ manager: aaroncz
-This policy setting specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource.
+This policy setting specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource.
-Each string can be one of the following types:
+Each string can be one of the following types:
-- A DNS name or IPv6 address that NCA pings. The syntax is “PING:” followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address, or an IPv6 address. Examples: PING:myserver.corp.contoso.com or PING:2002:836b:1::1.
+- A DNS name or IPv6 address that NCA pings. The syntax is “PING:” followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address, or an IPv6 address. Examples: PING:myserver.corp.contoso.com or PING:2002:836b:1::1.
> [!NOTE]
> We recommend that you use FQDNs instead of IPv6 addresses wherever possible.
@@ -102,7 +102,7 @@ You must configure this setting to have complete NCA functionality.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Corporate Resources*
- GP name: *CorporateResources*
- GP path: *Network\DirectAccess Client Experience Settings*
@@ -113,7 +113,7 @@ ADMX Info:
-**ADMX_nca/CustomCommands**
+**ADMX_nca/CustomCommands**
@@ -145,7 +145,7 @@ This policy setting specifies commands configured by the administrator for custo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Custom Commands*
- GP name: *CustomCommands*
- GP path: *Network\DirectAccess Client Experience Settings*
@@ -156,7 +156,7 @@ ADMX Info:
-**ADMX_nca/DTEs**
+**ADMX_nca/DTEs**
@@ -182,7 +182,7 @@ ADMX Info:
-This policy setting specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints.
+This policy setting specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints.
By default, NCA uses the same DirectAccess server that the DirectAccess client computer connection is using. In default configurations of DirectAccess, there are typically two IPsec tunnel endpoints: one for the infrastructure tunnel and one for the intranet tunnel. You should configure one endpoint for each tunnel.
@@ -194,7 +194,7 @@ You must configure this setting to have complete NCA functionality.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *IPsec Tunnel Endpoints*
- GP name: *DTEs*
- GP path: *Network\DirectAccess Client Experience Settings*
@@ -205,7 +205,7 @@ ADMX Info:
-**ADMX_nca/FriendlyName**
+**ADMX_nca/FriendlyName**
@@ -239,7 +239,7 @@ If this setting isn't configured, the string that appears for DirectAccess conne
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Friendly Name*
- GP name: *FriendlyName*
- GP path: *Network\DirectAccess Client Experience Settings*
@@ -250,7 +250,7 @@ ADMX Info:
-**ADMX_nca/LocalNamesOn**
+**ADMX_nca/LocalNamesOn**
@@ -293,7 +293,7 @@ If this setting isn't configured, users don't have Connect or Disconnect options
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prefer Local Names Allowed*
- GP name: *LocalNamesOn*
- GP path: *Network\DirectAccess Client Experience Settings*
@@ -304,7 +304,7 @@ ADMX Info:
-**ADMX_nca/PassiveMode**
+**ADMX_nca/PassiveMode**
@@ -337,7 +337,7 @@ Set this policy setting to Disabled to keep NCA probing actively all the time. I
-ADMX Info:
+ADMX Info:
- GP Friendly name: *DirectAccess Passive Mode*
- GP name: *PassiveMode*
- GP path: *Network\DirectAccess Client Experience Settings*
@@ -348,7 +348,7 @@ ADMX Info:
-**ADMX_nca/ShowUI**
+**ADMX_nca/ShowUI**
@@ -376,7 +376,7 @@ ADMX Info:
This policy setting specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon.
-Set this policy setting to Disabled to prevent user confusion when you're just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access.
+Set this policy setting to Disabled to prevent user confusion when you're just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access.
If this setting isn't configured, the entry for DirectAccess connectivity appears.
@@ -384,7 +384,7 @@ If this setting isn't configured, the entry for DirectAccess connectivity appear
-ADMX Info:
+ADMX Info:
- GP Friendly name: *User Interface*
- GP name: *ShowUI*
- GP path: *Network\DirectAccess Client Experience Settings*
@@ -395,7 +395,7 @@ ADMX Info:
-**ADMX_nca/SupportEmail**
+**ADMX_nca/SupportEmail**
@@ -421,7 +421,7 @@ ADMX Info:
-This policy setting specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator.
+This policy setting specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator.
When the user sends the log files to the Administrator, NCA uses the default e-mail client to open a new message with the support email address in the To: field of the message, then attaches the generated log files as a .html file. The user can review the message and add additional information before sending the message.
@@ -429,7 +429,7 @@ When the user sends the log files to the Administrator, NCA uses the default e-m
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Support Email Address*
- GP name: *SupportEmail*
- GP path: *Network\DirectAccess Client Experience Settings*
diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md
index ddb9baa7e7..2af01b2e22 100644
--- a/windows/client-management/mdm/policy-csp-admx-ncsi.md
+++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/14/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_NCSI
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_NCSI policies
+## ADMX_NCSI policies
-
@@ -54,7 +54,7 @@ manager: aaroncz
-**ADMX_NCSI/NCSI_CorpDnsProbeContent**
+**ADMX_NCSI/NCSI_CorpDnsProbeContent**
@@ -85,7 +85,7 @@ This policy setting enables you to specify the expected address of the host name
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify corporate DNS probe host address*
- GP name: *NCSI_CorpDnsProbeContent*
- GP path: *Network\Network Connectivity Status Indicator*
@@ -96,7 +96,7 @@ ADMX Info:
-**ADMX_NCSI/NCSI_CorpDnsProbeHost**
+**ADMX_NCSI/NCSI_CorpDnsProbeHost**
@@ -128,7 +128,7 @@ This policy setting enables you to specify the host name of a computer known to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify corporate DNS probe host name*
- GP name: *NCSI_CorpDnsProbeHost*
- GP path: *Network\Network Connectivity Status Indicator*
@@ -139,7 +139,7 @@ ADMX Info:
-**ADMX_NCSI/NCSI_CorpSitePrefixes**
+**ADMX_NCSI/NCSI_CorpSitePrefixes**
@@ -171,7 +171,7 @@ This policy setting enables you to specify the list of IPv6 corporate site prefi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify corporate site prefix list*
- GP name: *NCSI_CorpSitePrefixes*
- GP path: *Network\Network Connectivity Status Indicator*
@@ -182,7 +182,7 @@ ADMX Info:
-**ADMX_NCSI/NCSI_CorpWebProbeUrl**
+**ADMX_NCSI/NCSI_CorpWebProbeUrl**
@@ -214,7 +214,7 @@ This policy setting enables you to specify the URL of the corporate website, aga
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify corporate Website probe URL*
- GP name: *NCSI_CorpWebProbeUrl*
- GP path: *Network\Network Connectivity Status Indicator*
@@ -228,7 +228,7 @@ ADMX Info:
-**ADMX_NCSI/NCSI_DomainLocationDeterminationUrl**
+**ADMX_NCSI/NCSI_DomainLocationDeterminationUrl**
@@ -260,7 +260,7 @@ This policy setting enables you to specify the HTTPS URL of the corporate websit
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify domain location determination URL*
- GP name: *NCSI_DomainLocationDeterminationUrl*
- GP path: *Network\Network Connectivity Status Indicator*
@@ -271,7 +271,7 @@ ADMX Info:
-**ADMX_NCSI/NCSI_GlobalDns**
+**ADMX_NCSI/NCSI_GlobalDns**
@@ -303,7 +303,7 @@ This policy setting enables you to specify DNS binding behavior. NCSI by default
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify global DNS*
- GP name: *NCSI_GlobalDns*
- GP path: *Network\Network Connectivity Status Indicator*
@@ -314,7 +314,7 @@ ADMX Info:
-**ADMX_NCSI/NCSI_PassivePolling**
+**ADMX_NCSI/NCSI_PassivePolling**
@@ -346,7 +346,7 @@ This Policy setting enables you to specify passive polling behavior. NCSI polls
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify passive polling*
- GP name: *NCSI_PassivePolling*
- GP path: *Network\Network Connectivity Status Indicator*
diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md
index 119133aa16..d0883d3cda 100644
--- a/windows/client-management/mdm/policy-csp-admx-netlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/15/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Netlogon
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Netlogon policies
+## ADMX_Netlogon policies
-
@@ -138,7 +138,7 @@ manager: aaroncz
-**ADMX_Netlogon/Netlogon_AddressLookupOnPingBehavior**
+**ADMX_Netlogon/Netlogon_AddressLookupOnPingBehavior**
@@ -182,7 +182,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify address lookup behavior for DC locator ping*
- GP name: *Netlogon_AddressLookupOnPingBehavior*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -193,7 +193,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_AddressTypeReturned**
+**ADMX_Netlogon/Netlogon_AddressTypeReturned**
@@ -232,7 +232,7 @@ If you don't configure this policy setting, DC Locator APIs can return IPv4/IPv6
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Return domain controller address type*
- GP name: *Netlogon_AddressTypeReturned*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -245,7 +245,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_AllowDnsSuffixSearch**
+**ADMX_Netlogon/Netlogon_AllowDnsSuffixSearch**
@@ -283,7 +283,7 @@ If you disable this policy setting, when the `AllowSingleLabelDnsDomain` policy
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use DNS name resolution when a single-label domain name is used, by appending different registered DNS suffixes, if the AllowSingleLabelDnsDomain setting is not enabled.*
- GP name: *Netlogon_AllowDnsSuffixSearch*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -296,7 +296,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_AllowNT4Crypto**
+**ADMX_Netlogon/Netlogon_AllowNT4Crypto**
@@ -325,10 +325,10 @@ ADMX Info:
This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier aren't as secure as newer algorithms used in Windows 2000 or later, including this version of Windows.
By default, Net Logon won't allow the older cryptography algorithms to be used and won't include them in the negotiation of cryptography algorithms. Therefore, computers running Windows NT 4.0 won't be able to establish a connection to this domain controller.
-
+
If you enable this policy setting, Net Logon will allow the negotiation and use of older cryptography algorithms compatible with Windows NT 4.0. However, using the older algorithms represents a potential security risk.
-If you disable this policy setting, Net Logon won't allow the negotiation and use of older cryptography algorithms.
+If you disable this policy setting, Net Logon won't allow the negotiation and use of older cryptography algorithms.
If you don't configure this policy setting, Net Logon won't allow the negotiation and use of older cryptography algorithms.
@@ -336,7 +336,7 @@ If you don't configure this policy setting, Net Logon won't allow the negotiatio
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow cryptography algorithms compatible with Windows NT 4.0*
- GP name: *Netlogon_AllowNT4Crypto*
- GP path: *System\Net Logon*
@@ -349,7 +349,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_AllowSingleLabelDnsDomain**
+**ADMX_Netlogon/Netlogon_AllowSingleLabelDnsDomain**
@@ -389,7 +389,7 @@ If you don't configure this policy setting, it isn't applied to any computers, a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC*
- GP name: *Netlogon_AllowSingleLabelDnsDomain*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -402,7 +402,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_AutoSiteCoverage**
+**ADMX_Netlogon/Netlogon_AutoSiteCoverage**
@@ -440,7 +440,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use automated site coverage by the DC Locator DNS SRV Records*
- GP name: *Netlogon_AutoSiteCoverage*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -453,7 +453,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_AvoidFallbackNetbiosDiscovery**
+**ADMX_Netlogon/Netlogon_AvoidFallbackNetbiosDiscovery**
@@ -494,7 +494,7 @@ If you disable this policy setting, the DC location algorithm can use NetBIOS-ba
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails*
- GP name: *Netlogon_AvoidFallbackNetbiosDiscovery*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -507,7 +507,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_AvoidPdcOnWan**
+**ADMX_Netlogon/Netlogon_AvoidPdcOnWan**
@@ -539,7 +539,7 @@ Contacting the PDC emulator is useful in case the client’s password was recent
If you enable this policy setting, the DCs to which this policy setting applies will attempt to verify a password with the PDC emulator if the DC fails to validate the password.
-If you disable this policy setting, the DCs won't attempt to verify any passwords with the PDC emulator.
+If you disable this policy setting, the DCs won't attempt to verify any passwords with the PDC emulator.
If you don't configure this policy setting, it isn't applied to any DCs.
@@ -547,7 +547,7 @@ If you don't configure this policy setting, it isn't applied to any DCs.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Contact PDC on logon failure*
- GP name: *Netlogon_AvoidPdcOnWan*
- GP path: *System\Net Logon*
@@ -560,7 +560,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_BackgroundRetryInitialPeriod**
+**ADMX_Netlogon/Netlogon_BackgroundRetryInitialPeriod**
@@ -588,7 +588,7 @@ ADMX Info:
This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.
-The default value for this setting is 10 minutes (10*60).
+The default value for this setting is 10 minutes (10*60).
The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.
@@ -603,7 +603,7 @@ If the value of this setting is less than the value specified in the NegativeCac
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use initial DC discovery retry setting for background callers*
- GP name: *Netlogon_BackgroundRetryInitialPeriod*
- GP path: *System\Net Logon*
@@ -616,7 +616,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_BackgroundRetryMaximumPeriod**
+**ADMX_Netlogon/Netlogon_BackgroundRetryMaximumPeriod**
@@ -661,7 +661,7 @@ If the value for this setting is too small and the DC isn't available, the frequ
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use maximum DC discovery retry interval setting for background callers*
- GP name: *Netlogon_BackgroundRetryMaximumPeriod*
- GP path: *System\Net Logon*
@@ -674,7 +674,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_BackgroundRetryQuitTime**
+**ADMX_Netlogon/Netlogon_BackgroundRetryQuitTime**
@@ -711,7 +711,7 @@ The default value for this setting is to not quit retrying (0). The maximum valu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use final DC discovery retry setting for background callers*
- GP name: *Netlogon_BackgroundRetryQuitTime*
- GP path: *System\Net Logon*
@@ -724,7 +724,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_BackgroundSuccessfulRefreshPeriod**
+**ADMX_Netlogon/Netlogon_BackgroundSuccessfulRefreshPeriod**
@@ -756,7 +756,7 @@ This policy setting determines when a successful DC cache entry is refreshed. Th
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use positive periodic DC cache refresh for background callers*
- GP name: *Netlogon_BackgroundSuccessfulRefreshPeriod*
- GP path: *System\Net Logon*
@@ -769,7 +769,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_DebugFlag**
+**ADMX_Netlogon/Netlogon_DebugFlag**
@@ -809,7 +809,7 @@ If you disable this policy setting or don't configure it, the default behavior o
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify log file debug output level*
- GP name: *Netlogon_DebugFlag*
- GP path: *System\Net Logon*
@@ -822,7 +822,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_DnsAvoidRegisterRecords**
+**ADMX_Netlogon/Netlogon_DnsAvoidRegisterRecords**
@@ -876,7 +876,7 @@ Select the mnemonics from the following table:
|GenericGcAtSite|SRV|_gc._tcp.``._sites.``|
|Rfc1510UdpKdc|SRV|_kerberos._udp.``|
|Rfc1510Kpwd|SRV|_kpasswd._tcp.``|
-|Rfc1510UdpKpwd|SRV|_kpasswd._udp.``|
+|Rfc1510UdpKpwd|SRV|_kpasswd._udp.``|
If you disable this policy setting, DCs configured to perform dynamic registration of DC Locator DNS records register all DC Locator DNS resource records.
@@ -886,7 +886,7 @@ If you don't configure this policy setting, DCs use their local configuration.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify DC Locator DNS records not registered by the DCs*
- GP name: *Netlogon_DnsAvoidRegisterRecords*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -899,7 +899,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_DnsRefreshInterval**
+**ADMX_Netlogon/Netlogon_DnsRefreshInterval**
@@ -940,7 +940,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify Refresh Interval of the DC Locator DNS records*
- GP name: *Netlogon_DnsRefreshInterval*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -953,7 +953,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_DnsSrvRecordUseLowerCaseHostNames**
+**ADMX_Netlogon/Netlogon_DnsSrvRecordUseLowerCaseHostNames**
@@ -994,7 +994,7 @@ A reboot isn't required for changes to this setting to take effect.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use lowercase DNS host names when registering domain controller SRV records*
- GP name: *Netlogon_DnsSrvRecordUseLowerCaseHostNames*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -1007,7 +1007,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_DnsTtl**
+**ADMX_Netlogon/Netlogon_DnsTtl**
@@ -1042,7 +1042,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set TTL in the DC Locator DNS Records*
- GP name: *Netlogon_DnsTtl*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -1055,7 +1055,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_ExpectedDialupDelay**
+**ADMX_Netlogon/Netlogon_ExpectedDialupDelay**
@@ -1091,7 +1091,7 @@ If you don't configure this policy setting, it isn't applied to any computers, a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify expected dial-up delay on logon*
- GP name: *Netlogon_ExpectedDialupDelay*
- GP path: *System\Net Logon*
@@ -1104,7 +1104,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_ForceRediscoveryInterval**
+**ADMX_Netlogon/Netlogon_ForceRediscoveryInterval**
@@ -1144,7 +1144,7 @@ If you don't configure this policy setting, Force Rediscovery will be used by de
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Force Rediscovery Interval*
- GP name: *Netlogon_ForceRediscoveryInterval*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -1157,7 +1157,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_GcSiteCoverage**
+**ADMX_Netlogon/Netlogon_GcSiteCoverage**
@@ -1183,7 +1183,7 @@ ADMX Info:
-This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. The records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it.
+This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. The records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it.
The GC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they're used to locate the GC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. A GC is a domain controller that contains a partial replica of every domain in Active Directory.
@@ -1195,7 +1195,7 @@ If you don't configure this policy setting, it isn't applied to any GCs, and GCs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify sites covered by the GC Locator DNS SRV Records*
- GP name: *Netlogon_GcSiteCoverage*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -1208,7 +1208,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_IgnoreIncomingMailslotMessages**
+**ADMX_Netlogon/Netlogon_IgnoreIncomingMailslotMessages**
@@ -1249,7 +1249,7 @@ If you disable or don't configure this policy setting, this DC processes incomin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names*
- GP name: *Netlogon_IgnoreIncomingMailslotMessages*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -1262,7 +1262,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_LdapSrvPriority**
+**ADMX_Netlogon/Netlogon_LdapSrvPriority**
@@ -1300,7 +1300,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Priority in the DC Locator DNS SRV records*
- GP name: *Netlogon_LdapSrvPriority*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -1313,7 +1313,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_LdapSrvWeight**
+**ADMX_Netlogon/Netlogon_LdapSrvWeight**
@@ -1351,7 +1351,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Weight in the DC Locator DNS SRV records*
- GP name: *Netlogon_LdapSrvWeight*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -1364,7 +1364,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_MaximumLogFileSize**
+**ADMX_Netlogon/Netlogon_MaximumLogFileSize**
@@ -1400,7 +1400,7 @@ If you disable or don't configure this policy setting, the default behavior occu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify maximum log file size*
- GP name: *Netlogon_MaximumLogFileSize*
- GP path: *System\Net Logon*
@@ -1413,7 +1413,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_NdncSiteCoverage**
+**ADMX_Netlogon/Netlogon_NdncSiteCoverage**
@@ -1439,7 +1439,7 @@ ADMX Info:
-This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific, application directory partition-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it.
+This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific, application directory partition-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it.
The application directory partition DC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they're used to locate the application directory partition-specific DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.
@@ -1451,7 +1451,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify sites covered by the application directory partition DC Locator DNS SRV records*
- GP name: *Netlogon_NdncSiteCoverage*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -1464,7 +1464,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_NegativeCachePeriod**
+**ADMX_Netlogon/Netlogon_NegativeCachePeriod**
@@ -1501,7 +1501,7 @@ The default value for this setting is 45 seconds. The maximum value for this set
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify negative DC Discovery cache setting*
- GP name: *Netlogon_NegativeCachePeriod*
- GP path: *System\Net Logon*
@@ -1514,7 +1514,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_NetlogonShareCompatibilityMode**
+**ADMX_Netlogon/Netlogon_NetlogonShareCompatibilityMode**
@@ -1557,7 +1557,7 @@ If you enable this policy setting, domain administrators should ensure that the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Netlogon share compatibility*
- GP name: *Netlogon_NetlogonShareCompatibilityMode*
- GP path: *System\Net Logon*
@@ -1570,7 +1570,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_NonBackgroundSuccessfulRefreshPeriod**
+**ADMX_Netlogon/Netlogon_NonBackgroundSuccessfulRefreshPeriod**
@@ -1604,7 +1604,7 @@ The default value for this setting is 30 minutes (1800). The maximum value for t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify positive periodic DC Cache refresh for non-background callers*
- GP name: *Netlogon_NonBackgroundSuccessfulRefreshPeriod*
- GP path: *System\Net Logon*
@@ -1617,7 +1617,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_PingUrgencyMode**
+**ADMX_Netlogon/Netlogon_PingUrgencyMode**
@@ -1660,7 +1660,7 @@ If you don't configure this policy setting, it isn't applied to any computers, a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use urgent mode when pinging domain controllers*
- GP name: *Netlogon_PingUrgencyMode*
- GP path: *System\Net Logon*
@@ -1673,7 +1673,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_ScavengeInterval**
+**ADMX_Netlogon/Netlogon_ScavengeInterval**
@@ -1715,7 +1715,7 @@ To enable the setting, click Enabled, and then specify the interval in seconds.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set scavenge interval*
- GP name: *Netlogon_ScavengeInterval*
- GP path: *System\Net Logon*
@@ -1728,7 +1728,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_SiteCoverage**
+**ADMX_Netlogon/Netlogon_SiteCoverage**
@@ -1754,7 +1754,7 @@ ADMX Info:
-This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it.
+This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it.
The DC Locator DNS records are dynamically registered by the Net Logon service, and they're used to locate the DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.
@@ -1766,7 +1766,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify sites covered by the DC Locator DNS SRV records*
- GP name: *Netlogon_SiteCoverage*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -1779,7 +1779,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_SiteName**
+**ADMX_Netlogon/Netlogon_SiteName**
@@ -1817,7 +1817,7 @@ If you don't configure this policy setting, it isn't applied to any computers, a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify site name*
- GP name: *Netlogon_SiteName*
- GP path: *System\Net Logon*
@@ -1830,7 +1830,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_SysvolShareCompatibilityMode**
+**ADMX_Netlogon/Netlogon_SysvolShareCompatibilityMode**
@@ -1873,7 +1873,7 @@ If you enable this policy setting, domain administrators should ensure that the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set SYSVOL share compatibility*
- GP name: *Netlogon_SysvolShareCompatibilityMode*
- GP path: *System\Net Logon*
@@ -1886,7 +1886,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_TryNextClosestSite**
+**ADMX_Netlogon/Netlogon_TryNextClosestSite**
@@ -1914,7 +1914,7 @@ ADMX Info:
This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site isn't found. In scenarios with multiple sites, failing over to the try next closest site during DC Location streamlines network traffic more effectively.
-The DC Locator service is used by clients to find domain controllers for their Active Directory domain. The default behavior for DC Locator is to find a DC in the same site. If none is found in the same site, a DC in another site, which might be several site-hops away, could be returned by DC Locator. Site proximity between two sites is determined by the total site-link cost between them. A site is closer if it has a lower site link cost than another site with a higher site link cost.
+The DC Locator service is used by clients to find domain controllers for their Active Directory domain. The default behavior for DC Locator is to find a DC in the same site. If none is found in the same site, a DC in another site, which might be several site-hops away, could be returned by DC Locator. Site proximity between two sites is determined by the total site-link cost between them. A site is closer if it has a lower site link cost than another site with a higher site link cost.
If you enable this policy setting, Try Next Closest Site DC Location will be turned on for the computer.
@@ -1926,7 +1926,7 @@ If you don't configure this policy setting, Try Next Closest Site DC Location wo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Try Next Closest Site*
- GP name: *Netlogon_TryNextClosestSite*
- GP path: *System\Net Logon\DC Locator DNS Records*
@@ -1939,7 +1939,7 @@ ADMX Info:
-**ADMX_Netlogon/Netlogon_UseDynamicDns**
+**ADMX_Netlogon/Netlogon_UseDynamicDns**
@@ -1977,7 +1977,7 @@ If you don't configure this policy setting, it isn't applied to any DCs, and DCs
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify dynamic registration of the DC Locator DNS Records*
- GP name: *Netlogon_UseDynamicDns*
- GP path: *System\Net Logon\DC Locator DNS Records*
diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
index 178901d5b6..92c104ee0f 100644
--- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md
+++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 10/21/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_NetworkConnections
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_NetworkConnections policies
+## ADMX_NetworkConnections policies
-
@@ -114,7 +114,7 @@ manager: aaroncz
-**ADMX_NetworkConnections/NC_AddRemoveComponents**
+**ADMX_NetworkConnections/NC_AddRemoveComponents**
@@ -161,7 +161,7 @@ The Install and Uninstall buttons appear in the properties dialog box for connec
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit adding and removing components for a LAN or remote access connection*
- GP name: *NC_AddRemoveComponents*
- GP path: *Network\Network Connections*
@@ -172,7 +172,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_AdvancedSettings**
+**ADMX_NetworkConnections/NC_AdvancedSettings**
@@ -215,7 +215,7 @@ If you disable this setting or don't configure it, the Advanced Settings item is
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit access to the Advanced Settings item on the Advanced menu*
- GP name: *NC_AdvancedSettings*
- GP path: *Network\Network Connections*
@@ -226,7 +226,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_AllowAdvancedTCPIPConfig**
+**ADMX_NetworkConnections/NC_AllowAdvancedTCPIPConfig**
@@ -274,7 +274,7 @@ Changing this setting from Enabled to Not Configured doesn't enable the Advanced
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit TCP/IP advanced configuration*
- GP name: *NC_AllowAdvancedTCPIPConfig*
- GP path: *Network\Network Connections*
@@ -285,7 +285,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_ChangeBindState**
+**ADMX_NetworkConnections/NC_ChangeBindState**
@@ -328,7 +328,7 @@ If you disable this setting or don't configure it, the Properties dialog box for
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit Enabling/Disabling components of a LAN connection*
- GP name: *NC_ChangeBindState*
- GP path: *Network\Network Connections*
@@ -339,7 +339,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_DeleteAllUserConnection**
+**ADMX_NetworkConnections/NC_DeleteAllUserConnection**
@@ -381,14 +381,14 @@ When enabled, the "Prohibit deletion of remote access connections" setting takes
> [!NOTE]
> LAN connections are created and deleted automatically by the system when a LAN adapter is installed or removed. You can't use the Network Connections folder to create or delete a LAN connection.
->
+>
> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ability to delete all user remote access connections*
- GP name: *NC_DeleteAllUserConnection*
- GP path: *Network\Network Connections*
@@ -399,7 +399,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_DeleteConnection**
+**ADMX_NetworkConnections/NC_DeleteConnection**
@@ -439,14 +439,14 @@ When enabled, this setting takes precedence over the "Ability to delete all user
> LAN connections are created and deleted automatically when a LAN adapter is installed or removed. You can't use the Network Connections folder to create or delete a LAN connection.
>
> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting.
->
+>
> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit deletion of remote access connections*
- GP name: *NC_DeleteConnection*
- GP path: *Network\Network Connections*
@@ -457,7 +457,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_DialupPrefs**
+**ADMX_NetworkConnections/NC_DialupPrefs**
@@ -497,7 +497,7 @@ If you disable this setting or don't configure it, the Remote Access Preferences
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit access to the Remote Access Preferences item on the Advanced menu*
- GP name: *NC_DialupPrefs*
- GP path: *Network\Network Connections*
@@ -508,7 +508,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_DoNotShowLocalOnlyIcon**
+**ADMX_NetworkConnections/NC_DoNotShowLocalOnlyIcon**
@@ -544,7 +544,7 @@ If you disable this setting or don't configure it, the "local access only" icon
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not show the "local access only" network icon*
- GP name: *NC_DoNotShowLocalOnlyIcon*
- GP path: *Network\Network Connections*
@@ -555,7 +555,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_EnableAdminProhibits**
+**ADMX_NetworkConnections/NC_EnableAdminProhibits**
@@ -597,7 +597,7 @@ If you disable this setting or don't configure it, Windows settings that existed
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Windows 2000 Network Connections settings for Administrators*
- GP name: *NC_EnableAdminProhibits*
- GP path: *Network\Network Connections*
@@ -608,7 +608,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_ForceTunneling**
+**ADMX_NetworkConnections/NC_ForceTunneling**
@@ -648,7 +648,7 @@ If you don't configure this policy setting, traffic between remote client comput
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Route all traffic through the internal network*
- GP name: *NC_ForceTunneling*
- GP path: *Network\Network Connections*
@@ -659,7 +659,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_IpStateChecking**
+**ADMX_NetworkConnections/NC_IpStateChecking**
@@ -695,7 +695,7 @@ If you disable or don't configure this policy setting, a DHCP-configured connect
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off notifications when a connection has only limited or no connectivity*
- GP name: *NC_IpStateChecking*
- GP path: *Network\Network Connections*
@@ -706,7 +706,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_LanChangeProperties**
+**ADMX_NetworkConnections/NC_LanChangeProperties**
@@ -757,7 +757,7 @@ The Local Area Connection Properties dialog box includes a list of the network c
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit access to properties of components of a LAN connection*
- GP name: *NC_LanChangeProperties*
- GP path: *Network\Network Connections*
@@ -768,7 +768,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_LanConnect**
+**ADMX_NetworkConnections/NC_LanConnect**
@@ -811,7 +811,7 @@ If you don't configure this setting, only Administrators and Network Configurati
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ability to Enable/Disable a LAN connection*
- GP name: *NC_LanConnect*
- GP path: *Network\Network Connections*
@@ -822,7 +822,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_LanProperties**
+**ADMX_NetworkConnections/NC_LanProperties**
@@ -867,7 +867,7 @@ If you disable this setting or don't configure it, a Properties menu item appear
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit access to properties of a LAN connection*
- GP name: *NC_LanProperties*
- GP path: *Network\Network Connections*
@@ -878,7 +878,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_NewConnectionWizard**
+**ADMX_NetworkConnections/NC_NewConnectionWizard**
@@ -921,7 +921,7 @@ If you disable this setting or don't configure it, the Make New Connection icon
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit access to the New Connection Wizard*
- GP name: *NC_NewConnectionWizard*
- GP path: *Network\Network Connections*
@@ -932,7 +932,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_PersonalFirewallConfig**
+**ADMX_NetworkConnections/NC_PersonalFirewallConfig**
@@ -977,7 +977,7 @@ If you disable this setting or don't configure it, the Internet Connection Firew
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit use of Internet Connection Firewall on your DNS domain network*
- GP name: *NC_PersonalFirewallConfig*
- GP path: *Network\Network Connections*
@@ -988,7 +988,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_RasAllUserProperties**
+**ADMX_NetworkConnections/NC_RasAllUserProperties**
@@ -1030,14 +1030,14 @@ If you don't configure this setting, only Administrators and Network Configurati
> [!NOTE]
> This setting takes precedence over settings that manipulate the availability of features inside the Remote Access Connection Properties dialog box. If this setting is disabled, nothing within the properties dialog box for a remote access connection will be available to users.
->
+>
> This setting doesn't prevent users from using other programs, such as Internet Explorer, to bypass this setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ability to change properties of an all user remote access connection*
- GP name: *NC_RasAllUserProperties*
- GP path: *Network\Network Connections*
@@ -1048,7 +1048,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_RasChangeProperties**
+**ADMX_NetworkConnections/NC_RasChangeProperties**
@@ -1097,7 +1097,7 @@ The Networking tab of the Remote Access Connection Properties dialog box include
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit access to properties of components of a remote access connection*
- GP name: *NC_RasChangeProperties*
- GP path: *Network\Network Connections*
@@ -1108,7 +1108,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_RasConnect**
+**ADMX_NetworkConnections/NC_RasConnect**
@@ -1146,7 +1146,7 @@ If you disable this setting or don't configure it, the Connect and Disconnect op
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit connecting and disconnecting a remote access connection*
- GP name: *NC_RasConnect*
- GP path: *Network\Network Connections*
@@ -1157,7 +1157,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_RasMyProperties**
+**ADMX_NetworkConnections/NC_RasMyProperties**
@@ -1204,7 +1204,7 @@ If you disable this setting or don't configure it, a Properties menu item appear
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit changing properties of a private remote access connection*
- GP name: *NC_RasMyProperties*
- GP path: *Network\Network Connections*
@@ -1215,7 +1215,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_RenameAllUserRasConnection**
+**ADMX_NetworkConnections/NC_RenameAllUserRasConnection**
@@ -1262,7 +1262,7 @@ This setting doesn't prevent users from using other programs, such as Internet E
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ability to rename all user remote access connections*
- GP name: *NC_RenameAllUserRasConnection*
- GP path: *Network\Network Connections*
@@ -1273,7 +1273,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_RenameConnection**
+**ADMX_NetworkConnections/NC_RenameConnection**
@@ -1318,7 +1318,7 @@ If this setting isn't configured, only Administrators and Network Configuration
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ability to rename LAN connections or remote access connections available to all users*
- GP name: *NC_RenameConnection*
- GP path: *Network\Network Connections*
@@ -1329,7 +1329,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_RenameLanConnection**
+**ADMX_NetworkConnections/NC_RenameLanConnection**
@@ -1372,7 +1372,7 @@ When the "Ability to rename LAN connections or remote access connections availab
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ability to rename LAN connections*
- GP name: *NC_RenameLanConnection*
- GP path: *Network\Network Connections*
@@ -1383,7 +1383,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_RenameMyRasConnection**
+**ADMX_NetworkConnections/NC_RenameMyRasConnection**
@@ -1426,7 +1426,7 @@ If you disable this setting or don't configure it, the Rename option is enabled
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit renaming private remote access connections*
- GP name: *NC_RenameMyRasConnection*
- GP path: *Network\Network Connections*
@@ -1437,7 +1437,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_ShowSharedAccessUI**
+**ADMX_NetworkConnections/NC_ShowSharedAccessUI**
@@ -1469,7 +1469,7 @@ ICS lets administrators configure their system as an Internet gateway for a smal
If you enable this setting, ICS can't be enabled or configured by administrators, and the ICS service can't run on the computer. The Advanced tab in the Properties dialog box for a LAN or remote access connection is removed. The Internet Connection Sharing page is removed from the New Connection Wizard. The Network Setup Wizard is disabled.
-If you disable this setting or don't configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard.
+If you disable this setting or don't configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard.
By default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced tab to enable it. When administrators are running the New Connection Wizard or Network Setup Wizard, they can choose to enable ICS.
@@ -1486,7 +1486,7 @@ Disabling this setting doesn't prevent Wireless Hosted Networking from using the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit use of Internet Connection Sharing on your DNS domain network*
- GP name: *NC_ShowSharedAccessUI*
- GP path: *Network\Network Connections*
@@ -1497,7 +1497,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_Statistics**
+**ADMX_NetworkConnections/NC_Statistics**
@@ -1537,7 +1537,7 @@ If you disable this setting or don't configure it, the connection status taskbar
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit viewing of status for an active connection*
- GP name: *NC_Statistics*
- GP path: *Network\Network Connections*
@@ -1548,7 +1548,7 @@ ADMX Info:
-**ADMX_NetworkConnections/NC_StdDomainUserSetLocation**
+**ADMX_NetworkConnections/NC_StdDomainUserSetLocation**
@@ -1584,7 +1584,7 @@ If you disable or don't configure this policy setting, domain users can set a ne
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Require domain users to elevate when setting a network's location*
- GP name: *NC_StdDomainUserSetLocation*
- GP path: *Network\Network Connections*
diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
index efc0936d36..2db681c018 100644
--- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/21/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_OfflineFiles
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_OfflineFiles policies
+## ADMX_OfflineFiles policies
-
@@ -171,7 +171,7 @@ manager: aaroncz
-**ADMX_OfflineFiles/Pol_AlwaysPinSubFolders**
+**ADMX_OfflineFiles/Pol_AlwaysPinSubFolders**
@@ -209,7 +209,7 @@ If you disable this setting or don't configure it, the system asks users whether
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Subfolders always available offline*
- GP name: *Pol_AlwaysPinSubFolders*
- GP path: *Network\Offline Files*
@@ -220,7 +220,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_AssignedOfflineFiles_1**
+**ADMX_OfflineFiles/Pol_AssignedOfflineFiles_1**
@@ -261,7 +261,7 @@ If you don't configure this policy setting, no files or folders are made availab
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify administratively assigned Offline Files*
- GP name: *Pol_AssignedOfflineFiles_1*
- GP path: *Network\Offline Files*
@@ -272,7 +272,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_AssignedOfflineFiles_2**
+**ADMX_OfflineFiles/Pol_AssignedOfflineFiles_2**
@@ -313,7 +313,7 @@ If you don't configure this policy setting, no files or folders are made availab
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify administratively assigned Offline Files*
- GP name: *Pol_AssignedOfflineFiles_2*
- GP path: *Network\Offline Files*
@@ -324,7 +324,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_BackgroundSyncSettings**
+**ADMX_OfflineFiles/Pol_BackgroundSyncSettings**
@@ -362,7 +362,7 @@ If you disable or don't configure this policy setting, Windows performs a backgr
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Background Sync*
- GP name: *Pol_BackgroundSyncSettings*
- GP path: *Network\Offline Files*
@@ -373,7 +373,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_CacheSize**
+**ADMX_OfflineFiles/Pol_CacheSize**
@@ -421,7 +421,7 @@ This setting replaces the Default Cache Size setting used by pre-Windows Vista s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit disk space used by Offline Files*
- GP name: *Pol_CacheSize*
- GP path: *Network\Offline Files*
@@ -432,7 +432,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_CustomGoOfflineActions_1**
+**ADMX_OfflineFiles/Pol_CustomGoOfflineActions_1**
@@ -482,7 +482,7 @@ Also, see the "Non-default server disconnect actions" setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Action on server disconnect*
- GP name: *Pol_CustomGoOfflineActions_1*
- GP path: *Network\Offline Files*
@@ -493,7 +493,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_CustomGoOfflineActions_2**
+**ADMX_OfflineFiles/Pol_CustomGoOfflineActions_2**
@@ -525,7 +525,7 @@ This setting also disables the "When a network connection is lost" option on the
If you enable this setting, you can use the "Action" box to specify how computers in the group respond.
-- "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible.
+- "Work offline" indicates that the computer can use local copies of network files while the server is inaccessible.
- "Never go offline" indicates that network files aren't available while the server is inaccessible.
If you disable this setting or select the "Work offline" option, users can work offline if disconnected.
@@ -543,7 +543,7 @@ Also, see the "Non-default server disconnect actions" setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Action on server disconnect*
- GP name: *Pol_CustomGoOfflineActions_2*
- GP path: *Network\Offline Files*
@@ -554,7 +554,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_DefCacheSize**
+**ADMX_OfflineFiles/Pol_DefCacheSize**
@@ -601,7 +601,7 @@ If you don't configure this setting, disk space for automatically cached files i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Default cache size*
- GP name: *Pol_DefCacheSize*
- GP path: *Network\Offline Files*
@@ -612,7 +612,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_Enabled**
+**ADMX_OfflineFiles/Pol_Enabled**
@@ -653,7 +653,7 @@ If you don't configure this policy setting, Offline Files is enabled on Windows
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow or Disallow use of the Offline Files feature*
- GP name: *Pol_Enabled*
- GP path: *Network\Offline Files*
@@ -664,7 +664,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_EncryptOfflineFiles**
+**ADMX_OfflineFiles/Pol_EncryptOfflineFiles**
@@ -708,7 +708,7 @@ This setting is applied at user sign-in. If this setting is changed after user s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Encrypt the Offline Files cache*
- GP name: *Pol_EncryptOfflineFiles*
- GP path: *Network\Offline Files*
@@ -719,7 +719,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_EventLoggingLevel_1**
+**ADMX_OfflineFiles/Pol_EventLoggingLevel_1**
@@ -766,7 +766,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Event logging level*
- GP name: *Pol_EventLoggingLevel_1*
- GP path: *Network\Offline Files*
@@ -777,7 +777,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_EventLoggingLevel_2**
+**ADMX_OfflineFiles/Pol_EventLoggingLevel_2**
@@ -809,7 +809,7 @@ Offline Files records events in the Application login Event Viewer when it detec
To use this setting, in the "Enter" box, select the number corresponding to the events you want the system to log. The levels are cumulative; that is, each level includes the events in all preceding levels.
-- "0" records an error when the offline storage cache is corrupted.
+- "0" records an error when the offline storage cache is corrupted.
- "1" also records an event when the server hosting the offline file is disconnected from the network.
- "2" also records events when the local computer is connected and disconnected from the network.
- "3" also records an event when the server hosting the offline file is reconnected to the network.
@@ -821,7 +821,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Event logging level*
- GP name: *Pol_EventLoggingLevel_2*
- GP path: *Network\Offline Files*
@@ -832,7 +832,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_ExclusionListSettings**
+**ADMX_OfflineFiles/Pol_ExclusionListSettings**
@@ -868,7 +868,7 @@ If you disable or don't configure this policy setting, a user can create a file
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable file screens*
- GP name: *Pol_ExclusionListSettings*
- GP path: *Network\Offline Files*
@@ -879,7 +879,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_ExtExclusionList**
+**ADMX_OfflineFiles/Pol_ExtExclusionList**
@@ -920,7 +920,7 @@ To use this setting, type the file name extension in the "Extensions" box. To ty
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Files not cached*
- GP name: *Pol_ExtExclusionList*
- GP path: *Network\Offline Files*
@@ -931,7 +931,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_GoOfflineAction_1**
+**ADMX_OfflineFiles/Pol_GoOfflineAction_1**
@@ -982,7 +982,7 @@ Also, see the "Non-default server disconnect actions" setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Action on server disconnect*
- GP name: *Pol_GoOfflineAction_1*
- GP path: *Network\Offline Files*
@@ -993,7 +993,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_GoOfflineAction_2**
+**ADMX_OfflineFiles/Pol_GoOfflineAction_2**
@@ -1044,7 +1044,7 @@ Also, see the "Non-default server disconnect actions" setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Action on server disconnect*
- GP name: *Pol_GoOfflineAction_2*
- GP path: *Network\Offline Files*
@@ -1055,7 +1055,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_NoCacheViewer_1**
+**ADMX_OfflineFiles/Pol_NoCacheViewer_1**
@@ -1096,7 +1096,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent use of Offline Files folder*
- GP name: *Pol_NoCacheViewer_1*
- GP path: *Network\Offline Files*
@@ -1107,7 +1107,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_NoCacheViewer_2**
+**ADMX_OfflineFiles/Pol_NoCacheViewer_2**
@@ -1148,7 +1148,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent use of Offline Files folder*
- GP name: *Pol_NoCacheViewer_2*
- GP path: *Network\Offline Files*
@@ -1159,7 +1159,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_NoConfigCache_1**
+**ADMX_OfflineFiles/Pol_NoConfigCache_1**
@@ -1200,7 +1200,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit user configuration of Offline Files*
- GP name: *Pol_NoConfigCache_1*
- GP path: *Network\Offline Files*
@@ -1211,7 +1211,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_NoConfigCache_2**
+**ADMX_OfflineFiles/Pol_NoConfigCache_2**
@@ -1252,7 +1252,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit user configuration of Offline Files*
- GP name: *Pol_NoConfigCache_2*
- GP path: *Network\Offline Files*
@@ -1263,7 +1263,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_NoMakeAvailableOffline_1**
+**ADMX_OfflineFiles/Pol_NoMakeAvailableOffline_1**
@@ -1303,7 +1303,7 @@ If you disable or don't configure this policy setting, users can manually specif
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove "Make Available Offline" command*
- GP name: *Pol_NoMakeAvailableOffline_1*
- GP path: *Network\Offline Files*
@@ -1314,7 +1314,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_NoMakeAvailableOffline_2**
+**ADMX_OfflineFiles/Pol_NoMakeAvailableOffline_2**
@@ -1354,7 +1354,7 @@ If you disable or don't configure this policy setting, users can manually specif
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove "Make Available Offline" command*
- GP name: *Pol_NoMakeAvailableOffline_2*
- GP path: *Network\Offline Files*
@@ -1365,7 +1365,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_NoPinFiles_1**
+**ADMX_OfflineFiles/Pol_NoPinFiles_1**
@@ -1409,7 +1409,7 @@ If you don't configure this policy setting, the "Make Available Offline" command
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove "Make Available Offline" for these files and folders*
- GP name: *Pol_NoPinFiles_1*
- GP path: *Network\Offline Files*
@@ -1420,7 +1420,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_NoPinFiles_2**
+**ADMX_OfflineFiles/Pol_NoPinFiles_2**
@@ -1464,7 +1464,7 @@ If you don't configure this policy setting, the "Make Available Offline" command
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove "Make Available Offline" for these files and folders*
- GP name: *Pol_NoPinFiles_2*
- GP path: *Network\Offline Files*
@@ -1475,7 +1475,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_NoReminders_1**
+**ADMX_OfflineFiles/Pol_NoReminders_1**
@@ -1522,7 +1522,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off reminder balloons*
- GP name: *Pol_NoReminders_1*
- GP path: *Network\Offline Files*
@@ -1533,7 +1533,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_NoReminders_2**
+**ADMX_OfflineFiles/Pol_NoReminders_2**
@@ -1580,7 +1580,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off reminder balloons*
- GP name: *Pol_NoReminders_2*
- GP path: *Network\Offline Files*
@@ -1591,7 +1591,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_OnlineCachingSettings**
+**ADMX_OfflineFiles/Pol_OnlineCachingSettings**
@@ -1631,7 +1631,7 @@ If you disable or don't configure this policy setting, remote files won't be tra
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Transparent Caching*
- GP name: *Pol_OnlineCachingSettings*
- GP path: *Network\Offline Files*
@@ -1642,7 +1642,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_AlwaysPinSubFolders**
+**ADMX_OfflineFiles/Pol_AlwaysPinSubFolders**
@@ -1680,7 +1680,7 @@ If you disable this setting or don't configure it, the system asks users whether
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Subfolders always available offline*
- GP name: *Pol_AlwaysPinSubFolders*
- GP path: *Network\Offline Files*
@@ -1691,7 +1691,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_PurgeAtLogoff**
+**ADMX_OfflineFiles/Pol_PurgeAtLogoff**
@@ -1730,7 +1730,7 @@ If you disable this setting or don't configure it, automatically and manually ca
-ADMX Info:
+ADMX Info:
- GP Friendly name: *At logoff, delete local copy of user’s offline files*
- GP name: *Pol_PurgeAtLogoff*
- GP path: *Network\Offline Files*
@@ -1741,7 +1741,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_QuickAdimPin**
+**ADMX_OfflineFiles/Pol_QuickAdimPin**
@@ -1777,7 +1777,7 @@ If you disable this policy setting, all administratively assigned folders are sy
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on economical application of administratively assigned Offline Files*
- GP name: *Pol_QuickAdimPin*
- GP path: *Network\Offline Files*
@@ -1788,7 +1788,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_ReminderFreq_1**
+**ADMX_OfflineFiles/Pol_ReminderFreq_1**
@@ -1829,7 +1829,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Reminder balloon frequency*
- GP name: *Pol_ReminderFreq_1*
- GP path: *Network\Offline Files*
@@ -1840,7 +1840,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_ReminderFreq_2**
+**ADMX_OfflineFiles/Pol_ReminderFreq_2**
@@ -1881,7 +1881,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Reminder balloon frequency*
- GP name: *Pol_ReminderFreq_2*
- GP path: *Network\Offline Files*
@@ -1892,7 +1892,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_ReminderInitTimeout_1**
+**ADMX_OfflineFiles/Pol_ReminderInitTimeout_1**
@@ -1928,7 +1928,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Initial reminder balloon lifetime*
- GP name: *Pol_ReminderInitTimeout_1*
- GP path: *Network\Offline Files*
@@ -1939,7 +1939,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_ReminderInitTimeout_2**
+**ADMX_OfflineFiles/Pol_ReminderInitTimeout_2**
@@ -1975,7 +1975,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Initial reminder balloon lifetime*
- GP name: *Pol_ReminderInitTimeout_2*
- GP path: *Network\Offline Files*
@@ -1986,7 +1986,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_ReminderTimeout_1**
+**ADMX_OfflineFiles/Pol_ReminderTimeout_1**
@@ -2022,7 +2022,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Reminder balloon lifetime*
- GP name: *Pol_ReminderTimeout_1*
- GP path: *Network\Offline Files*
@@ -2033,7 +2033,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_ReminderTimeout_2**
+**ADMX_OfflineFiles/Pol_ReminderTimeout_2**
@@ -2069,7 +2069,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Reminder balloon lifetime*
- GP name: *Pol_ReminderTimeout_2*
- GP path: *Network\Offline Files*
@@ -2080,7 +2080,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_SlowLinkSettings**
+**ADMX_OfflineFiles/Pol_SlowLinkSettings**
@@ -2126,7 +2126,7 @@ If you disable this policy setting, computers won't use the slow-link mode.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure slow-link mode*
- GP name: *Pol_SlowLinkSettings*
- GP path: *Network\Offline Files*
@@ -2137,7 +2137,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_SlowLinkSpeed**
+**ADMX_OfflineFiles/Pol_SlowLinkSpeed**
@@ -2177,7 +2177,7 @@ If this setting is disabled or not configured, the default threshold value of 64
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Slow link speed*
- GP name: *Pol_SlowLinkSpeed*
- GP path: *Network\Offline Files*
@@ -2188,7 +2188,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_SyncAtLogoff_1**
+**ADMX_OfflineFiles/Pol_SyncAtLogoff_1**
@@ -2233,7 +2233,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Synchronize all offline files before logging off*
- GP name: *Pol_SyncAtLogoff_1*
- GP path: *Network\Offline Files*
@@ -2244,7 +2244,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_SyncAtLogoff_2**
+**ADMX_OfflineFiles/Pol_SyncAtLogoff_2**
@@ -2289,7 +2289,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Synchronize all offline files before logging off*
- GP name: *Pol_SyncAtLogoff_2*
- GP path: *Network\Offline Files*
@@ -2300,7 +2300,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_SyncAtLogon_1**
+**ADMX_OfflineFiles/Pol_SyncAtLogon_1**
@@ -2345,7 +2345,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Synchronize all offline files when logging on*
- GP name: *Pol_SyncAtLogon_1*
- GP path: *Network\Offline Files*
@@ -2358,7 +2358,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_SyncAtLogon_2**
+**ADMX_OfflineFiles/Pol_SyncAtLogon_2**
@@ -2403,7 +2403,7 @@ This setting appears in the Computer Configuration and User Configuration folder
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Synchronize all offline files when logging on*
- GP name: *Pol_SyncAtLogon_2*
- GP path: *Network\Offline Files*
@@ -2414,7 +2414,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_SyncAtSuspend_1**
+**ADMX_OfflineFiles/Pol_SyncAtSuspend_1**
@@ -2453,7 +2453,7 @@ If you disable or don't configure this setting, files aren't synchronized when t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Synchronize offline files before suspend*
- GP name: *Pol_SyncAtSuspend_1*
- GP path: *Network\Offline Files*
@@ -2464,7 +2464,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_SyncAtSuspend_2**
+**ADMX_OfflineFiles/Pol_SyncAtSuspend_2**
@@ -2503,7 +2503,7 @@ If you disable or don't configure this setting, files aren't synchronized when t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Synchronize offline files before suspend*
- GP name: *Pol_SyncAtSuspend_2*
- GP path: *Network\Offline Files*
@@ -2514,7 +2514,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_SyncOnCostedNetwork**
+**ADMX_OfflineFiles/Pol_SyncOnCostedNetwork**
@@ -2550,7 +2550,7 @@ If this setting is disabled or not configured, synchronization won't run in the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable file synchronization on costed networks*
- GP name: *Pol_SyncOnCostedNetwork*
- GP path: *Network\Offline Files*
@@ -2561,7 +2561,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_WorkOfflineDisabled_1**
+**ADMX_OfflineFiles/Pol_WorkOfflineDisabled_1**
@@ -2597,7 +2597,7 @@ If you disable or don't configure this policy setting, the "Work offline" comman
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove "Work offline" command*
- GP name: *Pol_WorkOfflineDisabled_1*
- GP path: *Network\Offline Files*
@@ -2608,7 +2608,7 @@ ADMX Info:
-**ADMX_OfflineFiles/Pol_WorkOfflineDisabled_2**
+**ADMX_OfflineFiles/Pol_WorkOfflineDisabled_2**
@@ -2644,7 +2644,7 @@ If you disable or don't configure this policy setting, the "Work offline" comman
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove "Work offline" command*
- GP name: *Pol_WorkOfflineDisabled_2*
- GP path: *Network\Offline Files*
diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md
index 28a333dfcc..4e4e183bcd 100644
--- a/windows/client-management/mdm/policy-csp-admx-pca.md
+++ b/windows/client-management/mdm/policy-csp-admx-pca.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/20/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_pca
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_pca policies
+## ADMX_pca policies
-
@@ -55,7 +55,7 @@ manager: aaroncz
**ADMX_pca/DetectDeprecatedCOMComponentFailuresPolicy**
-
+
|Edition|Windows 10|Windows 11|
@@ -80,16 +80,16 @@ manager: aaroncz
-This policy setting configures the Program Compatibility Assistant (PCA) to diagnose failures with application and driver compatibility.
+This policy setting configures the Program Compatibility Assistant (PCA) to diagnose failures with application and driver compatibility.
-If you enable this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. When failures are detected, the PCA will provide options to run the application in a compatibility mode or get help online through a Microsoft website.
+If you enable this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues. When failures are detected, the PCA will provide options to run the application in a compatibility mode or get help online through a Microsoft website.
-If you disable this policy setting, the PCA doesn't detect compatibility issues for applications and drivers.
+If you disable this policy setting, the PCA doesn't detect compatibility issues for applications and drivers.
-If you don't configure this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues.
+If you don't configure this policy setting, the PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compatibility issues.
> [!NOTE]
-> This policy setting has no effect if the "Turn off Program Compatibility Assistant" policy setting is enabled.
+> This policy setting has no effect if the "Turn off Program Compatibility Assistant" policy setting is enabled.
The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service must be running for the PCA to run. These services can be configured by using the Services snap-in to the Microsoft Management Console.
@@ -97,7 +97,7 @@ The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Detect compatibility issues for applications and drivers*
- GP name: *DetectDeprecatedCOMComponentFailuresPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics*
@@ -107,7 +107,7 @@ ADMX Info:
-**ADMX_pca/DetectDeprecatedComponentFailuresPolicy**
+**ADMX_pca/DetectDeprecatedComponentFailuresPolicy**
@@ -133,16 +133,16 @@ ADMX Info:
-This setting exists only for backward compatibility, and isn't valid for this version of Windows.
+This setting exists only for backward compatibility, and isn't valid for this version of Windows.
-To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative
+To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative
Templates\Windows Components\Application Compatibility.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Detect application install failures*
- GP name: *DetectDeprecatedComponentFailuresPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics*
@@ -153,7 +153,7 @@ ADMX Info:
-**ADMX_pca/DetectInstallFailuresPolicy**
+**ADMX_pca/DetectInstallFailuresPolicy**
@@ -185,7 +185,7 @@ This setting exists only for backward compatibility, and isn't valid for this ve
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Detect applications unable to launch installers under UAC*
- GP name: *DetectInstallFailuresPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics*
@@ -195,7 +195,7 @@ ADMX Info:
-**ADMX_pca/DetectUndetectedInstallersPolicy**
+**ADMX_pca/DetectUndetectedInstallersPolicy**
@@ -228,7 +228,7 @@ This setting exists only for backward compatibility, and isn't valid for this ve
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Detect application failures caused by deprecated Windows DLLs*
- GP name: *DetectUndetectedInstallersPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics*
@@ -238,7 +238,7 @@ ADMX Info:
-**ADMX_pca/DetectUpdateFailuresPolicy**
+**ADMX_pca/DetectUpdateFailuresPolicy**
@@ -273,7 +273,7 @@ To configure the Program Compatibility Assistant, use the 'Turn off Program Comp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Detect application failures caused by deprecated COM objects*
- GP name: *DetectUpdateFailuresPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics*
@@ -283,7 +283,7 @@ ADMX Info:
-**ADMX_pca/DisablePcaUIPolicy**
+**ADMX_pca/DisablePcaUIPolicy**
@@ -318,7 +318,7 @@ To configure the Program Compatibility Assistant, use the 'Turn off Program Comp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Detect application installers that need to be run as administrator*
- GP name: *DisablePcaUIPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics*
@@ -328,7 +328,7 @@ ADMX Info:
-**ADMX_pca/DetectBlockedDriversPolicy**
+**ADMX_pca/DetectBlockedDriversPolicy**
@@ -363,7 +363,7 @@ To configure the Program Compatibility Assistant, use the 'Turn off Program Comp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Notify blocked drivers*
- GP name: *DetectBlockedDriversPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics*
diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
index b5e4199768..36c4e192bb 100644
--- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
+++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/16/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_PeerToPeerCaching
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_PeerToPeerCaching policies
+## ADMX_PeerToPeerCaching policies
-
@@ -59,7 +59,7 @@ manager: aaroncz
-**ADMX_PeerToPeerCaching/EnableWindowsBranchCache**
+**ADMX_PeerToPeerCaching/EnableWindowsBranchCache**
@@ -85,7 +85,7 @@ manager: aaroncz
-This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting, you must specify whether the client computers are hosted cache mode or distributed cache mode clients. To do so, configure one of the following policy settings:
+This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting, you must specify whether the client computers are hosted cache mode or distributed cache mode clients. To do so, configure one of the following policy settings:
- Set BranchCache Distributed Cache mode
- Set BranchCache Hosted Cache mode
@@ -104,7 +104,7 @@ For policy configuration, select one of the following options:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on BranchCache*
- GP name: *EnableWindowsBranchCache*
- GP path: *Network\BranchCache*
@@ -115,7 +115,7 @@ ADMX Info:
-**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_Distributed**
+**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_Distributed**
@@ -158,7 +158,7 @@ For policy configuration, select one of the following options:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set BranchCache Distributed Cache mode*
- GP name: *EnableWindowsBranchCache_Distributed*
- GP path: *Network\BranchCache*
@@ -169,7 +169,7 @@ ADMX Info:
-**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_Hosted**
+**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_Hosted**
@@ -207,7 +207,7 @@ For policy configuration, select one of the following options:
In circumstances where this setting is enabled, you can also select and configure the following option:
-- Type the name of the hosted cache server. Specifies the computer name of the hosted cache server. Because the hosted cache server name is also specified in the certificate enrolled to the hosted cache server, the name that you enter here must match the name of the hosted cache server that is specified in the server certificate.
+- Type the name of the hosted cache server. Specifies the computer name of the hosted cache server. Because the hosted cache server name is also specified in the certificate enrolled to the hosted cache server, the name that you enter here must match the name of the hosted cache server that is specified in the server certificate.
Hosted cache clients must trust the server certificate that is issued to the hosted cache server. Ensure that the issuing CA certificate is installed in the Trusted Root Certification Authorities certificate store on all hosted cache client computers.
@@ -218,7 +218,7 @@ Hosted cache clients must trust the server certificate that is issued to the hos
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set BranchCache Hosted Cache mode*
- GP name: *EnableWindowsBranchCache_Hosted*
- GP path: *Network\BranchCache*
@@ -229,7 +229,7 @@ ADMX Info:
-**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_HostedCacheDiscovery**
+**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_HostedCacheDiscovery**
@@ -267,7 +267,7 @@ If the policy setting "Set BranchCache Distributed Cache Mode" is applied in add
If the policy setting "Set BranchCache Hosted Cache Mode" is applied, the client computer doesn't perform automatically hosted cache discovery. This restriction is also true in cases where the policy setting "Configure Hosted Cache Servers" is applied.
-This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista.
+This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista.
If you disable, or don't configure this setting, a client won't attempt to discover hosted cache servers by service connection point.
@@ -281,7 +281,7 @@ For policy configuration, select one of the following options:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Automatic Hosted Cache Discovery by Service Connection Point*
- GP name: *EnableWindowsBranchCache_HostedCacheDiscovery*
- GP path: *Network\BranchCache*
@@ -292,7 +292,7 @@ ADMX Info:
-**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_HostedMultipleServers**
+**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_HostedMultipleServers**
@@ -340,7 +340,7 @@ In circumstances where this setting is enabled, you can also select and configur
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Hosted Cache Servers*
- GP name: *EnableWindowsBranchCache_HostedMultipleServers*
- GP path: *Network\BranchCache*
@@ -351,7 +351,7 @@ ADMX Info:
-**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_SMB**
+**ADMX_PeerToPeerCaching/EnableWindowsBranchCache_SMB**
@@ -393,7 +393,7 @@ In circumstances where this policy setting is enabled, you can also select and c
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure BranchCache for network files*
- GP name: *EnableWindowsBranchCache_SMB*
- GP path: *Network\BranchCache*
@@ -404,7 +404,7 @@ ADMX Info:
-**ADMX_PeerToPeerCaching/SetCachePercent**
+**ADMX_PeerToPeerCaching/SetCachePercent**
@@ -453,7 +453,7 @@ In circumstances where this setting is enabled, you can also select and configur
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set percentage of disk space used for client computer cache*
- GP name: *SetCachePercent*
- GP path: *Network\BranchCache*
@@ -464,7 +464,7 @@ ADMX Info:
-**ADMX_PeerToPeerCaching/SetDataCacheEntryMaxAge**
+**ADMX_PeerToPeerCaching/SetDataCacheEntryMaxAge**
@@ -510,7 +510,7 @@ In circumstances where this setting is enabled, you can also select and configur
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set age for segments in the data cache*
- GP name: *SetDataCacheEntryMaxAge*
- GP path: *Network\BranchCache*
@@ -521,7 +521,7 @@ ADMX Info:
-**ADMX_PeerToPeerCaching/SetDowngrading**
+**ADMX_PeerToPeerCaching/SetDowngrading**
@@ -570,7 +570,7 @@ Select from the following versions
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Client BranchCache Version Support*
- GP name: *SetDowngrading*
- GP path: *Network\BranchCache*
diff --git a/windows/client-management/mdm/policy-csp-admx-pentraining.md b/windows/client-management/mdm/policy-csp-admx-pentraining.md
index 322223fccc..6aa5e25a84 100644
--- a/windows/client-management/mdm/policy-csp-admx-pentraining.md
+++ b/windows/client-management/mdm/policy-csp-admx-pentraining.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/22/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_PenTraining
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_PenTraining policies
+## ADMX_PenTraining policies
-
@@ -38,7 +38,7 @@ manager: aaroncz
-**ADMX_PenTraining/PenTrainingOff_1**
+**ADMX_PenTraining/PenTrainingOff_1**
@@ -64,9 +64,9 @@ manager: aaroncz
-Turns off Tablet PC Pen Training.
+Turns off Tablet PC Pen Training.
-- If you enable this policy setting, users can't open Tablet PC Pen Training.
+- If you enable this policy setting, users can't open Tablet PC Pen Training.
- If you disable or don't configure this policy setting, users can open Tablet PC Pen Training.
@@ -74,7 +74,7 @@ Turns off Tablet PC Pen Training.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Tablet PC Pen Training*
- GP name: *PenTrainingOff_1*
- GP path: *Windows Components\Tablet PC\Tablet PC Pen Training*
@@ -85,7 +85,7 @@ ADMX Info:
-**ADMX_PenTraining/PenTrainingOff_2**
+**ADMX_PenTraining/PenTrainingOff_2**
@@ -111,9 +111,9 @@ ADMX Info:
-Turns off Tablet PC Pen Training.
+Turns off Tablet PC Pen Training.
-- If you enable this policy setting, users can't open Tablet PC Pen Training.
+- If you enable this policy setting, users can't open Tablet PC Pen Training.
- If you disable or don't configure this policy setting, users can open Tablet PC Pen Training.
@@ -121,7 +121,7 @@ Turns off Tablet PC Pen Training.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Tablet PC Pen Training*
- GP name: *PenTrainingOff_2*
- GP path: *Windows Components\Tablet PC\Tablet PC Pen Training*
diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
index 7c956fcf64..8e58bcbe3e 100644
--- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
+++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/16/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_PerformanceDiagnostics
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_PerformanceDiagnostics policies
+## ADMX_PerformanceDiagnostics policies
-
@@ -45,7 +45,7 @@ manager: aaroncz
-**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_1**
+**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_1**
@@ -90,7 +90,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Scenario Execution Level*
- GP name: *WdiScenarioExecutionPolicy_1*
- GP path: *System\Troubleshooting and Diagnostics\Windows Boot Performance Diagnostics*
@@ -101,7 +101,7 @@ ADMX Info:
-**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_2**
+**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_2**
@@ -145,7 +145,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Scenario Execution Level*
- GP name: *WdiScenarioExecutionPolicy_2*
- GP path: *System\Troubleshooting and Diagnostics\Windows System Responsiveness Performance Diagnostics*
@@ -156,7 +156,7 @@ ADMX Info:
-**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_3**
+**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_3**
@@ -200,7 +200,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Scenario Execution Level*
- GP name: *WdiScenarioExecutionPolicy_3*
- GP path: *System\Troubleshooting and Diagnostics\Windows Shutdown Performance Diagnostics*
@@ -211,7 +211,7 @@ ADMX Info:
-**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_4**
+**ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_4**
@@ -255,7 +255,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Scenario Execution Level*
- GP name: *WdiScenarioExecutionPolicy_4*
- GP path: *System\Troubleshooting and Diagnostics\Windows Standby/Resume Performance Diagnostics*
diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md
index e1e9ee133b..e91734197a 100644
--- a/windows/client-management/mdm/policy-csp-admx-power.md
+++ b/windows/client-management/mdm/policy-csp-admx-power.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/22/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Power
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Power policies
+## ADMX_Power policies
-
@@ -108,7 +108,7 @@ manager: aaroncz
-**ADMX_Power/ACConnectivityInStandby_2**
+**ADMX_Power/ACConnectivityInStandby_2**
@@ -146,7 +146,7 @@ If you don't configure this policy setting, users control this setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow network connectivity during connected-standby (plugged in)*
- GP name: *ACConnectivityInStandby_2*
- GP path: *System\Power Management\Sleep Settings*
@@ -157,7 +157,7 @@ ADMX Info:
-**ADMX_Power/ACCriticalSleepTransitionsDisable_2**
+**ADMX_Power/ACCriticalSleepTransitionsDisable_2**
@@ -193,7 +193,7 @@ If you disable or don't configure this policy setting, users control this settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on the ability for applications to prevent sleep transitions (plugged in)*
- GP name: *ACCriticalSleepTransitionsDisable_2*
- GP path: *System\Power Management\Sleep Settings*
@@ -204,7 +204,7 @@ ADMX Info:
-**ADMX_Power/ACStartMenuButtonAction_2**
+**ADMX_Power/ACStartMenuButtonAction_2**
@@ -244,7 +244,7 @@ If you disable this policy or don't configure this policy setting, users control
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Select the Start menu Power button action (plugged in)*
- GP name: *ACStartMenuButtonAction_2*
- GP path: *System\Power Management\Button Settings*
@@ -255,7 +255,7 @@ ADMX Info:
-**ADMX_Power/AllowSystemPowerRequestAC**
+**ADMX_Power/AllowSystemPowerRequestAC**
@@ -291,7 +291,7 @@ If you disable or don't configure this policy setting, applications, services, o
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow applications to prevent automatic sleep (plugged in)*
- GP name: *AllowSystemPowerRequestAC*
- GP path: *System\Power Management\Sleep Settings*
@@ -302,7 +302,7 @@ ADMX Info:
-**ADMX_Power/AllowSystemPowerRequestDC**
+**ADMX_Power/AllowSystemPowerRequestDC**
@@ -338,7 +338,7 @@ If you disable or don't configure this policy setting, applications, services, o
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow applications to prevent automatic sleep (on battery)*
- GP name: *AllowSystemPowerRequestDC*
- GP path: *System\Power Management\Sleep Settings*
@@ -349,7 +349,7 @@ ADMX Info:
-**ADMX_Power/AllowSystemSleepWithRemoteFilesOpenAC**
+**ADMX_Power/AllowSystemSleepWithRemoteFilesOpenAC**
@@ -385,7 +385,7 @@ If you disable or don't configure this policy setting, the computer doesn't auto
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow automatic sleep with Open Network Files (plugged in)*
- GP name: *AllowSystemSleepWithRemoteFilesOpenAC*
- GP path: *System\Power Management\Sleep Settings*
@@ -396,7 +396,7 @@ ADMX Info:
-**ADMX_Power/AllowSystemSleepWithRemoteFilesOpenDC**
+**ADMX_Power/AllowSystemSleepWithRemoteFilesOpenDC**
@@ -432,7 +432,7 @@ If you disable or don't configure this policy setting, the computer doesn't auto
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow automatic sleep with Open Network Files (on battery)*
- GP name: *AllowSystemSleepWithRemoteFilesOpenDC*
- GP path: *System\Power Management\Sleep Settings*
@@ -443,7 +443,7 @@ ADMX Info:
-**ADMX_Power/CustomActiveSchemeOverride_2**
+**ADMX_Power/CustomActiveSchemeOverride_2**
@@ -479,7 +479,7 @@ If you disable or don't configure this policy setting, users can see and change
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify a custom active power plan*
- GP name: *CustomActiveSchemeOverride_2*
- GP path: *System\Power Management*
@@ -490,7 +490,7 @@ ADMX Info:
-**ADMX_Power/DCBatteryDischargeAction0_2**
+**ADMX_Power/DCBatteryDischargeAction0_2**
@@ -516,7 +516,7 @@ ADMX Info:
-This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level.
+This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level.
If you enable this policy setting, select one of the following actions:
@@ -531,7 +531,7 @@ If you disable or don't configure this policy setting, users control this settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Critical battery notification action*
- GP name: *DCBatteryDischargeAction0_2*
- GP path: *System\Power Management\Notification Settings*
@@ -542,7 +542,7 @@ ADMX Info:
-**ADMX_Power/DCBatteryDischargeAction1_2**
+**ADMX_Power/DCBatteryDischargeAction1_2**
@@ -583,7 +583,7 @@ If you disable or don't configure this policy setting, users control this settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Low battery notification action*
- GP name: *DCBatteryDischargeAction1_2*
- GP path: *System\Power Management\Notification Settings*
@@ -594,7 +594,7 @@ ADMX Info:
-**ADMX_Power/DCBatteryDischargeLevel0_2**
+**ADMX_Power/DCBatteryDischargeLevel0_2**
@@ -632,7 +632,7 @@ If you disable this policy setting or don't configure it, users control this set
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Critical battery notification level*
- GP name: *DCBatteryDischargeLevel0_2*
- GP path: *System\Power Management\Notification Settings*
@@ -643,7 +643,7 @@ ADMX Info:
-**ADMX_Power/DCBatteryDischargeLevel1UINotification_2**
+**ADMX_Power/DCBatteryDischargeLevel1UINotification_2**
@@ -683,7 +683,7 @@ If you disable or don't configure this policy setting, users can control this se
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off low battery user notification*
- GP name: *DCBatteryDischargeLevel1UINotification_2*
- GP path: *System\Power Management\Notification Settings*
@@ -694,7 +694,7 @@ ADMX Info:
-**ADMX_Power/DCBatteryDischargeLevel1_2**
+**ADMX_Power/DCBatteryDischargeLevel1_2**
@@ -732,7 +732,7 @@ If you disable this policy setting or don't configure it, users control this set
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Low battery notification level*
- GP name: *DCBatteryDischargeLevel1_2*
- GP path: *System\Power Management\Notification Settings*
@@ -743,7 +743,7 @@ ADMX Info:
-**ADMX_Power/DCConnectivityInStandby_2**
+**ADMX_Power/DCConnectivityInStandby_2**
@@ -781,7 +781,7 @@ If you don't configure this policy setting, users control this setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow network connectivity during connected-standby (on battery)*
- GP name: *DCConnectivityInStandby_2*
- GP path: *System\Power Management\Sleep Settings*
@@ -792,7 +792,7 @@ ADMX Info:
-**ADMX_Power/DCCriticalSleepTransitionsDisable_2**
+**ADMX_Power/DCCriticalSleepTransitionsDisable_2**
@@ -828,7 +828,7 @@ If you disable or don't configure this policy setting, users control this settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on the ability for applications to prevent sleep transitions (on battery)*
- GP name: *DCCriticalSleepTransitionsDisable_2*
- GP path: *System\Power Management\Sleep Settings*
@@ -839,7 +839,7 @@ ADMX Info:
-**ADMX_Power/DCStartMenuButtonAction_2**
+**ADMX_Power/DCStartMenuButtonAction_2**
@@ -879,7 +879,7 @@ If you disable this policy or don't configure this policy setting, users control
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Select the Start menu Power button action (on battery)*
- GP name: *DCStartMenuButtonAction_2*
- GP path: *System\Power Management\Button Settings*
@@ -890,7 +890,7 @@ ADMX Info:
-**ADMX_Power/DiskACPowerDownTimeOut_2**
+**ADMX_Power/DiskACPowerDownTimeOut_2**
@@ -926,7 +926,7 @@ If you disable or don't configure this policy setting, users can see and change
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn Off the hard disk (plugged in)*
- GP name: *DiskACPowerDownTimeOut_2*
- GP path: *System\Power Management\Hard Disk Settings*
@@ -937,7 +937,7 @@ ADMX Info:
-**ADMX_Power/DiskDCPowerDownTimeOut_2**
+**ADMX_Power/DiskDCPowerDownTimeOut_2**
@@ -973,7 +973,7 @@ If you disable or don't configure this policy setting, users can see and change
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn Off the hard disk (on battery)*
- GP name: *DiskDCPowerDownTimeOut_2*
- GP path: *System\Power Management\Hard Disk Settings*
@@ -984,7 +984,7 @@ ADMX Info:
-**ADMX_Power/Dont_PowerOff_AfterShutdown**
+**ADMX_Power/Dont_PowerOff_AfterShutdown**
@@ -1026,7 +1026,7 @@ If you disable or don't configure this policy setting, the computer system safel
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not turn off system power after a Windows system shutdown has occurred.*
- GP name: *Dont_PowerOff_AfterShutdown*
- GP path: *System*
@@ -1037,7 +1037,7 @@ ADMX Info:
-**ADMX_Power/EnableDesktopSlideShowAC**
+**ADMX_Power/EnableDesktopSlideShowAC**
@@ -1075,7 +1075,7 @@ If you disable or don't configure this policy setting, users control this settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on desktop background slideshow (plugged in)*
- GP name: *EnableDesktopSlideShowAC*
- GP path: *System\Power Management\Video and Display Settings*
@@ -1086,7 +1086,7 @@ ADMX Info:
-**ADMX_Power/EnableDesktopSlideShowDC**
+**ADMX_Power/EnableDesktopSlideShowDC**
@@ -1124,7 +1124,7 @@ If you disable or don't configure this policy setting, users control this settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on desktop background slideshow (on battery)*
- GP name: *EnableDesktopSlideShowDC*
- GP path: *System\Power Management\Video and Display Settings*
@@ -1135,7 +1135,7 @@ ADMX Info:
-**ADMX_Power/InboxActiveSchemeOverride_2**
+**ADMX_Power/InboxActiveSchemeOverride_2**
@@ -1171,7 +1171,7 @@ If you disable or don't configure this policy setting, users control this settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Select an active power plan*
- GP name: *InboxActiveSchemeOverride_2*
- GP path: *System\Power Management*
@@ -1182,7 +1182,7 @@ ADMX Info:
-**ADMX_Power/PW_PromptPasswordOnResume**
+**ADMX_Power/PW_PromptPasswordOnResume**
@@ -1218,7 +1218,7 @@ If you disable or don't configure this policy setting, users control if their co
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prompt for password on resume from hibernate/suspend*
- GP name: *PW_PromptPasswordOnResume*
- GP path: *System\Power Management*
@@ -1229,7 +1229,7 @@ ADMX Info:
-**ADMX_Power/PowerThrottlingTurnOff**
+**ADMX_Power/PowerThrottlingTurnOff**
@@ -1265,7 +1265,7 @@ If you disable or don't configure this policy setting, users control this settin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Power Throttling*
- GP name: *PowerThrottlingTurnOff*
- GP path: *System\Power Management\Power Throttling Settings*
@@ -1276,7 +1276,7 @@ ADMX Info:
-**ADMX_Power/ReserveBatteryNotificationLevel**
+**ADMX_Power/ReserveBatteryNotificationLevel**
@@ -1312,7 +1312,7 @@ If you disable or don't configure this policy setting, users can see and change
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Reserve battery notification level*
- GP name: *ReserveBatteryNotificationLevel*
- GP path: *System\Power Management\Notification Settings*
diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
index 0818fc3b94..9eb8fafd5c 100644
--- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 10/26/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_PowerShellExecutionPolicy
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_PowerShellExecutionPolicy policies
+## ADMX_PowerShellExecutionPolicy policies
-
@@ -45,7 +45,7 @@ manager: aaroncz
-**ADMX_PowerShellExecutionPolicy/EnableModuleLogging**
+**ADMX_PowerShellExecutionPolicy/EnableModuleLogging**
@@ -87,7 +87,7 @@ To add modules and snap-ins to the policy setting list, click Show, and then typ
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on Module Logging*
- GP name: *EnableModuleLogging*
- GP path: *Windows Components\Windows PowerShell*
@@ -98,7 +98,7 @@ ADMX Info:
-**ADMX_PowerShellExecutionPolicy/EnableScripts**
+**ADMX_PowerShellExecutionPolicy/EnableScripts**
@@ -140,7 +140,7 @@ If you disable this policy setting, no scripts are allowed to run.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on Script Execution*
- GP name: *EnableScripts*
- GP path: *Windows Components\Windows PowerShell*
@@ -151,7 +151,7 @@ ADMX Info:
-**ADMX_PowerShellExecutionPolicy/EnableTranscripting**
+**ADMX_PowerShellExecutionPolicy/EnableTranscripting**
@@ -193,7 +193,7 @@ If you use the OutputDirectory setting to enable transcript logging to a shared
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on PowerShell Transcription*
- GP name: *EnableTranscripting*
- GP path: *Windows Components\Windows PowerShell*
@@ -204,7 +204,7 @@ ADMX Info:
-**ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath**
+**ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath**
@@ -244,7 +244,7 @@ If this policy setting is disabled or not configured, this policy setting doesn'
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set the default source path for Update-Help*
- GP name: *EnableUpdateHelpDefaultSourcePath*
- GP path: *Windows Components\Windows PowerShell*
diff --git a/windows/client-management/mdm/policy-csp-admx-previousversions.md b/windows/client-management/mdm/policy-csp-admx-previousversions.md
index 05320e6fd6..fc63f16570 100644
--- a/windows/client-management/mdm/policy-csp-admx-previousversions.md
+++ b/windows/client-management/mdm/policy-csp-admx-previousversions.md
@@ -8,19 +8,19 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/01/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_PreviousVersions
-## ADMX_PreviousVersions policies
+## ADMX_PreviousVersions policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -51,14 +51,14 @@ manager: aaroncz
-
ADMX_PreviousVersions/DisableLocalRestore_2
-
+
-**ADMX_PreviousVersions/DisableLocalPage_1**
+**ADMX_PreviousVersions/DisableLocalPage_1**
@@ -84,18 +84,18 @@ manager: aaroncz
-This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.
+This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file.
-- If the user clicks the Restore button, Windows attempts to restore the file from the local disk.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file.
+- If the user clicks the Restore button, Windows attempts to restore the file from the local disk.
- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a local file.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent restoring local previous versions*
- GP name: *DisableLocalPage_1*
- GP path: *Windows Components\File Explorer\Previous Versions*
@@ -106,7 +106,7 @@ ADMX Info:
-**ADMX_PreviousVersions/DisableLocalPage_2**
+**ADMX_PreviousVersions/DisableLocalPage_2**
@@ -132,18 +132,18 @@ ADMX Info:
-This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.
+This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file.
-- If the user clicks the Restore button, Windows attempts to restore the file from the local disk.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a local file.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a local file.
+- If the user clicks the Restore button, Windows attempts to restore the file from the local disk.
- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a local file.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent restoring local previous versions*
- GP name: *DisableLocalPage_2*
- GP path: *Windows Components\File Explorer\Previous Versions*
@@ -154,7 +154,7 @@ ADMX Info:
-**ADMX_PreviousVersions/DisableRemotePage_1**
+**ADMX_PreviousVersions/DisableRemotePage_1**
@@ -180,18 +180,18 @@ ADMX Info:
-This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
+This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
-- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent restoring remote previous versions*
- GP name: *DisableRemotePage_1*
- GP path: *Windows Components\File Explorer\Previous Versions*
@@ -202,7 +202,7 @@ ADMX Info:
-**ADMX_PreviousVersions/DisableRemotePage_2**
+**ADMX_PreviousVersions/DisableRemotePage_2**
@@ -228,18 +228,18 @@ ADMX Info:
-This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
+This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
-- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent restoring remote previous versions*
- GP name: *DisableRemotePage_1*
- GP path: *Windows Components\File Explorer\Previous Versions*
@@ -251,7 +251,7 @@ ADMX Info:
-**ADMX_PreviousVersions/HideBackupEntries_1**
+**ADMX_PreviousVersions/HideBackupEntries_1**
@@ -277,17 +277,17 @@ ADMX Info:
-This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.
+This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.
-- If you enable this policy setting, users can't see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.
-- If you disable this policy setting, users can see previous versions corresponding to backup copies and previous versions corresponding to on-disk restore points.
+- If you enable this policy setting, users can't see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.
+- If you disable this policy setting, users can see previous versions corresponding to backup copies and previous versions corresponding to on-disk restore points.
- If you don't configure this policy setting, it's disabled by default.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide previous versions of files on backup location*
- GP name: *HideBackupEntries_1*
- GP path: *Windows Components\File Explorer\Previous Versions*
@@ -298,7 +298,7 @@ ADMX Info:
-**ADMX_PreviousVersions/HideBackupEntries_2**
+**ADMX_PreviousVersions/HideBackupEntries_2**
@@ -324,17 +324,17 @@ ADMX Info:
-This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.
+This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.
-- If you enable this policy setting, users can't see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.
-- If you disable this policy setting, users can see previous versions corresponding to backup copies and previous versions corresponding to on-disk restore points.
+- If you enable this policy setting, users can't see any previous versions corresponding to backup copies, and can see only previous versions corresponding to on-disk restore points.
+- If you disable this policy setting, users can see previous versions corresponding to backup copies and previous versions corresponding to on-disk restore points.
- If you don't configure this policy setting, it's disabled by default.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide previous versions of files on backup location*
- GP name: *HideBackupEntries_2*
- GP path: *Windows Components\File Explorer\Previous Versions*
@@ -345,7 +345,7 @@ ADMX Info:
-**ADMX_PreviousVersions/DisableLocalRestore_1**
+**ADMX_PreviousVersions/DisableLocalRestore_1**
@@ -371,10 +371,10 @@ ADMX Info:
-This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
+This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share.
@@ -382,7 +382,7 @@ This setting lets you suppress the Restore button in the previous versions prope
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent restoring remote previous versions*
- GP name: *DisableLocalRestore_1*
- GP path: *Windows Components\File Explorer\Previous Versions*
@@ -393,7 +393,7 @@ ADMX Info:
-**ADMX_PreviousVersions/DisableLocalRestore_2**
+**ADMX_PreviousVersions/DisableLocalRestore_2**
@@ -419,17 +419,17 @@ ADMX Info:
-This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
+This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.
-- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
-- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
-- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
+- If you enable this policy setting, the Restore button is disabled when the user selects a previous version corresponding to a file on a file share.
+- If you disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share.
+- If the user clicks the Restore button, Windows attempts to restore the file from the file share.
- If you don't configure this policy setting, it's disabled by default. The Restore button is active when the previous version is of a file on a file share.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent restoring remote previous versions*
- GP name: *DisableLocalRestore_2*
- GP path: *Windows Components\File Explorer\Previous Versions*
diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md
index f107901b56..9b217f0e77 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/15/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Printing
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Printing policies
+## ADMX_Printing policies
-
@@ -112,7 +112,7 @@ manager: aaroncz
-**ADMX_Printing/AllowWebPrinting**
+**ADMX_Printing/AllowWebPrinting**
@@ -155,7 +155,7 @@ Also, see the "Custom support URL in the Printers folder's left pane" setting in
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Activate Internet printing*
- GP name: *AllowWebPrinting*
- GP path: *Printers*
@@ -166,7 +166,7 @@ ADMX Info:
-**ADMX_Printing/ApplicationDriverIsolation**
+**ADMX_Printing/ApplicationDriverIsolation**
@@ -209,7 +209,7 @@ If you disable this policy setting, then print drivers will be loaded within all
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Isolate print drivers from applications*
- GP name: *ApplicationDriverIsolation*
- GP path: *Printers*
@@ -220,7 +220,7 @@ ADMX Info:
-**ADMX_Printing/CustomizedSupportUrl**
+**ADMX_Printing/CustomizedSupportUrl**
@@ -264,7 +264,7 @@ Web view is affected by the "Turn on Classic Shell" and "Do not allow Folder Opt
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Custom support URL in the Printers folder's left pane*
- GP name: *CustomizedSupportUrl*
- GP path: *Printers*
@@ -275,7 +275,7 @@ ADMX Info:
-**ADMX_Printing/DoNotInstallCompatibleDriverFromWindowsUpdate**
+**ADMX_Printing/DoNotInstallCompatibleDriverFromWindowsUpdate**
@@ -312,7 +312,7 @@ This policy setting isn't configured by default, and the behavior depends on the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Extend Point and Print connection to search Windows Update*
- GP name: *DoNotInstallCompatibleDriverFromWindowsUpdate*
- GP path: *Printers*
@@ -323,7 +323,7 @@ ADMX Info:
-**ADMX_Printing/DomainPrinters**
+**ADMX_Printing/DomainPrinters**
@@ -373,7 +373,7 @@ In Windows 8 and later, Bluetooth printers aren't shown so its limit doesn't app
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Add Printer wizard - Network scan page (Managed network)*
- GP name: *DomainPrinters*
- GP path: *Printers*
@@ -384,7 +384,7 @@ ADMX Info:
-**ADMX_Printing/DownlevelBrowse**
+**ADMX_Printing/DownlevelBrowse**
@@ -423,7 +423,7 @@ If you disable this setting, the network printer browse page is removed from wit
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Browse the network to find printers*
- GP name: *DownlevelBrowse*
- GP path: *Control Panel\Printers*
@@ -434,7 +434,7 @@ ADMX Info:
-**ADMX_Printing/EMFDespooling**
+**ADMX_Printing/EMFDespooling**
@@ -481,7 +481,7 @@ If you don't enable this policy setting, the behavior is the same as disabling i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Always render print jobs on the server*
- GP name: *EMFDespooling*
- GP path: *Printers*
@@ -492,7 +492,7 @@ ADMX Info:
-**ADMX_Printing/ForceSoftwareRasterization**
+**ADMX_Printing/ForceSoftwareRasterization**
@@ -526,7 +526,7 @@ This setting may improve the performance of the XPS Rasterization Service or the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Always rasterize content to be printed using a software rasterizer*
- GP name: *ForceSoftwareRasterization*
- GP path: *Printers*
@@ -537,7 +537,7 @@ ADMX Info:
-**ADMX_Printing/IntranetPrintersUrl**
+**ADMX_Printing/IntranetPrintersUrl**
@@ -577,7 +577,7 @@ Also, see the "Custom support URL in the Printers folder's left pane" and "Activ
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Browse a common web site to find printers*
- GP name: *IntranetPrintersUrl*
- GP path: *Control Panel\Printers*
@@ -588,7 +588,7 @@ ADMX Info:
-**ADMX_Printing/KMPrintersAreBlocked**
+**ADMX_Printing/KMPrintersAreBlocked**
@@ -628,7 +628,7 @@ If you enable this setting, installation of a printer using a kernel-mode driver
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disallow installation of printers using kernel-mode drivers*
- GP name: *KMPrintersAreBlocked*
- GP path: *Printers*
@@ -639,7 +639,7 @@ ADMX Info:
-**ADMX_Printing/LegacyDefaultPrinterMode**
+**ADMX_Printing/LegacyDefaultPrinterMode**
@@ -671,13 +671,13 @@ If you enable this setting, Windows won't manage the default printer.
If you disable this setting, Windows will manage the default printer.
-If you don't configure this setting, default printer management won't change.
+If you don't configure this setting, default printer management won't change.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows default printer management*
- GP name: *LegacyDefaultPrinterMode*
- GP path: *Control Panel\Printers*
@@ -688,7 +688,7 @@ ADMX Info:
-**ADMX_Printing/MXDWUseLegacyOutputFormatMSXPS**
+**ADMX_Printing/MXDWUseLegacyOutputFormatMSXPS**
@@ -724,7 +724,7 @@ If you disable or don't configure this policy setting, the default MXDW output f
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Change Microsoft XPS Document Writer (MXDW) default output format to the legacy Microsoft XPS format (*.xps)*
- GP name: *MXDWUseLegacyOutputFormatMSXPS*
- GP path: *Printers*
@@ -735,7 +735,7 @@ ADMX Info:
-**ADMX_Printing/NoDeletePrinter**
+**ADMX_Printing/NoDeletePrinter**
@@ -773,7 +773,7 @@ If this policy is disabled, or not configured, users can delete printers using t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent deletion of printers*
- GP name: *NoDeletePrinter*
- GP path: *Control Panel\Printers*
@@ -784,7 +784,7 @@ ADMX Info:
-**ADMX_Printing/NonDomainPrinters**
+**ADMX_Printing/NonDomainPrinters**
@@ -831,7 +831,7 @@ In Windows 8 and later, Bluetooth printers aren't shown so its limit doesn't app
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Add Printer wizard - Network scan page (Unmanaged network)*
- GP name: *NonDomainPrinters*
- GP path: *Printers*
@@ -842,7 +842,7 @@ ADMX Info:
-**ADMX_Printing/PackagePointAndPrintOnly**
+**ADMX_Printing/PackagePointAndPrintOnly**
@@ -878,7 +878,7 @@ If this setting is disabled, or not configured, users won't be restricted to pac
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Only use Package Point and print*
- GP name: *PackagePointAndPrintOnly*
- GP path: *Control Panel\Printers*
@@ -889,7 +889,7 @@ ADMX Info:
-**ADMX_Printing/PackagePointAndPrintOnly_Win7**
+**ADMX_Printing/PackagePointAndPrintOnly_Win7**
@@ -925,7 +925,7 @@ If this setting is disabled, or not configured, users won't be restricted to pac
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Only use Package Point and print*
- GP name: *PackagePointAndPrintOnly_Win7*
- GP path: *Printers*
@@ -936,7 +936,7 @@ ADMX Info:
-**ADMX_Printing/PackagePointAndPrintServerList**
+**ADMX_Printing/PackagePointAndPrintServerList**
@@ -976,7 +976,7 @@ If this setting is disabled, or not configured, package point and print won't be
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Package Point and print - Approved servers*
- GP name: *PackagePointAndPrintServerList*
- GP path: *Control Panel\Printers*
@@ -987,7 +987,7 @@ ADMX Info:
-**ADMX_Printing/PackagePointAndPrintServerList_Win7**
+**ADMX_Printing/PackagePointAndPrintServerList_Win7**
@@ -1027,7 +1027,7 @@ If this setting is disabled, or not configured, package point and print won't be
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Package Point and print - Approved servers*
- GP name: *PackagePointAndPrintServerList_Win7*
- GP path: *Printers*
@@ -1038,7 +1038,7 @@ ADMX Info:
-**ADMX_Printing/PhysicalLocation**
+**ADMX_Printing/PhysicalLocation**
@@ -1078,7 +1078,7 @@ If you disable this setting or don't configure it, and the user doesn't type a l
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Computer location*
- GP name: *PhysicalLocation*
- GP path: *Printers*
@@ -1089,7 +1089,7 @@ ADMX Info:
-**ADMX_Printing/PhysicalLocationSupport**
+**ADMX_Printing/PhysicalLocationSupport**
@@ -1127,7 +1127,7 @@ If you disable this setting or don't configure it, Location Tracking is disabled
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Pre-populate printer search location text*
- GP name: *PhysicalLocationSupport*
- GP path: *Printers*
@@ -1138,7 +1138,7 @@ ADMX Info:
-**ADMX_Printing/PrintDriverIsolationExecutionPolicy**
+**ADMX_Printing/PrintDriverIsolationExecutionPolicy**
@@ -1179,7 +1179,7 @@ If you disable this policy setting, the print spooler will execute print drivers
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Execute print drivers in isolated processes*
- GP name: *PrintDriverIsolationExecutionPolicy*
- GP path: *Printers*
@@ -1190,7 +1190,7 @@ ADMX Info:
-**ADMX_Printing/PrintDriverIsolationOverrideCompat**
+**ADMX_Printing/PrintDriverIsolationOverrideCompat**
@@ -1231,7 +1231,7 @@ If you disable or don't configure this policy setting, the print spooler uses th
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Override print driver execution compatibility setting reported by print driver*
- GP name: *PrintDriverIsolationOverrideCompat*
- GP path: *Printers*
@@ -1242,7 +1242,7 @@ ADMX Info:
-**ADMX_Printing/PrinterDirectorySearchScope**
+**ADMX_Printing/PrinterDirectorySearchScope**
@@ -1280,7 +1280,7 @@ This setting only provides a starting point for Active Directory searches for pr
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Default Active Directory path when searching for printers*
- GP name: *PrinterDirectorySearchScope*
- GP path: *Control Panel\Printers*
@@ -1291,7 +1291,7 @@ ADMX Info:
-**ADMX_Printing/PrinterServerThread**
+**ADMX_Printing/PrinterServerThread**
@@ -1334,7 +1334,7 @@ If you don't configure this setting, shared printers are announced to browse mai
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Printer browsing*
- GP name: *PrinterServerThread*
- GP path: *Printers*
@@ -1345,7 +1345,7 @@ ADMX Info:
-**ADMX_Printing/ShowJobTitleInEventLogs**
+**ADMX_Printing/ShowJobTitleInEventLogs**
@@ -1384,7 +1384,7 @@ If you enable this policy setting, the print job name will be included in new lo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow job name in event logs*
- GP name: *ShowJobTitleInEventLogs*
- GP path: *Printers*
@@ -1395,7 +1395,7 @@ ADMX Info:
-**ADMX_Printing/V4DriverDisallowPrinterExtension**
+**ADMX_Printing/V4DriverDisallowPrinterExtension**
@@ -1433,7 +1433,7 @@ If you disable this policy setting or don't configure it, then all printer exten
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow v4 printer drivers to show printer extensions*
- GP name: *V4DriverDisallowPrinterExtension*
- GP path: *Printers*
diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md
index 3032187dbe..d6206130b3 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing2.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing2.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/15/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Printing2
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Printing2 policies
+## ADMX_Printing2 policies
-
@@ -60,7 +60,7 @@ manager: aaroncz
-**ADMX_Printing2/AutoPublishing**
+**ADMX_Printing2/AutoPublishing**
@@ -101,7 +101,7 @@ The default behavior is to automatically publish shared printers in Active Direc
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Automatically publish new printers in Active Directory*
- GP name: *AutoPublishing*
- GP path: *Printers*
@@ -112,7 +112,7 @@ ADMX Info:
-**ADMX_Printing2/ImmortalPrintQueue**
+**ADMX_Printing2/ImmortalPrintQueue**
@@ -153,7 +153,7 @@ If you disable this setting, the domain controller doesn't prune this computer's
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow pruning of published printers*
- GP name: *ImmortalPrintQueue*
- GP path: *Printers*
@@ -164,7 +164,7 @@ ADMX Info:
-**ADMX_Printing2/PruneDownlevel**
+**ADMX_Printing2/PruneDownlevel**
@@ -212,7 +212,7 @@ You can enable this setting to change the default behavior. To use this setting,
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prune printers that are not automatically republished*
- GP name: *PruneDownlevel*
- GP path: *Printers*
@@ -223,7 +223,7 @@ ADMX Info:
-**ADMX_Printing2/PruningInterval**
+**ADMX_Printing2/PruningInterval**
@@ -266,7 +266,7 @@ If you don't configure or disable this setting, the default values will be used.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Directory pruning interval*
- GP name: *PruningInterval*
- GP path: *Printers*
@@ -277,7 +277,7 @@ ADMX Info:
-**ADMX_Printing2/PruningPriority**
+**ADMX_Printing2/PruningPriority**
@@ -318,7 +318,7 @@ By default, the pruning thread runs at normal priority. However, you can adjust
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Directory pruning priority*
- GP name: *PruningPriority*
- GP path: *Printers*
@@ -329,7 +329,7 @@ ADMX Info:
-**ADMX_Printing2/PruningRetries**
+**ADMX_Printing2/PruningRetries**
@@ -372,7 +372,7 @@ If you don't configure or disable this setting, the default values are used.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Directory pruning retry*
- GP name: *PruningRetries*
- GP path: *Printers*
@@ -383,7 +383,7 @@ ADMX Info:
-**ADMX_Printing2/PruningRetryLog**
+**ADMX_Printing2/PruningRetryLog**
@@ -424,7 +424,7 @@ If you disable or don't configure this policy setting, the contact events aren't
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Log directory pruning retry events*
- GP name: *PruningRetryLog*
- GP path: *Printers*
@@ -435,7 +435,7 @@ ADMX Info:
-**ADMX_Printing2/RegisterSpoolerRemoteRpcEndPoint**
+**ADMX_Printing2/RegisterSpoolerRemoteRpcEndPoint**
@@ -473,7 +473,7 @@ The spooler must be restarted for changes to this policy to take effect.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow Print Spooler to accept client connections*
- GP name: *RegisterSpoolerRemoteRpcEndPoint*
- GP path: *Printers*
@@ -484,7 +484,7 @@ ADMX Info:
-**ADMX_Printing2/VerifyPublishedState**
+**ADMX_Printing2/VerifyPublishedState**
@@ -522,7 +522,7 @@ To disable verification, disable this setting, or enable this setting and select
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Check published state*
- GP name: *VerifyPublishedState*
- GP path: *Printers*
diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md
index 3758a6ba32..6cc0a7f746 100644
--- a/windows/client-management/mdm/policy-csp-admx-programs.md
+++ b/windows/client-management/mdm/policy-csp-admx-programs.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/01/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Programs
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Programs policies
+## ADMX_Programs policies
-
@@ -54,7 +54,7 @@ manager: aaroncz
-**ADMX_Programs/NoDefaultPrograms**
+**ADMX_Programs/NoDefaultPrograms**
@@ -93,7 +93,7 @@ This setting doesn't prevent the Default Programs icon from appearing on the Sta
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide "Set Program Access and Computer Defaults" page*
- GP name: *NoDefaultPrograms*
- GP path: *Control Panel\Programs*
@@ -104,7 +104,7 @@ ADMX Info:
-**ADMX_Programs/NoGetPrograms**
+**ADMX_Programs/NoGetPrograms**
@@ -130,7 +130,7 @@ ADMX Info:
-Prevents users from viewing or installing published programs from the network.
+Prevents users from viewing or installing published programs from the network.
This setting prevents users from accessing the "Get Programs" page from the Programs Control Panel in Category View, Programs and Features in Classic View and the "Install a program from the network" task. The "Get Programs" page lists published programs and provides an easy way to install them.
@@ -147,7 +147,7 @@ If this setting is disabled or isn't configured, the "Install a program from the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide "Get Programs" page*
- GP name: *NoGetPrograms*
- GP path: *Control Panel\Programs*
@@ -158,7 +158,7 @@ ADMX Info:
-**ADMX_Programs/NoInstalledUpdates**
+**ADMX_Programs/NoInstalledUpdates**
@@ -196,7 +196,7 @@ This setting doesn't prevent users from using other tools and methods to install
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide "Installed Updates" page*
- GP name: *NoInstalledUpdates*
- GP path: *Control Panel\Programs*
@@ -207,7 +207,7 @@ ADMX Info:
-**ADMX_Programs/NoProgramsAndFeatures**
+**ADMX_Programs/NoProgramsAndFeatures**
@@ -243,7 +243,7 @@ This setting doesn't prevent users from using other tools and methods to view or
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide "Programs and Features" page*
- GP name: *NoProgramsAndFeatures*
- GP path: *Control Panel\Programs*
@@ -254,7 +254,7 @@ ADMX Info:
-**ADMX_Programs/NoProgramsCPL**
+**ADMX_Programs/NoProgramsCPL**
@@ -281,7 +281,7 @@ ADMX Info:
This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View.
-
+
The Programs Control Panel allows users to uninstall, change, and repair programs, enable and disable Windows Features, set program defaults, view installed updates, and purchase software from Windows Marketplace. Programs published or assigned to the user by the system administrator also appear in the Programs Control Panel.
If this setting is disabled or not configured, the Programs Control Panel in Category View and Programs and Features in Classic View will be available to all users.
@@ -294,7 +294,7 @@ This setting doesn't prevent users from using other tools and methods to install
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide the Programs Control Panel*
- GP name: *NoProgramsCPL*
- GP path: *Control Panel\Programs*
@@ -305,7 +305,7 @@ ADMX Info:
-**ADMX_Programs/NoWindowsFeatures**
+**ADMX_Programs/NoWindowsFeatures**
@@ -341,7 +341,7 @@ This setting doesn't prevent users from using other tools and methods to configu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide "Windows Features"*
- GP name: *NoWindowsFeatures*
- GP path: *Control Panel\Programs*
@@ -352,7 +352,7 @@ ADMX Info:
-**ADMX_Programs/NoWindowsMarketplace**
+**ADMX_Programs/NoWindowsMarketplace**
@@ -382,7 +382,7 @@ This setting prevents users from access the "Get new programs from Windows Marke
Windows Marketplace allows users to purchase and/or download various programs to their computer for installation.
-Enabling this feature doesn't prevent users from navigating to Windows Marketplace using other methods.
+Enabling this feature doesn't prevent users from navigating to Windows Marketplace using other methods.
If this feature is disabled or isn't configured, the "Get new programs from Windows Marketplace" task link will be available to all users.
@@ -393,7 +393,7 @@ If this feature is disabled or isn't configured, the "Get new programs from Wind
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide "Windows Marketplace"*
- GP name: *NoWindowsMarketplace*
- GP path: *Control Panel\Programs*
diff --git a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
index d5ba645c1e..878624b832 100644
--- a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
+++ b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/01/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_PushToInstall
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_PushToInstall policies
+## ADMX_PushToInstall policies
-
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_PushToInstall/DisablePushToInstall**
+**ADMX_PushToInstall/DisablePushToInstall**
@@ -67,7 +67,7 @@ If you enable this setting, users will not be able to push Apps to this device f
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Push To Install service*
- GP name: *DisablePushToInstall*
- GP path: *Windows Components\Push To Install*
diff --git a/windows/client-management/mdm/policy-csp-admx-radar.md b/windows/client-management/mdm/policy-csp-admx-radar.md
index bcfa2454cb..53cdb74e46 100644
--- a/windows/client-management/mdm/policy-csp-admx-radar.md
+++ b/windows/client-management/mdm/policy-csp-admx-radar.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/08/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Radar
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Radar policies
+## ADMX_Radar policies
-
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_Radar/WdiScenarioExecutionPolicy**
+**ADMX_Radar/WdiScenarioExecutionPolicy**
@@ -62,16 +62,16 @@ manager: aaroncz
-This policy determines the execution level for Windows Resource Exhaustion Detection and Resolution.
+This policy determines the execution level for Windows Resource Exhaustion Detection and Resolution.
If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Resource Exhaustion problems and attempt to determine their root causes.
-These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available.
+These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting, and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is available.
If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve any Windows Resource Exhaustion problems that are handled by the DPS.
-If you don't configure this policy setting, the DPS will enable Windows Resource Exhaustion for resolution by default.
-This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
+If you don't configure this policy setting, the DPS will enable Windows Resource Exhaustion for resolution by default.
+This policy setting takes effect only if the diagnostics-wide scenario execution policy isn't configured.
No system restart or service restart is required for this policy to take effect; changes take effect immediately.
@@ -81,7 +81,7 @@ No system restart or service restart is required for this policy to take effect;
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Scenario Execution Level*
- GP name: *WdiScenarioExecutionPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Windows Resource Exhaustion Detection and Resolution*
diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md
index 08a42720fb..9dbf6e5a49 100644
--- a/windows/client-management/mdm/policy-csp-admx-reliability.md
+++ b/windows/client-management/mdm/policy-csp-admx-reliability.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/13/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Reliability
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Reliability policies
+## ADMX_Reliability policies
-
@@ -44,7 +44,7 @@ manager: aaroncz
-**ADMX_Reliability/EE_EnablePersistentTimeStamp**
+**ADMX_Reliability/EE_EnablePersistentTimeStamp**
@@ -85,7 +85,7 @@ If you don't configure this policy setting, the Persistent System Timestamp is r
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Persistent Time Stamp*
- GP name: *EE_EnablePersistentTimeStamp*
- GP path: *System*
@@ -98,7 +98,7 @@ ADMX Info:
-**ADMX_Reliability/PCH_ReportShutdownEvents**
+**ADMX_Reliability/PCH_ReportShutdownEvents**
@@ -138,7 +138,7 @@ Also see the "Configure Error Reporting" policy setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Report unplanned shutdown events*
- GP name: *PCH_ReportShutdownEvents*
- GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
@@ -151,7 +151,7 @@ ADMX Info:
-**ADMX_Reliability/ShutdownEventTrackerStateFile**
+**ADMX_Reliability/ShutdownEventTrackerStateFile**
@@ -192,7 +192,7 @@ If you don't configure this policy setting, the default behavior for the System
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Activate Shutdown Event Tracker System State Data feature*
- GP name: *ShutdownEventTrackerStateFile*
- GP path: *System*
@@ -205,7 +205,7 @@ ADMX Info:
-**ADMX_Reliability/ShutdownReason**
+**ADMX_Reliability/ShutdownReason**
@@ -250,7 +250,7 @@ If you don't configure this policy setting, the default behavior for the Shutdow
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display Shutdown Event Tracker*
- GP name: *ShutdownReason*
- GP path: *System*
diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
index 5d6a8d5676..421b9d5891 100644
--- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/14/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_RemoteAssistance
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_RemoteAssistance policies
+## ADMX_RemoteAssistance policies
-
@@ -38,7 +38,7 @@ manager: aaroncz
-**ADMX_RemoteAssistance/RA_EncryptedTicketOnly**
+**ADMX_RemoteAssistance/RA_EncryptedTicketOnly**
@@ -76,7 +76,7 @@ If you don't configure this policy setting, users can configure this setting in
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow only Windows Vista or later connections*
- GP name: *RA_EncryptedTicketOnly*
- GP path: *System\Remote Assistance*
@@ -87,7 +87,7 @@ ADMX Info:
-**ADMX_RemoteAssistance/RA_Optimize_Bandwidth**
+**ADMX_RemoteAssistance/RA_Optimize_Bandwidth**
@@ -141,7 +141,7 @@ If you don't configure this policy setting, application-based settings are used.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on bandwidth optimization*
- GP name: *RA_Optimize_Bandwidth*
- GP path: *System\Remote Assistance*
diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
index f4f47dc890..08443a988b 100644
--- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md
+++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/10/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_RemovableStorage
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_RemovableStorage policies
+## ADMX_RemovableStorage policies
-
@@ -128,7 +128,7 @@ manager: aaroncz
-**ADMX_RemovableStorage/AccessRights_RebootTime_1**
+**ADMX_RemovableStorage/AccessRights_RebootTime_1**
@@ -167,7 +167,7 @@ If you disable or don't configure this setting, the operating system does not fo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set time (in seconds) to force reboot*
- GP name: *AccessRights_RebootTime_1*
- GP path: *System\Removable Storage Access*
@@ -178,7 +178,7 @@ ADMX Info:
-**ADMX_RemovableStorage/AccessRights_RebootTime_2**
+**ADMX_RemovableStorage/AccessRights_RebootTime_2**
@@ -217,7 +217,7 @@ If you disable or don't configure this setting, the operating system does not fo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set time (in seconds) to force reboot*
- GP name: *AccessRights_RebootTime_2*
- GP path: *System\Removable Storage Access*
@@ -228,7 +228,7 @@ ADMX Info:
-**ADMX_RemovableStorage/CDandDVD_DenyExecute_Access_2**
+**ADMX_RemovableStorage/CDandDVD_DenyExecute_Access_2**
@@ -264,7 +264,7 @@ If you disable or don't configure this policy setting, execute access is allowed
-ADMX Info:
+ADMX Info:
- GP Friendly name: *CD and DVD: Deny execute access*
- GP name: *CDandDVD_DenyExecute_Access_2*
- GP path: *System\Removable Storage Access*
@@ -275,7 +275,7 @@ ADMX Info:
-**ADMX_RemovableStorage/CDandDVD_DenyRead_Access_1**
+**ADMX_RemovableStorage/CDandDVD_DenyRead_Access_1**
@@ -310,7 +310,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *CD and DVD: Deny read access*
- GP name: *CDandDVD_DenyRead_Access_1*
- GP path: *System\Removable Storage Access*
@@ -321,7 +321,7 @@ ADMX Info:
-**ADMX_RemovableStorage/CDandDVD_DenyRead_Access_2**
+**ADMX_RemovableStorage/CDandDVD_DenyRead_Access_2**
@@ -357,7 +357,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *CD and DVD: Deny read access*
- GP name: *CDandDVD_DenyRead_Access_2*
- GP path: *System\Removable Storage Access*
@@ -368,7 +368,7 @@ ADMX Info:
-**ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_1**
+**ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_1**
@@ -404,7 +404,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *CD and DVD: Deny write access*
- GP name: *CDandDVD_DenyWrite_Access_1*
- GP path: *System\Removable Storage Access*
@@ -415,7 +415,7 @@ ADMX Info:
-**ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_2**
+**ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_2**
@@ -451,7 +451,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *CD and DVD: Deny write access*
- GP name: *CDandDVD_DenyWrite_Access_2*
- GP path: *System\Removable Storage Access*
@@ -462,7 +462,7 @@ ADMX Info:
-**ADMX_RemovableStorage/CustomClasses_DenyRead_Access_1**
+**ADMX_RemovableStorage/CustomClasses_DenyRead_Access_1**
@@ -498,7 +498,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Custom Classes: Deny read access*
- GP name: *CustomClasses_DenyRead_Access_1*
- GP path: *System\Removable Storage Access*
@@ -509,7 +509,7 @@ ADMX Info:
-**ADMX_RemovableStorage/CustomClasses_DenyRead_Access_2**
+**ADMX_RemovableStorage/CustomClasses_DenyRead_Access_2**
@@ -545,7 +545,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Custom Classes: Deny read access*
- GP name: *CustomClasses_DenyRead_Access_2*
- GP path: *System\Removable Storage Access*
@@ -556,7 +556,7 @@ ADMX Info:
-**ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_1**
+**ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_1**
@@ -592,7 +592,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Custom Classes: Deny write access*
- GP name: *CustomClasses_DenyWrite_Access_1*
- GP path: *System\Removable Storage Access*
@@ -602,7 +602,7 @@ ADMX Info:
-**ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_2**
+**ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_2**
@@ -638,7 +638,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Custom Classes: Deny write access*
- GP name: *CustomClasses_DenyWrite_Access_2*
- GP path: *System\Removable Storage Access*
@@ -648,7 +648,7 @@ ADMX Info:
-**ADMX_RemovableStorage/FloppyDrives_DenyExecute_Access_2**
+**ADMX_RemovableStorage/FloppyDrives_DenyExecute_Access_2**
@@ -684,7 +684,7 @@ If you disable or don't configure this policy setting, execute access is allowed
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Floppy Drives: Deny execute access*
- GP name: *FloppyDrives_DenyExecute_Access_2*
- GP path: *System\Removable Storage Access*
@@ -694,7 +694,7 @@ ADMX Info:
-**ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_1**
+**ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_1**
@@ -730,7 +730,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Floppy Drives: Deny read access*
- GP name: *FloppyDrives_DenyRead_Access_1*
- GP path: *System\Removable Storage Access*
@@ -740,7 +740,7 @@ ADMX Info:
-**ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_2**
+**ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_2**
@@ -776,7 +776,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Floppy Drives: Deny read access*
- GP name: *FloppyDrives_DenyRead_Access_2*
- GP path: *System\Removable Storage Access*
@@ -786,7 +786,7 @@ ADMX Info:
-**ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_1**
+**ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_1**
@@ -821,7 +821,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Floppy Drives: Deny write access*
- GP name: *FloppyDrives_DenyWrite_Access_1*
- GP path: *System\Removable Storage Access*
@@ -831,7 +831,7 @@ ADMX Info:
-**ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_2**
+**ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_2**
@@ -867,7 +867,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Floppy Drives: Deny write access*
- GP name: *FloppyDrives_DenyWrite_Access_2*
- GP path: *System\Removable Storage Access*
@@ -877,7 +877,7 @@ ADMX Info:
-**ADMX_RemovableStorage/RemovableDisks_DenyExecute_Access_2**
+**ADMX_RemovableStorage/RemovableDisks_DenyExecute_Access_2**
@@ -912,7 +912,7 @@ If you disable or don't configure this policy setting, execute access is allowed
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Removable Disks: Deny execute access*
- GP name: *RemovableDisks_DenyExecute_Access_2*
- GP path: *System\Removable Storage Access*
@@ -922,7 +922,7 @@ ADMX Info:
-**ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_1**
+**ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_1**
@@ -958,7 +958,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Removable Disks: Deny read access*
- GP name: *RemovableDisks_DenyRead_Access_1*
- GP path: *System\Removable Storage Access*
@@ -968,7 +968,7 @@ ADMX Info:
-**ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_2**
+**ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_2**
@@ -1003,7 +1003,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Removable Disks: Deny read access*
- GP name: *RemovableDisks_DenyRead_Access_2*
- GP path: *System\Removable Storage Access*
@@ -1013,7 +1013,7 @@ ADMX Info:
-**ADMX_RemovableStorage/RemovableDisks_DenyWrite_Access_1**
+**ADMX_RemovableStorage/RemovableDisks_DenyWrite_Access_1**
@@ -1052,7 +1052,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Removable Disks: Deny write access*
- GP name: *RemovableDisks_DenyWrite_Access_1*
- GP path: *System\Removable Storage Access*
@@ -1062,7 +1062,7 @@ ADMX Info:
-**ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_1**
+**ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_1**
@@ -1100,7 +1100,7 @@ If you disable or don't configure this policy setting, write and read accesses a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *All Removable Storage classes: Deny all access*
- GP name: *RemovableStorageClasses_DenyAll_Access_1*
- GP path: *System\Removable Storage Access*
@@ -1110,7 +1110,7 @@ ADMX Info:
-**ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_2**
+**ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_2**
@@ -1136,7 +1136,7 @@ ADMX Info:
-Configure access to all removable storage classes.
+Configure access to all removable storage classes.
This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings available for each class.
@@ -1148,7 +1148,7 @@ If you disable or don't configure this policy setting, write and read accesses a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *All Removable Storage classes: Deny all access*
- GP name: *RemovableStorageClasses_DenyAll_Access_2*
- GP path: *System\Removable Storage Access*
@@ -1158,7 +1158,7 @@ ADMX Info:
-**ADMX_RemovableStorage/Removable_Remote_Allow_Access**
+**ADMX_RemovableStorage/Removable_Remote_Allow_Access**
@@ -1194,7 +1194,7 @@ If you disable or don't configure this policy setting, remote users cannot open
-ADMX Info:
+ADMX Info:
- GP Friendly name: *All Removable Storage: Allow direct access in remote sessions*
- GP name: *Removable_Remote_Allow_Access*
- GP path: *System\Removable Storage Access*
@@ -1204,7 +1204,7 @@ ADMX Info:
-**ADMX_RemovableStorage/TapeDrives_DenyExecute_Access_2**
+**ADMX_RemovableStorage/TapeDrives_DenyExecute_Access_2**
@@ -1240,7 +1240,7 @@ If you disable or don't configure this policy setting, execute access is allowed
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Tape Drives: Deny execute access*
- GP name: *TapeDrives_DenyExecute_Access_2*
- GP path: *System\Removable Storage Access*
@@ -1250,7 +1250,7 @@ ADMX Info:
-**ADMX_RemovableStorage/TapeDrives_DenyRead_Access_1**
+**ADMX_RemovableStorage/TapeDrives_DenyRead_Access_1**
@@ -1285,7 +1285,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Tape Drives: Deny read access*
- GP name: *TapeDrives_DenyRead_Access_1*
- GP path: *System\Removable Storage Access*
@@ -1295,7 +1295,7 @@ ADMX Info:
-**ADMX_RemovableStorage/TapeDrives_DenyRead_Access_2**
+**ADMX_RemovableStorage/TapeDrives_DenyRead_Access_2**
@@ -1331,7 +1331,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Tape Drives: Deny read access*
- GP name: *TapeDrives_DenyRead_Access_2*
- GP path: *System\Removable Storage Access*
@@ -1341,7 +1341,7 @@ ADMX Info:
-**ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_1**
+**ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_1**
@@ -1376,7 +1376,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Tape Drives: Deny write access*
- GP name: *TapeDrives_DenyWrite_Access_1*
- GP path: *System\Removable Storage Access*
@@ -1386,7 +1386,7 @@ ADMX Info:
-**ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_2**
+**ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_2**
@@ -1422,7 +1422,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Tape Drives: Deny write access*
- GP name: *TapeDrives_DenyWrite_Access_2*
- GP path: *System\Removable Storage Access*
@@ -1432,7 +1432,7 @@ ADMX Info:
-**ADMX_RemovableStorage/WPDDevices_DenyRead_Access_1**
+**ADMX_RemovableStorage/WPDDevices_DenyRead_Access_1**
@@ -1468,7 +1468,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *WPD Devices: Deny read access*
- GP name: *WPDDevices_DenyRead_Access_1*
- GP path: *System\Removable Storage Access*
@@ -1478,7 +1478,7 @@ ADMX Info:
-**ADMX_RemovableStorage/WPDDevices_DenyRead_Access_2**
+**ADMX_RemovableStorage/WPDDevices_DenyRead_Access_2**
@@ -1513,7 +1513,7 @@ If you disable or don't configure this policy setting, read access is allowed to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *WPD Devices: Deny read access*
- GP name: *WPDDevices_DenyRead_Access_2*
- GP path: *System\Removable Storage Access*
@@ -1523,7 +1523,7 @@ ADMX Info:
-**ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_1**
+**ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_1**
@@ -1559,7 +1559,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *WPD Devices: Deny write access*
- GP name: *WPDDevices_DenyWrite_Access_1*
- GP path: *System\Removable Storage Access*
@@ -1569,7 +1569,7 @@ ADMX Info:
-**ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_2**
+**ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_2**
@@ -1605,7 +1605,7 @@ If you disable or don't configure this policy setting, write access is allowed t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *WPD Devices: Deny write access*
- GP name: *WPDDevices_DenyWrite_Access_2*
- GP path: *System\Removable Storage Access*
diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md
index 6f085b0205..dd65a10b51 100644
--- a/windows/client-management/mdm/policy-csp-admx-rpc.md
+++ b/windows/client-management/mdm/policy-csp-admx-rpc.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/08/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_RPC
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_RPC policies
+## ADMX_RPC policies
-
@@ -44,7 +44,7 @@ manager: aaroncz
-**ADMX_RPC/RpcExtendedErrorInformation**
+**ADMX_RPC/RpcExtendedErrorInformation**
@@ -99,7 +99,7 @@ You must select an error response type from the folowing options in the drop-dow
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Propagate extended error information*
- GP name: *RpcExtendedErrorInformation*
- GP path: *System\Remote Procedure Call*
@@ -110,7 +110,7 @@ ADMX Info:
-**ADMX_RPC/RpcIgnoreDelegationFailure**
+**ADMX_RPC/RpcIgnoreDelegationFailure**
@@ -140,7 +140,7 @@ This policy setting controls whether the RPC Runtime ignores delegation failures
The constrained delegation model, introduced in Windows Server 2003, doesn't report that delegation was enabled on a security context when a client connects to a server. Callers of RPC and COM are encouraged to use the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag, but some applications written for the traditional delegation model prior to Windows Server 2003 may not use this flag and will encounter RPC_S_SEC_PKG_ERROR when connecting to a server that uses constrained delegation.
-If you disable this policy setting, the RPC Runtime will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation.
+If you disable this policy setting, the RPC Runtime will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation.
If you don't configure this policy setting, it remains disabled and will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation.
@@ -156,7 +156,7 @@ If you enable this policy setting, then:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ignore Delegation Failure*
- GP name: *RpcIgnoreDelegationFailure*
- GP path: *System\Remote Procedure Call*
@@ -168,7 +168,7 @@ ADMX Info:
-**ADMX_RPC/RpcMinimumHttpConnectionTimeout**
+**ADMX_RPC/RpcMinimumHttpConnectionTimeout**
@@ -194,7 +194,7 @@ ADMX Info:
-This policy setting controls the idle connection timeout for RPC/HTTP connections.
+This policy setting controls the idle connection timeout for RPC/HTTP connections.
This policy setting is useful in cases where a network agent like an HTTP proxy or a router uses a lower idle connection timeout than the IIS server running the RPC/HTTP proxy. In such cases, RPC/HTTP clients may encounter errors because connections will be timed out faster than expected. Using this policy setting you can force the RPC Runtime and the RPC/HTTP Proxy to use a lower connection timeout.
@@ -215,7 +215,7 @@ If you enable this policy setting, and the IIS server running the RPC HTTP proxy
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Minimum Idle Connection Timeout for RPC/HTTP connections*
- GP name: *RpcMinimumHttpConnectionTimeout*
- GP path: *System\Remote Procedure Call*
@@ -226,7 +226,7 @@ ADMX Info:
-**ADMX_RPC/RpcStateInformation**
+**ADMX_RPC/RpcStateInformation**
@@ -256,13 +256,13 @@ This policy setting determines whether the RPC Runtime maintains RPC state infor
If you disable this policy setting, the RPC runtime defaults to "Auto2" level.
-If you don't configure this policy setting, the RPC defaults to "Auto2" level.
+If you don't configure this policy setting, the RPC defaults to "Auto2" level.
If you enable this policy setting, you can use the drop-down box to determine which systems maintain RPC state information from the following:
- "None" indicates that the system doesn't maintain any RPC state information. Note: Because the basic state information required for troubleshooting has a negligible effect on performance and uses only about 4K of memory, this setting isn't recommended for most installations.
- "Auto1" directs RPC to maintain basic state information only if the computer has at least 64 MB of memory.
-- "Auto2" directs RPC to maintain basic state information only if the computer has at least 128 MB of memory and is running Windows 2000 Server, Windows 2000 Advanced Server, or Windows 2000 Datacenter Server.
+- "Auto2" directs RPC to maintain basic state information only if the computer has at least 128 MB of memory and is running Windows 2000 Server, Windows 2000 Advanced Server, or Windows 2000 Datacenter Server.
- "Server" directs RPC to maintain basic state information on the computer, regardless of its capacity.
- "Full" directs RPC to maintain complete RPC state information on the system, regardless of its capacity. Because this level can degrade performance, it's recommended for use only while you're investigating an RPC problem.
@@ -274,7 +274,7 @@ If you enable this policy setting, you can use the drop-down box to determine wh
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Maintain RPC Troubleshooting State Information*
- GP name: *RpcStateInformation*
- GP path: *System\Remote Procedure Call*
diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md
index fec515d046..17f566c89e 100644
--- a/windows/client-management/mdm/policy-csp-admx-scripts.md
+++ b/windows/client-management/mdm/policy-csp-admx-scripts.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/17/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Scripts
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Scripts policies
+## ADMX_Scripts policies
-
@@ -68,7 +68,7 @@ manager: aaroncz
-**ADMX_Scripts/Allow_Logon_Script_NetbiosDisabled**
+**ADMX_Scripts/Allow_Logon_Script_NetbiosDisabled**
@@ -104,7 +104,7 @@ If you disable or don't configure this policy setting, user account cross-forest
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow logon scripts when NetBIOS or WINS is disabled*
- GP name: *Allow_Logon_Script_NetbiosDisabled*
- GP path: *System\Scripts*
@@ -115,7 +115,7 @@ ADMX Info:
-**ADMX_Scripts/MaxGPOScriptWaitPolicy**
+**ADMX_Scripts/MaxGPOScriptWaitPolicy**
@@ -141,13 +141,13 @@ ADMX Info:
-This policy setting determines how long the system waits for scripts applied by Group Policy to run.
+This policy setting determines how long the system waits for scripts applied by Group Policy to run.
This setting limits the total time allowed for all logon, logoff, startup, and shutdown scripts applied by Group Policy to finish running. If the scripts haven't finished running when the specified time expires, the system stops script processing and records an error event.
-If you enable this setting, then, in the Seconds box, you can type a number from 1 to 32,000 for the number of seconds you want the system to wait for the set of scripts to finish. To direct the system to wait until the scripts have finished, no matter how long they take, type 0.
+If you enable this setting, then, in the Seconds box, you can type a number from 1 to 32,000 for the number of seconds you want the system to wait for the set of scripts to finish. To direct the system to wait until the scripts have finished, no matter how long they take, type 0.
-This interval is important when other system tasks must wait while the scripts complete. By default, each startup script must complete before the next one runs. Also, you can use the "Run logon scripts synchronously" setting to direct the system to wait for the logon scripts to complete before loading the desktop.
+This interval is important when other system tasks must wait while the scripts complete. By default, each startup script must complete before the next one runs. Also, you can use the "Run logon scripts synchronously" setting to direct the system to wait for the logon scripts to complete before loading the desktop.
An excessively long interval can delay the system and cause inconvenience to users. However, if the interval is too short, prerequisite tasks might not be done, and the system can appear to be ready prematurely.
@@ -157,7 +157,7 @@ If you disable or don't configure this setting, the system lets the combined set
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify maximum wait time for Group Policy scripts*
- GP name: *MaxGPOScriptWaitPolicy*
- GP path: *System\Scripts*
@@ -168,7 +168,7 @@ ADMX Info:
-**ADMX_Scripts/Run_Computer_PS_Scripts_First**
+**ADMX_Scripts/Run_Computer_PS_Scripts_First**
@@ -194,25 +194,25 @@ ADMX Info:
-This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts.
-
-If you enable this policy setting, within each applicable Group Policy Object (GPO), Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown.
+This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts.
-For example, assume the following scenario:
+If you enable this policy setting, within each applicable Group Policy Object (GPO), Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown.
-There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A.
+For example, assume the following scenario:
+
+There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A.
GPO B and GPO C include the following computer startup scripts:
- GPO B: B.cmd, B.ps1
- GPO C: C.cmd, C.ps1
-Assume also that there are two computers, DesktopIT and DesktopSales.
+Assume also that there are two computers, DesktopIT and DesktopSales.
For DesktopIT, GPOs A, B, and C are applied. Therefore, the scripts for GPOs B and C run in the following order for DesktopIT:
- Within GPO B: B.ps1, B.cmd
- Within GPO C: C.ps1, C.cmd
-
+
For DesktopSales, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C run in the following order for DesktopSales:
- Within GPO B: B.cmd, B.ps1
@@ -227,7 +227,7 @@ For DesktopSales, GPOs B and C are applied, but not GPO A. Therefore, the script
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Run Windows PowerShell scripts first at computer startup, shutdown*
- GP name: *Run_Computer_PS_Scripts_First*
- GP path: *System\Scripts*
@@ -238,7 +238,7 @@ ADMX Info:
-**ADMX_Scripts/Run_Legacy_Logon_Script_Hidden**
+**ADMX_Scripts/Run_Legacy_Logon_Script_Hidden**
@@ -264,7 +264,7 @@ ADMX Info:
-This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier.
+This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier.
Logon scripts are batch files of instructions that run when the user logs on. By default, Windows displays the instructions in logon scripts written for Windows NT 4.0 and earlier in a command window as they run, although it doesn't display logon scripts written for Windows.
@@ -278,7 +278,7 @@ Also, see the "Run Logon Scripts Visible" setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Run legacy logon scripts hidden*
- GP name: *Run_Legacy_Logon_Script_Hidden*
- GP path: *System\Scripts*
@@ -289,7 +289,7 @@ ADMX Info:
-**ADMX_Scripts/Run_Logoff_Script_Visible**
+**ADMX_Scripts/Run_Logoff_Script_Visible**
@@ -327,7 +327,7 @@ If you disable or don't configure this policy setting, the instructions are supp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display instructions in logoff scripts as they run*
- GP name: *Run_Logoff_Script_Visible*
- GP path: *System\Scripts*
@@ -338,7 +338,7 @@ ADMX Info:
-**ADMX_Scripts/Run_Logon_Script_Sync_1**
+**ADMX_Scripts/Run_Logon_Script_Sync_1**
@@ -376,7 +376,7 @@ This policy setting appears in the Computer Configuration and User Configuration
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Run logon scripts synchronously*
- GP name: *Run_Logon_Script_Sync_1*
- GP path: *System\Scripts*
@@ -387,7 +387,7 @@ ADMX Info:
-**ADMX_Scripts/Run_Logon_Script_Sync_2**
+**ADMX_Scripts/Run_Logon_Script_Sync_2**
@@ -425,7 +425,7 @@ This policy setting appears in the Computer Configuration and User Configuration
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Run logon scripts synchronously*
- GP name: *Run_Logon_Script_Sync_2*
- GP path: *System\Scripts*
@@ -436,7 +436,7 @@ ADMX Info:
-**ADMX_Scripts/Run_Logon_Script_Visible**
+**ADMX_Scripts/Run_Logon_Script_Visible**
@@ -474,7 +474,7 @@ If you disable or don't configure this policy setting, the instructions are supp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display instructions in logon scripts as they run*
- GP name: *Run_Logon_Script_Visible*
- GP path: *System\Scripts*
@@ -485,7 +485,7 @@ ADMX Info:
-**ADMX_Scripts/Run_Shutdown_Script_Visible**
+**ADMX_Scripts/Run_Shutdown_Script_Visible**
@@ -523,7 +523,7 @@ If you disable or don't configure this policy setting, the instructions are supp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display instructions in shutdown scripts as they run*
- GP name: *Run_Shutdown_Script_Visible*
- GP path: *System\Scripts*
@@ -534,7 +534,7 @@ ADMX Info:
-**ADMX_Scripts/Run_Startup_Script_Sync**
+**ADMX_Scripts/Run_Startup_Script_Sync**
@@ -575,7 +575,7 @@ If you disable or don't configure this policy setting, a startup can't run until
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Run startup scripts asynchronously*
- GP name: *Run_Startup_Script_Sync*
- GP path: *System\Scripts*
@@ -586,7 +586,7 @@ ADMX Info:
-**ADMX_Scripts/Run_Startup_Script_Visible**
+**ADMX_Scripts/Run_Startup_Script_Visible**
@@ -627,7 +627,7 @@ If you disable or don't configure this policy setting, the instructions are supp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display instructions in startup scripts as they run*
- GP name: *Run_Startup_Script_Visible*
- GP path: *System\Scripts*
@@ -638,7 +638,7 @@ ADMX Info:
-**ADMX_Scripts/Run_User_PS_Scripts_First**
+**ADMX_Scripts/Run_User_PS_Scripts_First**
@@ -665,25 +665,25 @@ ADMX Info:
-This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during user sign in and sign out. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts.
-
-If you enable this policy setting, within each applicable Group Policy Object (GPO), PowerShell scripts are run before non-PowerShell scripts during user sign in and sign out.
+This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during user sign in and sign out. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts.
-For example, assume the following scenario:
+If you enable this policy setting, within each applicable Group Policy Object (GPO), PowerShell scripts are run before non-PowerShell scripts during user sign in and sign out.
-There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A.
+For example, assume the following scenario:
+
+There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A.
GPO B and GPO C include the following user logon scripts:
- GPO B: B.cmd, B.ps1
- GPO C: C.cmd, C.ps1
-Assume also that there are two users, Qin Hong and Tamara Johnston.
+Assume also that there are two users, Qin Hong and Tamara Johnston.
For Qin, GPOs A, B, and C are applied. Therefore, the scripts for GPOs B and C run in the following order for Qin:
- Within GPO B: B.ps1, B.cmd
- Within GPO C: C.ps1, C.cmd
-
+
For Tamara, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C run in the following order for Tamara:
- Within GPO B: B.cmd, B.ps1
@@ -700,7 +700,7 @@ This policy setting appears in the Computer Configuration and User Configuration
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Run Windows PowerShell scripts first at user logon, logoff*
- GP name: *Run_User_PS_Scripts_First*
- GP path: *System\Scripts*
diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md
index 354380bdd2..8c5033f06e 100644
--- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md
+++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/18/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_sdiageng
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_sdiageng policies
+## ADMX_sdiageng policies
-
@@ -41,7 +41,7 @@ manager: aaroncz
-**ADMX_sdiageng/BetterWhenConnected**
+**ADMX_sdiageng/BetterWhenConnected**
@@ -77,7 +77,7 @@ If you disable this policy setting, users can only access and search troubleshoo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)*
- GP name: *BetterWhenConnected*
- GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics*
@@ -88,7 +88,7 @@ ADMX Info:
-**ADMX_sdiageng/ScriptedDiagnosticsExecutionPolicy**
+**ADMX_sdiageng/ScriptedDiagnosticsExecutionPolicy**
@@ -127,7 +127,7 @@ If this policy setting is disabled, the users cannot access or run the troublesh
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Troubleshooting: Allow users to access and run Troubleshooting Wizards*
- GP name: *ScriptedDiagnosticsExecutionPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics*
@@ -138,7 +138,7 @@ ADMX Info:
-**ADMX_sdiageng/ScriptedDiagnosticsSecurityPolicy**
+**ADMX_sdiageng/ScriptedDiagnosticsSecurityPolicy**
@@ -174,7 +174,7 @@ If you disable or don't configure this policy setting, the scripted diagnostics
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Security Policy for Scripted Diagnostics*
- GP name: *ScriptedDiagnosticsSecurityPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics*
diff --git a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
index 84cea15e19..367f3dbf77 100644
--- a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
+++ b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/17/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_sdiagschd policies
+## ADMX_sdiagschd policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_sdiagschd/ScheduledDiagnosticsExecutionPolicy**
+**ADMX_sdiagschd/ScheduledDiagnosticsExecutionPolicy**
@@ -62,21 +62,21 @@ manager: aaroncz
-This policy determines whether scheduled diagnostics will run to proactively detect and resolve system problems.
+This policy determines whether scheduled diagnostics will run to proactively detect and resolve system problems.
If you enable this policy setting, you must choose an execution level from the following:
-- If you choose detection and troubleshooting only, Windows will periodically detect and troubleshoot problems. The user will be notified of the problem for interactive resolution.
-- If you choose detection, troubleshooting and resolution, Windows will resolve some of these problems silently without requiring user input.
+- If you choose detection and troubleshooting only, Windows will periodically detect and troubleshoot problems. The user will be notified of the problem for interactive resolution.
+- If you choose detection, troubleshooting and resolution, Windows will resolve some of these problems silently without requiring user input.
-If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve problems on a scheduled basis.
+If you disable this policy setting, Windows won't be able to detect, troubleshoot or resolve problems on a scheduled basis.
If you don't configure this policy setting, local troubleshooting preferences will take precedence, as configured in the control panel. If no local troubleshooting preference is configured, scheduled diagnostics are enabled for detection, troubleshooting and resolution by default. No reboots or service restarts are required for this policy to take effect: changes take effect immediately. This policy setting will only take effect when the Task Scheduler service is in the running state. When the service is stopped or disabled, scheduled diagnostics won't be executed. The Task Scheduler service can be configured with the Services snap-in to the Microsoft Management Console.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Scheduled Maintenance Behavior*
- GP name: *ScheduledDiagnosticsExecutionPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Scheduled Maintenance*
diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md
index 66efb88c7f..752c99679a 100644
--- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md
+++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/18/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Securitycenter
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Securitycenter policies
+## ADMX_Securitycenter policies
-
@@ -35,7 +35,7 @@ manager: aaroncz
-**ADMX_Securitycenter/SecurityCenter_SecurityCenterInDomain**
+**ADMX_Securitycenter/SecurityCenter_SecurityCenterInDomain**
@@ -61,15 +61,15 @@ manager: aaroncz
-This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk.
+This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk.
-The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center isn't enabled on the domain, the notifications and the Security Center status section aren't displayed.
+The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center isn't enabled on the domain, the notifications and the Security Center status section aren't displayed.
Security Center can only be turned off for computers that are joined to a Windows domain. When a computer isn't joined to a Windows domain, the policy setting will have no effect.
-If you don't configure this policy setting, the Security Center is turned off for domain members.
+If you don't configure this policy setting, the Security Center is turned off for domain members.
-If you enable this policy setting, Security Center is turned on for all users.
+If you enable this policy setting, Security Center is turned on for all users.
If you disable this policy setting, Security Center is turned off for domain members.
@@ -78,7 +78,7 @@ If you disable this policy setting, Security Center is turned off for domain mem
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on Security Center (Domain PCs only)*
- GP name: *SecurityCenter_SecurityCenterInDomain*
- GP path: *Windows Components\Security Center*
diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md
index 37049367dc..9594e730fc 100644
--- a/windows/client-management/mdm/policy-csp-admx-sensors.md
+++ b/windows/client-management/mdm/policy-csp-admx-sensors.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 10/22/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Sensors
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Sensors policies
+## ADMX_Sensors policies
-
@@ -47,7 +47,7 @@ manager: aaroncz
-**ADMX_Sensors/DisableLocationScripting_1**
+**ADMX_Sensors/DisableLocationScripting_1**
@@ -83,7 +83,7 @@ If you disable or don't configure this policy setting, all location scripts will
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off location scripting*
- GP name: *DisableLocationScripting_1*
- GP path: *Windows Components\Location and Sensors*
@@ -94,7 +94,7 @@ ADMX Info:
-**ADMX_Sensors/DisableLocationScripting_2**
+**ADMX_Sensors/DisableLocationScripting_2**
@@ -130,7 +130,7 @@ If you disable or don't configure this policy setting, all location scripts will
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off location scripting*
- GP name: *DisableLocationScripting_2*
- GP path: *Windows Components\Location and Sensors*
@@ -141,7 +141,7 @@ ADMX Info:
-**ADMX_Sensors/DisableLocation_1**
+**ADMX_Sensors/DisableLocation_1**
@@ -177,7 +177,7 @@ If you disable or don't configure this policy setting, all programs on this comp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off location*
- GP name: *DisableLocation_1*
- GP path: *Windows Components\Location and Sensors*
@@ -188,7 +188,7 @@ ADMX Info:
-**ADMX_Sensors/DisableSensors_1**
+**ADMX_Sensors/DisableSensors_1**
@@ -224,7 +224,7 @@ If you disable or don't configure this policy setting, all programs on this comp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off sensors*
- GP name: *DisableSensors_1*
- GP path: *Windows Components\Location and Sensors*
@@ -235,7 +235,7 @@ ADMX Info:
-**ADMX_Sensors/DisableSensors_2**
+**ADMX_Sensors/DisableSensors_2**
@@ -271,7 +271,7 @@ If you disable or don't configure this policy setting, all programs on this comp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off sensors*
- GP name: *DisableSensors_2*
- GP path: *Windows Components\Location and Sensors*
diff --git a/windows/client-management/mdm/policy-csp-admx-servermanager.md b/windows/client-management/mdm/policy-csp-admx-servermanager.md
index 2f5de5c9a8..778579fcad 100644
--- a/windows/client-management/mdm/policy-csp-admx-servermanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-servermanager.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/18/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_ServerManager policies
+## ADMX_ServerManager policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -45,7 +45,7 @@ manager: aaroncz
-**ADMX_ServerManager/Do_not_display_Manage_Your_Server_page**
+**ADMX_ServerManager/Do_not_display_Manage_Your_Server_page**
@@ -71,13 +71,13 @@ manager: aaroncz
-This policy setting allows you to turn off the automatic display of Server Manager at sign in.
+This policy setting allows you to turn off the automatic display of Server Manager at sign in.
-If you enable this policy setting, Server Manager isn't displayed automatically when a user signs in to the server.
+If you enable this policy setting, Server Manager isn't displayed automatically when a user signs in to the server.
-If you disable this policy setting, Server Manager is displayed automatically when a user signs in to the server.
+If you disable this policy setting, Server Manager is displayed automatically when a user signs in to the server.
-If you don't configure this policy setting, Server Manager is displayed when a user signs in to the server. However, if the "Do not show me this console at logon" (Windows Server 2008 and Windows Server 2008 R2) or “Do not start Server Manager automatically at logon” (Windows Server 2012) option is selected, the console isn't displayed automatically at a sign in.
+If you don't configure this policy setting, Server Manager is displayed when a user signs in to the server. However, if the "Do not show me this console at logon" (Windows Server 2008 and Windows Server 2008 R2) or “Do not start Server Manager automatically at logon” (Windows Server 2012) option is selected, the console isn't displayed automatically at a sign in.
> [!NOTE]
> Regardless of the status of this policy setting, Server Manager is available from the Start menu or the Windows taskbar.
@@ -86,7 +86,7 @@ If you don't configure this policy setting, Server Manager is displayed when a u
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not display Server Manager automatically at logon*
- GP name: *Do_not_display_Manage_Your_Server_page*
- GP path: *System\Server Manager*
@@ -98,7 +98,7 @@ ADMX Info:
-**ADMX_ServerManager/ServerManagerAutoRefreshRate**
+**ADMX_ServerManager/ServerManagerAutoRefreshRate**
@@ -124,11 +124,11 @@ ADMX Info:
-This policy setting allows you to set the refresh interval for Server Manager. Each refresh provides Server Manager with updated information about which roles and features are installed on servers that you're managing by using Server Manager. Server Manager also monitors the status of roles and features installed on managed servers.
+This policy setting allows you to set the refresh interval for Server Manager. Each refresh provides Server Manager with updated information about which roles and features are installed on servers that you're managing by using Server Manager. Server Manager also monitors the status of roles and features installed on managed servers.
-- If you enable this policy setting, Server Manager uses the refresh interval specified in the policy setting instead of the “Configure Refresh Interval” setting (in Windows Server 2008 and Windows Server 2008 R2), or the “Refresh the data shown in Server Manager every [x] [minutes/hours/days]” setting (in Windows Server 2012) that is configured in the Server Manager console.
+- If you enable this policy setting, Server Manager uses the refresh interval specified in the policy setting instead of the “Configure Refresh Interval” setting (in Windows Server 2008 and Windows Server 2008 R2), or the “Refresh the data shown in Server Manager every [x] [minutes/hours/days]” setting (in Windows Server 2012) that is configured in the Server Manager console.
-- If you disable this policy setting, Server Manager doesn't refresh automatically. If you don't configure this policy setting, Server Manager uses the refresh interval settings that are specified in the Server Manager console.
+- If you disable this policy setting, Server Manager doesn't refresh automatically. If you don't configure this policy setting, Server Manager uses the refresh interval settings that are specified in the Server Manager console.
> [!NOTE]
> The default refresh interval for Server Manager is two minutes in Windows Server 2008 and Windows Server 2008 R2, or 10 minutes in Windows Server 2012.
@@ -138,7 +138,7 @@ This policy setting allows you to set the refresh interval for Server Manager. E
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure the refresh interval for Server Manager*
- GP name: *ServerManagerAutoRefreshRate*
- GP path: *System\Server Manager*
@@ -149,7 +149,7 @@ ADMX Info:
-**ADMX_ServerManager/DoNotLaunchInitialConfigurationTasks**
+**ADMX_ServerManager/DoNotLaunchInitialConfigurationTasks**
@@ -175,9 +175,9 @@ ADMX Info:
-This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at a sign in on Windows Server 2008 and Windows Server 2008 R2.
+This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at a sign in on Windows Server 2008 and Windows Server 2008 R2.
-If you enable this policy setting, the Initial Configuration Tasks window isn't displayed when an administrator signs in to the server.
+If you enable this policy setting, the Initial Configuration Tasks window isn't displayed when an administrator signs in to the server.
If you disable this policy setting, the Initial Configuration Tasks window is displayed when an administrator signs in to the server.
@@ -187,7 +187,7 @@ If you don't configure this policy setting, the Initial Configuration Tasks wind
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not display Initial Configuration Tasks window automatically at logon*
- GP name: *DoNotLaunchInitialConfigurationTasks*
- GP path: *System\Server Manager*
@@ -198,7 +198,7 @@ ADMX Info:
-**ADMX_ServerManager/DoNotLaunchServerManager**
+**ADMX_ServerManager/DoNotLaunchServerManager**
@@ -224,11 +224,11 @@ ADMX Info:
-This policy setting allows you to turn off the automatic display of the Manage Your Server page.
+This policy setting allows you to turn off the automatic display of the Manage Your Server page.
-- If you enable this policy setting, the Manage Your Server page isn't displayed each time an administrator signs in to the server.
+- If you enable this policy setting, the Manage Your Server page isn't displayed each time an administrator signs in to the server.
-- If you disable or don't configure this policy setting, the Manage Your Server page is displayed each time an administrator signs in to the server.
+- If you disable or don't configure this policy setting, the Manage Your Server page is displayed each time an administrator signs in to the server.
However, if the administrator has selected the "Don’t display this page at logon" option at the bottom of the Manage Your Server page, the page isn't displayed.
@@ -236,7 +236,7 @@ However, if the administrator has selected the "Don’t display this page at log
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not display Manage Your Server page at logon*
- GP name: *DoNotLaunchServerManager*
- GP path: *System\Server Manager*
diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md
index c68630eec1..cce3151729 100644
--- a/windows/client-management/mdm/policy-csp-admx-settingsync.md
+++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/01/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_SettingSync
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_SettingSync policies
+## ADMX_SettingSync policies
-
@@ -59,7 +59,7 @@ manager: aaroncz
-**ADMX_SettingSync/DisableAppSyncSettingSync**
+**ADMX_SettingSync/DisableAppSyncSettingSync**
@@ -97,7 +97,7 @@ If you don't set or disable this setting, syncing of the "AppSync" group is on b
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not sync Apps*
- GP name: *DisableAppSyncSettingSync*
- GP path: *Windows Components\Sync your settings*
@@ -108,7 +108,7 @@ ADMX Info:
-**ADMX_SettingSync/DisableApplicationSettingSync**
+**ADMX_SettingSync/DisableApplicationSettingSync**
@@ -146,7 +146,7 @@ If you don't set or disable this setting, syncing of the "app settings" group is
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not sync app settings*
- GP name: *DisableApplicationSettingSync*
- GP path: *Windows Components\Sync your settings*
@@ -157,7 +157,7 @@ ADMX Info:
-**ADMX_SettingSync/DisableCredentialsSettingSync**
+**ADMX_SettingSync/DisableCredentialsSettingSync**
@@ -195,7 +195,7 @@ If you don't set or disable this setting, syncing of the "passwords" group is on
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not sync passwords*
- GP name: *DisableCredentialsSettingSync*
- GP path: *Windows Components\Sync your settings*
@@ -206,7 +206,7 @@ ADMX Info:
-**ADMX_SettingSync/DisableDesktopThemeSettingSync**
+**ADMX_SettingSync/DisableDesktopThemeSettingSync**
@@ -244,7 +244,7 @@ If you don't set or disable this setting, syncing of the "desktop personalizatio
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not sync desktop personalization*
- GP name: *DisableDesktopThemeSettingSync*
- GP path: *Windows Components\Sync your settings*
@@ -255,7 +255,7 @@ ADMX Info:
-**ADMX_SettingSync/DisablePersonalizationSettingSync**
+**ADMX_SettingSync/DisablePersonalizationSettingSync**
@@ -293,7 +293,7 @@ If you don't set or disable this setting, syncing of the "personalize" group is
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not sync personalize*
- GP name: *DisablePersonalizationSettingSync*
- GP path: *Windows Components\Sync your settings*
@@ -304,7 +304,7 @@ ADMX Info:
-**ADMX_SettingSync/DisableSettingSync**
+**ADMX_SettingSync/DisableSettingSync**
@@ -342,7 +342,7 @@ If you don't set or disable this setting, "sync your settings" is on by default
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not sync*
- GP name: *DisableSettingSync*
- GP path: *Windows Components\Sync your settings*
@@ -353,7 +353,7 @@ ADMX Info:
-**ADMX_SettingSync/DisableStartLayoutSettingSync**
+**ADMX_SettingSync/DisableStartLayoutSettingSync**
@@ -391,7 +391,7 @@ If you don't set or disable this setting, syncing of the "Start layout" group is
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not sync start settings*
- GP name: *DisableStartLayoutSettingSync*
- GP path: *Windows Components\Sync your settings*
@@ -402,7 +402,7 @@ ADMX Info:
-**ADMX_SettingSync/DisableSyncOnPaidNetwork**
+**ADMX_SettingSync/DisableSyncOnPaidNetwork**
@@ -438,7 +438,7 @@ If you don't set or disable this setting, syncing on metered connections is conf
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not sync on metered connections*
- GP name: *DisableSyncOnPaidNetwork*
- GP path: *Windows Components\Sync your settings*
@@ -449,7 +449,7 @@ ADMX Info:
-**ADMX_SettingSync/DisableWindowsSettingSync**
+**ADMX_SettingSync/DisableWindowsSettingSync**
@@ -487,7 +487,7 @@ If you don't set or disable this setting, syncing of the "Other Windows settings
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not sync other Windows settings*
- GP name: *DisableWindowsSettingSync*
- GP path: *Windows Components\Sync your settings*
diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
index a018d51a65..42fac7e41b 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/21/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_SharedFolders
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_SharedFolders policies
+## ADMX_SharedFolders policies
-
@@ -37,7 +37,7 @@ manager: aaroncz
-**ADMX_SharedFolders/PublishDfsRoots**
+**ADMX_SharedFolders/PublishDfsRoots**
@@ -67,7 +67,7 @@ This policy setting determines whether the user can publish DFS roots in Active
If you enable or don't configure this policy setting, users can use the "Publish in Active Directory" option to publish DFS roots as shared folders in AD DS .
-If you disable this policy setting, users cannot publish DFS roots in AD DS and the "Publish in Active Directory" option is disabled.
+If you disable this policy setting, users cannot publish DFS roots in AD DS and the "Publish in Active Directory" option is disabled.
> [!NOTE]
> The default is to allow shared folders to be published when this setting is not configured.
@@ -76,7 +76,7 @@ If you disable this policy setting, users cannot publish DFS roots in AD DS and
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow DFS roots to be published*
- GP name: *PublishDfsRoots*
- GP path: *Shared Folders*
@@ -88,7 +88,7 @@ ADMX Info:
-**ADMX_SharedFolders/PublishSharedFolders**
+**ADMX_SharedFolders/PublishSharedFolders**
@@ -118,7 +118,7 @@ This policy setting determines whether the user can publish shared folders in Ac
If you enable or don't configure this policy setting, users can use the "Publish in Active Directory" option in the Shared Folders snap-in to publish shared folders in AD DS.
-If you disable this policy setting, users can't publish shared folders in AD DS, and the "Publish in Active Directory" option is disabled.
+If you disable this policy setting, users can't publish shared folders in AD DS, and the "Publish in Active Directory" option is disabled.
> [!NOTE]
> The default is to allow shared folders to be published when this setting is not configured.
@@ -127,7 +127,7 @@ If you disable this policy setting, users can't publish shared folders in AD DS,
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow shared folders to be published*
- GP name: *PublishSharedFolders*
- GP path: *Shared Folders*
diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md
index 77f8afb7f8..230aeb5cad 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharing.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharing.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/21/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Sharing
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Sharing policies
+## ADMX_Sharing policies
-
@@ -34,7 +34,7 @@ manager: aaroncz
-**ADMX_Sharing/NoInplaceSharing**
+**ADMX_Sharing/NoInplaceSharing**
@@ -70,7 +70,7 @@ If you disable or don't configure this policy setting, users can share files out
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent users from sharing files within their profile.*
- GP name: *NoInplaceSharing*
- GP path: *Windows Components\Network Sharing*
diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
index fa6a4ebe37..29e9d061de 100644
--- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
+++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/18/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_ShellCommandPromptRegEditTools policies
+## ADMX_ShellCommandPromptRegEditTools policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -45,7 +45,7 @@ manager: aaroncz
-**ADMX_ShellCommandPromptRegEditTools/DisallowApps**
+**ADMX_ShellCommandPromptRegEditTools/DisallowApps**
@@ -72,13 +72,13 @@ manager: aaroncz
This policy setting prevents users from running the interactive command prompt `Cmd.exe`.
-
+
This policy setting also determines whether batch files (.cmd and .bat) can run on the computer.
-If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action. .
+If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action. .
+
+If you disable this policy setting or don't configure it, users can run Cmd.exe and batch files normally.
-If you disable this policy setting or don't configure it, users can run Cmd.exe and batch files normally.
-
> [!NOTE]
> Don't prevent the computer from running batch files if the computer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Remote Desktop Services.
@@ -87,7 +87,7 @@ If you disable this policy setting or don't configure it, users can run Cmd.exe
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent access to the command prompt*
- GP name: *DisallowApps*
- GP path: *System*
@@ -99,7 +99,7 @@ ADMX Info:
-**ADMX_ShellCommandPromptRegEditTools/DisableRegedit**
+**ADMX_ShellCommandPromptRegEditTools/DisableRegedit**
@@ -125,11 +125,11 @@ ADMX Info:
-This policy setting disables the Windows registry editor `Regedit.exe`.
+This policy setting disables the Windows registry editor `Regedit.exe`.
-If you enable this policy setting and the user tries to start `Regedit.exe`, a message appears explaining that a policy setting prevents the action.
+If you enable this policy setting and the user tries to start `Regedit.exe`, a message appears explaining that a policy setting prevents the action.
-If you disable this policy setting or don't configure it, users can run `Regedit.exe` normally.
+If you disable this policy setting or don't configure it, users can run `Regedit.exe` normally.
To prevent users from using other administrative tools, use the "Run only specified Windows applications" policy setting.
@@ -137,7 +137,7 @@ To prevent users from using other administrative tools, use the "Run only specif
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent access to registry editing tools*
- GP name: *DisableRegedit*
- GP path: *System\Server Manager*
@@ -148,7 +148,7 @@ ADMX Info:
-**ADMX_ShellCommandPromptRegEditTools/DisableCMD**
+**ADMX_ShellCommandPromptRegEditTools/DisableCMD**
@@ -174,15 +174,15 @@ ADMX Info:
-This policy setting limits the Windows programs that users have permission to run on the computer.
+This policy setting limits the Windows programs that users have permission to run on the computer.
-If you enable this policy setting, users can only run programs that you add to the list of allowed applications.
+If you enable this policy setting, users can only run programs that you add to the list of allowed applications.
If you disable this policy setting or don't configure it, users can run all applications. This policy setting only prevents users from running programs that are started by the File Explorer process.
-It doesn't prevent users from running programs such as Task Manager, which is started by the system process or by other processes. Also, if users have access to the command prompt `Cmd.exe`, this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.
+It doesn't prevent users from running programs such as Task Manager, which is started by the system process or by other processes. Also, if users have access to the command prompt `Cmd.exe`, this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.
-Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting.
+Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting.
To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (for example, Winword.exe, Poledit.exe, Powerpnt.exe).
@@ -190,7 +190,7 @@ To create a list of allowed applications, click Show. In the Show Contents dial
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Run only specified Windows applications*
- GP name: *DisableCMD*
- GP path: *System*
@@ -201,7 +201,7 @@ ADMX Info:
-**ADMX_ShellCommandPromptRegEditTools/RestrictApps**
+**ADMX_ShellCommandPromptRegEditTools/RestrictApps**
@@ -227,13 +227,13 @@ ADMX Info:
-This policy setting prevents Windows from running the programs you specify in this policy setting.
+This policy setting prevents Windows from running the programs you specify in this policy setting.
-If you enable this policy setting, users can't run programs that you add to the list of disallowed applications.
+If you enable this policy setting, users can't run programs that you add to the list of disallowed applications.
-If you disable this policy setting or don't configure it, users can run any programs.
+If you disable this policy setting or don't configure it, users can run any programs.
-This policy setting only prevents users from running programs that are started by the File Explorer process. It doesn't prevent users from running programs, such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.
+This policy setting only prevents users from running programs that are started by the File Explorer process. It doesn't prevent users from running programs, such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting doesn't prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.
Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting.
@@ -244,7 +244,7 @@ To create a list of allowed applications, click Show. In the Show Contents dialo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Don't run specified Windows applications*
- GP name: *RestrictApps*
- GP path: *System*
diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md
index 8145f4e15f..f93a1efa87 100644
--- a/windows/client-management/mdm/policy-csp-admx-smartcard.md
+++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/23/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Smartcard
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Smartcard policies
+## ADMX_Smartcard policies
-
@@ -80,7 +80,7 @@ manager: aaroncz
-**ADMX_Smartcard/AllowCertificatesWithNoEKU**
+**ADMX_Smartcard/AllowCertificatesWithNoEKU**
@@ -122,7 +122,7 @@ If you disable or don't configure this policy setting, only certificates that co
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow certificates with no extended key usage certificate attribute*
- GP name: *AllowCertificatesWithNoEKU*
- GP path: *Windows Components\Smart Card*
@@ -133,7 +133,7 @@ ADMX Info:
-**ADMX_Smartcard/AllowIntegratedUnblock**
+**ADMX_Smartcard/AllowIntegratedUnblock**
@@ -171,7 +171,7 @@ If you disable or don't configure this policy setting then the integrated unbloc
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow Integrated Unblock screen to be displayed at the time of logon*
- GP name: *AllowIntegratedUnblock*
- GP path: *Windows Components\Smart Card*
@@ -182,7 +182,7 @@ ADMX Info:
-**ADMX_Smartcard/AllowSignatureOnlyKeys**
+**ADMX_Smartcard/AllowSignatureOnlyKeys**
@@ -218,7 +218,7 @@ If you disable or don't configure this policy setting, any available smart card
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow signature keys valid for Logon*
- GP name: *AllowSignatureOnlyKeys*
- GP path: *Windows Components\Smart Card*
@@ -229,7 +229,7 @@ ADMX Info:
-**ADMX_Smartcard/AllowTimeInvalidCertificates**
+**ADMX_Smartcard/AllowTimeInvalidCertificates**
@@ -257,7 +257,7 @@ ADMX Info:
This policy setting permits those certificates to be displayed for a sign-in, which are either expired or not yet valid.
-Under previous versions of Microsoft Windows, certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in order to be used. This setting only controls displaying of the certificate on the client machine.
+Under previous versions of Microsoft Windows, certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in order to be used. This setting only controls displaying of the certificate on the client machine.
If you enable this policy setting, certificates will be listed on the sign-in screen regardless of whether they have an invalid time or their time validity has expired.
@@ -267,7 +267,7 @@ If you disable or don't configure this policy setting, certificates that are exp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow time invalid certificates*
- GP name: *AllowTimeInvalidCertificates*
- GP path: *Windows Components\Smart Card*
@@ -278,7 +278,7 @@ ADMX Info:
-**ADMX_Smartcard/CertPropEnabledString**
+**ADMX_Smartcard/CertPropEnabledString**
@@ -314,7 +314,7 @@ If you disable this policy setting, certificate propagation won't occur and the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on certificate propagation from smart card*
- GP name: *CertPropEnabledString*
- GP path: *Windows Components\Smart Card*
@@ -325,7 +325,7 @@ ADMX Info:
-**ADMX_Smartcard/CertPropRootCleanupString**
+**ADMX_Smartcard/CertPropRootCleanupString**
@@ -351,9 +351,9 @@ ADMX Info:
-This policy setting allows you to manage the cleanup behavior of root certificates.
+This policy setting allows you to manage the cleanup behavior of root certificates.
-If you enable this policy setting, then root certificate cleanup will occur according to the option selected.
+If you enable this policy setting, then root certificate cleanup will occur according to the option selected.
If you disable or don't configure this setting then root certificate cleanup will occur on a sign out.
@@ -361,7 +361,7 @@ If you disable or don't configure this setting then root certificate cleanup wil
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure root certificate clean up*
- GP name: *CertPropRootCleanupString*
- GP path: *Windows Components\Smart Card*
@@ -372,7 +372,7 @@ ADMX Info:
-**ADMX_Smartcard/CertPropRootEnabledString**
+**ADMX_Smartcard/CertPropRootEnabledString**
@@ -411,7 +411,7 @@ If you disable this policy setting, then root certificates won't be propagated f
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on root certificate propagation from smart card*
- GP name: *CertPropRootEnabledString*
- GP path: *Windows Components\Smart Card*
@@ -422,7 +422,7 @@ ADMX Info:
-**ADMX_Smartcard/DisallowPlaintextPin**
+**ADMX_Smartcard/DisallowPlaintextPin**
@@ -448,9 +448,9 @@ ADMX Info:
-This policy setting prevents plaintext PINs from being returned by Credential Manager.
+This policy setting prevents plaintext PINs from being returned by Credential Manager.
-If you enable this policy setting, Credential Manager doesn't return a plaintext PIN.
+If you enable this policy setting, Credential Manager doesn't return a plaintext PIN.
If you disable or don't configure this policy setting, plaintext PINs can be returned by Credential Manager.
@@ -461,7 +461,7 @@ If you disable or don't configure this policy setting, plaintext PINs can be ret
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent plaintext PINs from being returned by Credential Manager*
- GP name: *DisallowPlaintextPin*
- GP path: *Windows Components\Smart Card*
@@ -472,7 +472,7 @@ ADMX Info:
-**ADMX_Smartcard/EnumerateECCCerts**
+**ADMX_Smartcard/EnumerateECCCerts**
@@ -505,14 +505,14 @@ If you enable this policy setting, ECC certificates on a smart card can be used
If you disable or don't configure this policy setting, ECC certificates on a smart card can't be used to sign in to a domain.
> [!NOTE]
-> This policy setting only affects a user's ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, are not affected by this policy setting.
+> This policy setting only affects a user's ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, are not affected by this policy setting.
> If you use an ECDSA key to log on, you must also have an associated ECDH key to permit logons when you are not connected to the network.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow ECC certificates to be used for logon and authentication*
- GP name: *EnumerateECCCerts*
- GP path: *Windows Components\Smart Card*
@@ -523,7 +523,7 @@ ADMX Info:
-**ADMX_Smartcard/FilterDuplicateCerts**
+**ADMX_Smartcard/FilterDuplicateCerts**
@@ -553,7 +553,7 @@ This policy setting lets you configure if all your valid logon certificates are
During the certificate renewal period, a user can have multiple valid logon certificates issued from the same certificate template. This scenario can cause confusion as to which certificate to select for a sign in. The common case for this behavior is when a certificate is renewed and the old one hasn't yet expired. Two certificates are determined to be the same if they're issued from the same template with the same major version and they're for the same user (determined by their UPN).
-If there are two or more of the "same" certificate on a smart card and this policy is enabled, then the certificate that is used for a sign in on Windows 2000, Windows XP, and Windows 2003 Server will be shown, otherwise the certificate with the expiration time furthest in the future will be shown.
+If there are two or more of the "same" certificate on a smart card and this policy is enabled, then the certificate that is used for a sign in on Windows 2000, Windows XP, and Windows 2003 Server will be shown, otherwise the certificate with the expiration time furthest in the future will be shown.
> [!NOTE]
> This setting will be applied after this policy: "Allow time invalid certificates"
@@ -566,7 +566,7 @@ If you disable this policy setting, no filtering will take place.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Filter duplicate logon certificates*
- GP name: *FilterDuplicateCerts*
- GP path: *Windows Components\Smart Card*
@@ -577,7 +577,7 @@ ADMX Info:
-**ADMX_Smartcard/ForceReadingAllCertificates**
+**ADMX_Smartcard/ForceReadingAllCertificates**
@@ -615,7 +615,7 @@ If you disable or don't configure this setting, Windows will only attempt to rea
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Force the reading of all certificates from the smart card*
- GP name: *ForceReadingAllCertificates*
- GP path: *Windows Components\Smart Card*
@@ -626,7 +626,7 @@ ADMX Info:
-**ADMX_Smartcard/IntegratedUnblockPromptString**
+**ADMX_Smartcard/IntegratedUnblockPromptString**
@@ -654,7 +654,7 @@ ADMX Info:
This policy setting allows you to manage the displayed message when a smart card is blocked.
-If you enable this policy setting, the specified message will be displayed to the user when the smart card is blocked.
+If you enable this policy setting, the specified message will be displayed to the user when the smart card is blocked.
> [!NOTE]
> The following policy setting must be enabled: "Allow Integrated Unblock screen to be displayed at the time of logon".
@@ -665,7 +665,7 @@ If you disable or don't configure this policy setting, the default message will
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display string when smart card is blocked*
- GP name: *IntegratedUnblockPromptString*
- GP path: *Windows Components\Smart Card*
@@ -676,7 +676,7 @@ ADMX Info:
-**ADMX_Smartcard/ReverseSubject**
+**ADMX_Smartcard/ReverseSubject**
@@ -702,11 +702,11 @@ ADMX Info:
-This policy setting lets you reverse the subject name from how it's stored in the certificate when displaying it during a sign in.
+This policy setting lets you reverse the subject name from how it's stored in the certificate when displaying it during a sign in.
By default the User Principal Name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the certificate subject was CN=User1, OU=Users, DN=example, DN=com and had an UPN of user1@example.com then "User1" will be displayed along with "user1@example.com." If the UPN isn't present, then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization.
-If you enable this policy setting or don't configure this setting, then the subject name will be reversed.
+If you enable this policy setting or don't configure this setting, then the subject name will be reversed.
If you disable, the subject name will be displayed as it appears in the certificate.
@@ -714,7 +714,7 @@ If you disable, the subject name will be displayed as it appears in the certific
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Reverse the subject name stored in a certificate when displaying*
- GP name: *ReverseSubject*
- GP path: *Windows Components\Smart Card*
@@ -725,7 +725,7 @@ ADMX Info:
-**ADMX_Smartcard/SCPnPEnabled**
+**ADMX_Smartcard/SCPnPEnabled**
@@ -764,7 +764,7 @@ If you disable this policy setting, Smart Card Plug and Play will be disabled an
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on Smart Card Plug and Play service*
- GP name: *SCPnPEnabled*
- GP path: *Windows Components\Smart Card*
@@ -775,7 +775,7 @@ ADMX Info:
-**ADMX_Smartcard/SCPnPNotification**
+**ADMX_Smartcard/SCPnPNotification**
@@ -814,7 +814,7 @@ If you disable this policy setting, a confirmation message won't be displayed wh
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Notify user of successful smart card driver installation*
- GP name: *SCPnPNotification*
- GP path: *Windows Components\Smart Card*
@@ -825,7 +825,7 @@ ADMX Info:
-**ADMX_Smartcard/X509HintsNeeded**
+**ADMX_Smartcard/X509HintsNeeded**
@@ -861,7 +861,7 @@ If you disable or don't configure this policy setting, an optional field that al
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow user name hint*
- GP name: *X509HintsNeeded*
- GP path: *Windows Components\Smart Card*
diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md
index a65f75e734..5bf75ef305 100644
--- a/windows/client-management/mdm/policy-csp-admx-snmp.md
+++ b/windows/client-management/mdm/policy-csp-admx-snmp.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/24/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Snmp
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Snmp policies
+## ADMX_Snmp policies
-
@@ -41,7 +41,7 @@ manager: aaroncz
-**ADMX_Snmp/SNMP_Communities**
+**ADMX_Snmp/SNMP_Communities**
@@ -89,7 +89,7 @@ Also, see the other two SNMP settings: "Specify permitted managers" and "Specify
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify communities*
- GP name: *SNMP_Communities*
- GP path: *Network\SNMP*
@@ -100,7 +100,7 @@ ADMX Info:
-**ADMX_Snmp/SNMP_PermittedManagers**
+**ADMX_Snmp/SNMP_PermittedManagers**
@@ -147,7 +147,7 @@ Also, see the other two SNMP policy settings: "Specify trap configuration" and "
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify permitted managers*
- GP name: *SNMP_PermittedManagers*
- GP path: *Network\SNMP*
@@ -158,7 +158,7 @@ ADMX Info:
-**ADMX_Snmp/SNMP_Traps_Public**
+**ADMX_Snmp/SNMP_Traps_Public**
@@ -203,7 +203,7 @@ Also, see the other two SNMP settings: "Specify permitted managers" and "Specify
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify traps for public community*
- GP name: *SNMP_Traps_Public*
- GP path: *Network\SNMP*
diff --git a/windows/client-management/mdm/policy-csp-admx-soundrec.md b/windows/client-management/mdm/policy-csp-admx-soundrec.md
index dcc94a5737..958b8ee77c 100644
--- a/windows/client-management/mdm/policy-csp-admx-soundrec.md
+++ b/windows/client-management/mdm/policy-csp-admx-soundrec.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/01/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_SoundRec policies
+## ADMX_SoundRec policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_SoundRec/Soundrec_DiableApplication_TitleText_1**
+**ADMX_SoundRec/Soundrec_DiableApplication_TitleText_1**
@@ -65,18 +65,18 @@ manager: aaroncz
-This policy specifies whether Sound Recorder can run.
+This policy specifies whether Sound Recorder can run.
-Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.
+Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.
-If you enable this policy setting, Sound Recorder won't run.
+If you enable this policy setting, Sound Recorder won't run.
If you disable or don't configure this policy setting, Sound Recorder can run.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow Sound Recorder to run*
- GP name: *Soundrec_DiableApplication_TitleText_1*
- GP path: *Windows Components\Sound Recorder*
@@ -88,7 +88,7 @@ ADMX Info:
-**ADMX_SoundRec/Soundrec_DiableApplication_TitleText_2**
+**ADMX_SoundRec/Soundrec_DiableApplication_TitleText_2**
@@ -114,18 +114,18 @@ ADMX Info:
-This policy specifies whether Sound Recorder can run.
+This policy specifies whether Sound Recorder can run.
-Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.
+Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.
-If you enable this policy setting, Sound Recorder won't run.
+If you enable this policy setting, Sound Recorder won't run.
If you disable or don't configure this policy setting, Sound Recorder can be run.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow Sound Recorder to run*
- GP name: *Soundrec_DiableApplication_TitleText_2*
- GP path: *Windows Components\Sound Recorder*
diff --git a/windows/client-management/mdm/policy-csp-admx-srmfci.md b/windows/client-management/mdm/policy-csp-admx-srmfci.md
index b5f0f4d1cb..99518ee70c 100644
--- a/windows/client-management/mdm/policy-csp-admx-srmfci.md
+++ b/windows/client-management/mdm/policy-csp-admx-srmfci.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/18/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_srmfci
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_srmfci policies
+## ADMX_srmfci policies
-
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_srmfci/EnableShellAccessCheck**
+**ADMX_srmfci/EnableShellAccessCheck**
@@ -71,7 +71,7 @@ This group policy setting should be set on Windows clients to enable access-deni
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable access-denied assistance on client for all file types*
- GP name: *EnableShellAccessCheck*
- GP path: *System\Access-Denied Assistance*
@@ -82,7 +82,7 @@ ADMX Info:
-**ADMX_srmfci/AccessDeniedConfiguration**
+**ADMX_srmfci/AccessDeniedConfiguration**
@@ -108,18 +108,18 @@ ADMX Info:
-This policy setting specifies the message that users see when they're denied access to a file or folder. You can customize the Access Denied message to include more text and links. You can also provide users with the ability to send an email to request access to the file or folder to which they were denied access.
+This policy setting specifies the message that users see when they're denied access to a file or folder. You can customize the Access Denied message to include more text and links. You can also provide users with the ability to send an email to request access to the file or folder to which they were denied access.
-If you enable this policy setting, users receive a customized Access Denied message from the file servers on which this policy setting is applied.
+If you enable this policy setting, users receive a customized Access Denied message from the file servers on which this policy setting is applied.
-If you disable this policy setting, users see a standard Access Denied message that doesn't provide any of the functionalities controlled by this policy setting, regardless of the file server configuration.
+If you disable this policy setting, users see a standard Access Denied message that doesn't provide any of the functionalities controlled by this policy setting, regardless of the file server configuration.
If you don't configure this policy setting, users see a standard Access Denied message unless the file server is configured to display the customized Access Denied message. By default, users see the standard Access Denied message.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Customize message for Access Denied errors*
- GP name: *AccessDeniedConfiguration*
- GP path: *System\Access-Denied Assistance*
diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md
index 8c6e907ba3..7e5660218e 100644
--- a/windows/client-management/mdm/policy-csp-admx-startmenu.md
+++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 10/20/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_StartMenu
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_StartMenu policies
+## ADMX_StartMenu policies
-
@@ -233,7 +233,7 @@ manager: aaroncz
-**ADMX_StartMenu/AddSearchInternetLinkInStartMenu**
+**ADMX_StartMenu/AddSearchInternetLinkInStartMenu**
@@ -269,7 +269,7 @@ If you don't configure this policy (default), there won't be a "Search the Inter
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Add Search Internet link to Start Menu*
- GP name: *AddSearchInternetLinkInStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -280,7 +280,7 @@ ADMX Info:
-**ADMX_StartMenu/ClearRecentDocsOnExit**
+**ADMX_StartMenu/ClearRecentDocsOnExit**
@@ -327,7 +327,7 @@ This policy also doesn't clear items that the user may have pinned to the Jump L
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Clear history of recently opened documents on exit*
- GP name: *ClearRecentDocsOnExit*
- GP path: *Start Menu and Taskbar*
@@ -338,7 +338,7 @@ ADMX Info:
-**ADMX_StartMenu/ClearRecentProgForNewUserInStartMenu**
+**ADMX_StartMenu/ClearRecentProgForNewUserInStartMenu**
@@ -372,7 +372,7 @@ If you disable or don't configure this policy, the start menu recent programs li
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Clear the recent programs list for new users*
- GP name: *ClearRecentProgForNewUserInStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -383,7 +383,7 @@ ADMX Info:
-**ADMX_StartMenu/ClearTilesOnExit**
+**ADMX_StartMenu/ClearTilesOnExit**
@@ -419,7 +419,7 @@ This setting doesn't prevent new notifications from appearing. See the "Turn off
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Clear tile notifications during log on*
- GP name: *ClearTilesOnExit*
- GP path: *Start Menu and Taskbar*
@@ -430,7 +430,7 @@ ADMX Info:
-**ADMX_StartMenu/DesktopAppsFirstInAppsView**
+**ADMX_StartMenu/DesktopAppsFirstInAppsView**
@@ -466,7 +466,7 @@ If you disable or don't configure this policy setting, the desktop apps won't be
-ADMX Info:
+ADMX Info:
- GP Friendly name: *List desktop apps first in the Apps view*
- GP name: *DesktopAppsFirstInAppsView*
- GP path: *Start Menu and Taskbar*
@@ -477,7 +477,7 @@ ADMX Info:
-**ADMX_StartMenu/DisableGlobalSearchOnAppsView**
+**ADMX_StartMenu/DisableGlobalSearchOnAppsView**
@@ -515,7 +515,7 @@ If you disable or don’t configure this policy setting, the user can configure
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Search just apps from the Apps view*
- GP name: *DisableGlobalSearchOnAppsView*
- GP path: *Start Menu and Taskbar*
@@ -526,7 +526,7 @@ ADMX Info:
-**ADMX_StartMenu/ForceStartMenuLogOff**
+**ADMX_StartMenu/ForceStartMenuLogOff**
@@ -571,7 +571,7 @@ Also, see "Remove Logoff" in User Configuration\Administrative Templates\System\
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Add Logoff to the Start Menu*
- GP name: *ForceStartMenuLogOff*
- GP path: *Start Menu and Taskbar*
@@ -582,7 +582,7 @@ ADMX Info:
-**ADMX_StartMenu/GoToDesktopOnSignIn**
+**ADMX_StartMenu/GoToDesktopOnSignIn**
@@ -620,7 +620,7 @@ If you don’t configure this policy setting, the default setting for the user
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Go to the desktop instead of Start when signing in*
- GP name: *GoToDesktopOnSignIn*
- GP path: *Start Menu and Taskbar*
@@ -631,7 +631,7 @@ ADMX Info:
-**ADMX_StartMenu/GreyMSIAds**
+**ADMX_StartMenu/GreyMSIAds**
@@ -669,10 +669,10 @@ If you disable this setting or don't configure it, all Start menu shortcuts appe
> Enabling this setting can make the Start menu slow to open.
->
+>
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Gray unavailable Windows Installer programs Start Menu shortcuts*
- GP name: *GreyMSIAds*
- GP path: *Start Menu and Taskbar*
@@ -683,7 +683,7 @@ ADMX Info:
-**ADMX_StartMenu/HidePowerOptions**
+**ADMX_StartMenu/HidePowerOptions**
@@ -719,7 +719,7 @@ If you disable or don't configure this policy setting, the Power button and the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands*
- GP name: *HidePowerOptions*
- GP path: *Start Menu and Taskbar*
@@ -730,7 +730,7 @@ ADMX Info:
-**ADMX_StartMenu/Intellimenus**
+**ADMX_StartMenu/Intellimenus**
@@ -771,7 +771,7 @@ To Turn off personalized menus without specifying a setting, click Start, click
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off personalized menus*
- GP name: *Intellimenus*
- GP path: *Start Menu and Taskbar*
@@ -782,7 +782,7 @@ ADMX Info:
-**ADMX_StartMenu/LockTaskbar**
+**ADMX_StartMenu/LockTaskbar**
@@ -823,7 +823,7 @@ If you disable this setting or don't configure it, the user can configure the ta
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Lock the Taskbar*
- GP name: *LockTaskbar*
- GP path: *Start Menu and Taskbar*
@@ -834,7 +834,7 @@ ADMX Info:
-**ADMX_StartMenu/MemCheckBoxInRunDlg**
+**ADMX_StartMenu/MemCheckBoxInRunDlg**
@@ -870,7 +870,7 @@ Enabling this setting adds a check box to the Run dialog box, giving users the o
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Add "Run in Separate Memory Space" check box to Run dialog box*
- GP name: *MemCheckBoxInRunDlg*
- GP path: *Start Menu and Taskbar*
@@ -881,7 +881,7 @@ ADMX Info:
-**ADMX_StartMenu/NoAutoTrayNotify**
+**ADMX_StartMenu/NoAutoTrayNotify**
@@ -921,7 +921,7 @@ If you don't configure it, the user can choose if they want notifications collap
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off notification area cleanup*
- GP name: *NoAutoTrayNotify*
- GP path: *Start Menu and Taskbar*
@@ -932,7 +932,7 @@ ADMX Info:
-**ADMX_StartMenu/NoBalloonTip**
+**ADMX_StartMenu/NoBalloonTip**
@@ -970,7 +970,7 @@ If you disable this setting or don't configure it, all pop-up text is displayed
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Balloon Tips on Start Menu items*
- GP name: *NoBalloonTip*
- GP path: *Start Menu and Taskbar*
@@ -981,7 +981,7 @@ ADMX Info:
-**ADMX_StartMenu/NoChangeStartMenu**
+**ADMX_StartMenu/NoChangeStartMenu**
@@ -1017,7 +1017,7 @@ If you disable or don't configure this setting, you'll allow a user to select an
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent users from customizing their Start Screen*
- GP name: *NoChangeStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -1028,7 +1028,7 @@ ADMX Info:
-**ADMX_StartMenu/NoClose**
+**ADMX_StartMenu/NoClose**
@@ -1067,7 +1067,7 @@ If you disable or don't configure this policy setting, the Power button and the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands*
- GP name: *NoClose*
- GP path: *Start Menu and Taskbar*
@@ -1078,7 +1078,7 @@ ADMX Info:
-**ADMX_StartMenu/NoCommonGroups**
+**ADMX_StartMenu/NoCommonGroups**
@@ -1114,7 +1114,7 @@ To see the Program menu items in the All Users profile, on the system drive, go
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove common program groups from Start Menu*
- GP name: *NoCommonGroups*
- GP path: *Start Menu and Taskbar*
@@ -1125,7 +1125,7 @@ ADMX Info:
-**ADMX_StartMenu/NoFavoritesMenu**
+**ADMX_StartMenu/NoFavoritesMenu**
@@ -1159,7 +1159,7 @@ If you disable or don't configure this setting, the Display Favorite item is ava
> [!NOTE]
> The Favorites menu doesn't appear on the Start menu by default. To display the Favorites menu, right-click Start, click Properties, and then click Customize. If you are using Start menu, click the Advanced tab, and then, under Start menu items, click the Favorites menu. If you are using the classic Start menu, click Display Favorites under Advanced Start menu options.
->
+>
> The items that appear in the Favorites menu when you install Windows are preconfigured by the system to appeal to most users. However, users can add and remove items from this menu, and system administrators can create a customized Favorites menu for a user group.
>
> This setting only affects the Start menu. The Favorites item still appears in File Explorer and in Internet Explorer.
@@ -1168,7 +1168,7 @@ If you disable or don't configure this setting, the Display Favorite item is ava
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Favorites menu from Start Menu*
- GP name: *NoFavoritesMenu*
- GP path: *Start Menu and Taskbar*
@@ -1179,7 +1179,7 @@ ADMX Info:
-**ADMX_StartMenu/NoFind**
+**ADMX_StartMenu/NoFind**
@@ -1222,7 +1222,7 @@ If you disable or don't configure this policy setting, the Search link is availa
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Search link from Start Menu*
- GP name: *NoFind*
- GP path: *Start Menu and Taskbar*
@@ -1233,7 +1233,7 @@ ADMX Info:
-**ADMX_StartMenu/NoGamesFolderOnStartMenu**
+**ADMX_StartMenu/NoGamesFolderOnStartMenu**
@@ -1267,7 +1267,7 @@ If you disable or don't configure this policy, the start menu will show a link t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Games link from Start Menu*
- GP name: *NoGamesFolderOnStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -1278,7 +1278,7 @@ ADMX Info:
-**ADMX_StartMenu/NoHelp**
+**ADMX_StartMenu/NoHelp**
@@ -1316,7 +1316,7 @@ This policy setting only affects the Start menu. It doesn't remove the Help menu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Help menu from Start Menu*
- GP name: *NoHelp*
- GP path: *Start Menu and Taskbar*
@@ -1327,7 +1327,7 @@ ADMX Info:
-**ADMX_StartMenu/NoInstrumentation**
+**ADMX_StartMenu/NoInstrumentation**
@@ -1367,7 +1367,7 @@ This policy setting doesn't prevent users from pinning programs to the Start Me
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off user tracking*
- GP name: *NoInstrumentation*
- GP path: *Start Menu and Taskbar*
@@ -1378,7 +1378,7 @@ ADMX Info:
-**ADMX_StartMenu/NoMoreProgramsList**
+**ADMX_StartMenu/NoMoreProgramsList**
@@ -1419,7 +1419,7 @@ If you disable or don't configure this setting, the all apps list will be visibl
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove All Programs list from the Start menu*
- GP name: *NoMoreProgramsList*
- GP path: *Start Menu and Taskbar*
@@ -1430,7 +1430,7 @@ ADMX Info:
-**ADMX_StartMenu/NoNetAndDialupConnect**
+**ADMX_StartMenu/NoNetAndDialupConnect**
@@ -1472,7 +1472,7 @@ Also, see the "Disable programs on Settings menu" and "Disable Control Panel" po
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Network Connections from Start Menu*
- GP name: *NoNetAndDialupConnect*
- GP path: *Start Menu and Taskbar*
@@ -1483,7 +1483,7 @@ ADMX Info:
-**ADMX_StartMenu/NoPinnedPrograms**
+**ADMX_StartMenu/NoPinnedPrograms**
@@ -1519,7 +1519,7 @@ If you disable this setting or don't configure it, the "Pinned Programs" list re
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove pinned programs list from the Start Menu*
- GP name: *NoPinnedPrograms*
- GP path: *Start Menu and Taskbar*
@@ -1530,7 +1530,7 @@ ADMX Info:
-**ADMX_StartMenu/NoRecentDocsMenu**
+**ADMX_StartMenu/NoRecentDocsMenu**
@@ -1577,7 +1577,7 @@ This setting also doesn't hide document shortcuts displayed in the Open dialog b
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Recent Items menu from Start Menu*
- GP name: *NoRecentDocsMenu*
- GP path: *Start Menu and Taskbar*
@@ -1588,7 +1588,7 @@ ADMX Info:
-**ADMX_StartMenu/NoResolveSearch**
+**ADMX_StartMenu/NoResolveSearch**
@@ -1629,7 +1629,7 @@ Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not use the search-based method when resolving shell shortcuts*
- GP name: *NoResolveSearch*
- GP path: *Start Menu and Taskbar*
@@ -1640,7 +1640,7 @@ ADMX Info:
-**ADMX_StartMenu/NoResolveTrack**
+**ADMX_StartMenu/NoResolveTrack**
@@ -1680,7 +1680,7 @@ Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not use the tracking-based method when resolving shell shortcuts*
- GP name: *NoResolveTrack*
- GP path: *Start Menu and Taskbar*
@@ -1691,7 +1691,7 @@ ADMX Info:
-**ADMX_StartMenu/NoRun**
+**ADMX_StartMenu/NoRun**
@@ -1746,7 +1746,7 @@ If you disable or don't configure this setting, users will be able to access the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Run menu from Start Menu*
- GP name: *NoRun*
- GP path: *Start Menu and Taskbar*
@@ -1757,7 +1757,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSMConfigurePrograms**
+**ADMX_StartMenu/NoSMConfigurePrograms**
@@ -1798,7 +1798,7 @@ If you disable or don't configure this policy setting, the Default Programs link
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Default Programs link from the Start menu.*
- GP name: *NoSMConfigurePrograms*
- GP path: *Start Menu and Taskbar*
@@ -1809,7 +1809,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSMMyDocuments**
+**ADMX_StartMenu/NoSMMyDocuments**
@@ -1850,7 +1850,7 @@ Also, see the "Remove Documents icon on the desktop" policy setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Documents icon from Start Menu*
- GP name: *NoSMMyDocuments*
- GP path: *Start Menu and Taskbar*
@@ -1861,7 +1861,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSMMyMusic**
+**ADMX_StartMenu/NoSMMyMusic**
@@ -1897,7 +1897,7 @@ If you disable or don't configure this policy setting, the Music icon is availab
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Music icon from Start Menu*
- GP name: *NoSMMyMusic*
- GP path: *Start Menu and Taskbar*
@@ -1908,7 +1908,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSMMyNetworkPlaces**
+**ADMX_StartMenu/NoSMMyNetworkPlaces**
@@ -1944,7 +1944,7 @@ If you disable or don't configure this policy setting, the Network icon is avail
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Network icon from Start Menu*
- GP name: *NoSMMyNetworkPlaces*
- GP path: *Start Menu and Taskbar*
@@ -1955,7 +1955,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSMMyPictures**
+**ADMX_StartMenu/NoSMMyPictures**
@@ -1991,7 +1991,7 @@ If you disable or don't configure this policy setting, the Pictures icon is avai
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Pictures icon from Start Menu*
- GP name: *NoSMMyPictures*
- GP path: *Start Menu and Taskbar*
@@ -2002,7 +2002,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSearchCommInStartMenu**
+**ADMX_StartMenu/NoSearchCommInStartMenu**
@@ -2036,7 +2036,7 @@ If you disable or don't configure this policy, the start menu will search for co
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not search communications*
- GP name: *NoSearchCommInStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -2047,7 +2047,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSearchComputerLinkInStartMenu**
+**ADMX_StartMenu/NoSearchComputerLinkInStartMenu**
@@ -2081,7 +2081,7 @@ If you disable or don't configure this policy, the "See all results" link will b
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Search Computer link*
- GP name: *NoSearchComputerLinkInStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -2092,7 +2092,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSearchEverywhereLinkInStartMenu**
+**ADMX_StartMenu/NoSearchEverywhereLinkInStartMenu**
@@ -2126,7 +2126,7 @@ If you disable or don't configure this policy, a "See more results" link will be
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove See More Results / Search Everywhere link*
- GP name: *NoSearchEverywhereLinkInStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -2137,7 +2137,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSearchFilesInStartMenu**
+**ADMX_StartMenu/NoSearchFilesInStartMenu**
@@ -2171,7 +2171,7 @@ If you disable or don't configure this policy setting, the Start menu will searc
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not search for files*
- GP name: *NoSearchFilesInStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -2182,7 +2182,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSearchInternetInStartMenu**
+**ADMX_StartMenu/NoSearchInternetInStartMenu**
@@ -2216,7 +2216,7 @@ If you disable or don't configure this policy, the start menu will search for in
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not search Internet*
- GP name: *NoSearchInternetInStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -2227,7 +2227,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSearchProgramsInStartMenu**
+**ADMX_StartMenu/NoSearchProgramsInStartMenu**
@@ -2261,7 +2261,7 @@ If you disable or don't configure this policy setting, the Start menu search box
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not search programs and Control Panel items*
- GP name: *NoSearchProgramsInStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -2272,7 +2272,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSetFolders**
+**ADMX_StartMenu/NoSetFolders**
@@ -2312,7 +2312,7 @@ Also, see the "Disable Control Panel," "Disable Display in Control Panel," and "
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove programs on Settings menu*
- GP name: *NoSetFolders*
- GP path: *Start Menu and Taskbar*
@@ -2323,7 +2323,7 @@ ADMX Info:
-**ADMX_StartMenu/NoSetTaskbar**
+**ADMX_StartMenu/NoSetTaskbar**
@@ -2361,7 +2361,7 @@ If you disable or don't configure this policy setting, the Taskbar and Start Men
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent changes to Taskbar and Start Menu Settings*
- GP name: *NoSetTaskbar*
- GP path: *Start Menu and Taskbar*
@@ -2372,7 +2372,7 @@ ADMX Info:
-**ADMX_StartMenu/NoStartMenuDownload**
+**ADMX_StartMenu/NoStartMenuDownload**
@@ -2408,7 +2408,7 @@ If you disable or don't configure this policy setting, the Downloads link is ava
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Downloads link from Start Menu*
- GP name: *NoStartMenuDownload*
- GP path: *Start Menu and Taskbar*
@@ -2419,7 +2419,7 @@ ADMX Info:
-**ADMX_StartMenu/NoStartMenuHomegroup**
+**ADMX_StartMenu/NoStartMenuHomegroup**
@@ -2453,7 +2453,7 @@ If you disable or don't configure this policy, users can use the Start Menu opti
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Homegroup link from Start Menu*
- GP name: *NoStartMenuHomegroup*
- GP path: *Start Menu and Taskbar*
@@ -2464,7 +2464,7 @@ ADMX Info:
-**ADMX_StartMenu/NoStartMenuRecordedTV**
+**ADMX_StartMenu/NoStartMenuRecordedTV**
@@ -2500,7 +2500,7 @@ If you disable or don't configure this policy setting, the Recorded TV link is a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Recorded TV link from Start Menu*
- GP name: *NoStartMenuRecordedTV*
- GP path: *Start Menu and Taskbar*
@@ -2511,7 +2511,7 @@ ADMX Info:
-**ADMX_StartMenu/NoStartMenuSubFolders**
+**ADMX_StartMenu/NoStartMenuSubFolders**
@@ -2551,7 +2551,7 @@ If you disable this setting or don't configure it, Windows 2000 Professional and
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove user's folders from the Start Menu*
- GP name: *NoStartMenuSubFolders*
- GP path: *Start Menu and Taskbar*
@@ -2562,7 +2562,7 @@ ADMX Info:
-**ADMX_StartMenu/NoStartMenuVideos**
+**ADMX_StartMenu/NoStartMenuVideos**
@@ -2598,7 +2598,7 @@ If you disable or don't configure this policy setting, the Videos link is availa
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Videos link from Start Menu*
- GP name: *NoStartMenuVideos*
- GP path: *Start Menu and Taskbar*
@@ -2609,7 +2609,7 @@ ADMX Info:
-**ADMX_StartMenu/NoStartPage**
+**ADMX_StartMenu/NoStartPage**
@@ -2649,7 +2649,7 @@ If you don't configure this setting, the default is the new style, and the user
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Force classic Start Menu*
- GP name: *NoStartPage*
- GP path: *Start Menu and Taskbar*
@@ -2660,7 +2660,7 @@ ADMX Info:
-**ADMX_StartMenu/NoTaskBarClock**
+**ADMX_StartMenu/NoTaskBarClock**
@@ -2696,7 +2696,7 @@ If you disable or don't configure this setting, the default behavior of the cloc
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Clock from the system notification area*
- GP name: *NoTaskBarClock*
- GP path: *Start Menu and Taskbar*
@@ -2707,7 +2707,7 @@ ADMX Info:
-**ADMX_StartMenu/NoTaskGrouping**
+**ADMX_StartMenu/NoTaskGrouping**
@@ -2745,7 +2745,7 @@ If you disable or don't configure it, items on the taskbar that share the same p
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent grouping of taskbar items*
- GP name: *NoTaskGrouping*
- GP path: *Start Menu and Taskbar*
@@ -2756,7 +2756,7 @@ ADMX Info:
-**ADMX_StartMenu/NoToolbarsOnTaskbar**
+**ADMX_StartMenu/NoToolbarsOnTaskbar**
@@ -2794,7 +2794,7 @@ If this setting is disabled or isn't configured, the taskbar displays all toolba
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not display any custom toolbars in the taskbar*
- GP name: *NoToolbarsOnTaskbar*
- GP path: *Start Menu and Taskbar*
@@ -2805,7 +2805,7 @@ ADMX Info:
-**ADMX_StartMenu/NoTrayContextMenu**
+**ADMX_StartMenu/NoTrayContextMenu**
@@ -2843,7 +2843,7 @@ This policy setting doesn't prevent users from using other methods to issue the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove access to the context menus for the taskbar*
- GP name: *NoTrayContextMenu*
- GP path: *Start Menu and Taskbar*
@@ -2854,7 +2854,7 @@ ADMX Info:
-**ADMX_StartMenu/NoTrayItemsDisplay**
+**ADMX_StartMenu/NoTrayItemsDisplay**
@@ -2895,7 +2895,7 @@ If this setting is disabled or isn't configured, the notification area is shown
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide the notification area*
- GP name: *NoTrayItemsDisplay*
- GP path: *Start Menu and Taskbar*
@@ -2906,7 +2906,7 @@ ADMX Info:
-**ADMX_StartMenu/NoUninstallFromStart**
+**ADMX_StartMenu/NoUninstallFromStart**
@@ -2940,7 +2940,7 @@ If you disable this setting or don't configure it, users can access the uninstal
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent users from uninstalling applications from Start*
- GP name: *NoUninstallFromStart*
- GP path: *Start Menu and Taskbar*
@@ -2951,7 +2951,7 @@ ADMX Info:
-**ADMX_StartMenu/NoUserFolderOnStartMenu**
+**ADMX_StartMenu/NoUserFolderOnStartMenu**
@@ -2985,7 +2985,7 @@ If you disable or don't configure this policy, the start menu will display a lin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove user folder link from Start Menu*
- GP name: *NoUserFolderOnStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -2996,7 +2996,7 @@ ADMX Info:
-**ADMX_StartMenu/NoUserNameOnStartMenu**
+**ADMX_StartMenu/NoUserNameOnStartMenu**
@@ -3032,7 +3032,7 @@ If you disable or don't configure this policy setting, the user name label appea
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove user name from Start Menu*
- GP name: *NoUserNameOnStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -3043,7 +3043,7 @@ ADMX Info:
-**ADMX_StartMenu/NoWindowsUpdate**
+**ADMX_StartMenu/NoWindowsUpdate**
@@ -3085,7 +3085,7 @@ Also, see the "Hide the "Add programs from Microsoft" option" policy setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove links and access to Windows Update*
- GP name: *NoWindowsUpdate*
- GP path: *Start Menu and Taskbar*
@@ -3096,7 +3096,7 @@ ADMX Info:
-**ADMX_StartMenu/PowerButtonAction**
+**ADMX_StartMenu/PowerButtonAction**
@@ -3134,7 +3134,7 @@ If you disable or don't configure this setting, the Start Menu power button will
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Change Start Menu power button*
- GP name: *PowerButtonAction*
- GP path: *Start Menu and Taskbar*
@@ -3145,7 +3145,7 @@ ADMX Info:
-**ADMX_StartMenu/QuickLaunchEnabled**
+**ADMX_StartMenu/QuickLaunchEnabled**
@@ -3183,7 +3183,7 @@ If you don't configure this policy setting, then users will be able to turn the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Show QuickLaunch on Taskbar*
- GP name: *QuickLaunchEnabled*
- GP path: *Start Menu and Taskbar*
@@ -3194,7 +3194,7 @@ ADMX Info:
-**ADMX_StartMenu/RemoveUnDockPCButton**
+**ADMX_StartMenu/RemoveUnDockPCButton**
@@ -3228,7 +3228,7 @@ If you disable this setting or don't configure it, the "Undock PC" button remain
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove the "Undock PC" button from the Start Menu*
- GP name: *RemoveUnDockPCButton*
- GP path: *Start Menu and Taskbar*
@@ -3239,7 +3239,7 @@ ADMX Info:
-**ADMX_StartMenu/ShowAppsViewOnStart**
+**ADMX_StartMenu/ShowAppsViewOnStart**
@@ -3275,7 +3275,7 @@ If you disable or don’t configure this policy setting, the Start screen will a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Show the Apps view automatically when the user goes to Start*
- GP name: *ShowAppsViewOnStart*
- GP path: *Start Menu and Taskbar*
@@ -3286,7 +3286,7 @@ ADMX Info:
-**ADMX_StartMenu/ShowRunAsDifferentUserInStart**
+**ADMX_StartMenu/ShowRunAsDifferentUserInStart**
@@ -3325,7 +3325,7 @@ If you disable this setting or don't configure it, users can't access the "Run a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Show "Run as different user" command on Start*
- GP name: *ShowRunAsDifferentUserInStart*
- GP path: *Start Menu and Taskbar*
@@ -3336,7 +3336,7 @@ ADMX Info:
-**ADMX_StartMenu/ShowRunInStartMenu**
+**ADMX_StartMenu/ShowRunInStartMenu**
@@ -3372,7 +3372,7 @@ If the Remove Run link from Start Menu policy is set, the Add the Run command to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Add the Run command to the Start Menu*
- GP name: *ShowRunInStartMenu*
- GP path: *Start Menu and Taskbar*
@@ -3383,7 +3383,7 @@ ADMX Info:
-**ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey**
+**ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey**
@@ -3415,7 +3415,7 @@ ADMX Info:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Show Start on the display the user is using when they press the Windows logo key*
- GP name: *ShowStartOnDisplayWithForegroundOnWinKey*
- GP path: *Start Menu and Taskbar*
@@ -3426,7 +3426,7 @@ ADMX Info:
-**ADMX_StartMenu/StartMenuLogOff**
+**ADMX_StartMenu/StartMenuLogOff**
@@ -3469,7 +3469,7 @@ See also: "Remove Logoff" policy setting in User Configuration\Administrative Te
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Logoff on the Start Menu*
- GP name: *StartMenuLogOff*
- GP path: *Start Menu and Taskbar*
@@ -3480,7 +3480,7 @@ ADMX Info:
-**ADMX_StartMenu/StartPinAppsWhenInstalled**
+**ADMX_StartMenu/StartPinAppsWhenInstalled**
@@ -3513,7 +3513,7 @@ This policy setting allows pinning apps to Start by default, when they're includ
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Pin Apps to Start when installed*
- GP name: *StartPinAppsWhenInstalled*
- GP path: *Start Menu and Taskbar*
diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md
index 4ca5a3d3a1..086a8e4957 100644
--- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md
+++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/13/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_SystemRestore
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_SystemRestore policies
+## ADMX_SystemRestore policies
-
@@ -35,7 +35,7 @@ manager: aaroncz
-**ADMX_SystemRestore/SR_DisableConfig**
+**ADMX_SystemRestore/SR_DisableConfig**
@@ -75,7 +75,7 @@ Also, see the "Turn off System Restore" policy setting. If the "Turn off System
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Configuration*
- GP name: *SR_DisableConfig*
- GP path: *System\System Restore*
diff --git a/windows/client-management/mdm/policy-csp-admx-tabletshell.md b/windows/client-management/mdm/policy-csp-admx-tabletshell.md
index cfc57b2098..cd4acaab78 100644
--- a/windows/client-management/mdm/policy-csp-admx-tabletshell.md
+++ b/windows/client-management/mdm/policy-csp-admx-tabletshell.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/23/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_TabletShell
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_TabletShell policies
+## ADMX_TabletShell policies
-
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_TabletShell/DisableInkball_1**
+**ADMX_TabletShell/DisableInkball_1**
@@ -65,9 +65,9 @@ manager: aaroncz
-This policy setting prevents start of InkBall game.
+This policy setting prevents start of InkBall game.
-If you enable this policy, the InkBall game won't run.
+If you enable this policy, the InkBall game won't run.
If you disable this policy, the InkBall game will run. If you don't configure this policy, the InkBall game will run.
@@ -75,7 +75,7 @@ If you disable this policy, the InkBall game will run. If you don't configure t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow Inkball to run*
- GP name: *DisableInkball_1*
- GP path: *Windows Components\Tablet PC\Accessories*
@@ -87,7 +87,7 @@ ADMX Info:
-**ADMX_TabletShell/DisableNoteWriterPrinting_1**
+**ADMX_TabletShell/DisableNoteWriterPrinting_1**
@@ -113,9 +113,9 @@ ADMX Info:
-This policy setting prevents printing to Journal Note Writer.
+This policy setting prevents printing to Journal Note Writer.
-If you enable this policy, the Journal Note Writer printer driver won't allow printing to it. It will remain displayed in the list of available printers, but attempts to print it will fail.
+If you enable this policy, the Journal Note Writer printer driver won't allow printing to it. It will remain displayed in the list of available printers, but attempts to print it will fail.
If you disable this policy, you'll be able to use this feature to print to a Journal Note. If you don't configure this policy, users will be able to use this feature to print to a Journal Note.
@@ -124,7 +124,7 @@ If you disable this policy, you'll be able to use this feature to print to a Jou
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow printing to Journal Note Writer*
- GP name: *DisableNoteWriterPrinting_1*
- GP path: *Windows Components\Tablet PC\Accessories*
diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md
index 3436685cc9..e1d477a353 100644
--- a/windows/client-management/mdm/policy-csp-admx-taskbar.md
+++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 10/26/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,14 +17,14 @@ manager: aaroncz
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Taskbar policies
+## ADMX_Taskbar policies
-
@@ -99,7 +99,7 @@ manager: aaroncz
-**ADMX_Taskbar/DisableNotificationCenter**
+**ADMX_Taskbar/DisableNotificationCenter**
@@ -139,7 +139,7 @@ If you disable or don't configure this policy setting, Notification and Security
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Notifications and Action Center*
- GP name: *DisableNotificationCenter*
- GP path: *Start Menu and Taskbar*
@@ -150,7 +150,7 @@ ADMX Info:
-**ADMX_Taskbar/EnableLegacyBalloonNotifications**
+**ADMX_Taskbar/EnableLegacyBalloonNotifications**
@@ -180,7 +180,7 @@ This policy disables the functionality that converts balloons to toast notificat
If you enable this policy setting, system and application notifications will render as balloons instead of toast notifications.
-Enable this policy setting if a specific app or system component that uses balloon notifications has compatibility issues with toast notifications.
+Enable this policy setting if a specific app or system component that uses balloon notifications has compatibility issues with toast notifications.
If you disable or don’t configure this policy setting, all notifications will appear as toast notifications.
@@ -190,7 +190,7 @@ If you disable or don’t configure this policy setting, all notifications will
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable showing balloon notifications as toasts.*
- GP name: *EnableLegacyBalloonNotifications*
- GP path: *Start Menu and Taskbar*
@@ -201,7 +201,7 @@ ADMX Info:
-**ADMX_Taskbar/HideSCAHealth**
+**ADMX_Taskbar/HideSCAHealth**
@@ -236,7 +236,7 @@ If you disable or don't configure this policy setting, the Security and Maintena
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove the Security and Maintenance icon*
- GP name: *HideSCAHealth*
- GP path: *Start Menu and Taskbar*
@@ -247,7 +247,7 @@ ADMX Info:
-**ADMX_Taskbar/HideSCANetwork**
+**ADMX_Taskbar/HideSCANetwork**
@@ -282,7 +282,7 @@ If you disable or don't configure this policy setting, the networking icon is di
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove the networking icon*
- GP name: *HideSCANetwork*
- GP path: *Start Menu and Taskbar*
@@ -293,7 +293,7 @@ ADMX Info:
-**ADMX_Taskbar/HideSCAPower**
+**ADMX_Taskbar/HideSCAPower**
@@ -328,7 +328,7 @@ If you disable or don't configure this policy setting, the battery meter is disp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove the battery meter*
- GP name: *HideSCAPower*
- GP path: *Start Menu and Taskbar*
@@ -339,7 +339,7 @@ ADMX Info:
-**ADMX_Taskbar/HideSCAVolume**
+**ADMX_Taskbar/HideSCAVolume**
@@ -374,7 +374,7 @@ If you disable or don't configure this policy setting, the volume control icon i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove the volume control icon*
- GP name: *HideSCAVolume*
- GP path: *Start Menu and Taskbar*
@@ -385,7 +385,7 @@ ADMX Info:
-**ADMX_Taskbar/NoBalloonFeatureAdvertisements**
+**ADMX_Taskbar/NoBalloonFeatureAdvertisements**
@@ -420,7 +420,7 @@ If you disable don't configure this policy setting, feature advertisement balloo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off feature advertisement balloon notifications*
- GP name: *NoBalloonFeatureAdvertisements*
- GP path: *Start Menu and Taskbar*
@@ -431,7 +431,7 @@ ADMX Info:
-**ADMX_Taskbar/NoPinningStoreToTaskbar**
+**ADMX_Taskbar/NoPinningStoreToTaskbar**
@@ -466,7 +466,7 @@ If you disable or don't configure this policy setting, users can pin the Store a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow pinning Store app to the Taskbar*
- GP name: *NoPinningStoreToTaskbar*
- GP path: *Start Menu and Taskbar*
@@ -477,7 +477,7 @@ ADMX Info:
-**ADMX_Taskbar/NoPinningToDestinations**
+**ADMX_Taskbar/NoPinningToDestinations**
@@ -512,7 +512,7 @@ If you disable or don't configure this policy setting, users can pin files, fold
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow pinning items in Jump Lists*
- GP name: *NoPinningToDestinations*
- GP path: *Start Menu and Taskbar*
@@ -523,7 +523,7 @@ ADMX Info:
-**ADMX_Taskbar/NoPinningToTaskbar**
+**ADMX_Taskbar/NoPinningToTaskbar**
@@ -558,7 +558,7 @@ If you disable or don't configure this policy setting, users can change the prog
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow pinning programs to the Taskbar*
- GP name: *NoPinningToTaskbar*
- GP path: *Start Menu and Taskbar*
@@ -570,7 +570,7 @@ ADMX Info:
-**ADMX_Taskbar/NoRemoteDestinations**
+**ADMX_Taskbar/NoRemoteDestinations**
@@ -602,7 +602,7 @@ The Start Menu and Taskbar display Jump Lists off of programs. These menus inclu
If you enable this policy setting, the Start Menu and Taskbar only track the files that the user opens locally on this computer. Files that the user opens over the network from remote computers aren't tracked or shown in the Jump Lists. Use this setting to reduce network traffic, particularly over slow network connections.
-If you disable or don't configure this policy setting, all files that the user opens appear in the menus, including files located remotely on another computer.
+If you disable or don't configure this policy setting, all files that the user opens appear in the menus, including files located remotely on another computer.
> [!NOTE]
> This setting does not prevent Windows from displaying remote files that the user has explicitly pinned to the Jump Lists. See the "Do not allow pinning items in Jump Lists" policy setting.
@@ -611,7 +611,7 @@ If you disable or don't configure this policy setting, all files that the user o
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not display or track items in Jump Lists from remote locations*
- GP name: *NoRemoteDestinations*
- GP path: *Start Menu and Taskbar*
@@ -623,7 +623,7 @@ ADMX Info:
-**ADMX_Taskbar/NoSystraySystemPromotion**
+**ADMX_Taskbar/NoSystraySystemPromotion**
@@ -658,7 +658,7 @@ If you disable or don't configure this policy setting, newly added notification
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off automatic promotion of notification icons to the taskbar*
- GP name: *NoSystraySystemPromotion*
- GP path: *Start Menu and Taskbar*
@@ -670,7 +670,7 @@ ADMX Info:
-**ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar**
+**ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar**
@@ -707,7 +707,7 @@ If you don’t configure this policy setting, the default setting for the user
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Show Windows Store apps on the taskbar*
- GP name: *ShowWindowsStoreAppsOnTaskbar*
- GP path: *Start Menu and Taskbar*
@@ -720,7 +720,7 @@ ADMX Info:
-**ADMX_Taskbar/TaskbarLockAll**
+**ADMX_Taskbar/TaskbarLockAll**
@@ -755,7 +755,7 @@ If you disable or don't configure this policy setting, the user will be able to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Lock all taskbar settings*
- GP name: *TaskbarLockAll*
- GP path: *Start Menu and Taskbar*
@@ -768,7 +768,7 @@ ADMX Info:
-**ADMX_Taskbar/TaskbarNoAddRemoveToolbar**
+**ADMX_Taskbar/TaskbarNoAddRemoveToolbar**
@@ -802,7 +802,7 @@ If you disable or don't configure this policy setting, the users and application
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent users from adding or removing toolbars*
- GP name: *TaskbarNoAddRemoveToolbar*
- GP path: *Start Menu and Taskbar*
@@ -815,7 +815,7 @@ ADMX Info:
-**ADMX_Taskbar/TaskbarNoDragToolbar**
+**ADMX_Taskbar/TaskbarNoDragToolbar**
@@ -849,7 +849,7 @@ If you disable or don't configure this policy setting, users are able to rearran
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent users from rearranging toolbars*
- GP name: *TaskbarNoDragToolbar*
- GP path: *Start Menu and Taskbar*
@@ -861,7 +861,7 @@ ADMX Info:
-**ADMX_Taskbar/TaskbarNoMultimon**
+**ADMX_Taskbar/TaskbarNoMultimon**
@@ -896,7 +896,7 @@ If you disable or don't configure this policy setting, users can show taskbars o
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow taskbars on more than one display*
- GP name: *TaskbarNoMultimon*
- GP path: *Start Menu and Taskbar*
@@ -909,7 +909,7 @@ ADMX Info:
-**ADMX_Taskbar/TaskbarNoNotification**
+**ADMX_Taskbar/TaskbarNoNotification**
@@ -944,7 +944,7 @@ If you disable or don't configure this policy setting, notification balloons are
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off all balloon notifications*
- GP name: *TaskbarNoNotification*
- GP path: *Start Menu and Taskbar*
@@ -955,7 +955,7 @@ ADMX Info:
-**ADMX_Taskbar/TaskbarNoPinnedList**
+**ADMX_Taskbar/TaskbarNoPinnedList**
@@ -990,7 +990,7 @@ If you disable or don't configure this policy setting, users can pin programs so
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove pinned programs from the Taskbar*
- GP name: *TaskbarNoPinnedList*
- GP path: *Start Menu and Taskbar*
@@ -1002,7 +1002,7 @@ ADMX Info:
-**ADMX_Taskbar/TaskbarNoRedock**
+**ADMX_Taskbar/TaskbarNoRedock**
@@ -1038,7 +1038,7 @@ If you disable or don't configure this policy setting, users are able to drag th
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent users from moving taskbar to another screen dock location*
- GP name: *TaskbarNoRedock*
- GP path: *Start Menu and Taskbar*
@@ -1050,7 +1050,7 @@ ADMX Info:
-**ADMX_Taskbar/TaskbarNoResize**
+**ADMX_Taskbar/TaskbarNoResize**
@@ -1085,7 +1085,7 @@ If you disable or don't configure this policy setting, users are able to resize
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent users from resizing the taskbar*
- GP name: *TaskbarNoResize*
- GP path: *Start Menu and Taskbar*
@@ -1097,7 +1097,7 @@ ADMX Info:
-**ADMX_Taskbar/TaskbarNoThumbnail**
+**ADMX_Taskbar/TaskbarNoThumbnail**
@@ -1132,7 +1132,7 @@ If you disable or don't configure this policy setting, the taskbar thumbnails ar
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off taskbar thumbnails*
- GP name: *TaskbarNoThumbnail*
- GP path: *Start Menu and Taskbar*
diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md
index 7ef48341ef..b0ea922bf7 100644
--- a/windows/client-management/mdm/policy-csp-admx-tcpip.md
+++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/23/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,14 +17,14 @@ manager: aaroncz
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_tcpip policies
+## ADMX_tcpip policies
-
@@ -72,7 +72,7 @@ manager: aaroncz
-**ADMX_tcpip/6to4_Router_Name**
+**ADMX_tcpip/6to4_Router_Name**
@@ -107,7 +107,7 @@ If you disable or do not configure this policy setting, the local host setting i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set 6to4 Relay Name*
- GP name: *6to4_Router_Name*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -118,7 +118,7 @@ ADMX Info:
-**ADMX_tcpip/6to4_Router_Name_Resolution_Interval**
+**ADMX_tcpip/6to4_Router_Name_Resolution_Interval**
@@ -153,7 +153,7 @@ If you disable or do not configure this policy setting, the local host setting i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set 6to4 Relay Name Resolution Interval*
- GP name: *6to4_Router_Name_Resolution_Interval*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -164,7 +164,7 @@ ADMX Info:
-**ADMX_tcpip/6to4_State**
+**ADMX_tcpip/6to4_State**
@@ -203,7 +203,7 @@ If you enable this policy setting, you can configure 6to4 with one of the follow
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set 6to4 State*
- GP name: *6to4_State*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -214,7 +214,7 @@ ADMX Info:
-**ADMX_tcpip/IPHTTPS_ClientState**
+**ADMX_tcpip/IPHTTPS_ClientState**
@@ -253,7 +253,7 @@ If you enable this policy setting, you can specify an IP-HTTPS server URL. You w
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set IP-HTTPS State*
- GP name: *IPHTTPS_ClientState*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -264,7 +264,7 @@ ADMX Info:
-**ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State**
+**ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State**
@@ -299,7 +299,7 @@ If you disable this policy setting, IP Stateless Autoconfiguration Limits will b
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set IP Stateless Autoconfiguration Limits State*
- GP name: *IP_Stateless_Autoconfiguration_Limits_State*
- GP path: *Network\TCPIP Settings\Parameters*
@@ -310,7 +310,7 @@ ADMX Info:
-**ADMX_tcpip/ISATAP_Router_Name**
+**ADMX_tcpip/ISATAP_Router_Name**
@@ -345,7 +345,7 @@ If you disable or do not configure this policy setting, the local host setting i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set ISATAP Router Name*
- GP name: *ISATAP_Router_Name*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -356,7 +356,7 @@ ADMX Info:
-**ADMX_tcpip/ISATAP_State**
+**ADMX_tcpip/ISATAP_State**
@@ -395,7 +395,7 @@ If you enable this policy setting, you can configure ISATAP with one of the foll
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set ISATAP State*
- GP name: *ISATAP_State*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -406,7 +406,7 @@ ADMX Info:
-**ADMX_tcpip/Teredo_Client_Port**
+**ADMX_tcpip/Teredo_Client_Port**
@@ -441,7 +441,7 @@ If you disable or do not configure this policy setting, the local host setting i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Teredo Client Port*
- GP name: *Teredo_Client_Port*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -452,7 +452,7 @@ ADMX Info:
-**ADMX_tcpip/Teredo_Default_Qualified**
+**ADMX_tcpip/Teredo_Default_Qualified**
@@ -489,7 +489,7 @@ Policy Enabled State: If Default Qualified is enabled, Teredo will attempt quali
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Teredo Default Qualified*
- GP name: *Teredo_Default_Qualified*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -500,7 +500,7 @@ ADMX Info:
-**ADMX_tcpip/Teredo_Refresh_Rate**
+**ADMX_tcpip/Teredo_Refresh_Rate**
@@ -538,7 +538,7 @@ If you disable or do not configure this policy setting, the refresh rate is conf
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Teredo Refresh Rate*
- GP name: *Teredo_Refresh_Rate*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -549,7 +549,7 @@ ADMX Info:
-**ADMX_tcpip/Teredo_Server_Name**
+**ADMX_tcpip/Teredo_Server_Name**
@@ -584,7 +584,7 @@ If you disable or do not configure this policy setting, the local settings on th
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Teredo Server Name*
- GP name: *Teredo_Server_Name*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -595,7 +595,7 @@ ADMX Info:
-**ADMX_tcpip/Teredo_State**
+**ADMX_tcpip/Teredo_State**
@@ -635,7 +635,7 @@ If you enable this policy setting, you can configure Teredo with one of the foll
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Teredo State*
- GP name: *Teredo_State*
- GP path: *Network\TCPIP Settings\IPv6 Transition Technologies*
@@ -646,7 +646,7 @@ ADMX Info:
-**ADMX_tcpip/Windows_Scaling_Heuristics_State**
+**ADMX_tcpip/Windows_Scaling_Heuristics_State**
@@ -683,7 +683,7 @@ If you disable this policy setting, Window Scaling Heuristics will be disabled a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Window Scaling Heuristics State*
- GP name: *Windows_Scaling_Heuristics_State*
- GP path: *Network\TCPIP Settings\Parameters*
@@ -693,7 +693,7 @@ ADMX Info:
->
+>
diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
index f4dd3f6be6..91eb8371f0 100644
--- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/21/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_TerminalServer
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_TerminalServer policies
+## ADMX_TerminalServer policies
-
@@ -302,7 +302,7 @@ manager: aaroncz
-**ADMX_TerminalServer/TS_AUTO_RECONNECT**
+**ADMX_TerminalServer/TS_AUTO_RECONNECT**
@@ -337,7 +337,7 @@ If the status is set to Disabled, automatic reconnection of clients is prohibite
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Automatic reconnection*
- GP name: *TS_AUTO_RECONNECT*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
@@ -350,7 +350,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CAMERA_REDIRECTION**
+**ADMX_TerminalServer/TS_CAMERA_REDIRECTION**
@@ -376,16 +376,16 @@ ADMX Info:
-This policy setting lets you control the redirection of video capture devices to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services allows redirection of video capture devices.
+This policy setting lets you control the redirection of video capture devices to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services allows redirection of video capture devices.
-If you enable this policy setting, users can't redirect their video capture devices to the remote computer.
+If you enable this policy setting, users can't redirect their video capture devices to the remote computer.
If you disable or don't configure this policy setting, users can redirect their video capture devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the video capture devices to redirect to the remote computer.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow video capture redirection*
- GP name: *TS_CAMERA_REDIRECTION*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -398,7 +398,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY**
+**ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY**
@@ -424,13 +424,13 @@ ADMX Info:
-This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server.
+This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server.
-A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections.
+A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections.
-If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate hasn't been selected.
+If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate hasn't been selected.
-If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected. If you disable or don't configure this policy, the certificate template name isn't specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server.
+If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected. If you disable or don't configure this policy, the certificate template name isn't specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server.
>[!NOTE]
>If you select a specific certificate to be used to authenticate the RD Session Host server, that certificate will take precedence over this policy setting.
@@ -438,7 +438,7 @@ If no certificate can be found that was created with the specified certificate t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Server authentication certificate template*
- GP name: *TS_CERTIFICATE_TEMPLATE_POLICY*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
@@ -451,7 +451,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1**
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1**
@@ -477,7 +477,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1**
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1**
@@ -505,11 +505,11 @@ ADMX Info:
This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store.
-This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying a .rdp file).
+This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying a .rdp file).
-If you enable or don't configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.
+If you enable or don't configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.
-If you disable this policy setting, users can't run .rdp files that are signed with a valid certificate. Additionally, users can't start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked.
+If you disable this policy setting, users can't run .rdp files that are signed with a valid certificate. Additionally, users can't start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked.
>[!NOTE]
>You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected.
@@ -517,7 +517,7 @@ If you disable this policy setting, users can't run .rdp files that are signed w
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow .rdp files from valid publishers and user's default .rdp settings*
- GP name: *TS_CLIENT_ALLOW_SIGNED_FILES_1*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -529,7 +529,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2**
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2**
@@ -555,13 +555,13 @@ ADMX Info:
-This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store.
+This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store.
-This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection (RDC) client without specifying a .rdp file).
+This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection (RDC) client without specifying a .rdp file).
-If you enable or don't configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.
+If you enable or don't configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.
-If you disable this policy setting, users can't run .rdp files that are signed with a valid certificate. Additionally, users can't start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked.
+If you disable this policy setting, users can't run .rdp files that are signed with a valid certificate. Additionally, users can't start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked.
>[!NOTE]
>You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected.
@@ -569,7 +569,7 @@ If you disable this policy setting, users can't run .rdp files that are signed w
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow .rdp files from valid publishers and user's default .rdp settings*
- GP name: *TS_CLIENT_ALLOW_SIGNED_FILES_2*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -582,7 +582,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1**
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1**
@@ -608,16 +608,16 @@ ADMX Info:
-This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.
+This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.
-If you enable or don't configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect.
+If you enable or don't configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect.
If you disable this policy setting, users can't run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow .rdp files from unknown publishers*
- GP name: *TS_CLIENT_ALLOW_UNSIGNED_FILES_1*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -630,7 +630,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2**
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2**
@@ -656,16 +656,16 @@ ADMX Info:
-This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.
+This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.
-If you enable or don't configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect.
+If you enable or don't configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect.
If you disable this policy setting, users can't run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow .rdp files from unknown publishers*
- GP name: *TS_CLIENT_ALLOW_UNSIGNED_FILES_2*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -678,7 +678,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_AUDIO**
+**ADMX_TerminalServer/TS_CLIENT_AUDIO**
@@ -704,20 +704,20 @@ ADMX Info:
-This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.
+This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.
-Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the video playback setting in a Remote Desktop Protocol (.rdp) file. By default, video playback is enabled.
+Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the video playback setting in a Remote Desktop Protocol (.rdp) file. By default, video playback is enabled.
-By default, audio and video playback redirection isn't allowed when connecting to a computer running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003. Audio and video playback redirection is allowed by default when connecting to a computer running Windows 8, Windows Server 2012, Windows 7, Windows Vista, or Windows XP Professional.
+By default, audio and video playback redirection isn't allowed when connecting to a computer running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003. Audio and video playback redirection is allowed by default when connecting to a computer running Windows 8, Windows Server 2012, Windows 7, Windows Vista, or Windows XP Professional.
-If you enable this policy setting, audio and video playback redirection is allowed.
+If you enable this policy setting, audio and video playback redirection is allowed.
If you disable this policy setting, audio and video playback redirection isn't allowed, even if audio playback redirection is specified in RDC, or video playback is specified in the .rdp file. If you don't configure this policy setting, audio and video playback redirection isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow audio and video playback redirection*
- GP name: *TS_CLIENT_AUDIO*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -730,7 +730,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE**
+**ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE**
@@ -758,16 +758,16 @@ ADMX Info:
This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session. Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC).
-Users can record audio by using an audio input device on the local computer, such as a built-in microphone. By default, audio recording redirection isn't allowed when connecting to a computer running Windows Server 2008 R2. Audio recording redirection is allowed by default when connecting to a computer running at least Windows 7, or Windows Server 2008 R2.
+Users can record audio by using an audio input device on the local computer, such as a built-in microphone. By default, audio recording redirection isn't allowed when connecting to a computer running Windows Server 2008 R2. Audio recording redirection is allowed by default when connecting to a computer running at least Windows 7, or Windows Server 2008 R2.
-If you enable this policy setting, audio recording redirection is allowed.
+If you enable this policy setting, audio recording redirection is allowed.
If you disable this policy setting, audio recording redirection isn't allowed, even if audio recording redirection is specified in RDC. If you don't configure this policy setting, Audio recording redirection isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow audio recording redirection*
- GP name: *TS_CLIENT_AUDIO_CAPTURE*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -780,7 +780,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY**
+**ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY**
@@ -808,18 +808,18 @@ ADMX Info:
This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance, particularly over slow links. If you enable this policy setting, you must select one of the following values: High, Medium, or Dynamic. If you select High, the audio will be sent without any compression and with minimum latency. This audio transmission requires a large amount of bandwidth. If you select Medium, the audio will be sent with some compression and with minimum latency as determined by the codec that is being used.
-If you select Dynamic, the audio will be sent with a level of compression that is determined by the bandwidth of the remote connection. The audio playback quality that you specify on the remote computer by using this policy setting is the maximum quality that can be used for a Remote Desktop Services session, regardless of the audio playback quality configured on the client computer.
+If you select Dynamic, the audio will be sent with a level of compression that is determined by the bandwidth of the remote connection. The audio playback quality that you specify on the remote computer by using this policy setting is the maximum quality that can be used for a Remote Desktop Services session, regardless of the audio playback quality configured on the client computer.
-For example, if the audio playback quality configured on the client computer is higher than the audio playback quality configured on the remote computer, the lower level of audio playback quality will be used.
+For example, if the audio playback quality configured on the client computer is higher than the audio playback quality configured on the remote computer, the lower level of audio playback quality will be used.
-Audio playback quality can be configured on the client computer by using the audioqualitymode setting in a Remote Desktop Protocol (.rdp) file. By default, audio playback quality is set to Dynamic.
+Audio playback quality can be configured on the client computer by using the audioqualitymode setting in a Remote Desktop Protocol (.rdp) file. By default, audio playback quality is set to Dynamic.
If you disable or don't configure this policy setting, audio playback quality will be set to Dynamic.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit audio playback quality*
- GP name: *TS_CLIENT_AUDIO_QUALITY*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -832,7 +832,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_CLIPBOARD**
+**ADMX_TerminalServer/TS_CLIENT_CLIPBOARD**
@@ -858,20 +858,20 @@ ADMX Info:
-This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.
+This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.
-You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default, Remote Desktop Services allows Clipboard redirection.
+You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default, Remote Desktop Services allows Clipboard redirection.
-If you enable this policy setting, users can't redirect Clipboard data.
+If you enable this policy setting, users can't redirect Clipboard data.
-If you disable this policy setting, Remote Desktop Services always allows Clipboard redirection.
+If you disable this policy setting, Remote Desktop Services always allows Clipboard redirection.
If you don't configure this policy setting, Clipboard redirection isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow Clipboard redirection*
- GP name: *TS_CLIENT_CLIPBOARD*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -884,7 +884,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_COM**
+**ADMX_TerminalServer/TS_CLIENT_COM**
@@ -910,20 +910,20 @@ ADMX Info:
-This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.
+This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.
-You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they're logged on to a Remote Desktop Services session. By default, Remote Desktop Services allows this COM port redirection.
+You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they're logged on to a Remote Desktop Services session. By default, Remote Desktop Services allows this COM port redirection.
-If you enable this policy setting, users can't redirect server data to the local COM port.
+If you enable this policy setting, users can't redirect server data to the local COM port.
-If you disable this policy setting, Remote Desktop Services always allows COM port redirection.
+If you disable this policy setting, Remote Desktop Services always allows COM port redirection.
If you don't configure this policy setting, COM port redirection isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow COM port redirection*
- GP name: *TS_CLIENT_COM*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -936,7 +936,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_DEFAULT_M**
+**ADMX_TerminalServer/TS_CLIENT_DEFAULT_M**
@@ -962,20 +962,20 @@ ADMX Info:
-This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server.
+This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server.
-By default, Remote Desktop Services automatically designates the client default printer as the default printer in a session on an RD Session Host server. You can use this policy setting to override this behavior.
+By default, Remote Desktop Services automatically designates the client default printer as the default printer in a session on an RD Session Host server. You can use this policy setting to override this behavior.
-If you enable this policy setting, the default printer is the printer specified on the remote computer.
+If you enable this policy setting, the default printer is the printer specified on the remote computer.
-If you disable this policy setting, the RD Session Host server automatically maps the client default printer and sets it as the default printer upon connection.
+If you disable this policy setting, the RD Session Host server automatically maps the client default printer and sets it as the default printer upon connection.
If you don't configure this policy setting, the default printer isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not set default client printer to be default printer in a session*
- GP name: *TS_CLIENT_DEFAULT_M*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
@@ -988,7 +988,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE**
+**ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE**
@@ -1014,16 +1014,16 @@ ADMX Info:
-This policy setting specifies whether the Remote Desktop Connection can use hardware acceleration if supported hardware is available.
+This policy setting specifies whether the Remote Desktop Connection can use hardware acceleration if supported hardware is available.
-If you use this setting, the Remote Desktop Client will use only software decoding. For example, if you've a problem that you suspect may be related to hardware acceleration, use this setting to disable the acceleration; then, if the problem still occurs, you'll know that there are more issues to investigate.
+If you use this setting, the Remote Desktop Client will use only software decoding. For example, if you've a problem that you suspect may be related to hardware acceleration, use this setting to disable the acceleration; then, if the problem still occurs, you'll know that there are more issues to investigate.
If you disable this setting or leave it not configured, the Remote Desktop client will use hardware accelerated decoding if supported hardware is available.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow hardware accelerated decoding*
- GP name: *TS_CLIENT_DISABLE_HARDWARE_MODE*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -1036,7 +1036,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1**
+**ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1**
@@ -1062,7 +1062,7 @@ ADMX Info:
-This policy specifies whether to allow Remote Desktop Connection Controls whether a user can save passwords using Remote Desktop Connection.
+This policy specifies whether to allow Remote Desktop Connection Controls whether a user can save passwords using Remote Desktop Connection.
If you enable this setting, the credential saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When users open an RDP file using Remote Desktop Connection and save their settings, any password that previously existed in the RDP file will be deleted.
@@ -1071,7 +1071,7 @@ If you disable this setting or leave it not configured, the user will be able to
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow passwords to be saved*
- GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_1*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -1084,7 +1084,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_LPT**
+**ADMX_TerminalServer/TS_CLIENT_LPT**
@@ -1110,16 +1110,16 @@ ADMX Info:
-This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session. You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remote Desktop Services allows LPT port redirection.
+This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session. You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remote Desktop Services allows LPT port redirection.
-If you enable this policy setting, users in a Remote Desktop Services session can't redirect server data to the local LPT port.
+If you enable this policy setting, users in a Remote Desktop Services session can't redirect server data to the local LPT port.
If you disable this policy setting, LPT port redirection is always allowed. If you don't configure this policy setting, LPT port redirection isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow LPT port redirection*
- GP name: *TS_CLIENT_LPT*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -1132,7 +1132,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_PNP**
+**ADMX_TerminalServer/TS_CLIENT_PNP**
@@ -1158,11 +1158,11 @@ ADMX Info:
-This policy setting lets you control the redirection of supported Plug and Play and RemoteFX USB devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services doesn't allow redirection of supported Plug and Play and RemoteFX USB devices.
+This policy setting lets you control the redirection of supported Plug and Play and RemoteFX USB devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services doesn't allow redirection of supported Plug and Play and RemoteFX USB devices.
-If you disable this policy setting, users can redirect their supported Plug and Play devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the supported Plug and Play devices to redirect to the remote computer.
+If you disable this policy setting, users can redirect their supported Plug and Play devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the supported Plug and Play devices to redirect to the remote computer.
-If you enable this policy setting, users can't redirect their supported Plug and Play devices to the remote computer. If you don't configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer only if it's running Windows Server 2012 R2 and earlier versions.
+If you enable this policy setting, users can't redirect their supported Plug and Play devices to the remote computer. If you don't configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer only if it's running Windows Server 2012 R2 and earlier versions.
>[!NOTE]
>You can disable redirection of specific types of supported Plug and Play devices by using Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions policy settings.
@@ -1170,7 +1170,7 @@ If you enable this policy setting, users can't redirect their supported Plug and
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow supported Plug and Play device redirection*
- GP name: *TS_CLIENT_PNP*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -1183,7 +1183,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_PRINTER**
+**ADMX_TerminalServer/TS_CLIENT_PRINTER**
@@ -1209,18 +1209,18 @@ ADMX Info:
-This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions. You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default, Remote Desktop Services allows this client printer mapping.
+This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions. You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default, Remote Desktop Services allows this client printer mapping.
-If you enable this policy setting, users can't redirect print jobs from the remote computer to a local client printer in Remote Desktop Services sessions.
+If you enable this policy setting, users can't redirect print jobs from the remote computer to a local client printer in Remote Desktop Services sessions.
-If you disable this policy setting, users can redirect print jobs with client printer mapping.
+If you disable this policy setting, users can redirect print jobs with client printer mapping.
If you don't configure this policy setting, client printer mapping isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow client printer redirection*
- GP name: *TS_CLIENT_PRINTER*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
@@ -1233,7 +1233,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1**
+**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1**
@@ -1259,23 +1259,23 @@ ADMX Info:
-This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.
+This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.
-If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user doesn't receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.
+If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user doesn't receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.
-If you disable or don't configure this policy setting, no publisher is treated as a trusted .rdp publisher.
+If you disable or don't configure this policy setting, no publisher is treated as a trusted .rdp publisher.
>[!NOTE]
->You can define this policy setting in the Computer Configuration node or in the User Configuration node.
+>You can define this policy setting in the Computer Configuration node or in the User Configuration node.
-If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.
+If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.
This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting. If the list contains a string that isn't a certificate thumbprint, it's ignored.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify SHA1 thumbprints of certificates representing trusted .rdp publishers*
- GP name: *TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -1288,7 +1288,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2**
+**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2**
@@ -1314,23 +1314,23 @@ ADMX Info:
-This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.
+This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.
-If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user doesn't receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.
+If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user doesn't receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.
-If you disable or don't configure this policy setting, no publisher is treated as a trusted .rdp publisher.
+If you disable or don't configure this policy setting, no publisher is treated as a trusted .rdp publisher.
>[!NOTE]
->You can define this policy setting in the Computer Configuration node or in the User Configuration node.
+>You can define this policy setting in the Computer Configuration node or in the User Configuration node.
-If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.
+If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.
This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting. If the list contains a string that isn't a certificate thumbprint, it's ignored.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify SHA1 thumbprints of certificates representing trusted .rdp publishers*
- GP name: *TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -1343,7 +1343,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP**
+**ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP**
@@ -1369,16 +1369,16 @@ ADMX Info:
-This policy setting specifies whether the UDP protocol will be used to access servers via Remote Desktop Protocol.
+This policy setting specifies whether the UDP protocol will be used to access servers via Remote Desktop Protocol.
-If you enable this policy setting, Remote Desktop Protocol traffic will only use the TCP protocol.
+If you enable this policy setting, Remote Desktop Protocol traffic will only use the TCP protocol.
If you disable or don't configure this policy setting, Remote Desktop Protocol traffic will attempt to use both TCP and UDP protocols.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn Off UDP On Client*
- GP name: *TS_CLIENT_TURN_OFF_UDP*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -1391,7 +1391,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_COLORDEPTH**
+**ADMX_TerminalServer/TS_COLORDEPTH**
@@ -1417,24 +1417,24 @@ ADMX Info:
-This policy setting allows you to specify the maximum color resolution (color depth) for Remote Desktop Services connections. You can use this policy setting to set a limit on the color depth of any connection that uses RDP. Limiting the color depth can improve connection performance, particularly over slow links, and reduce server load.
+This policy setting allows you to specify the maximum color resolution (color depth) for Remote Desktop Services connections. You can use this policy setting to set a limit on the color depth of any connection that uses RDP. Limiting the color depth can improve connection performance, particularly over slow links, and reduce server load.
-If you enable this policy setting, the color depth that you specify is the maximum color depth allowed for a user's RDP connection. The actual color depth for the connection is determined by the color support available on the client computer. If you select Client Compatible, the highest color depth supported by the client will be used.
+If you enable this policy setting, the color depth that you specify is the maximum color depth allowed for a user's RDP connection. The actual color depth for the connection is determined by the color support available on the client computer. If you select Client Compatible, the highest color depth supported by the client will be used.
-If you disable or don't configure this policy setting, the color depth for connections isn't specified at the Group Policy level.
+If you disable or don't configure this policy setting, the color depth for connections isn't specified at the Group Policy level.
>[!NOTE]
-> 1. Setting the color depth to 24 bits is only supported on Windows Server 2003 and Windows XP Professional.
->2. The value specified in this policy setting isn't applied to connections from client computers that are using at least Remote Desktop Protocol 8.0 (computers running at least Windows 8 or Windows Server 2012). The 32-bit color depth format is always used for these connections.
->3. For connections from client computers that are using Remote Desktop Protocol 7.1 or earlier versions that are connecting to computers running at least Windows 8 or Windows Server 2012, the minimum of the following values is used as the color depth format:
-> - a. Value specified by this policy setting
-> - b. Maximum color depth supported by the client
+> 1. Setting the color depth to 24 bits is only supported on Windows Server 2003 and Windows XP Professional.
+>2. The value specified in this policy setting isn't applied to connections from client computers that are using at least Remote Desktop Protocol 8.0 (computers running at least Windows 8 or Windows Server 2012). The 32-bit color depth format is always used for these connections.
+>3. For connections from client computers that are using Remote Desktop Protocol 7.1 or earlier versions that are connecting to computers running at least Windows 8 or Windows Server 2012, the minimum of the following values is used as the color depth format:
+> - a. Value specified by this policy setting
+> - b. Maximum color depth supported by the client
> - c. Value requested by the client If the client doesn't support at least 16 bits, the connection is terminated.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit maximum color depth*
- GP name: *TS_COLORDEPTH*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -1447,7 +1447,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES**
+**ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES**
@@ -1473,21 +1473,21 @@ ADMX Info:
-This policy setting allows you to limit the size of the entire roaming user profile cache on the local drive. This policy setting only applies to a computer on which the Remote Desktop Session Host role service is installed.
+This policy setting allows you to limit the size of the entire roaming user profile cache on the local drive. This policy setting only applies to a computer on which the Remote Desktop Session Host role service is installed.
>[!NOTE]
->If you want to limit the size of an individual user profile, use the "Limit profile size" policy setting located in User Configuration\Policies\Administrative Templates\System\User Profiles.
+>If you want to limit the size of an individual user profile, use the "Limit profile size" policy setting located in User Configuration\Policies\Administrative Templates\System\User Profiles.
If you enable this policy setting, you must specify a monitoring interval (in minutes) and a maximum size (in gigabytes) for the entire roaming user profile cache. The monitoring interval determines how often the size of the entire roaming user profile cache is checked.
-When the size of the entire roaming user profile cache exceeds the maximum size that you've specified, the oldest (least recently used) roaming user profiles will be deleted until the size of the entire roaming user profile cache is less than the maximum size specified.
+When the size of the entire roaming user profile cache exceeds the maximum size that you've specified, the oldest (least recently used) roaming user profiles will be deleted until the size of the entire roaming user profile cache is less than the maximum size specified.
If you disable or don't configure this policy setting, no restriction is placed on the size of the entire roaming user profile cache on the local drive. Note: This policy setting is ignored if the "Prevent Roaming Profile changes from propagating to the server" policy setting located in Computer Configuration\Policies\Administrative Templates\System\User Profiles is enabled.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit the size of the entire roaming user profile cache*
- GP name: *TS_DELETE_ROAMING_USER_PROFILES*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles*
@@ -1500,7 +1500,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER**
+**ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER**
@@ -1526,18 +1526,18 @@ ADMX Info:
-This policy specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services.
+This policy specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services.
-You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default, Windows XP Professional displays wallpaper to remote clients connecting through Remote Desktop, depending on the client configuration (see the Experience tab in the Remote Desktop Connection options for more information). Servers running Windows Server 2003 don't display wallpaper by default to Remote Desktop Services sessions.
+You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default, Windows XP Professional displays wallpaper to remote clients connecting through Remote Desktop, depending on the client configuration (see the Experience tab in the Remote Desktop Connection options for more information). Servers running Windows Server 2003 don't display wallpaper by default to Remote Desktop Services sessions.
-If the status is set to Enabled, wallpaper never appears in a Remote Desktop Services session.
+If the status is set to Enabled, wallpaper never appears in a Remote Desktop Services session.
If the status is set to Disabled, wallpaper might appear in a Remote Desktop Services session, depending on the client configuration. If the status is set to Not Configured, the default behavior applies.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enforce Removal of Remote Desktop Wallpaper*
- GP name: *TS_DISABLE_REMOTE_DESKTOP_WALLPAPER*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -1549,7 +1549,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU**
+**ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU**
@@ -1575,11 +1575,11 @@ ADMX Info:
-This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions. If you enable this policy setting, all Remote Desktop Services sessions use the hardware graphics renderer instead of the Microsoft Basic Render Driver as the default adapter.
+This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions. If you enable this policy setting, all Remote Desktop Services sessions use the hardware graphics renderer instead of the Microsoft Basic Render Driver as the default adapter.
-If you disable this policy setting, all Remote Desktop Services sessions use the Microsoft Basic Render Driver as the default adapter.
+If you disable this policy setting, all Remote Desktop Services sessions use the Microsoft Basic Render Driver as the default adapter.
-If you don't configure this policy setting, Remote Desktop Services sessions on the RD Session Host server use the Microsoft Basic Render Driver as the default adapter. In all other cases, Remote Desktop Services sessions use the hardware graphics renderer by default.
+If you don't configure this policy setting, Remote Desktop Services sessions on the RD Session Host server use the Microsoft Basic Render Driver as the default adapter. In all other cases, Remote Desktop Services sessions use the hardware graphics renderer by default.
>[!NOTE]
>The policy setting enables load-balancing of graphics processing units (GPU) on a computer with more than one GPU installed. The GPU configuration of the local session isn't affected by this policy setting.
@@ -1587,7 +1587,7 @@ If you don't configure this policy setting, Remote Desktop Services sessions on
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use hardware graphics adapters for all Remote Desktop Services sessions*
- GP name: *TS_DX_USE_FULL_HWGPU*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -1600,7 +1600,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_EASY_PRINT**
+**ADMX_TerminalServer/TS_EASY_PRINT**
@@ -1626,11 +1626,11 @@ ADMX Info:
-This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers.
+This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers.
-If you enable or don't configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver can't be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server doesn't have a printer driver that matches the client printer, the client printer isn't available for the Remote Desktop session.
+If you enable or don't configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver can't be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server doesn't have a printer driver that matches the client printer, the client printer isn't available for the Remote Desktop session.
-If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server doesn't have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver can't be used, the client printer isn't available for the Remote Desktop Services session.
+If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server doesn't have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver can't be used, the client printer isn't available for the Remote Desktop Services session.
>[!NOTE]
>If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored.
@@ -1638,7 +1638,7 @@ If you disable this policy setting, the RD Session Host server tries to find a s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use Remote Desktop Easy Print printer driver first*
- GP name: *TS_EASY_PRINT*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
@@ -1651,7 +1651,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_EASY_PRINT_User**
+**ADMX_TerminalServer/TS_EASY_PRINT_User**
@@ -1677,11 +1677,11 @@ ADMX Info:
-This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers.
+This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers.
-If you enable or don't configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver can't be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server doesn't have a printer driver that matches the client printer, the client printer isn't available for the Remote Desktop session.
+If you enable or don't configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver can't be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server doesn't have a printer driver that matches the client printer, the client printer isn't available for the Remote Desktop session.
-If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server doesn't have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver can't be used, the client printer isn't available for the Remote Desktop Services session.
+If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server doesn't have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver can't be used, the client printer isn't available for the Remote Desktop Services session.
>[!NOTE]
>If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored.
@@ -1689,7 +1689,7 @@ If you disable this policy setting, the RD Session Host server tries to find a s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use Remote Desktop Easy Print printer driver first*
- GP name: *TS_EASY_PRINT_User*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
@@ -1702,7 +1702,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_EnableVirtualGraphics**
+**ADMX_TerminalServer/TS_EnableVirtualGraphics**
@@ -1728,20 +1728,20 @@ ADMX Info:
-This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server. When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs).
+This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server. When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs).
-By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1. When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme.
+By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1. When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme.
-If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1.
+If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1.
-If you disable this policy setting, RemoteFX will be disabled.
+If you disable this policy setting, RemoteFX will be disabled.
If you don't configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure RemoteFX*
- GP name: *TS_EnableVirtualGraphics*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
@@ -1754,7 +1754,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE**
+**ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE**
@@ -1780,16 +1780,16 @@ ADMX Info:
-This policy setting allows you to specify the RD Session Host server fallback printer driver behavior. By default, the RD Session Host server fallback printer driver is disabled. If the RD Session Host server doesn't have a printer driver that matches the client's printer, no printer will be available for the Remote Desktop Services session.
+This policy setting allows you to specify the RD Session Host server fallback printer driver behavior. By default, the RD Session Host server fallback printer driver is disabled. If the RD Session Host server doesn't have a printer driver that matches the client's printer, no printer will be available for the Remote Desktop Services session.
-If you enable this policy setting, the fallback printer driver is enabled, and the default behavior is for the RD Session Host server to find a suitable printer driver. If one isn't found, the client's printer isn't available. You can choose to change this default behavior. The available options are:
+If you enable this policy setting, the fallback printer driver is enabled, and the default behavior is for the RD Session Host server to find a suitable printer driver. If one isn't found, the client's printer isn't available. You can choose to change this default behavior. The available options are:
-- **Do nothing if one is not found** - If there's a printer driver mismatch, the server will attempt to find a suitable driver. If one isn't found, the client's printer isn't available. This behavior is the default behavior.
-- **Default to PCL if one is not found** - If no suitable printer driver can be found, default to the Printer Control Language (PCL) fallback printer driver.
-- **Default to PS if one is not found**- If no suitable printer driver can be found, default to the PostScript (PS) fallback printer driver.
-- **Show both PCL and PS if one is not found**- If no suitable driver can be found, show both PS and PCL-based fallback printer drivers.
+- **Do nothing if one is not found** - If there's a printer driver mismatch, the server will attempt to find a suitable driver. If one isn't found, the client's printer isn't available. This behavior is the default behavior.
+- **Default to PCL if one is not found** - If no suitable printer driver can be found, default to the Printer Control Language (PCL) fallback printer driver.
+- **Default to PS if one is not found**- If no suitable printer driver can be found, default to the PostScript (PS) fallback printer driver.
+- **Show both PCL and PS if one is not found**- If no suitable driver can be found, show both PS and PCL-based fallback printer drivers.
-If you disable this policy setting, the RD Session Host server fallback driver is disabled and the RD Session Host server won't attempt to use the fallback printer driver. If you don't configure this policy setting, the fallback printer driver behavior is off by default.
+If you disable this policy setting, the RD Session Host server fallback driver is disabled and the RD Session Host server won't attempt to use the fallback printer driver. If you don't configure this policy setting, the fallback printer driver behavior is off by default.
>[!NOTE]
>If the **Do not allow client printer redirection** setting is enabled, this policy setting is ignored and the fallback printer driver is disabled.
@@ -1797,7 +1797,7 @@ If you disable this policy setting, the RD Session Host server fallback driver i
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify RD Session Host server fallback printer driver behavior*
- GP name: *TS_FALLBACKPRINTDRIVERTYPE*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
@@ -1810,7 +1810,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_FORCIBLE_LOGOFF**
+**ADMX_TerminalServer/TS_FORCIBLE_LOGOFF**
@@ -1836,11 +1836,11 @@ ADMX Info:
-This policy setting determines whether an administrator attempting to connect remotely to the console of a server can sign out an administrator currently signed in to the console. This policy is useful when the currently connected administrator doesn't want to be signed out by another administrator. If the connected administrator is signed out, any data not previously saved is lost.
+This policy setting determines whether an administrator attempting to connect remotely to the console of a server can sign out an administrator currently signed in to the console. This policy is useful when the currently connected administrator doesn't want to be signed out by another administrator. If the connected administrator is signed out, any data not previously saved is lost.
-If you enable this policy setting, signing out the connected administrator isn't allowed.
+If you enable this policy setting, signing out the connected administrator isn't allowed.
-If you disable or don't configure this policy setting, signing out the connected administrator is allowed.
+If you disable or don't configure this policy setting, signing out the connected administrator is allowed.
>[!NOTE]
>The console session is also known as Session 0. Console access can be obtained by using the /console switch from Remote Desktop Connection in the computer field name or from the command line.
@@ -1848,7 +1848,7 @@ If you disable or don't configure this policy setting, signing out the connected
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Deny logoff of an administrator logged in to the console session*
- GP name: *TS_FORCIBLE_LOGOFF*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
@@ -1913,7 +1913,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD**
+**ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD**
@@ -1939,11 +1939,11 @@ ADMX Info:
-This policy specifies the authentication method that clients must use when attempting to connect to an RD Session Host server through an RD Gateway server. You can enforce this policy setting or you can allow users to overwrite this policy setting.
+This policy specifies the authentication method that clients must use when attempting to connect to an RD Session Host server through an RD Gateway server. You can enforce this policy setting or you can allow users to overwrite this policy setting.
-By default, when you enable this policy setting, it's enforced. When this policy setting is enforced, users can't override this setting, even if they select the "Use these RD Gateway server settings" option on the client.
+By default, when you enable this policy setting, it's enforced. When this policy setting is enforced, users can't override this setting, even if they select the "Use these RD Gateway server settings" option on the client.
-To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. When you enable this setting, users can specify an alternate authentication method by configuring settings on the client, using an RDP file, or using an HTML script. If users don't specify an alternate authentication method, the authentication method that you specify in this policy setting is used by default.
+To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. When you enable this setting, users can specify an alternate authentication method by configuring settings on the client, using an RDP file, or using an HTML script. If users don't specify an alternate authentication method, the authentication method that you specify in this policy setting is used by default.
If you disable or don't configure this policy setting, the authentication method that is specified by the user is used, if one is specified. If an authentication method isn't specified, the Negotiate protocol that is enabled on the client or a smart card can be used for authentication.
@@ -1952,7 +1952,7 @@ If you disable or don't configure this policy setting, the authentication method
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set RD Gateway authentication method*
- GP name: *TS_GATEWAY_POLICY_AUTH_METHOD*
- GP path: *Windows Components\Remote Desktop Services\RD Gateway*
@@ -1963,7 +1963,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER**
+**ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER**
@@ -1989,16 +1989,16 @@ ADMX Info:
-This policy specifies the address of the RD Gateway server that clients must use when attempting to connect to an RD Session Host server. You can enforce this policy setting or you can allow users to overwrite this policy setting.
+This policy specifies the address of the RD Gateway server that clients must use when attempting to connect to an RD Session Host server. You can enforce this policy setting or you can allow users to overwrite this policy setting.
-By default, when you enable this policy setting, it's enforced. When this policy setting is enforced, users can't override this setting, even if they select the "Use these RD Gateway server settings" option on the client.
+By default, when you enable this policy setting, it's enforced. When this policy setting is enforced, users can't override this setting, even if they select the "Use these RD Gateway server settings" option on the client.
>[!NOTE]
->It's highly recommended that you also specify the authentication method by using the **Set RD Gateway authentication method** policy setting. If you don't specify an authentication method by using this setting, either the NTLM protocol that is enabled on the client or a smart card can be used.
+>It's highly recommended that you also specify the authentication method by using the **Set RD Gateway authentication method** policy setting. If you don't specify an authentication method by using this setting, either the NTLM protocol that is enabled on the client or a smart card can be used.
-To allow users to overwrite the **Set RD Gateway server address** policy setting and connect to another RD Gateway server, you must select the **Allow users to change this setting** check box and users will be allowed to specify an alternate RD Gateway server.
+To allow users to overwrite the **Set RD Gateway server address** policy setting and connect to another RD Gateway server, you must select the **Allow users to change this setting** check box and users will be allowed to specify an alternate RD Gateway server.
-Users can specify an alternative RD Gateway server by configuring settings on the client, using an RDP file, or using an HTML script. If users don't specify an alternate RD Gateway server, the server that you specify in this policy setting is used by default.
+Users can specify an alternative RD Gateway server by configuring settings on the client, using an RDP file, or using an HTML script. If users don't specify an alternate RD Gateway server, the server that you specify in this policy setting is used by default.
>[!NOTE]
>If you disable or don't configure this policy setting, but enable the **Enable connections through RD Gateway** policy setting, client connection attempts to any remote computer will fail, if the client can't connect directly to the remote computer. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server.
@@ -2006,7 +2006,7 @@ Users can specify an alternative RD Gateway server by configuring settings on th
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set RD Gateway server address*
- GP name: *TS_GATEWAY_POLICY_SERVER*
- GP path: *Windows Components\Remote Desktop Services\RD Gateway*
@@ -2018,7 +2018,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY**
+**ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY**
@@ -2044,22 +2044,22 @@ ADMX Info:
-This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Connection Broker tracks user sessions and allows a user to reconnect to their existing session in a load-balanced RD Session Host server farm. To participate in RD Connection Broker, the Remote Desktop Session Host role service must be installed on the server.
+This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Connection Broker tracks user sessions and allows a user to reconnect to their existing session in a load-balanced RD Session Host server farm. To participate in RD Connection Broker, the Remote Desktop Session Host role service must be installed on the server.
-If the policy setting is enabled, the RD Session Host server joins the farm that is specified in the RD Connection Broker farm name policy setting. The farm exists on the RD Connection Broker server that is specified in the Configure RD Connection Broker server name policy setting.
+If the policy setting is enabled, the RD Session Host server joins the farm that is specified in the RD Connection Broker farm name policy setting. The farm exists on the RD Connection Broker server that is specified in the Configure RD Connection Broker server name policy setting.
-If you disable this policy setting, the server doesn't join a farm in RD Connection Broker, and user session tracking isn't performed. If the policy setting is disabled, you can't use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to RD Connection Broker.
+If you disable this policy setting, the server doesn't join a farm in RD Connection Broker, and user session tracking isn't performed. If the policy setting is disabled, you can't use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to RD Connection Broker.
-If the policy setting isn't configured, the policy setting isn't specified at the Group Policy level.
+If the policy setting isn't configured, the policy setting isn't specified at the Group Policy level.
->[!NOTE]
->1. If you enable this policy setting, you must also enable the Configure RD Connection Broker farm name and Configure RD Connection Broker server name policy settings.
+>[!NOTE]
+>1. If you enable this policy setting, you must also enable the Configure RD Connection Broker farm name and Configure RD Connection Broker server name policy settings.
>2. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Join RD Connection Broker*
- GP name: *TS_JOIN_SESSION_DIRECTORY*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
@@ -2072,7 +2072,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_KEEP_ALIVE**
+**ADMX_TerminalServer/TS_KEEP_ALIVE**
@@ -2098,18 +2098,18 @@ ADMX Info:
-This policy setting allows you to enter a keep-alive interval to ensure that the session state on the RD Session Host server is consistent with the client state.
+This policy setting allows you to enter a keep-alive interval to ensure that the session state on the RD Session Host server is consistent with the client state.
-After an RD Session Host server client loses the connection to an RD Session Host server, the session on the RD Session Host server might remain active instead of changing to a disconnected state, even if the client is physically disconnected from the RD Session Host server. If the client signs in to the same RD Session Host server again, a new session might be established (if the RD Session Host server is configured to allow multiple sessions), and the original session might still be active.
+After an RD Session Host server client loses the connection to an RD Session Host server, the session on the RD Session Host server might remain active instead of changing to a disconnected state, even if the client is physically disconnected from the RD Session Host server. If the client signs in to the same RD Session Host server again, a new session might be established (if the RD Session Host server is configured to allow multiple sessions), and the original session might still be active.
-If you enable this policy setting, you must enter a keep-alive interval. The keep-alive interval determines how often, in minutes, the server checks the session state. The range of values you can enter is 1 to 999,999.
+If you enable this policy setting, you must enter a keep-alive interval. The keep-alive interval determines how often, in minutes, the server checks the session state. The range of values you can enter is 1 to 999,999.
If you disable or don't configure this policy setting, a keep-alive interval isn't set and the server won't check the session state.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure keep-alive connection interval*
- GP name: *TS_KEEP_ALIVE*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
@@ -2122,7 +2122,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_LICENSE_SECGROUP**
+**ADMX_TerminalServer/TS_LICENSE_SECGROUP**
@@ -2148,13 +2148,13 @@ ADMX Info:
-This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs).
+This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs).
-You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default, a license server issues an RDS CAL to any RD Session Host server that requests one.
+You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default, a license server issues an RDS CAL to any RD Session Host server that requests one.
-If you enable this policy setting and this policy setting is applied to a Remote Desktop license server, the license server will only respond to RDS CAL requests from RD Session Host servers whose computer accounts are a member of the RDS Endpoint Servers group on the license server. By default, the RDS Endpoint Servers group is empty.
+If you enable this policy setting and this policy setting is applied to a Remote Desktop license server, the license server will only respond to RDS CAL requests from RD Session Host servers whose computer accounts are a member of the RDS Endpoint Servers group on the license server. By default, the RDS Endpoint Servers group is empty.
-If you disable or don't configure this policy setting, the Remote Desktop license server issues an RDS CAL to any RD Session Host server that requests one. The RDS Endpoint Servers group isn't deleted or changed in any way by disabling or not configuring this policy setting.
+If you disable or don't configure this policy setting, the Remote Desktop license server issues an RDS CAL to any RD Session Host server that requests one. The RDS Endpoint Servers group isn't deleted or changed in any way by disabling or not configuring this policy setting.
>[!NOTE]
>You should only enable this policy setting when the license server is a member of a domain. You can only add computer accounts for RD Session Host servers to the RDS Endpoint Servers group when the license server is a member of a domain.
@@ -2162,7 +2162,7 @@ If you disable or don't configure this policy setting, the Remote Desktop licens
-ADMX Info:
+ADMX Info:
- GP Friendly name: *License server security group*
- GP name: *TS_LICENSE_SECGROUP*
- GP path: *Windows Components\Remote Desktop Services\RD Licensing*
@@ -2175,7 +2175,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_LICENSE_SERVERS**
+**ADMX_TerminalServer/TS_LICENSE_SERVERS**
@@ -2201,20 +2201,20 @@ ADMX Info:
-This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers.
+This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers.
-If you enable this policy setting, an RD Session Host server first attempts to locate the specified license servers. If the specified license servers can't be located, the RD Session Host server will attempt automatic license server discovery.
+If you enable this policy setting, an RD Session Host server first attempts to locate the specified license servers. If the specified license servers can't be located, the RD Session Host server will attempt automatic license server discovery.
+
+In the automatic license server discovery process, an RD Session Host server in a Windows Server-based domain attempts to contact a license server in the following order:
+1. Remote Desktop license servers that are published in Active Directory Domain Services.
+2. Remote Desktop license servers that are installed on domain controllers in the same domain as the RD Session Host server.
-In the automatic license server discovery process, an RD Session Host server in a Windows Server-based domain attempts to contact a license server in the following order:
-1. Remote Desktop license servers that are published in Active Directory Domain Services.
-2. Remote Desktop license servers that are installed on domain controllers in the same domain as the RD Session Host server.
-
1If you disable or don't configure this policy setting, the RD Session Host server doesn't specify a license server at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use the specified Remote Desktop license servers*
- GP name: *TS_LICENSE_SERVERS*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing*
@@ -2227,7 +2227,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_LICENSE_TOOLTIP**
+**ADMX_TerminalServer/TS_LICENSE_TOOLTIP**
@@ -2253,18 +2253,18 @@ ADMX Info:
-This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server.
+This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server.
-By default, notifications are displayed on an RD Session Host server after you sign in as a local administrator, if there are problems with RD Licensing that affect the RD Session Host server. If applicable, a notification will also be displayed that notes the number of days until the licensing grace period for the RD Session Host server will expire.
+By default, notifications are displayed on an RD Session Host server after you sign in as a local administrator, if there are problems with RD Licensing that affect the RD Session Host server. If applicable, a notification will also be displayed that notes the number of days until the licensing grace period for the RD Session Host server will expire.
-If you enable this policy setting, these notifications won't be displayed on the RD Session Host server.
+If you enable this policy setting, these notifications won't be displayed on the RD Session Host server.
If you disable or don't configure this policy setting, these notifications will be displayed on the RD Session Host server after you sign in as a local administrator.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide notifications about RD Licensing problems that affect the RD Session Host server*
- GP name: *TS_LICENSE_TOOLTIP*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing*
@@ -2277,7 +2277,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_LICENSING_MODE**
+**ADMX_TerminalServer/TS_LICENSING_MODE**
@@ -2303,21 +2303,21 @@ ADMX Info:
-This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.
+This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.
-You can use this policy setting to select one of three licensing modes: Per User, Per Device, and Azure Active Directory Per User.
-- Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL issued from an RD Licensing server.
-- Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL issued from an RD Licensing server.
-- Azure AD Per User licensing mode requires that each user account connecting to this RD Session Host server have a service plan that supports RDS licenses assigned in Azure AD.
+You can use this policy setting to select one of three licensing modes: Per User, Per Device, and Azure Active Directory Per User.
+- Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL issued from an RD Licensing server.
+- Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL issued from an RD Licensing server.
+- Azure AD Per User licensing mode requires that each user account connecting to this RD Session Host server have a service plan that supports RDS licenses assigned in Azure AD.
-If you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server and RD Session Host.
+If you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server and RD Session Host.
If you disable or don't configure this policy setting, the licensing mode isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set the Remote Desktop licensing mode*
- GP name: *TS_LICENSING_MODE*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing*
@@ -2330,7 +2330,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_MAX_CON_POLICY**
+**ADMX_TerminalServer/TS_MAX_CON_POLICY**
@@ -2356,23 +2356,23 @@ ADMX Info:
-This policy specifies whether Remote Desktop Services limits the number of simultaneous connections to the server. You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded, other users who try to connect receive an error message telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer sessions are demanding system resources.
+This policy specifies whether Remote Desktop Services limits the number of simultaneous connections to the server. You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded, other users who try to connect receive an error message telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer sessions are demanding system resources.
-By default, RD Session Host servers allow an unlimited number of Remote Desktop Services sessions, and Remote Desktop for Administration allows two Remote Desktop Services sessions.
+By default, RD Session Host servers allow an unlimited number of Remote Desktop Services sessions, and Remote Desktop for Administration allows two Remote Desktop Services sessions.
-To use this setting, enter the number of connections you want to specify as the maximum for the server. To specify an unlimited number of connections, type 999999.
+To use this setting, enter the number of connections you want to specify as the maximum for the server. To specify an unlimited number of connections, type 999999.
-If the status is set to Enabled, the maximum number of connections is limited to the specified number consistent with the version of Windows and the mode of Remote Desktop Services running on the server.
+If the status is set to Enabled, the maximum number of connections is limited to the specified number consistent with the version of Windows and the mode of Remote Desktop Services running on the server.
-If the status is set to Disabled or Not Configured, limits to the number of connections aren't enforced at the Group Policy level.
+If the status is set to Disabled or Not Configured, limits to the number of connections aren't enforced at the Group Policy level.
->[!NOTE]
+>[!NOTE]
>This setting is designed to be used on RD Session Host servers (that is, on servers running Windows with Remote Desktop Session Host role service installed).
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit number of connections*
- GP name: *TS_MAX_CON_POLICY*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
@@ -2385,7 +2385,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_MAXDISPLAYRES**
+**ADMX_TerminalServer/TS_MAXDISPLAYRES**
@@ -2411,16 +2411,16 @@ ADMX Info:
-This policy setting allows you to specify the maximum display resolution that can be used by each monitor used to display a Remote Desktop Services session. Limiting the resolution used to display a remote session can improve connection performance, particularly over slow links, and reduce server load.
+This policy setting allows you to specify the maximum display resolution that can be used by each monitor used to display a Remote Desktop Services session. Limiting the resolution used to display a remote session can improve connection performance, particularly over slow links, and reduce server load.
-If you enable this policy setting, you must specify a resolution width and height. The resolution specified will be the maximum resolution that can be used by each monitor used to display a Remote Desktop Services session.
+If you enable this policy setting, you must specify a resolution width and height. The resolution specified will be the maximum resolution that can be used by each monitor used to display a Remote Desktop Services session.
If you disable or don't configure this policy setting, the maximum resolution that can be used by each monitor to display a Remote Desktop Services session will be determined by the values specified on the Display Settings tab in the Remote Desktop Session Host Configuration tool.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit maximum display resolution*
- GP name: *TS_MAXDISPLAYRES*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -2433,7 +2433,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_MAXMONITOR**
+**ADMX_TerminalServer/TS_MAXMONITOR**
@@ -2459,16 +2459,16 @@ ADMX Info:
-This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance, particularly over slow links, and reduce server load.
+This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance, particularly over slow links, and reduce server load.
-If you enable this policy setting, you can specify the number of monitors that can be used to display a Remote Desktop Services session. You can specify a number from 1 to 16.
+If you enable this policy setting, you can specify the number of monitors that can be used to display a Remote Desktop Services session. You can specify a number from 1 to 16.
If you disable or don't configure this policy setting, the number of monitors that can be used to display a Remote Desktop Services session isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit number of monitors*
- GP name: *TS_MAXMONITOR*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -2481,7 +2481,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_NoDisconnectMenu**
+**ADMX_TerminalServer/TS_NoDisconnectMenu**
@@ -2507,21 +2507,21 @@ ADMX Info:
-This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions. You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server.
+This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions. You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server.
-If you enable this policy setting, "Disconnect" doesn't appear as an option in the drop-down list in the Shut Down Windows dialog box.
+If you enable this policy setting, "Disconnect" doesn't appear as an option in the drop-down list in the Shut Down Windows dialog box.
-If you disable or don't configure this policy setting, "Disconnect" isn't removed from the list in the Shut Down Windows dialog box.
+If you disable or don't configure this policy setting, "Disconnect" isn't removed from the list in the Shut Down Windows dialog box.
>[!NOTE]
->This policy setting affects only the Shut Down Windows dialog box. It doesn't prevent users from using other methods to disconnect from a Remote Desktop Services session.
+>This policy setting affects only the Shut Down Windows dialog box. It doesn't prevent users from using other methods to disconnect from a Remote Desktop Services session.
This policy setting also doesn't prevent disconnected sessions at the server. You can control how long a disconnected session remains active on the server by configuring the **Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Session Time Limits\Set time limit for disconnected sessions** policy setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove "Disconnect" option from Shut Down dialog*
- GP name: *TS_NoDisconnectMenu*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -2534,7 +2534,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_NoSecurityMenu**
+**ADMX_TerminalServer/TS_NoSecurityMenu**
@@ -2560,16 +2560,16 @@ ADMX Info:
-This policy specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently.
+This policy specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently.
-If the status is set to Enabled, Windows Security doesn't appear in Settings on the Start menu. As a result, users must type a security attention sequence, such as CTRL+ALT+END, to open the Windows Security dialog box on the client computer.
+If the status is set to Enabled, Windows Security doesn't appear in Settings on the Start menu. As a result, users must type a security attention sequence, such as CTRL+ALT+END, to open the Windows Security dialog box on the client computer.
If the status is set to Disabled or Not Configured, Windows Security remains in the Settings menu.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Windows Security item from Start menu*
- GP name: *TS_NoSecurityMenu*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -2582,7 +2582,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_PreventLicenseUpgrade**
+**ADMX_TerminalServer/TS_PreventLicenseUpgrade**
@@ -2608,22 +2608,22 @@ ADMX Info:
-This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.
+This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.
-A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example, a Windows Server 2008 license server will try to issue a Windows Server 2008 TS CAL for clients connecting to a terminal server running Windows Server 2008, and will try to issue a Windows Server 2003 TS CAL for clients connecting to a terminal server running Windows Server 2003.
+A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example, a Windows Server 2008 license server will try to issue a Windows Server 2008 TS CAL for clients connecting to a terminal server running Windows Server 2008, and will try to issue a Windows Server 2003 TS CAL for clients connecting to a terminal server running Windows Server 2003.
-By default, if the most appropriate RDS CAL isn't available for a connection, a Windows Server 2008 license server will issue a Windows Server 2008 TS CAL, if available, to the following types of clients:
-- A client connecting to a Windows Server 2003 terminal server
-- A client connecting to a Windows 2000 terminal server
+By default, if the most appropriate RDS CAL isn't available for a connection, a Windows Server 2008 license server will issue a Windows Server 2008 TS CAL, if available, to the following types of clients:
+- A client connecting to a Windows Server 2003 terminal server
+- A client connecting to a Windows 2000 terminal server
-If you enable this policy setting, the license server will only issue a temporary RDS CAL to the client if an appropriate RDS CAL for the RD Session Host server isn't available. If the client has already been issued a temporary RDS CAL and the temporary RDS CAL has expired, the client won't be able to connect to the RD Session Host server unless the RD Licensing grace period for the RD Session Host server hasn't expired.
+If you enable this policy setting, the license server will only issue a temporary RDS CAL to the client if an appropriate RDS CAL for the RD Session Host server isn't available. If the client has already been issued a temporary RDS CAL and the temporary RDS CAL has expired, the client won't be able to connect to the RD Session Host server unless the RD Licensing grace period for the RD Session Host server hasn't expired.
If you disable or don't configure this policy setting, the license server will exhibit the default behavior noted earlier.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent license upgrade*
- GP name: *TS_PreventLicenseUpgrade*
- GP path: *Windows Components\Remote Desktop Services\RD Licensing*
@@ -2636,7 +2636,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP**
+**ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP**
@@ -2662,21 +2662,21 @@ ADMX Info:
-This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server.
+This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server.
-If you enable this policy setting, a user will be prompted on the client computer instead of on the RD Session Host server to provide credentials for a remote connection to an RD Session Host server. If saved credentials for the user are available on the client computer, the user won't be prompted to provide credentials.
+If you enable this policy setting, a user will be prompted on the client computer instead of on the RD Session Host server to provide credentials for a remote connection to an RD Session Host server. If saved credentials for the user are available on the client computer, the user won't be prompted to provide credentials.
->[!NOTE]
->If you enable this policy setting in releases of Windows Server 2008 R2 with SP1 or Windows Server 2008 R2, and a user is prompted on both the client computer and on the RD Session Host server to provide credentials, clear the Always prompt for password check box on the Log on Settings tab in Remote Desktop Session Host Configuration.
+>[!NOTE]
+>If you enable this policy setting in releases of Windows Server 2008 R2 with SP1 or Windows Server 2008 R2, and a user is prompted on both the client computer and on the RD Session Host server to provide credentials, clear the Always prompt for password check box on the Log on Settings tab in Remote Desktop Session Host Configuration.
-If you disable or don't configure this policy setting, the version of the operating system on the RD Session Host server will determine when a user is prompted to provide credentials for a remote connection to an RD Session Host server.
+If you disable or don't configure this policy setting, the version of the operating system on the RD Session Host server will determine when a user is prompted to provide credentials for a remote connection to an RD Session Host server.
For Windows Server 2003 and Windows 2000 Server, a user will be prompted on the terminal server to provide credentials for a remote connection. For Windows Server 2008 and Windows Server 2008 R2, a user will be prompted on the client computer to provide credentials for a remote connection.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prompt for credentials on the client computer*
- GP name: *TS_PROMT_CREDS_CLIENT_COMP*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -2689,7 +2689,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_RADC_DefaultConnection**
+**ADMX_TerminalServer/TS_RADC_DefaultConnection**
@@ -2716,11 +2716,11 @@ ADMX Info:
-This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL is a specific connection that can only be configured by using Group Policy. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs. The default connection URL must be configured in the form of [http://contoso.com/rdweb/Feed/webfeed.aspx](http://contoso.com/rdweb/Feed/webfeed.aspx).
+This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL is a specific connection that can only be configured by using Group Policy. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs. The default connection URL must be configured in the form of [http://contoso.com/rdweb/Feed/webfeed.aspx](http://contoso.com/rdweb/Feed/webfeed.aspx).
-- If you enable this policy setting, the specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user can't change the default connection URL. The user's default sign-in credentials are used when setting up the default connection URL.
+- If you enable this policy setting, the specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user can't change the default connection URL. The user's default sign-in credentials are used when setting up the default connection URL.
-- If you disable or don't configure this policy setting, the user has no default connection URL.
+- If you disable or don't configure this policy setting, the user has no default connection URL.
RemoteApp programs that are installed through RemoteApp and Desktop Connections from an untrusted server can compromise the security of a user's account.
@@ -2729,7 +2729,7 @@ RemoteApp programs that are installed through RemoteApp and Desktop Connections
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify default connection URL*
- GP name: *TS_RADC_DefaultConnection*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -2740,7 +2740,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration**
+**ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration**
@@ -2767,9 +2767,9 @@ ADMX Info:
-This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user. By default, when a new user signs in to a computer, the Start screen is shown and apps are registered in the background. However, some apps may not work until app registration is complete.
+This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user. By default, when a new user signs in to a computer, the Start screen is shown and apps are registered in the background. However, some apps may not work until app registration is complete.
-- If you enable this policy setting, user sign in is blocked for up to 6 minutes to complete the app registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers.
+- If you enable this policy setting, user sign in is blocked for up to 6 minutes to complete the app registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers.
- If you disable or don't configure this policy setting, the Start screen is shown and apps are registered in the background.
@@ -2778,7 +2778,7 @@ This policy setting allows you to specify whether the app registration is comple
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Suspend user sign-in to complete app registration*
- GP name: *TS_RDSAppX_WaitForRegistration*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -2789,7 +2789,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_RemoteControl_1**
+**ADMX_TerminalServer/TS_RemoteControl_1**
@@ -2816,7 +2816,7 @@ ADMX Info:
-This policy determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted.
+This policy determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted.
To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service.
@@ -2825,7 +2825,7 @@ To make changes to this setting effective, you must restart Volume Shadow Copy (
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers*
- GP name: *TS_RemoteControl_1*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -2836,7 +2836,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_RemoteControl_2**
+**ADMX_TerminalServer/TS_RemoteControl_2**
@@ -2863,7 +2863,7 @@ ADMX Info:
-This policy determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted.
+This policy determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares. By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted.
To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service.
@@ -2872,7 +2872,7 @@ To make changes to this setting effective, you must restart Volume Shadow Copy (
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers*
- GP name: *TS_RemoteControl_2*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -2883,7 +2883,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics**
+**ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics**
@@ -2910,19 +2910,19 @@ ADMX Info:
-This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered. Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate.
+This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered. Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate.
-You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed).
-If you've a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality.
-
-By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions.
+You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed).
+If you've a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality.
+
+By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions.
If you disable or don't configure this policy setting, Remote Desktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression settings were selected (the default behavior).
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Optimize visual experience when using RemoteFX*
- GP name: *TS_RemoteDesktopVirtualGraphics*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
@@ -2934,7 +2934,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SD_ClustName**
+**ADMX_TerminalServer/TS_SD_ClustName**
@@ -2960,13 +2960,13 @@ ADMX Info:
-This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm.
+This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm.
-Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name doesn't have to correspond to a name in Active Directory Domain Services. If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker.
+Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name doesn't have to correspond to a name in Active Directory Domain Services. If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker.
-- If you enable this policy setting, you must specify the name of a farm in RD Connection Broker.
+- If you enable this policy setting, you must specify the name of a farm in RD Connection Broker.
-- If you disable or don't configure this policy setting, the farm name isn't specified at the Group Policy level.
+- If you disable or don't configure this policy setting, the farm name isn't specified at the Group Policy level.
> [!NOTE]
> This policy setting isn't effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy.
@@ -2976,7 +2976,7 @@ For Windows Server 2008, this policy setting is supported on at least Windows Se
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure RD Connection Broker farm name*
- GP name: *TS_SD_ClustName*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
@@ -2987,7 +2987,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS**
+**ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS**
@@ -3013,13 +3013,13 @@ ADMX Info:
-This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server.
+This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server.
-- If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP address to RD Session Host servers in the farm.
+- If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP address to RD Session Host servers in the farm.
-- If you disable this policy setting, the IP address of the RD Session Host server isn't sent to the client. Instead, the IP address is embedded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you don't want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm.
+- If you disable this policy setting, the IP address of the RD Session Host server isn't sent to the client. Instead, the IP address is embedded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you don't want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm.
-If you don't configure this policy setting, the Use IP address redirection policy setting isn't enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default.
+If you don't configure this policy setting, the Use IP address redirection policy setting isn't enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default.
> [!NOTE]
> For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
@@ -3027,7 +3027,7 @@ If you don't configure this policy setting, the Use IP address redirection polic
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use IP Address Redirection*
- GP name: *TS_SD_EXPOSE_ADDRESS*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
@@ -3038,7 +3038,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SD_Loc**
+**ADMX_TerminalServer/TS_SD_Loc**
@@ -3064,10 +3064,10 @@ ADMX Info:
-This policy setting allows you to specify the RD Connection Broker server that the RD Session Host server uses to track and redirect user sessions for a load-balanced RD Session Host server farm.
-The specified server must be running the Remote Desktop Connection Broker service. All RD Session Host servers in a load-balanced farm should use the same RD Connection Broker server.
+This policy setting allows you to specify the RD Connection Broker server that the RD Session Host server uses to track and redirect user sessions for a load-balanced RD Session Host server farm.
+The specified server must be running the Remote Desktop Connection Broker service. All RD Session Host servers in a load-balanced farm should use the same RD Connection Broker server.
-- If you enable this policy setting, you must specify the RD Connection Broker server by using its fully qualified domain name (FQDN). In Windows Server 2012, for a high availability setup with multiple RD Connection Broker servers, you must provide a semi-colon separated list of the FQDNs of all the RD Connection Broker servers.
+- If you enable this policy setting, you must specify the RD Connection Broker server by using its fully qualified domain name (FQDN). In Windows Server 2012, for a high availability setup with multiple RD Connection Broker servers, you must provide a semi-colon separated list of the FQDNs of all the RD Connection Broker servers.
- If you disable or don't configure this policy setting, the policy setting isn't specified at the Group Policy level.
@@ -3081,7 +3081,7 @@ The specified server must be running the Remote Desktop Connection Broker servic
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure RD Connection Broker server name*
- GP name: *TS_SD_Loc*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
@@ -3093,7 +3093,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY**
+**ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY**
@@ -3119,22 +3119,22 @@ ADMX Info:
-This policy setting specifies whether to require the use of a specific security layer to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections.
+This policy setting specifies whether to require the use of a specific security layer to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections.
-- If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the security method specified in this setting.
+- If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the security method specified in this setting.
-The following security methods are available:
+The following security methods are available:
-- **Negotiate**: The Negotiate method enforces the most secure method that is supported by the client. If Transport Layer Security (TLS) version 1.0 is supported, it's used to authenticate the RD Session Host server. If TLS isn't supported, native Remote Desktop Protocol (RDP) encryption is used to secure communications, but the RD Session Host server isn't authenticated. Native RDP encryption (as opposed to SSL encryption) isn't recommended.
-- **RDP**: The RDP method uses native RDP encryption to secure communications between the client and RD Session Host server. If you select this setting, the RD Session Host server isn't authenticated. Native RDP encryption (as opposed to SSL encryption) isn't recommended.
-- **SSL (TLS 1.0)**: The SSL method requires the use of TLS 1.0 to authenticate the RD Session Host server. If TLS isn't supported, the connection fails. This enablement is the recommended setting for this policy.
+- **Negotiate**: The Negotiate method enforces the most secure method that is supported by the client. If Transport Layer Security (TLS) version 1.0 is supported, it's used to authenticate the RD Session Host server. If TLS isn't supported, native Remote Desktop Protocol (RDP) encryption is used to secure communications, but the RD Session Host server isn't authenticated. Native RDP encryption (as opposed to SSL encryption) isn't recommended.
+- **RDP**: The RDP method uses native RDP encryption to secure communications between the client and RD Session Host server. If you select this setting, the RD Session Host server isn't authenticated. Native RDP encryption (as opposed to SSL encryption) isn't recommended.
+- **SSL (TLS 1.0)**: The SSL method requires the use of TLS 1.0 to authenticate the RD Session Host server. If TLS isn't supported, the connection fails. This enablement is the recommended setting for this policy.
If you disable or don't configure this policy setting, the security method to be used for remote connections to RD Session Host servers isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Require use of specific security layer for remote (RDP) connections*
- GP name: *TS_SECURITY_LAYER_POLICY*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
@@ -3146,7 +3146,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT**
+**ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT**
@@ -3172,21 +3172,21 @@ ADMX Info:
-This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency).
-You can choose to disable Connect Time Detect, Continuous Network Detect, or both Connect Time Detect and Continuous Network Detect.
+This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency).
+You can choose to disable Connect Time Detect, Continuous Network Detect, or both Connect Time Detect and Continuous Network Detect.
-- If you disable Connect Time Detect, Remote Desktop Protocol won't determine the network quality at the connect time, and it will assume that all traffic to this server originates from a low-speed connection.
+- If you disable Connect Time Detect, Remote Desktop Protocol won't determine the network quality at the connect time, and it will assume that all traffic to this server originates from a low-speed connection.
-- If you disable Continuous Network Detect, Remote Desktop Protocol won't try to adapt the remote user experience to varying network quality.
+- If you disable Continuous Network Detect, Remote Desktop Protocol won't try to adapt the remote user experience to varying network quality.
-- If you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol won't try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-speed connection, and it won't try to adapt the user experience to varying network quality.
+- If you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol won't try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-speed connection, and it won't try to adapt the user experience to varying network quality.
- If you disable or don't configure this policy setting, Remote Desktop Protocol will spend up to a few seconds trying to determine the network quality prior to the connection, and it will continuously try to adapt the user experience to varying network quality.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Select network detection on the server*
- GP name: *TS_SELECT_NETWORK_DETECT*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
@@ -3199,7 +3199,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SELECT_TRANSPORT**
+**ADMX_TerminalServer/TS_SELECT_TRANSPORT**
@@ -3225,18 +3225,18 @@ ADMX Info:
-This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server.
+This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server.
-- If you enable this policy setting, you must specify if you would like RDP to use UDP. You can select one of the following options: "Use both UDP and TCP", "Use only TCP" or "Use either UDP or TCP (default)"
+- If you enable this policy setting, you must specify if you would like RDP to use UDP. You can select one of the following options: "Use both UDP and TCP", "Use only TCP" or "Use either UDP or TCP (default)"
-If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UDP. If the UDP connection isn't successful or if you select "Use only TCP," all of the RDP traffic will use TCP.
+If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UDP. If the UDP connection isn't successful or if you select "Use only TCP," all of the RDP traffic will use TCP.
- If you disable or don't configure this policy setting, RDP will choose the optimal protocols for delivering the best user experience.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Select RDP transport protocols*
- GP name: *TS_SELECT_TRANSPORT*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
@@ -3249,7 +3249,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP**
+**ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP**
@@ -3275,17 +3275,17 @@ ADMX Info:
-This policy setting allows you to enable RemoteApp programs to use advanced graphics, including support for transparency, live thumbnails, and seamless application moves.
-This policy setting applies only to RemoteApp programs and doesn't apply to remote desktop sessions.
+This policy setting allows you to enable RemoteApp programs to use advanced graphics, including support for transparency, live thumbnails, and seamless application moves.
+This policy setting applies only to RemoteApp programs and doesn't apply to remote desktop sessions.
-- If you enable or don't configure this policy setting, RemoteApp programs published from this RD Session Host server will use these advanced graphics.
+- If you enable or don't configure this policy setting, RemoteApp programs published from this RD Session Host server will use these advanced graphics.
- If you disable this policy setting, RemoteApp programs published from this RD Session Host server won't use these advanced graphics. You may want to choose this option if you discover that applications published as RemoteApp programs don't support these advanced graphics.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use advanced RemoteFX graphics for RemoteApp*
- GP name: *TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -3298,7 +3298,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SERVER_AUTH**
+**ADMX_TerminalServer/TS_SERVER_AUTH**
@@ -3324,20 +3324,20 @@ ADMX Info:
-This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client can't authenticate the RD Session Host server.
+This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client can't authenticate the RD Session Host server.
-- If you enable this policy setting, you must specify one of the following settings:
+- If you enable this policy setting, you must specify one of the following settings:
- - Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client can't authenticate the RD Session Host server.
- - Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server can't be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server.
- - don't connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated.
+ - Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client can't authenticate the RD Session Host server.
+ - Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server can't be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server.
+ - don't connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated.
- If you disable or don't configure this policy setting, the authentication setting that is specified in Remote Desktop Connection or in the .rdp file determines whether the client establishes a connection to the RD Session Host server when the client can't authenticate the RD Session Host server.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure server authentication for client*
- GP name: *TS_SERVER_AUTH*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
@@ -3350,7 +3350,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED**
+**ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED**
@@ -3376,16 +3376,16 @@ ADMX Info:
-This policy setting lets you enable H.264/AVC hardware encoding support for Remote Desktop Connections.
+This policy setting lets you enable H.264/AVC hardware encoding support for Remote Desktop Connections.
-- When you enable hardware encoding, if an error occurs, we'll attempt to use software encoding.
+- When you enable hardware encoding, if an error occurs, we'll attempt to use software encoding.
- If you disable or don't configure this policy, we'll always use software encoding.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure H.264/AVC hardware encoding for Remote Desktop Connections*
- GP name: *TS_SERVER_AVC_HW_ENCODE_PREFERRED*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -3398,7 +3398,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED**
+**ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED**
@@ -3424,14 +3424,14 @@ ADMX Info:
-This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX vGPU scenarios.
+This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX vGPU scenarios.
When you use this setting on the RDP server, the server will use H.264/AVC 444 as the codec in an RDP 10 connection where both the client and server can use H.264/AVC 444.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections*
- GP name: *TS_SERVER_AVC444_MODE_PREFERRED*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -3444,7 +3444,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SERVER_COMPRESSOR**
+**ADMX_TerminalServer/TS_SERVER_COMPRESSOR**
@@ -3470,22 +3470,22 @@ ADMX Info:
-This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use. By default, servers use an RDP compression algorithm that is based on the server's hardware configuration.
+This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use. By default, servers use an RDP compression algorithm that is based on the server's hardware configuration.
-- If you enable this policy setting, you can specify which RDP compression algorithm to use. If you select the algorithm that is optimized to use less memory, this option is less memory-intensive, but uses more network bandwidth.
+- If you enable this policy setting, you can specify which RDP compression algorithm to use. If you select the algorithm that is optimized to use less memory, this option is less memory-intensive, but uses more network bandwidth.
-If you select the algorithm that is optimized to use less network bandwidth, this option uses less network bandwidth, but is more memory-intensive. Additionally, a third option is available that balances memory usage and network bandwidth.
+If you select the algorithm that is optimized to use less network bandwidth, this option uses less network bandwidth, but is more memory-intensive. Additionally, a third option is available that balances memory usage and network bandwidth.
-In Windows 8 only the compression algorithm that balances memory usage and bandwidth is used. You can also choose not to use an RDP compression algorithm. Choosing not to use an RDP compression algorithm will use more network bandwidth and is only recommended if you're using a hardware device that is designed to optimize network traffic.
+In Windows 8 only the compression algorithm that balances memory usage and bandwidth is used. You can also choose not to use an RDP compression algorithm. Choosing not to use an RDP compression algorithm will use more network bandwidth and is only recommended if you're using a hardware device that is designed to optimize network traffic.
-Even if you choose not to use an RDP compression algorithm, some graphics data will still be compressed.
+Even if you choose not to use an RDP compression algorithm, some graphics data will still be compressed.
- If you disable or don't configure this policy setting, the default RDP compression algorithm will be used.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure compression for RemoteFX data*
- GP name: *TS_SERVER_COMPRESSOR*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -3498,7 +3498,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY**
+**ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY**
@@ -3523,22 +3523,22 @@ ADMX Info:
-This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered.
+This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered.
-- If you enable this policy setting and set quality to Low, RemoteFX Adaptive Graphics uses an encoding mechanism that results in low quality images. This mode consumes the lowest amount of network bandwidth of the quality modes.
+- If you enable this policy setting and set quality to Low, RemoteFX Adaptive Graphics uses an encoding mechanism that results in low quality images. This mode consumes the lowest amount of network bandwidth of the quality modes.
-- If you enable this policy setting and set quality to Medium, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. This mode provides better graphics quality than low quality and uses less bandwidth than high quality.
+- If you enable this policy setting and set quality to Medium, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. This mode provides better graphics quality than low quality and uses less bandwidth than high quality.
-- If you enable this policy setting and set quality to High, RemoteFX Adaptive Graphics uses an encoding mechanism that results in high quality images and consumes moderate network bandwidth.
+- If you enable this policy setting and set quality to High, RemoteFX Adaptive Graphics uses an encoding mechanism that results in high quality images and consumes moderate network bandwidth.
-- If you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, the color integrity of the graphics data isn't impacted. However, this setting results in a significant increase in network bandwidth consumption. We recommend that you enable this setting for specific cases only.
+- If you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, the color integrity of the graphics data isn't impacted. However, this setting results in a significant increase in network bandwidth consumption. We recommend that you enable this setting for specific cases only.
- If you disable or don't configure this policy setting, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure image quality for RemoteFX Adaptive Graphics*
- GP name: *TS_SERVER_IMAGE_QUALITY*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -3551,7 +3551,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SERVER_LEGACY_RFX**
+**ADMX_TerminalServer/TS_SERVER_LEGACY_RFX**
@@ -3576,18 +3576,18 @@ ADMX Info:
-This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.
+This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.
-When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1. When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme.
+When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1. When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme.
-- If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1.
+- If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1.
- If you disable this policy setting, RemoteFX will be disabled. If you don't configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure RemoteFX*
- GP name: *TS_SERVER_LEGACY_RFX*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
@@ -3600,7 +3600,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SERVER_PROFILE**
+**ADMX_TerminalServer/TS_SERVER_PROFILE**
@@ -3626,17 +3626,17 @@ ADMX Info:
-This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default, the system will choose the best experience based on available network bandwidth.
+This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default, the system will choose the best experience based on available network bandwidth.
-If you enable this policy setting, the RemoteFX experience could be set to one of the following options:
-1. Let the system choose the experience for the network condition
-2. Optimize for server scalability
+If you enable this policy setting, the RemoteFX experience could be set to one of the following options:
+1. Let the system choose the experience for the network condition
+2. Optimize for server scalability
3. Optimize for minimum bandwidth usage. If you disable or don't configure this policy setting, the RemoteFX experience will change dynamically based on the network condition."
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure RemoteFX Adaptive Graphics*
- GP name: *TS_SERVER_PROFILE*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -3649,7 +3649,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SERVER_VISEXP**
+**ADMX_TerminalServer/TS_SERVER_VISEXP**
@@ -3675,16 +3675,16 @@ ADMX Info:
-This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience. By default, Remote Desktop Services sessions are optimized for rich multimedia, such as applications that use Silverlight or Windows Presentation Foundation.
+This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience. By default, Remote Desktop Services sessions are optimized for rich multimedia, such as applications that use Silverlight or Windows Presentation Foundation.
-- If you enable this policy setting, you must select the visual experience for which you want to optimize Remote Desktop Services sessions. You can select either Rich multimedia or Text.
+- If you enable this policy setting, you must select the visual experience for which you want to optimize Remote Desktop Services sessions. You can select either Rich multimedia or Text.
- If you disable or don't configure this policy setting, Remote Desktop Services sessions are optimized for rich multimedia.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Optimize visual experience for Remote Desktop Service Sessions*
- GP name: *TS_SERVER_VISEXP*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
@@ -3697,7 +3697,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER**
+**ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER**
@@ -3723,16 +3723,16 @@ ADMX Info:
-This policy setting lets you enable WDDM graphics display driver for Remote Desktop Connections.
+This policy setting lets you enable WDDM graphics display driver for Remote Desktop Connections.
-- If you enable or don't configure this policy setting, Remote Desktop Connections will use WDDM graphics display driver.
+- If you enable or don't configure this policy setting, Remote Desktop Connections will use WDDM graphics display driver.
- If you disable this policy setting, Remote Desktop Connections won't use WDDM graphics display driver. In this case, the Remote Desktop Connections will use XDDM graphics display driver. For this change to take effect, you must restart Windows.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use WDDM graphics display driver for Remote Desktop Connections*
- GP name: *TS_SERVER_WDDM_GRAPHICS_DRIVER*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -3745,7 +3745,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_Session_End_On_Limit_1**
+**ADMX_TerminalServer/TS_Session_End_On_Limit_1**
@@ -3771,22 +3771,22 @@ ADMX Info:
-This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it. You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally by the server administrator or by using Group Policy.
+This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it. You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally by the server administrator or by using Group Policy.
-See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings.
+See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings.
-- If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit.
+- If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit.
-- If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator. If you don't configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings.
+- If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator. If you don't configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings.
-This policy setting only applies to time-out limits that are explicitly set by the administrator.
+This policy setting only applies to time-out limits that are explicitly set by the administrator.
This policy setting doesn't apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *End session when time limits are reached*
- GP name: *TS_Session_End_On_Limit_1*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
@@ -3799,7 +3799,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_Session_End_On_Limit_2**
+**ADMX_TerminalServer/TS_Session_End_On_Limit_2**
@@ -3825,22 +3825,22 @@ ADMX Info:
-This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it. You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally by the server administrator or by using Group Policy.
+This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it. You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally by the server administrator or by using Group Policy.
-See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings.
+See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings.
-- If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit.
+- If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit.
-- If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator. If you don't configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings.
+- If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator. If you don't configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings.
-This policy setting only applies to time-out limits that are explicitly set by the administrator.
+This policy setting only applies to time-out limits that are explicitly set by the administrator.
This policy setting doesn't apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *End session when time limits are reached*
- GP name: *TS_Session_End_On_Limit_2*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
@@ -3853,7 +3853,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1**
+**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1**
@@ -3879,12 +3879,12 @@ ADMX Info:
-This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.
-When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.
+This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.
+When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.
-- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you've a console session, disconnected session time limits don't apply.
+- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you've a console session, disconnected session time limits don't apply.
-- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. Be default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time.
+- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. Be default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time.
>[!NOTE]
> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
@@ -3892,7 +3892,7 @@ When a session is in a disconnected state, running programs are kept active even
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set time limit for disconnected sessions*
- GP name: *TS_SESSIONS_Disconnected_Timeout_1*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
@@ -3905,7 +3905,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2**
+**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2**
@@ -3931,12 +3931,12 @@ ADMX Info:
-This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.
-When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.
+This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.
+When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.
-- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you've a console session, disconnected session time limits don't apply.
+- If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you've a console session, disconnected session time limits don't apply.
-- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. Be default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time.
+- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. Be default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time.
>[!NOTE]
> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
@@ -3944,7 +3944,7 @@ When a session is in a disconnected state, running programs are kept active even
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set time limit for disconnected sessions*
- GP name: *TS_SESSIONS_Disconnected_Timeout_2*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
@@ -3957,7 +3957,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1**
+**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1**
@@ -3983,13 +3983,13 @@ ADMX Info:
-This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it's automatically disconnected.
+This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it's automatically disconnected.
-- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you've a console session, idle session time limits don't apply.
+- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you've a console session, idle session time limits don't apply.
-- If you disable or don't configure this policy setting, the time limit isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time.
+- If you disable or don't configure this policy setting, the time limit isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time.
-If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
+If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
>[!NOTE]
> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
@@ -3997,7 +3997,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set time limit for active but idle Remote Desktop Services sessions*
- GP name: *TS_SESSIONS_Idle_Limit_1*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
@@ -4010,7 +4010,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2**
+**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2**
@@ -4036,13 +4036,13 @@ ADMX Info:
-This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it's automatically disconnected.
+This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it's automatically disconnected.
-- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you've a console session, idle session time limits don't apply.
+- If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you've a console session, idle session time limits don't apply.
-- If you disable or don't configure this policy setting, the time limit isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time.
+- If you disable or don't configure this policy setting, the time limit isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time.
-If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
+If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
>[!NOTE]
> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
@@ -4050,7 +4050,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set time limit for active but idle Remote Desktop Services sessions*
- GP name: *TS_SESSIONS_Idle_Limit_2*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
@@ -4063,7 +4063,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SESSIONS_Limits_1**
+**ADMX_TerminalServer/TS_SESSIONS_Limits_1**
@@ -4089,13 +4089,13 @@ ADMX Info:
-This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it's automatically disconnected.
+This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it's automatically disconnected.
-- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you've a console session, active session time limits don't apply.
+- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you've a console session, active session time limits don't apply.
-- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time.
+- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time.
-If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
+If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
>[!NOTE]
> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
@@ -4104,7 +4104,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set time limit for active Remote Desktop Services sessions*
- GP name: *TS_SESSIONS_Limits_1*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
@@ -4117,7 +4117,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SESSIONS_Limits_2**
+**ADMX_TerminalServer/TS_SESSIONS_Limits_2**
@@ -4143,13 +4143,13 @@ ADMX Info:
-This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it's automatically disconnected.
+This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it's automatically disconnected.
-- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you've a console session, active session time limits don't apply.
+- If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you've a console session, active session time limits don't apply.
-- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time.
+- If you disable or don't configure this policy setting, this policy setting isn't specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time.
-If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
+If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
>[!NOTE]
> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
@@ -4158,7 +4158,7 @@ If you want Remote Desktop Services to end instead of disconnect a session when
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set time limit for active Remote Desktop Services sessions*
- GP name: *TS_SESSIONS_Limits_2*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
@@ -4171,7 +4171,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SINGLE_SESSION**
+**ADMX_TerminalServer/TS_SINGLE_SESSION**
@@ -4197,9 +4197,9 @@ ADMX Info:
-This policy setting allows you to restrict users to a single Remote Desktop Services session. If you enable this policy setting, users who sign in remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server.
+This policy setting allows you to restrict users to a single Remote Desktop Services session. If you enable this policy setting, users who sign in remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server.
-If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next sign in.
+If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next sign in.
If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services. If you don't configure this policy setting, this policy setting isn't specified at the Group Policy level.
@@ -4207,7 +4207,7 @@ If you disable this policy setting, users are allowed to make unlimited simultan
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict Remote Desktop Services users to a single Remote Desktop Services session*
- GP name: *TS_SINGLE_SESSION*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
@@ -4220,7 +4220,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_SMART_CARD**
+**ADMX_TerminalServer/TS_SMART_CARD**
@@ -4246,11 +4246,11 @@ ADMX Info:
-This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session.
+This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session.
-- If you enable this policy setting, Remote Desktop Services users can't use a smart card to sign in to a Remote Desktop Services session.
+- If you enable this policy setting, Remote Desktop Services users can't use a smart card to sign in to a Remote Desktop Services session.
-- If you disable or don't configure this policy setting, smart card device redirection is allowed. By default, Remote Desktop Services automatically redirects smart card devices on connection.
+- If you disable or don't configure this policy setting, smart card device redirection is allowed. By default, Remote Desktop Services automatically redirects smart card devices on connection.
>[!NOTE]
> The client computer must be running at least Microsoft Windows 2000 Server or at least Microsoft Windows XP Professional and the target server must be joined to a domain.
@@ -4258,7 +4258,7 @@ This policy setting allows you to control the redirection of smart card devices
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow smart card device redirection*
- GP name: *TS_SMART_CARD*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -4271,7 +4271,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_START_PROGRAM_1**
+**ADMX_TerminalServer/TS_START_PROGRAM_1**
@@ -4297,11 +4297,11 @@ ADMX Info:
-Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user signs in to a remote computer. By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user.
+Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user signs in to a remote computer. By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user.
-The Start menu and Windows Desktop aren't displayed, and when the user exits the program the session is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program.
+The Start menu and Windows Desktop aren't displayed, and when the user exits the program the session is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program.
-If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory isn't the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory isn't specified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.)
+If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory isn't the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory isn't specified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.)
>[!NOTE]
> This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides.
@@ -4309,7 +4309,7 @@ If you leave Working Directory blank, the program runs with its default working
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Start a program on connection*
- GP name: *TS_START_PROGRAM_1*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -4322,7 +4322,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_START_PROGRAM_2**
+**ADMX_TerminalServer/TS_START_PROGRAM_2**
@@ -4348,11 +4348,11 @@ ADMX Info:
-Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user signs in to a remote computer. By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user.
+Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user signs in to a remote computer. By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user.
-The Start menu and Windows Desktop aren't displayed, and when the user exits the program the session is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program.
+The Start menu and Windows Desktop aren't displayed, and when the user exits the program the session is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program.
-If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory isn't the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory isn't specified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.)
+If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory isn't the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory isn't specified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.)
>[!NOTE]
> This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides.
@@ -4360,7 +4360,7 @@ If you leave Working Directory blank, the program runs with its default working
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Start a program on connection*
- GP name: *TS_START_PROGRAM_2*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -4373,7 +4373,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_TEMP_DELETE**
+**ADMX_TerminalServer/TS_TEMP_DELETE**
@@ -4399,19 +4399,19 @@ ADMX Info:
-This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at sign out. You can use this setting to maintain a user's session-specific temporary folders on a remote computer, even if the user signs out from a session. By default, Remote Desktop Services deletes a user's temporary folders when the user signs out.
+This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at sign out. You can use this setting to maintain a user's session-specific temporary folders on a remote computer, even if the user signs out from a session. By default, Remote Desktop Services deletes a user's temporary folders when the user signs out.
-If you enable this policy setting, a user's per-session temporary folders are retained when the user signs out from a session.
+If you enable this policy setting, a user's per-session temporary folders are retained when the user signs out from a session.
+
+If you disable this policy setting, temporary folders are deleted when a user signs out, even if the server administrator specifies otherwise. If you don't configure this policy setting, Remote Desktop Services deletes the temporary folders from the remote computer at sign out, unless specified otherwise by the server administrator.
-If you disable this policy setting, temporary folders are deleted when a user signs out, even if the server administrator specifies otherwise. If you don't configure this policy setting, Remote Desktop Services deletes the temporary folders from the remote computer at sign out, unless specified otherwise by the server administrator.
-
>[!NOTE]
> This setting only takes effect if per-session temporary folders are in use on the server. If you enable the don't use temporary folders per session policy setting, this policy setting has no effect.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not delete temp folders upon exit*
- GP name: *TS_TEMP_DELETE*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders*
@@ -4424,7 +4424,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_TEMP_PER_SESSION**
+**ADMX_TerminalServer/TS_TEMP_PER_SESSION**
@@ -4450,18 +4450,18 @@ ADMX Info:
-This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders.
+This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders.
-You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default, Remote Desktop Services creates a separate temporary folder for each active session that a user maintains on a remote computer. These temporary folders are created on the remote computer in a Temp folder under the user's profile folder and are named with the session ID.
+You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default, Remote Desktop Services creates a separate temporary folder for each active session that a user maintains on a remote computer. These temporary folders are created on the remote computer in a Temp folder under the user's profile folder and are named with the session ID.
-- If you enable this policy setting, per-session temporary folders aren't created. Instead, a user's temporary files for all sessions on the remote computer are stored in a common Temp folder under the user's profile folder on the remote computer.
+- If you enable this policy setting, per-session temporary folders aren't created. Instead, a user's temporary files for all sessions on the remote computer are stored in a common Temp folder under the user's profile folder on the remote computer.
- If you disable this policy setting, per-session temporary folders are always created, even if the server administrator specifies otherwise. If you don't configure this policy setting, per-session temporary folders are created unless the server administrator specifies otherwise.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not use temporary folders per session*
- GP name: *TS_TEMP_PER_SESSION*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders*
@@ -4474,7 +4474,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_TIME_ZONE**
+**ADMX_TerminalServer/TS_TIME_ZONE**
@@ -4500,11 +4500,11 @@ ADMX Info:
-This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session.
+This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session.
-- If you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone).
+- If you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone).
-- If you disable or don't configure this policy setting, the client computer doesn't redirect its time zone information and the session time zone is the same as the server time zone.
+- If you disable or don't configure this policy setting, the client computer doesn't redirect its time zone information and the session time zone is the same as the server time zone.
>[!NOTE]
> Time zone redirection is possible only when connecting to at least a Microsoft Windows Server 2003 terminal server with a client using RDP 5.1 or later.
@@ -4512,7 +4512,7 @@ This policy setting allows you to specify whether the client computer redirects
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow time zone redirection*
- GP name: *TS_TIME_ZONE*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
@@ -4525,7 +4525,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY**
+**ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY**
@@ -4551,11 +4551,11 @@ ADMX Info:
-This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default, administrators are able to make such changes.
+This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default, administrators are able to make such changes.
-- If you enable this policy setting, the default security descriptors for existing groups on the RD Session Host server can't be changed. All the security descriptors are read-only.
+- If you enable this policy setting, the default security descriptors for existing groups on the RD Session Host server can't be changed. All the security descriptors are read-only.
-- If you disable or don't configure this policy setting, server administrators have full read/write permissions to the user security descriptors by using the Remote Desktop Session WMI Provider.
+- If you disable or don't configure this policy setting, server administrators have full read/write permissions to the user security descriptors by using the Remote Desktop Session WMI Provider.
>[!NOTE]
> The preferred method of managing user access is by adding a user to the Remote Desktop Users group.
@@ -4563,7 +4563,7 @@ This policy setting specifies whether to disable the administrator rights to cus
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow local administrators to customize permissions*
- GP name: *TS_TSCC_PERMISSIONS_POLICY*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
@@ -4576,7 +4576,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP**
+**ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP**
@@ -4602,11 +4602,11 @@ ADMX Info:
-This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer, even if an initial program is already specified in the default user profile, Remote Desktop Connection, Remote Desktop Services client, or through Group Policy.
+This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer, even if an initial program is already specified in the default user profile, Remote Desktop Connection, Remote Desktop Services client, or through Group Policy.
-- If you enable this policy setting, the desktop is always displayed when a client connects to a remote computer. This policy setting overrides any initial program policy settings.
+- If you enable this policy setting, the desktop is always displayed when a client connects to a remote computer. This policy setting overrides any initial program policy settings.
-- If you disable or don't configure this policy setting, an initial program can be specified that runs on the remote computer after the client connects to the remote computer. If an initial program isn't specified, the desktop is always displayed on the remote computer after the client connects to the remote computer.
+- If you disable or don't configure this policy setting, an initial program can be specified that runs on the remote computer after the client connects to the remote computer. If an initial program isn't specified, the desktop is always displayed on the remote computer after the client connects to the remote computer.
>[!NOTE]
> If this policy setting is enabled, then the "Start a program on connection" policy setting is ignored.
@@ -4614,7 +4614,7 @@ This policy setting determines whether the desktop is always displayed after a c
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Always show desktop on connection*
- GP name: *TS_TURNOFF_SINGLEAPP*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
@@ -4627,7 +4627,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_UIA**
+**ADMX_TerminalServer/TS_UIA**
@@ -4653,18 +4653,18 @@ ADMX Info:
-This policy setting allows you to restrict users to a single Remote Desktop Services session.
+This policy setting allows you to restrict users to a single Remote Desktop Services session.
-If you enable this policy setting, users who sign in remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next sign in.
+If you enable this policy setting, users who sign in remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next sign in.
-- If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services.
+- If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services.
- If you don't configure this policy setting, this policy setting isn't specified at the Group Policy level.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Restrict Remote Desktop Services users to a single Remote Desktop Services session*
- GP name: *TS_UIA*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
@@ -4677,7 +4677,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE**
+**ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE**
@@ -4703,16 +4703,16 @@ ADMX Info:
-This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices won't be available for local usage on this computer.
+This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices won't be available for local usage on this computer.
-If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer.
+If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer.
If you disable or don't configure this policy setting, other supported RemoteFX USB devices aren't available for RDP redirection by using any user account. For this change to take effect, you must restart Windows.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow RDP redirection of other supported RemoteFX USB devices from this computer*
- GP name: *TS_USB_REDIRECTION_DISABLE*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client\RemoteFX USB Device Redirection*
@@ -4725,7 +4725,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY**
+**ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY**
@@ -4751,18 +4751,18 @@ ADMX Info:
-This policy setting enhances security by requiring that user authentication occur earlier in the remote connection process.
+This policy setting enhances security by requiring that user authentication occur earlier in the remote connection process.
-- If you enable this policy setting, only client computers that support Network Level Authentication can connect to the RD Session Host server. To determine whether a client computer supports Network Level Authentication, start Remote Desktop Connection on the client computer, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. In the About Remote Desktop Connection dialog box, look for the phrase Network Level Authentication supported.
+- If you enable this policy setting, only client computers that support Network Level Authentication can connect to the RD Session Host server. To determine whether a client computer supports Network Level Authentication, start Remote Desktop Connection on the client computer, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. In the About Remote Desktop Connection dialog box, look for the phrase Network Level Authentication supported.
-- If you disable this policy setting, Network Level Authentication isn't required for user authentication before allowing remote connections to the RD Session Host server. If you don't configure this policy setting, the local setting on the target computer will be enforced. On Windows Server 2012 and Windows 8, Network Level Authentication is enforced by default.
+- If you disable this policy setting, Network Level Authentication isn't required for user authentication before allowing remote connections to the RD Session Host server. If you don't configure this policy setting, the local setting on the target computer will be enforced. On Windows Server 2012 and Windows 8, Network Level Authentication is enforced by default.
Disabling this policy setting provides less security because user authentication will occur later in the remote connection process.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Require user authentication for remote connections by using Network Level Authentication*
- GP name: *TS_USER_AUTHENTICATION_POLICY*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
@@ -4775,7 +4775,7 @@ ADMX Info:
-**ADMX_TerminalServer/TS_USER_HOME**
+**ADMX_TerminalServer/TS_USER_HOME**
@@ -4801,20 +4801,20 @@ ADMX Info:
-This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server. A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections.
+This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server. A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections.
-- If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate hasn't been selected.
+- If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate hasn't been selected.
-If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected.
+If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected.
-- If you disable or don't configure this policy, the certificate template name isn't specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server.
+- If you disable or don't configure this policy, the certificate template name isn't specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server.
If you select a specific certificate to be used to authenticate the RD Session Host server, that certificate will take precedence over this policy setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Server authentication certificate template*
- GP name: *TS_USER_HOME*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
@@ -4826,8 +4826,8 @@ ADMX Info:
-
-**ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES**
+
+**ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES**
@@ -4853,11 +4853,11 @@ ADMX Info:
-This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server.
+This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server.
-- If you enable this policy setting, Remote Desktop Services uses the path specified in the "Set path for Remote Desktop Services Roaming User Profile" policy setting as the root folder for the mandatory user profile. All users connecting remotely to the RD Session Host server use the same user profile.
+- If you enable this policy setting, Remote Desktop Services uses the path specified in the "Set path for Remote Desktop Services Roaming User Profile" policy setting as the root folder for the mandatory user profile. All users connecting remotely to the RD Session Host server use the same user profile.
-- If you disable or don't configure this policy setting, mandatory user profiles aren't used by users connecting remotely to the RD Session Host server.
+- If you disable or don't configure this policy setting, mandatory user profiles aren't used by users connecting remotely to the RD Session Host server.
For this policy setting to take effect, you must also enable and configure the "Set path for Remote Desktop Services Roaming User Profile" policy setting.
@@ -4865,7 +4865,7 @@ For this policy setting to take effect, you must also enable and configure the "
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use mandatory profiles on the RD Session Host server*
- GP name: *TS_USER_MANDATORY_PROFILES*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles*
@@ -4876,9 +4876,9 @@ ADMX Info:
-
+
-**ADMX_TerminalServer/TS_USER_PROFILES**
+**ADMX_TerminalServer/TS_USER_PROFILES**
@@ -4904,21 +4904,21 @@ ADMX Info:
-This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles. By default, Remote Desktop Services stores all user profiles locally on the RD Session Host server. You can use this policy setting to specify a network share where user profiles can be centrally stored, allowing a user to access the same profile for sessions on all RD Session Host servers that are configured to use the network share for user profiles. If you enable this policy setting, Remote Desktop Services uses the specified path as the root directory for all user profiles. The profiles are contained in subfolders named for the account name of each user.
+This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles. By default, Remote Desktop Services stores all user profiles locally on the RD Session Host server. You can use this policy setting to specify a network share where user profiles can be centrally stored, allowing a user to access the same profile for sessions on all RD Session Host servers that are configured to use the network share for user profiles. If you enable this policy setting, Remote Desktop Services uses the specified path as the root directory for all user profiles. The profiles are contained in subfolders named for the account name of each user.
-To configure this policy setting, type the path to the network share in the form of \\Computername\Sharename. Don't specify a placeholder for the user account name, because Remote Desktop Services automatically adds this location when the user signs in and the profile is created.
+To configure this policy setting, type the path to the network share in the form of \\Computername\Sharename. Don't specify a placeholder for the user account name, because Remote Desktop Services automatically adds this location when the user signs in and the profile is created.
-If the specified network share doesn't exist, Remote Desktop Services displays an error message on the RD Session Host server and will store the user profiles locally on the RD Session Host server.
+If the specified network share doesn't exist, Remote Desktop Services displays an error message on the RD Session Host server and will store the user profiles locally on the RD Session Host server.
-If you disable or don't configure this policy setting, user profiles are stored locally on the RD Session Host server. You can configure a user's profile path on the Remote Desktop Services Profile tab on the user's account Properties dialog box.
+If you disable or don't configure this policy setting, user profiles are stored locally on the RD Session Host server. You can configure a user's profile path on the Remote Desktop Services Profile tab on the user's account Properties dialog box.
-1. The roaming user profiles enabled by the policy setting apply only to Remote Desktop Services connections. A user might also have a Windows roaming user profile configured. The Remote Desktop Services roaming user profile always takes precedence in a Remote Desktop Services session.
+1. The roaming user profiles enabled by the policy setting apply only to Remote Desktop Services connections. A user might also have a Windows roaming user profile configured. The Remote Desktop Services roaming user profile always takes precedence in a Remote Desktop Services session.
2. To configure a mandatory Remote Desktop Services roaming user profile for all users connecting remotely to the RD Session Host server, use this policy setting together with the "Use mandatory profiles on the RD Session Host server" policy setting located in Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Profiles. The path set in the "Set path for Remote Desktop Services Roaming User Profile" policy setting should contain the mandatory profile.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set path for Remote Desktop Services Roaming User Profile*
- GP name: *TS_USER_PROFILES*
- GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles*
diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
index b8a2fd7483..e236ed3c43 100644
--- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md
+++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/25/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,19 +17,19 @@ manager: aaroncz
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Thumbnails policies
+## ADMX_Thumbnails policies
-
ADMX_Thumbnails/DisableThumbnails
-
+
-
ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders
@@ -41,7 +41,7 @@ manager: aaroncz
-**ADMX_Thumbnails/DisableThumbnails**
+**ADMX_Thumbnails/DisableThumbnails**
@@ -69,7 +69,7 @@ manager: aaroncz
This policy setting allows you to configure how File Explorer displays thumbnail images or icons on the local computer.
-File Explorer displays thumbnail images by default.
+File Explorer displays thumbnail images by default.
If you enable this policy setting, File Explorer displays only icons and never displays thumbnail images.
@@ -78,7 +78,7 @@ If you disable or do not configure this policy setting, File Explorer displays o
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the display of thumbnails and only display icons.*
- GP name: *DisableThumbnails*
- GP path: *Windows Components\File Explorer*
@@ -89,7 +89,7 @@ ADMX Info:
-**ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders**
+**ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders**
@@ -126,7 +126,7 @@ If you disable or do not configure this policy setting, File Explorer displays o
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the display of thumbnails and only display icons on network folders*
- GP name: *DisableThumbnailsOnNetworkFolders*
- GP path: *Windows Components\File Explorer*
@@ -137,7 +137,7 @@ ADMX Info:
-**ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders**
+**ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders**
@@ -172,9 +172,9 @@ If you enable this policy setting, File Explorer does not create, read from, or
If you disable or do not configure this policy setting, File Explorer creates, reads from, and writes to thumbs.db files.
->
+>
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the caching of thumbnails in hidden thumbs.db files*
- GP name: *DisableThumbsDBOnNetworkFolders*
- GP path: *Windows Components\File Explorer*
diff --git a/windows/client-management/mdm/policy-csp-admx-touchinput.md b/windows/client-management/mdm/policy-csp-admx-touchinput.md
index 776951f78d..83c4947ef8 100644
--- a/windows/client-management/mdm/policy-csp-admx-touchinput.md
+++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/23/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_TouchInput policies
+## ADMX_TouchInput policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -45,7 +45,7 @@ manager: aaroncz
-**ADMX_TouchInput/TouchInputOff_1**
+**ADMX_TouchInput/TouchInputOff_1**
@@ -71,13 +71,13 @@ manager: aaroncz
-This setting turns off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.
+This setting turns off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.
-If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.
+If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.
-If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.
+If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.
-If you don't configure this setting, touch input is on by default.
+If you don't configure this setting, touch input is on by default.
>[!NOTE]
> Changes to this setting won't take effect until the user signs out.
@@ -85,7 +85,7 @@ If you don't configure this setting, touch input is on by default.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Tablet PC touch input*
- GP name: *TouchInputOff_1*
- GP path: *Windows Components\Tablet PC\Touch Input*
@@ -94,7 +94,7 @@ ADMX Info:
-**ADMX_TouchInput/TouchInputOff_2**
+**ADMX_TouchInput/TouchInputOff_2**
@@ -120,13 +120,13 @@ ADMX Info:
-This setting turns off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.
+This setting turns off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.
-If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.
+If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.
-If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.
+If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.
-If you don't configure this setting, touch input is on by default.
+If you don't configure this setting, touch input is on by default.
>[!NOTE]
>Changes to this setting won't take effect until the user signs out.
@@ -134,7 +134,7 @@ If you don't configure this setting, touch input is on by default.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Tablet PC touch input*
- GP name: *TouchInputOff_2*
- GP path: *Windows Components\Tablet PC\Touch Input*
@@ -146,7 +146,7 @@ ADMX Info:
-**ADMX_TouchInput/PanningEverywhereOff_1**
+**ADMX_TouchInput/PanningEverywhereOff_1**
@@ -172,11 +172,11 @@ ADMX Info:
-This setting turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.
+This setting turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.
-If you enable this setting, the user won't be able to pan windows by touch.
+If you enable this setting, the user won't be able to pan windows by touch.
-If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default.
+If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default.
> [!NOTE]
> Changes to this setting won't take effect until the user logs off.
@@ -184,7 +184,7 @@ If you disable this setting, the user can pan windows by touch. If you don't con
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Touch Panning*
- GP name: *PanningEverywhereOff_1*
- GP path: *Windows Components\Tablet PC\Touch Input*
@@ -194,7 +194,7 @@ ADMX Info:
-**ADMX_TouchInput/PanningEverywhereOff_2**
+**ADMX_TouchInput/PanningEverywhereOff_2**
@@ -220,11 +220,11 @@ ADMX Info:
-This setting turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.
+This setting turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.
-If you enable this setting, the user won't be able to pan windows by touch.
+If you enable this setting, the user won't be able to pan windows by touch.
-If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default.
+If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default.
> [!NOTE]
> Changes to this setting won't take effect until the user logs off.
@@ -232,7 +232,7 @@ If you disable this setting, the user can pan windows by touch. If you don't con
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Touch Panning*
- GP name: *PanningEverywhereOff_2*
- GP path: *Windows Components\Tablet PC\Touch Input*
diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md
index 2e39f46e4f..bbf3bb34b1 100644
--- a/windows/client-management/mdm/policy-csp-admx-tpm.md
+++ b/windows/client-management/mdm/policy-csp-admx-tpm.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/25/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_TPM
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_TPM policies
+## ADMX_TPM policies
-
@@ -62,7 +62,7 @@ manager: aaroncz
-**ADMX_TPM/BlockedCommandsList_Name**
+**ADMX_TPM/BlockedCommandsList_Name**
@@ -97,7 +97,7 @@ If you disable or don't configure this policy setting, only those TPM commands s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure the list of blocked TPM commands*
- GP name: *BlockedCommandsList_Name*
- GP path: *System\Trusted Platform Module Services*
@@ -108,7 +108,7 @@ ADMX Info:
-**ADMX_TPM/ClearTPMIfNotReady_Name**
+**ADMX_TPM/ClearTPMIfNotReady_Name**
@@ -139,7 +139,7 @@ This policy setting configures the system to prompt the user to clear the TPM if
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure the system to clear the TPM if it is not in a ready state.*
- GP name: *ClearTPMIfNotReady_Name*
- GP path: *System\Trusted Platform Module Services*
@@ -150,7 +150,7 @@ ADMX Info:
-**ADMX_TPM/IgnoreDefaultList_Name**
+**ADMX_TPM/IgnoreDefaultList_Name**
@@ -182,12 +182,12 @@ If you enable this policy setting, Windows will ignore the computer's default li
The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See the related policy setting to configure the Policy list of blocked TPM commands.
-If you disable or don't configure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Policy and local lists of blocked TPM commands.
+If you disable or don't configure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Policy and local lists of blocked TPM commands.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ignore the default list of blocked TPM commands*
- GP name: *IgnoreDefaultList_Name*
- GP path: *System\Trusted Platform Module Services*
@@ -198,7 +198,7 @@ ADMX Info:
-**ADMX_TPM/IgnoreLocalList_Name**
+**ADMX_TPM/IgnoreLocalList_Name**
@@ -235,7 +235,7 @@ If you disable or don't configure this policy setting, Windows will block the TP
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ignore the local list of blocked TPM commands*
- GP name: *IgnoreLocalList_Name*
- GP path: *System\Trusted Platform Module Services*
@@ -246,7 +246,7 @@ ADMX Info:
-**ADMX_TPM/OSManagedAuth_Name**
+**ADMX_TPM/OSManagedAuth_Name**
@@ -290,7 +290,7 @@ Choose the operating system managed TPM authentication setting of "None" for com
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure the level of TPM owner authorization information available to the operating system*
- GP name: *OSManagedAuth_Name*
- GP path: *System\Trusted Platform Module Services*
@@ -301,7 +301,7 @@ ADMX Info:
-**ADMX_TPM/OptIntoDSHA_Name**
+**ADMX_TPM/OptIntoDSHA_Name**
@@ -332,7 +332,7 @@ This Policy enables Device Health Attestation reporting (DHA-report) on supporte
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Device Health Attestation Monitoring and Reporting*
- GP name: *OptIntoDSHA_Name*
- GP path: *System\Device Health Attestation Service*
@@ -343,7 +343,7 @@ ADMX Info:
-**ADMX_TPM/StandardUserAuthorizationFailureDuration_Name**
+**ADMX_TPM/StandardUserAuthorizationFailureDuration_Name**
@@ -390,7 +390,7 @@ If this value isn't configured, a default value of 480 minutes (8 hours) is used
>
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Standard User Lockout Duration*
- GP name: *StandardUserAuthorizationFailureDuration_Name*
- GP path: *System\Trusted Platform Module Services*
@@ -401,7 +401,7 @@ ADMX Info:
-**ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name**
+**ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name**
@@ -450,7 +450,7 @@ A value of 0 means the OS won't allow standard users to send commands to the TPM
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Standard User Individual Lockout Threshold*
- GP name: *StandardUserAuthorizationFailureIndividualThreshold_Name*
- GP path: *System\Trusted Platform Module Services*
@@ -461,7 +461,7 @@ ADMX Info:
-**ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name**
+**ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name**
@@ -510,7 +510,7 @@ A value of 0 means the OS won't allow standard users to send commands to the TPM
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Standard User Total Lockout Threshold*
- GP name: *StandardUserAuthorizationFailureTotalThreshold_Name*
- GP path: *System\Trusted Platform Module Services*
@@ -521,7 +521,7 @@ ADMX Info:
-**ADMX_TPM/UseLegacyDAP_Name**
+**ADMX_TPM/UseLegacyDAP_Name**
@@ -552,7 +552,7 @@ This policy setting configures the TPM to use the Dictionary Attack Prevention P
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0.*
- GP name: *UseLegacyDAP_Name*
- GP path: *System\Trusted Platform Module Services*
diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
index c5a2aabcc3..34ad54ac75 100644
--- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
+++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/30/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_UserExperienceVirtualization
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_UserExperienceVirtualization policies
+## ADMX_UserExperienceVirtualization policies
-
@@ -410,7 +410,7 @@ manager: aaroncz
-**ADMX_UserExperienceVirtualization/Calculator**
+**ADMX_UserExperienceVirtualization/Calculator**
@@ -441,7 +441,7 @@ This policy setting configures the synchronization of user settings of Calculato
By default, the user settings of Calculator synchronize between computers. Use the policy setting to prevent the user settings of Calculator from synchronization between computers.
-If you enable this policy setting, the Calculator user settings continue to synchronize.
+If you enable this policy setting, the Calculator user settings continue to synchronize.
If you disable this policy setting, Calculator user settings are excluded from the synchronization settings.
@@ -450,7 +450,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Calculator*
- GP name: *Calculator*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -461,7 +461,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/ConfigureSyncMethod**
+**ADMX_UserExperienceVirtualization/ConfigureSyncMethod**
@@ -488,13 +488,13 @@ ADMX Info:
-This policy setting configures the sync provider used by User Experience Virtualization (UE-V) to sync settings between users’ computers.
+This policy setting configures the sync provider used by User Experience Virtualization (UE-V) to sync settings between users’ computers.
With Sync Method set to ”SyncProvider,” the UE-V Agent uses a built-in sync provider to keep user settings synchronized between the computer and the settings storage location. This is the default value. You can disable the sync provider on computers that never go offline and are always connected to the settings storage location.
-When SyncMethod is set to “None,” the UE-V Agent uses no sync provider. Settings are written directly to the settings storage location rather than being cached to sync later.
+When SyncMethod is set to “None,” the UE-V Agent uses no sync provider. Settings are written directly to the settings storage location rather than being cached to sync later.
-Set SyncMethod to “External” when an external synchronization engine is being deployed for settings sync. This could use OneDrive, Work Folders, SharePoint or any other engine that uses a local folder to synchronize data between users’ computers. In this mode, UE-V writes settings data to the local folder specified in the settings storage path.
+Set SyncMethod to “External” when an external synchronization engine is being deployed for settings sync. This could use OneDrive, Work Folders, SharePoint or any other engine that uses a local folder to synchronize data between users’ computers. In this mode, UE-V writes settings data to the local folder specified in the settings storage path.
These settings are then synchronized to other computers by an external synchronization engine. UE-V has no control over this synchronization. It only reads and writes the settings data when the normal UE-V triggers take place.
With notifications enabled, UE-V users receive a message when the settings sync is delayed. The notification delay policy setting defines the delay before a notification appears.
@@ -506,7 +506,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Sync Method*
- GP name: *ConfigureSyncMethod*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -517,7 +517,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/ConfigureVdi**
+**ADMX_UserExperienceVirtualization/ConfigureVdi**
@@ -544,11 +544,11 @@ ADMX Info:
-This policy setting configures the synchronization of User Experience Virtualization (UE-V) rollback information for computers running in a non-persistent, pooled VDI environment.
+This policy setting configures the synchronization of User Experience Virtualization (UE-V) rollback information for computers running in a non-persistent, pooled VDI environment.
-UE-V settings rollback data and checkpoints are normally stored only on the local computer. With this policy setting enabled, the rollback information is copied to the settings storage location when the user logs off or shuts down their VDI session.
+UE-V settings rollback data and checkpoints are normally stored only on the local computer. With this policy setting enabled, the rollback information is copied to the settings storage location when the user logs off or shuts down their VDI session.
-Enable this setting to register a VDI-specific settings location template and restore data on computers in pooled VDI environments that reset to a clean state on logout. With this policy enabled you can roll settings back to the state when UE-V was installed or to “last-known-good” configurations. Only enable this policy setting on computers running in a non-persistent VDI environment. The VDI Collection Name defines the name of the virtual desktop collection containing the virtual computers.
+Enable this setting to register a VDI-specific settings location template and restore data on computers in pooled VDI environments that reset to a clean state on logout. With this policy enabled you can roll settings back to the state when UE-V was installed or to “last-known-good” configurations. Only enable this policy setting on computers running in a non-persistent VDI environment. The VDI Collection Name defines the name of the virtual desktop collection containing the virtual computers.
If you enable this policy setting, the UE-V rollback state is copied to the settings storage location on logout and restored on login.
@@ -558,7 +558,7 @@ If you don't configure this policy, no UE-V rollback state is copied to the sett
-ADMX Info:
+ADMX Info:
- GP Friendly name: *VDI Configuration*
- GP name: *ConfigureVdi*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -569,7 +569,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/ContactITDescription**
+**ADMX_UserExperienceVirtualization/ContactITDescription**
@@ -606,7 +606,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Contact IT Link Text*
- GP name: *ContactITDescription*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -617,7 +617,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/ContactITUrl**
+**ADMX_UserExperienceVirtualization/ContactITUrl**
@@ -645,7 +645,7 @@ ADMX Info:
This policy setting specifies the URL for the Contact IT link in the Company Settings Center.
-If you enable this policy setting, the Company Settings Center Contact IT text links to the specified URL. The link can be of any standard protocol such as http or mailto.
+If you enable this policy setting, the Company Settings Center Contact IT text links to the specified URL. The link can be of any standard protocol such as http or mailto.
If you disable this policy setting, the Company Settings Center doesn't display an IT Contact link.
@@ -653,7 +653,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Contact IT URL*
- GP name: *ContactITUrl*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -664,7 +664,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/DisableWin8Sync**
+**ADMX_UserExperienceVirtualization/DisableWin8Sync**
@@ -693,11 +693,11 @@ ADMX Info:
This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings for Windows apps.
-By default, the UE-V Agent synchronizes settings for Windows apps between the computer and the settings storage location.
+By default, the UE-V Agent synchronizes settings for Windows apps between the computer and the settings storage location.
If you enable this policy setting, the UE-V Agent won't synchronize settings for Windows apps.
-If you disable this policy setting, the UE-V Agent will synchronize settings for Windows apps.
+If you disable this policy setting, the UE-V Agent will synchronize settings for Windows apps.
If you don't configure this policy setting, any defined values are deleted.
@@ -707,7 +707,7 @@ If you don't configure this policy setting, any defined values are deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *don't synchronize Windows Apps*
- GP name: *DisableWin8Sync*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -718,7 +718,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/DisableWindowsOSSettings**
+**ADMX_UserExperienceVirtualization/DisableWindowsOSSettings**
@@ -756,7 +756,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Synchronize Windows settings*
- GP name: *DisableWindowsOSSettings*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -767,7 +767,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/EnableUEV**
+**ADMX_UserExperienceVirtualization/EnableUEV**
@@ -793,14 +793,14 @@ ADMX Info:
-This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature.
+This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature.
Reboot is needed for enable to take effect. With Auto-register inbox templates enabled, the UE-V inbox templates such as Office 2016 will be automatically registered when the UE-V Service is enabled. If this option is changed, it will only take effect when UE-V service is re-enabled.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable UEV*
- GP name: *EnableUEV*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -811,7 +811,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/Finance**
+**ADMX_UserExperienceVirtualization/Finance**
@@ -849,7 +849,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Finance*
- GP name: *Finance*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
@@ -860,7 +860,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/FirstUseNotificationEnabled**
+**ADMX_UserExperienceVirtualization/FirstUseNotificationEnabled**
@@ -897,7 +897,7 @@ If you don't configure this policy setting, any defined values are deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *First Use Notification*
- GP name: *FirstUseNotificationEnabled*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -908,7 +908,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/Games**
+**ADMX_UserExperienceVirtualization/Games**
@@ -946,7 +946,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Games*
- GP name: *Games*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
@@ -957,7 +957,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/InternetExplorer8**
+**ADMX_UserExperienceVirtualization/InternetExplorer8**
@@ -986,9 +986,9 @@ ADMX Info:
This policy setting configures the synchronization of user settings for Internet Explorer 8.
-By default, the user settings of Internet Explorer 8 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 8 from synchronization between computers.
+By default, the user settings of Internet Explorer 8 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 8 from synchronization between computers.
-If you enable this policy setting, the Internet Explorer 8 user settings continue to synchronize.
+If you enable this policy setting, the Internet Explorer 8 user settings continue to synchronize.
If you disable this policy setting, Internet Explorer 8 user settings are excluded from the synchronization settings.
@@ -997,7 +997,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Internet Explorer 8*
- GP name: *InternetExplorer8*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1008,7 +1008,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/InternetExplorer9**
+**ADMX_UserExperienceVirtualization/InternetExplorer9**
@@ -1036,8 +1036,8 @@ ADMX Info:
This policy setting configures the synchronization of user settings for Internet Explorer 9. By default, the user settings of Internet Explorer 9 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 9 from synchronization between computers.
-
-If you enable this policy setting, the Internet Explorer 9 user settings continue to synchronize.
+
+If you enable this policy setting, the Internet Explorer 9 user settings continue to synchronize.
If you disable this policy setting, Internet Explorer 9 user settings are excluded from the synchronization settings.
@@ -1047,7 +1047,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Internet Explorer 9*
- GP name: *InternetExplorer9*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1058,7 +1058,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/InternetExplorer10**
+**ADMX_UserExperienceVirtualization/InternetExplorer10**
@@ -1087,7 +1087,7 @@ ADMX Info:
This policy setting configures the synchronization of user settings of Internet Explorer 10. By default, the user settings of Internet Explorer 10 synchronize between computers. Use the policy setting to prevent the user settings for Internet Explorer 10 from synchronization between computers.
-If you enable this policy setting, the Internet Explorer 10 user settings continue to synchronize.
+If you enable this policy setting, the Internet Explorer 10 user settings continue to synchronize.
If you disable this policy setting, Internet Explorer 10 user settings are excluded from the synchronization settings.
@@ -1096,7 +1096,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Internet Explorer 10*
- GP name: *InternetExplorer10*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1107,7 +1107,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/InternetExplorer11**
+**ADMX_UserExperienceVirtualization/InternetExplorer11**
@@ -1145,7 +1145,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Internet Explorer 11*
- GP name: *InternetExplorer11*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1156,7 +1156,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/InternetExplorerCommon**
+**ADMX_UserExperienceVirtualization/InternetExplorerCommon**
@@ -1195,7 +1195,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Internet Explorer Common Settings*
- GP name: *InternetExplorerCommon*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1205,7 +1205,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/Maps**
+**ADMX_UserExperienceVirtualization/Maps**
@@ -1243,7 +1243,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Maps*
- GP name: *Maps*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
@@ -1254,7 +1254,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MaxPackageSizeInBytes**
+**ADMX_UserExperienceVirtualization/MaxPackageSizeInBytes**
@@ -1281,7 +1281,7 @@ ADMX Info:
-This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent doesn't report information about package file size.
+This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package file size reaches a defined threshold. By default the UE-V Agent doesn't report information about package file size.
If you enable this policy setting, specify the threshold file size in bytes. When the settings package file exceeds this threshold the UE-V Agent will write a warning event to the event log.
@@ -1290,7 +1290,7 @@ If you disable or don't configure this policy setting, no event is written to th
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Settings package size warning threshold*
- GP name: *MaxPackageSizeInBytes*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -1301,7 +1301,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Access**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Access**
@@ -1328,18 +1328,18 @@ ADMX Info:
-This policy setting configures the synchronization of user settings for Microsoft Access 2010. By default, the user settings of Microsoft Access 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Access 2010. By default, the user settings of Microsoft Access 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Access 2010 from synchronization between computers.
If you enable this policy setting, Microsoft Access 2010 user settings continue to synchronize.
-If you disable this policy setting, Microsoft Access 2010 user settings are excluded from the synchronization settings.
+If you disable this policy setting, Microsoft Access 2010 user settings are excluded from the synchronization settings.
If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Access 2010*
- GP name: *MicrosoftOffice2010Access*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1350,7 +1350,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Common**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Common**
@@ -1377,18 +1377,18 @@ ADMX Info:
-This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2010 applications. By default, the user settings which are common between the Microsoft Office Suite 2010 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2010 applications from synchronization between computers.
+This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2010 applications. By default, the user settings which are common between the Microsoft Office Suite 2010 applications synchronize between computers. Use the policy setting to prevent the user settings which are common between the Microsoft Office Suite 2010 applications from synchronization between computers.
If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications continue to synchronize.
-If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2010 applications are enabled, this policy setting should not be disabled
+If you disable this policy setting, the user settings which are common between the Microsoft Office Suite 2010 applications are excluded from the synchronization settings. If any of the Microsoft Office Suite 2010 applications are enabled, this policy setting should not be disabled
If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 2010 Common Settings*
- GP name: *MicrosoftOffice2010Common*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1399,7 +1399,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Excel**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Excel**
@@ -1426,18 +1426,18 @@ ADMX Info:
-This policy setting configures the synchronization of user settings for Microsoft Excel 2010. By default, the user settings of Microsoft Excel 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Excel 2010. By default, the user settings of Microsoft Excel 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Excel 2010 from synchronization between computers.
If you enable this policy setting, Microsoft Excel 2010 user settings continue to synchronize.
-If you disable this policy setting, Microsoft Excel 2010 user settings are excluded from the synchronization settings.
+If you disable this policy setting, Microsoft Excel 2010 user settings are excluded from the synchronization settings.
If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Excel 2010*
- GP name: *MicrosoftOffice2010Excel*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1448,7 +1448,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010InfoPath**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010InfoPath**
@@ -1487,7 +1487,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft InfoPath 2010*
- GP name: *MicrosoftOffice2010InfoPath*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1498,7 +1498,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Lync**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Lync**
@@ -1525,18 +1525,18 @@ ADMX Info:
-This policy setting configures the synchronization of user settings for Microsoft Lync 2010. By default, the user settings of Microsoft Lync 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2010 from synchronization between computers.
+This policy setting configures the synchronization of user settings for Microsoft Lync 2010. By default, the user settings of Microsoft Lync 2010 synchronize between computers. Use the policy setting to prevent the user settings of Microsoft Lync 2010 from synchronization between computers.
If you enable this policy setting, Microsoft Lync 2010 user settings continue to synchronize.
-If you disable this policy setting, Microsoft Lync 2010 user settings are excluded from the synchronization settings.
+If you disable this policy setting, Microsoft Lync 2010 user settings are excluded from the synchronization settings.
If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Lync 2010*
- GP name: *MicrosoftOffice2010Lync*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1547,7 +1547,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010OneNote**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010OneNote**
@@ -1584,7 +1584,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft OneNote 2010*
- GP name: *MicrosoftOffice2010OneNote*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1595,7 +1595,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Outlook**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Outlook**
@@ -1633,7 +1633,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Outlook 2010*
- GP name: *MicrosoftOffice2010Outlook*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1644,7 +1644,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010PowerPoint**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010PowerPoint**
@@ -1683,7 +1683,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft PowerPoint 2010*
- GP name: *MicrosoftOffice2010PowerPoint*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1694,7 +1694,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Project**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Project**
@@ -1732,7 +1732,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Project 2010*
- GP name: *MicrosoftOffice2010Project*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1743,7 +1743,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Publisher**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Publisher**
@@ -1782,7 +1782,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Publisher 2010*
- GP name: *MicrosoftOffice2010Publisher*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1793,7 +1793,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointDesigner**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointDesigner**
@@ -1831,7 +1831,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft SharePoint Designer 2010*
- GP name: *MicrosoftOffice2010SharePointDesigner*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1842,7 +1842,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointWorkspace**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointWorkspace**
@@ -1881,7 +1881,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft SharePoint Workspace 2010*
- GP name: *MicrosoftOffice2010SharePointWorkspace*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1892,7 +1892,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Visio**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Visio**
@@ -1930,7 +1930,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Visio 2010*
- GP name: *MicrosoftOffice2010Visio*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1941,7 +1941,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Word**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2010Word**
@@ -1979,7 +1979,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Word 2010*
- GP name: *MicrosoftOffice2010Word*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -1990,7 +1990,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Access**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Access**
@@ -2027,7 +2027,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Access 2013*
- GP name: *MicrosoftOffice2013Access*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2038,7 +2038,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013AccessBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013AccessBackup**
@@ -2076,7 +2076,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Access 2013 backup only*
- GP name: *MicrosoftOffice2013AccessBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2087,7 +2087,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Common**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Common**
@@ -2125,7 +2125,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 2013 Common Settings*
- GP name: *MicrosoftOffice2013Common*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2136,7 +2136,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013CommonBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013CommonBackup**
@@ -2169,14 +2169,14 @@ Microsoft Office Suite 2013 has user settings which are common between applicati
If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications will continue to be backed up.
-If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications won't be backed up.
+If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications won't be backed up.
If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Common 2013 backup only*
- GP name: *MicrosoftOffice2013CommonBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2187,7 +2187,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Excel**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Excel**
@@ -2226,7 +2226,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Excel 2013*
- GP name: *MicrosoftOffice2013Excel*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2237,7 +2237,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013ExcelBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013ExcelBackup**
@@ -2275,7 +2275,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Excel 2013 backup only*
- GP name: *MicrosoftOffice2013ExcelBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2286,7 +2286,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPath**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPath**
@@ -2324,7 +2324,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft InfoPath 2013*
- GP name: *MicrosoftOffice2013InfoPath*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2335,7 +2335,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPathBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPathBackup**
@@ -2374,7 +2374,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *InfoPath 2013 backup only*
- GP name: *MicrosoftOffice2013InfoPathBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2385,7 +2385,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Lync**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Lync**
@@ -2423,7 +2423,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Lync 2013*
- GP name: *MicrosoftOffice2013Lync*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2434,7 +2434,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013LyncBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013LyncBackup**
@@ -2473,7 +2473,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Lync 2013 backup only*
- GP name: *MicrosoftOffice2013LyncBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2484,7 +2484,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneDriveForBusiness**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneDriveForBusiness**
@@ -2523,7 +2523,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft OneDrive for Business 2013*
- GP name: *MicrosoftOffice2013OneDriveForBusiness*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2534,7 +2534,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNote**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNote**
@@ -2573,7 +2573,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft OneNote 2013*
- GP name: *MicrosoftOffice2013OneNote*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2584,7 +2584,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNoteBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNoteBackup**
@@ -2623,7 +2623,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *OneNote 2013 backup only*
- GP name: *MicrosoftOffice2013OneNoteBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2634,7 +2634,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Outlook**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Outlook**
@@ -2672,7 +2672,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Outlook 2013*
- GP name: *MicrosoftOffice2013Outlook*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2683,7 +2683,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OutlookBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013OutlookBackup**
@@ -2722,7 +2722,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Outlook 2013 backup only*
- GP name: *MicrosoftOffice2013OutlookBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2733,7 +2733,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPoint**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPoint**
@@ -2772,7 +2772,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft PowerPoint 2013*
- GP name: *MicrosoftOffice2013PowerPoint*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2783,7 +2783,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPointBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPointBackup**
@@ -2822,7 +2822,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *PowerPoint 2013 backup only*
- GP name: *MicrosoftOffice2013PowerPointBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2833,7 +2833,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Project**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Project**
@@ -2871,7 +2871,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Project 2013*
- GP name: *MicrosoftOffice2013Project*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2882,7 +2882,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013ProjectBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013ProjectBackup**
@@ -2920,7 +2920,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Project 2013 backup only*
- GP name: *MicrosoftOffice2013ProjectBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2931,7 +2931,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Publisher**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Publisher**
@@ -2970,7 +2970,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Publisher 2013*
- GP name: *MicrosoftOffice2013Publisher*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -2981,7 +2981,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013PublisherBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013PublisherBackup**
@@ -3020,7 +3020,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Publisher 2013 backup only*
- GP name: *MicrosoftOffice2013PublisherBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3031,7 +3031,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesigner**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesigner**
@@ -3070,7 +3070,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft SharePoint Designer 2013*
- GP name: *MicrosoftOffice2013SharePointDesigner*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3120,7 +3120,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *SharePoint Designer 2013 backup only*
- GP name: *MicrosoftOffice2013SharePointDesignerBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3169,7 +3169,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 2013 Upload Center*
- GP name: *MicrosoftOffice2013UploadCenter*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3180,7 +3180,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Visio**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Visio**
@@ -3219,7 +3219,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Visio 2013*
- GP name: *MicrosoftOffice2013Visio*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3230,7 +3230,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013VisioBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013VisioBackup**
@@ -3269,7 +3269,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Visio 2013 backup only*
- GP name: *MicrosoftOffice2013VisioBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3280,7 +3280,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Word**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013Word**
@@ -3318,7 +3318,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Word 2013*
- GP name: *MicrosoftOffice2013Word*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3329,7 +3329,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2013WordBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2013WordBackup**
@@ -3367,7 +3367,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Word 2013 backup only*
- GP name: *MicrosoftOffice2013WordBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3378,7 +3378,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Access**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Access**
@@ -3416,7 +3416,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Access 2016*
- GP name: *MicrosoftOffice2016Access*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3427,7 +3427,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016AccessBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016AccessBackup**
@@ -3466,7 +3466,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Access 2016 backup only*
- GP name: *MicrosoftOffice2016AccessBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3477,7 +3477,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Common**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Common**
@@ -3516,7 +3516,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 2016 Common Settings*
- GP name: *MicrosoftOffice2016Common*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3527,7 +3527,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016CommonBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016CommonBackup**
@@ -3559,7 +3559,7 @@ Microsoft Office Suite 2016 has user settings which are common between applicati
If you enable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications will continue to be backed up.
-If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications won't be backed up.
+If you disable this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications won't be backed up.
If you don't configure this policy setting, any defined values will be deleted.
@@ -3567,7 +3567,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Common 2016 backup only*
- GP name: *MicrosoftOffice2016CommonBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3578,7 +3578,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Excel**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Excel**
@@ -3617,7 +3617,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Excel 2016*
- GP name: *MicrosoftOffice2016Excel*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3628,7 +3628,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016ExcelBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016ExcelBackup**
@@ -3667,7 +3667,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Excel 2016 backup only*
- GP name: *MicrosoftOffice2016ExcelBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3678,7 +3678,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Lync**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Lync**
@@ -3717,7 +3717,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Lync 2016*
- GP name: *MicrosoftOffice2016Lync*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3728,7 +3728,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016LyncBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016LyncBackup**
@@ -3767,7 +3767,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Lync 2016 backup only*
- GP name: *MicrosoftOffice2016LyncBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3778,7 +3778,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneDriveForBusiness**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneDriveForBusiness**
@@ -3817,7 +3817,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft OneDrive for Business 2016*
- GP name: *MicrosoftOffice2016OneDriveForBusiness*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3828,7 +3828,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNote**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNote**
@@ -3866,7 +3866,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft OneNote 2016*
- GP name: *MicrosoftOffice2016OneNote*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3877,7 +3877,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNoteBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNoteBackup**
@@ -3916,7 +3916,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *OneNote 2016 backup only*
- GP name: *MicrosoftOffice2016OneNoteBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3927,7 +3927,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Outlook**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Outlook**
@@ -3965,7 +3965,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Outlook 2016*
- GP name: *MicrosoftOffice2016Outlook*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -3976,7 +3976,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OutlookBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016OutlookBackup**
@@ -4015,7 +4015,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Outlook 2016 backup only*
- GP name: *MicrosoftOffice2016OutlookBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4026,7 +4026,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPoint**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPoint**
@@ -4064,7 +4064,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft PowerPoint 2016*
- GP name: *MicrosoftOffice2016PowerPoint*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4075,7 +4075,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPointBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPointBackup**
@@ -4113,7 +4113,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *PowerPoint 2016 backup only*
- GP name: *MicrosoftOffice2016PowerPointBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4124,7 +4124,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Project**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Project**
@@ -4164,7 +4164,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Project 2016*
- GP name: *MicrosoftOffice2016Project*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4175,7 +4175,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016ProjectBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016ProjectBackup**
@@ -4213,7 +4213,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Project 2016 backup only*
- GP name: *MicrosoftOffice2016ProjectBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4224,7 +4224,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Publisher**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Publisher**
@@ -4263,7 +4263,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Publisher 2016*
- GP name: *MicrosoftOffice2016Publisher*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4274,7 +4274,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016PublisherBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016PublisherBackup**
@@ -4313,7 +4313,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Publisher 2016 backup only*
- GP name: *MicrosoftOffice2016PublisherBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4363,7 +4363,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 2016 Upload Center*
- GP name: *MicrosoftOffice2016UploadCenter*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4374,7 +4374,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Visio**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Visio**
@@ -4412,7 +4412,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Visio 2016*
- GP name: *MicrosoftOffice2016Visio*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4423,7 +4423,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016VisioBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016VisioBackup**
@@ -4462,7 +4462,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Visio 2016 backup only*
- GP name: *MicrosoftOffice2016VisioBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4473,7 +4473,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Word**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016Word**
@@ -4511,7 +4511,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Word 2016*
- GP name: *MicrosoftOffice2016Word*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4522,7 +4522,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice2016WordBackup**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice2016WordBackup**
@@ -4561,7 +4561,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Word 2016 backup only*
- GP name: *MicrosoftOffice2016WordBackup*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4572,7 +4572,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2013**
@@ -4611,7 +4611,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Access 2013*
- GP name: *MicrosoftOffice365Access2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4622,7 +4622,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2016**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2016**
@@ -4661,7 +4661,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Access 2016*
- GP name: *MicrosoftOffice365Access2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4672,7 +4672,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2013**
@@ -4711,7 +4711,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Common 2013*
- GP name: *MicrosoftOffice365Common2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4761,7 +4761,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Common 2016*
- GP name: *MicrosoftOffice365Common2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4772,7 +4772,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2013**
@@ -4811,7 +4811,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Excel 2013*
- GP name: *MicrosoftOffice365Excel2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4822,7 +4822,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2016**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2016**
@@ -4861,7 +4861,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Excel 2016*
- GP name: *MicrosoftOffice365Excel2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4872,7 +4872,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365InfoPath2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365InfoPath2013**
@@ -4910,7 +4910,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 InfoPath 2013*
- GP name: *MicrosoftOffice365InfoPath2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4921,7 +4921,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2013**
@@ -4960,7 +4960,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Lync 2013*
- GP name: *MicrosoftOffice365Lync2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -4971,7 +4971,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2016**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2016**
@@ -5010,7 +5010,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Lync 2016*
- GP name: *MicrosoftOffice365Lync2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5021,7 +5021,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2013**
@@ -5060,7 +5060,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 OneNote 2013*
- GP name: *MicrosoftOffice365OneNote2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5071,7 +5071,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2016**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2016**
@@ -5110,7 +5110,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 OneNote 2016*
- GP name: *MicrosoftOffice365OneNote2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5121,7 +5121,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2013**
@@ -5160,7 +5160,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Outlook 2013*
- GP name: *MicrosoftOffice365Outlook2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5171,7 +5171,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2016**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2016**
@@ -5210,7 +5210,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Outlook 2016*
- GP name: *MicrosoftOffice365Outlook2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5221,7 +5221,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2013**
@@ -5260,7 +5260,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 PowerPoint 2013*
- GP name: *MicrosoftOffice365PowerPoint2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5271,7 +5271,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2016**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2016**
@@ -5310,7 +5310,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 PowerPoint 2016*
- GP name: *MicrosoftOffice365PowerPoint2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5321,7 +5321,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2013**
@@ -5360,7 +5360,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Project 2013*
- GP name: *MicrosoftOffice365Project2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5410,7 +5410,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Project 2016*
- GP name: *MicrosoftOffice365Project2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5421,7 +5421,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2013**
@@ -5460,7 +5460,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Publisher 2013*
- GP name: *MicrosoftOffice365Publisher2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5471,7 +5471,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2016**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2016**
@@ -5509,7 +5509,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Publisher 2016*
- GP name: *MicrosoftOffice365Publisher2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5520,7 +5520,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365SharePointDesigner2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365SharePointDesigner2013**
@@ -5559,7 +5559,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 SharePoint Designer 2013*
- GP name: *MicrosoftOffice365SharePointDesigner2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5570,7 +5570,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2013**
@@ -5608,7 +5608,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Visio 2013*
- GP name: *MicrosoftOffice365Visio2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5619,7 +5619,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2016**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2016**
@@ -5658,7 +5658,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Visio 2016*
- GP name: *MicrosoftOffice365Visio2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5669,7 +5669,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2013**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2013**
@@ -5708,7 +5708,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Word 2013*
- GP name: *MicrosoftOffice365Word2013*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5719,7 +5719,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2016**
+**ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2016**
@@ -5758,7 +5758,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Microsoft Office 365 Word 2016*
- GP name: *MicrosoftOffice365Word2016*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5769,7 +5769,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/Music**
+**ADMX_UserExperienceVirtualization/Music**
@@ -5807,7 +5807,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Music*
- GP name: *Music*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
@@ -5818,7 +5818,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/News**
+**ADMX_UserExperienceVirtualization/News**
@@ -5857,7 +5857,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *News*
- GP name: *News*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
@@ -5868,7 +5868,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/Notepad**
+**ADMX_UserExperienceVirtualization/Notepad**
@@ -5897,7 +5897,7 @@ ADMX Info:
This policy setting configures the synchronization of user settings of Notepad. By default, the user settings of Notepad synchronize between computers. Use the policy setting to prevent the user settings of Notepad from synchronization between computers.
-If you enable this policy setting, the Notepad user settings continue to synchronize.
+If you enable this policy setting, the Notepad user settings continue to synchronize.
If you disable this policy setting, Notepad user settings are excluded from the synchronization settings.
@@ -5907,7 +5907,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Notepad*
- GP name: *Notepad*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
@@ -5918,7 +5918,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/Reader**
+**ADMX_UserExperienceVirtualization/Reader**
@@ -5952,13 +5952,13 @@ If you enable this policy setting, Reader user settings continue to sync.
If you disable this policy setting, Reader user settings are excluded from the synchronization.
If you don't configure this policy setting, any defined values will be deleted.
-
+
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Reader*
- GP name: *Reader*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
@@ -5969,7 +5969,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/RepositoryTimeout**
+**ADMX_UserExperienceVirtualization/RepositoryTimeout**
@@ -5996,9 +5996,9 @@ ADMX Info:
-This policy setting configures the number of milliseconds that the computer waits when retrieving user settings from the settings storage location. You can use this setting to override the default value of 2000 milliseconds.
+This policy setting configures the number of milliseconds that the computer waits when retrieving user settings from the settings storage location. You can use this setting to override the default value of 2000 milliseconds.
-If you enable this policy setting, set the number of milliseconds that the system waits to retrieve settings.
+If you enable this policy setting, set the number of milliseconds that the system waits to retrieve settings.
If you disable or don't configure this policy setting, the default value of 2000 milliseconds is used.
@@ -6006,7 +6006,7 @@ If you disable or don't configure this policy setting, the default value of 2000
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Synchronization timeout*
- GP name: *RepositoryTimeout*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -6017,7 +6017,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/SettingsStoragePath**
+**ADMX_UserExperienceVirtualization/SettingsStoragePath**
@@ -6046,15 +6046,15 @@ ADMX Info:
This policy setting configures where the settings package files that contain user settings are stored.
-If you enable this policy setting, the user settings are stored in the specified location.
+If you enable this policy setting, the user settings are stored in the specified location.
-If you disable or don't configure this policy setting, the user settings are stored in the user’s home directory if configured for your environment.
+If you disable or don't configure this policy setting, the user settings are stored in the user’s home directory if configured for your environment.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Settings storage path*
- GP name: *SettingsStoragePath*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -6065,7 +6065,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/SettingsTemplateCatalogPath**
+**ADMX_UserExperienceVirtualization/SettingsTemplateCatalogPath**
@@ -6100,7 +6100,7 @@ If you specify a UNC path and leave the option to replace the default Microsoft
If you specify a UNC path and check the option to replace the default Microsoft templates, all of the default Microsoft templates installed by the UE-V Agent will be deleted from the computer and only the templates located in the settings template catalog will be used.
-If you disable this policy setting, the UE-V Agent won't use the custom settings location templates. If you disable this policy setting after it has been enabled, the UE-V Agent won't restore the default Microsoft templates.
+If you disable this policy setting, the UE-V Agent won't use the custom settings location templates. If you disable this policy setting after it has been enabled, the UE-V Agent won't restore the default Microsoft templates.
If you don't configure this policy setting, any defined values will be deleted.
@@ -6108,7 +6108,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Settings template catalog path*
- GP name: *SettingsTemplateCatalogPath*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -6119,7 +6119,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/Sports**
+**ADMX_UserExperienceVirtualization/Sports**
@@ -6158,7 +6158,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Sports*
- GP name: *Sports*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
@@ -6169,7 +6169,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/SyncEnabled**
+**ADMX_UserExperienceVirtualization/SyncEnabled**
@@ -6202,7 +6202,7 @@ This policy setting allows you to enable or disable User Experience Virtualizati
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Use User Experience Virtualization (UE-V)*
- GP name: *SyncEnabled*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -6252,7 +6252,7 @@ If you don't configure this policy setting, any defined values are deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Sync settings over metered connections*
- GP name: *SyncOverMeteredNetwork*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -6263,7 +6263,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/SyncOverMeteredNetworkWhenRoaming**
+**ADMX_UserExperienceVirtualization/SyncOverMeteredNetworkWhenRoaming**
@@ -6302,7 +6302,7 @@ If you don't configure this policy setting, any defined values are deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Sync settings over metered connections even when roaming*
- GP name: *SyncOverMeteredNetworkWhenRoaming*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -6313,7 +6313,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/SyncProviderPingEnabled**
+**ADMX_UserExperienceVirtualization/SyncProviderPingEnabled**
@@ -6344,15 +6344,15 @@ This policy setting allows you to configure the User Experience Virtualization (
If you enable this policy setting, the sync provider pings the settings storage location before synchronizing settings packages.
-If you disable this policy setting, the sync provider doesn’t ping the settings storage location before synchronizing settings packages.
+If you disable this policy setting, the sync provider doesn’t ping the settings storage location before synchronizing settings packages.
-If you don't configure this policy, any defined values will be deleted.
+If you don't configure this policy, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Ping the settings storage location before sync*
- GP name: *SyncProviderPingEnabled*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -6363,7 +6363,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/SyncUnlistedWindows8Apps**
+**ADMX_UserExperienceVirtualization/SyncUnlistedWindows8Apps**
@@ -6401,7 +6401,7 @@ If you don't configure this policy setting, any defined values are deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Sync Unlisted Windows Apps*
- GP name: *SyncUnlistedWindows8Apps*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -6412,7 +6412,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/Travel**
+**ADMX_UserExperienceVirtualization/Travel**
@@ -6451,7 +6451,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Travel*
- GP name: *Travel*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
@@ -6462,7 +6462,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/TrayIconEnabled**
+**ADMX_UserExperienceVirtualization/TrayIconEnabled**
@@ -6497,7 +6497,7 @@ If you don't configure this policy setting, any defined values are deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Tray Icon*
- GP name: *TrayIconEnabled*
- GP path: *Windows Components\Microsoft User Experience Virtualization*
@@ -6508,7 +6508,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/Video**
+**ADMX_UserExperienceVirtualization/Video**
@@ -6547,7 +6547,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Video*
- GP name: *Video*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
@@ -6558,7 +6558,7 @@ ADMX Info:
-**ADMX_UserExperienceVirtualization/Weather**
+**ADMX_UserExperienceVirtualization/Weather**
@@ -6597,7 +6597,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Weather*
- GP name: *Weather*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Windows Apps*
@@ -6637,7 +6637,7 @@ ADMX Info:
This policy setting configures the synchronization of user settings of WordPad. By default, the user settings of WordPad synchronize between computers. Use the policy setting to prevent the user settings of WordPad from synchronization between computers.
-If you enable this policy setting, the WordPad user settings continue to synchronize.
+If you enable this policy setting, the WordPad user settings continue to synchronize.
If you disable this policy setting, WordPad user settings are excluded from the synchronization settings.
@@ -6647,7 +6647,7 @@ If you don't configure this policy setting, any defined values will be deleted.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *WordPad*
- GP name: *Wordpad*
- GP path: *Windows Components\Microsoft User Experience Virtualization\Applications*
diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md
index f6d9875e16..fc9006072f 100644
--- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/11/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,13 +17,13 @@ manager: aaroncz
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_UserProfiles policies
+## ADMX_UserProfiles policies
-
@@ -56,7 +56,7 @@ manager: aaroncz
-**ADMX_UserProfiles/CleanupProfiles**
+**ADMX_UserProfiles/CleanupProfiles**
@@ -87,14 +87,14 @@ This policy setting allows an administrator to automatically delete user profile
> [!NOTE]
> One day is interpreted as 24 hours after a specific user profile was accessed.
-If you enable this policy setting, the User Profile Service will automatically delete on the next system restart all user profiles on the computer that haven't been used within the specified number of days.
+If you enable this policy setting, the User Profile Service will automatically delete on the next system restart all user profiles on the computer that haven't been used within the specified number of days.
If you disable or don't configure this policy setting, User Profile Service won't automatically delete any profiles on the next system restart.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Delete user profiles older than a specified number of days on system restart*
- GP name: *CleanupProfiles*
- GP path: *System\User Profiles*
@@ -105,7 +105,7 @@ ADMX Info:
-**ADMX_UserProfiles/DontForceUnloadHive**
+**ADMX_UserProfiles/DontForceUnloadHive**
@@ -131,7 +131,7 @@ ADMX Info:
-This policy setting controls whether Windows forcefully unloads the user's registry at sign out, even if there are open handles to the per-user registry keys.
+This policy setting controls whether Windows forcefully unloads the user's registry at sign out, even if there are open handles to the per-user registry keys.
> [!NOTE]
> This policy setting should only be used for cases where you may be running into application compatibility issues due to this specific Windows behavior. It is not recommended to enable this policy by default as it may prevent users from getting an updated version of their roaming user profile.
@@ -143,7 +143,7 @@ If you disable or don't configure this policy setting, Windows will always unloa
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not forcefully unload the users registry at user logoff*
- GP name: *DontForceUnloadHive*
- GP path: *System\User Profiles*
@@ -154,7 +154,7 @@ ADMX Info:
-**ADMX_UserProfiles/LeaveAppMgmtData**
+**ADMX_UserProfiles/LeaveAppMgmtData**
@@ -194,7 +194,7 @@ If you disable or don't configure this policy setting, Windows will delete the e
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Leave Windows Installer and Group Policy Software Installation Data*
- GP name: *LeaveAppMgmtData*
- GP path: *System\User Profiles*
@@ -205,7 +205,7 @@ ADMX Info:
-**ADMX_UserProfiles/LimitSize**
+**ADMX_UserProfiles/LimitSize**
@@ -246,7 +246,7 @@ If you enable this policy setting, you can:
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Limit profile size*
- GP name: *LimitSize*
- GP path: *System\User Profiles*
@@ -257,7 +257,7 @@ ADMX Info:
-**ADMX_UserProfiles/ProfileErrorAction**
+**ADMX_UserProfiles/ProfileErrorAction**
@@ -283,7 +283,7 @@ ADMX Info:
-This policy setting will automatically sign out a user when Windows can't load their profile.
+This policy setting will automatically sign out a user when Windows can't load their profile.
If Windows can't access the user profile folder or the profile contains errors that prevent it from loading, Windows logs on the user with a temporary profile. This policy setting allows the administrator to disable this behavior, preventing Windows from logging on the user with a temporary profile.
@@ -296,7 +296,7 @@ Also, see the "Delete cached copies of roaming profiles" policy setting.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not log users on with temporary profiles*
- GP name: *ProfileErrorAction*
- GP path: *System\User Profiles*
@@ -307,7 +307,7 @@ ADMX Info:
-**ADMX_UserProfiles/SlowLinkTimeOut**
+**ADMX_UserProfiles/SlowLinkTimeOut**
@@ -333,7 +333,7 @@ ADMX Info:
-This policy setting defines a slow connection for roaming user profiles and establishes thresholds for two tests of network speed.
+This policy setting defines a slow connection for roaming user profiles and establishes thresholds for two tests of network speed.
To determine the network performance characteristics, a connection is made to the file share storing the user's profile and 64 kilobytes of data is transferred. From that connection and data transfer, the network's latency and connection speed are determined.
@@ -346,7 +346,7 @@ If you disable or don't configure this policy setting, Windows considers the net
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Control slow network connection timeout for user profiles*
- GP name: *SlowLinkTimeOut*
- GP path: *System\User Profiles*
@@ -357,7 +357,7 @@ ADMX Info:
-**ADMX_UserProfiles/USER_HOME**
+**ADMX_UserProfiles/USER_HOME**
@@ -401,7 +401,7 @@ If the "Set Remote Desktop Services User Home Directory" policy setting is enabl
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set user home folder*
- GP name: *USER_HOME*
- GP path: *System\User Profiles*
@@ -412,7 +412,7 @@ ADMX Info:
-**ADMX_UserProfiles/UserInfoAccessAction**
+**ADMX_UserProfiles/UserInfoAccessAction**
@@ -450,7 +450,7 @@ If you don't configure or disable this policy the user will have full control ov
-ADMX Info:
+ADMX Info:
- GP Friendly name: *User management of sharing user name, account picture, and domain information with apps (not desktop apps)*
- GP name: *UserInfoAccessAction*
- GP path: *System\User Profiles*
diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md
index 9ec5b2733d..5efabc10e4 100644
--- a/windows/client-management/mdm/policy-csp-admx-w32time.md
+++ b/windows/client-management/mdm/policy-csp-admx-w32time.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/28/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_W32Time
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_W32Time policies
+## ADMX_W32Time policies
-
@@ -44,7 +44,7 @@ manager: aaroncz
-**ADMX_W32Time/W32TIME_POLICY_CONFIG**
+**ADMX_W32Time/W32TIME_POLICY_CONFIG**
@@ -156,7 +156,7 @@ This parameter controls the frequency at which an event that indicates the numbe
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Global Configuration Settings*
- GP name: *W32TIME_POLICY_CONFIG*
- GP path: *System\Windows Time Service*
@@ -167,7 +167,7 @@ ADMX Info:
-**ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT**
+**ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT**
@@ -200,7 +200,7 @@ If you enable this policy setting, you can specify the following parameters for
If you disable or don't configure this policy setting, the Windows NTP Client uses the defaults of each of the following parameters.
**NtpServer**
-The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of ""dnsName,flags"" where ""flags"" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings. The default value is ""time.windows.com,0x09"".
+The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of ""dnsName,flags"" where ""flags"" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings. The default value is ""time.windows.com,0x09"".
**Type**
This value controls the authentication that W32time uses. The default value is NT5DS.
@@ -224,7 +224,7 @@ This value is a bitmask that controls events that may be logged to the System lo
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Windows NTP Client*
- GP name: *W32TIME_POLICY_CONFIGURE_NTPCLIENT*
- GP path: *System\Windows Time Service\Time Providers*
@@ -235,7 +235,7 @@ ADMX Info:
-**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT**
+**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT**
@@ -273,7 +273,7 @@ If you disable or don't configure this policy setting, the local computer clock
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Windows NTP Client*
- GP name: *W32TIME_POLICY_ENABLE_NTPCLIENT*
- GP path: *System\Windows Time Service\Time Providers*
@@ -284,7 +284,7 @@ ADMX Info:
-**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER**
+**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER**
@@ -319,7 +319,7 @@ If you disable or don't configure this policy setting, your computer can't servi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Windows NTP Server*
- GP name: *W32TIME_POLICY_ENABLE_NTPSERVER*
- GP path: *System\Windows Time Service\Time Providers*
diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md
index d396e0aaae..3bf2af411a 100644
--- a/windows/client-management/mdm/policy-csp-admx-wcm.md
+++ b/windows/client-management/mdm/policy-csp-admx-wcm.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 10/22/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_WCM
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_WCM policies
+## ADMX_WCM policies
-
@@ -41,7 +41,7 @@ manager: aaroncz
-**ADMX_WCM/WCM_DisablePowerManagement**
+**ADMX_WCM/WCM_DisablePowerManagement**
@@ -76,7 +76,7 @@ If this policy setting isn't configured or is disabled, power management is enab
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable power management in connected standby mode*
- GP name: *WCM_DisablePowerManagement*
- GP path: *Network\Windows Connection Manager*
@@ -87,7 +87,7 @@ ADMX Info:
-**ADMX_WCM/WCM_EnableSoftDisconnect**
+**ADMX_WCM/WCM_EnableSoftDisconnect**
@@ -131,7 +131,7 @@ This policy setting depends on other group policy settings. For example, if 'Min
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enable Windows to soft-disconnect a computer from a network*
- GP name: *WCM_EnableSoftDisconnect*
- GP path: *Network\Windows Connection Manager*
@@ -142,7 +142,7 @@ ADMX Info:
-**ADMX_WCM/WCM_MinimizeConnections**
+**ADMX_WCM/WCM_MinimizeConnections**
@@ -171,7 +171,7 @@ ADMX Info:
This policy setting determines if a computer can have multiple connections to the internet or to a Windows domain. If multiple connections are allowed, it then determines how network traffic will be routed.
If this policy setting is set to 0, a computer can have simultaneous connections to the internet, to a Windows domain, or to both. Internet traffic can be routed over any connection - including a cellular connection and any metered network. This value of 0 was previously the "Disabled" state for this policy setting. This option was first available in Windows 8.
-
+
If this policy setting is set to 1, any new automatic internet connection is blocked when the computer has at least one active internet connection to a preferred type of network. Here's the order of preference (from most preferred to least preferred): Ethernet, WLAN, then cellular. Ethernet is always preferred when connected. Users can still manually connect to any network. This value of 1 was previously the "Enabled" state for this policy setting. This option was first available in Windows 8.
If this policy setting is set to 2, the behavior is similar to 1. However, if a cellular data connection is available, it will always stay connected for services that require a cellular connection. When the user is connected to a WLAN or Ethernet connection, no internet traffic will be routed over the cellular connection. This option was first available in Windows 10 (Version 1703).
@@ -183,7 +183,7 @@ This policy setting is related to the "Enable Windows to soft-disconnect a compu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Minimize the number of simultaneous connections to the Internet or a Windows Domain*
- GP name: *WCM_MinimizeConnections*
- GP path: *Network\Windows Connection Manager*
diff --git a/windows/client-management/mdm/policy-csp-admx-wdi.md b/windows/client-management/mdm/policy-csp-admx-wdi.md
index b3a2aefd94..24c0c40d56 100644
--- a/windows/client-management/mdm/policy-csp-admx-wdi.md
+++ b/windows/client-management/mdm/policy-csp-admx-wdi.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/09/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_WDI policies
+## ADMX_WDI policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_WDI/WdiDpsScenarioExecutionPolicy**
+**ADMX_WDI/WdiDpsScenarioExecutionPolicy**
@@ -65,21 +65,21 @@ manager: aaroncz
-This policy setting determines the data retention limit for Diagnostic Policy Service (DPS) scenario data.
+This policy setting determines the data retention limit for Diagnostic Policy Service (DPS) scenario data.
-If you enable this policy setting, you must enter the maximum size of scenario data that should be retained in megabytes. Detailed troubleshooting data related to scenarios will be retained until this limit is reached.
+If you enable this policy setting, you must enter the maximum size of scenario data that should be retained in megabytes. Detailed troubleshooting data related to scenarios will be retained until this limit is reached.
-If you disable or don't configure this policy setting, the DPS deletes scenario data once it exceeds 128 megabytes in size. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
+If you disable or don't configure this policy setting, the DPS deletes scenario data once it exceeds 128 megabytes in size. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
>[!NOTE]
-> This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenario data won't be deleted.
+> This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenario data won't be deleted.
>
> The DPS can be configured with the Services snap-in to the Microsoft Management Console.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Diagnostics: Configure scenario retention*
- GP name: *WdiDpsScenarioExecutionPolicy*
- GP path: *System\Troubleshooting and Diagnostics*
@@ -90,7 +90,7 @@ ADMX Info:
-**ADMX_WDI/WdiDpsScenarioDataSizeLimitPolicy**
+**ADMX_WDI/WdiDpsScenarioDataSizeLimitPolicy**
@@ -116,21 +116,21 @@ ADMX Info:
-This policy setting determines the execution level for Diagnostic Policy Service (DPS) scenarios.
+This policy setting determines the execution level for Diagnostic Policy Service (DPS) scenarios.
-If you enable this policy setting, you must select an execution level from the drop-down menu.
+If you enable this policy setting, you must select an execution level from the drop-down menu.
-- If you select problem detection and troubleshooting only, the DPS will detect problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken.
-- If you select detection, troubleshooting and resolution, the DPS will attempt to automatically fix problems it detects or indicate to the user that assisted resolution is available.
+- If you select problem detection and troubleshooting only, the DPS will detect problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken.
+- If you select detection, troubleshooting and resolution, the DPS will attempt to automatically fix problems it detects or indicate to the user that assisted resolution is available.
-If you disable this policy setting, Windows can't detect, troubleshoot, or resolve any problems that are handled by the DPS.
+If you disable this policy setting, Windows can't detect, troubleshoot, or resolve any problems that are handled by the DPS.
If you don't configure this policy setting, the DPS enables all scenarios for resolution by default, unless you configure separate scenario-specific policy settings. This policy setting takes precedence over any scenario-specific policy settings when it's enabled or disabled. Scenario-specific policy settings only take effect if this policy setting isn't configured. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Diagnostics: Configure scenario execution level*
- GP name: *WdiDpsScenarioDataSizeLimitPolicy*
- GP path: *System\Troubleshooting and Diagnostics*
diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md
index 410eda6d2b..28d7f529bb 100644
--- a/windows/client-management/mdm/policy-csp-admx-wincal.md
+++ b/windows/client-management/mdm/policy-csp-admx-wincal.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/28/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_WinCal
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_WinCal policies
+## ADMX_WinCal policies
-
@@ -38,7 +38,7 @@ manager: aaroncz
-**ADMX_WinCal/TurnOffWinCal_1**
+**ADMX_WinCal/TurnOffWinCal_1**
@@ -74,7 +74,7 @@ The default is for Windows Calendar to be turned on.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows Calendar*
- GP name: *TurnOffWinCal_1*
- GP path: *Windows Components\Windows Calendar*
@@ -87,7 +87,7 @@ ADMX Info:
-**ADMX_WinCal/TurnOffWinCal_2**
+**ADMX_WinCal/TurnOffWinCal_2**
@@ -124,7 +124,7 @@ The default is for Windows Calendar to be turned on.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows Calendar*
- GP name: *TurnOffWinCal_2*
- GP path: *Windows Components\Windows Calendar*
diff --git a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
index c575e5f9a8..8a08ec78b6 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
@@ -8,7 +8,7 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 10/27/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
@@ -17,13 +17,13 @@ manager: aaroncz
-## ADMX_WindowsColorSystem policies
+## ADMX_WindowsColorSystem policies
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -39,7 +39,7 @@ manager: aaroncz
-**WindowsColorSystem/ProhibitChangingInstalledProfileList_1**
+**WindowsColorSystem/ProhibitChangingInstalledProfileList_1**
@@ -65,16 +65,16 @@ manager: aaroncz
-This policy setting affects the ability of users to install or uninstall color profiles.
+This policy setting affects the ability of users to install or uninstall color profiles.
-- If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles.
+- If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles.
- If you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit installing or uninstalling color profiles*
- GP name: *ProhibitChangingInstalledProfileList_1*
- GP path: *Windows Components\Windows Color System*
@@ -85,7 +85,7 @@ ADMX Info:
-**WindowsColorSystem/ProhibitChangingInstalledProfileList_2**
+**WindowsColorSystem/ProhibitChangingInstalledProfileList_2**
@@ -111,16 +111,16 @@ ADMX Info:
-This policy setting affects the ability of users to install or uninstall color profiles.
+This policy setting affects the ability of users to install or uninstall color profiles.
-- If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles.
+- If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles.
- If you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit installing or uninstalling color profiles*
- GP name: *ProhibitChangingInstalledProfileList_2*
- GP path: *Windows Components\Windows Color System*
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
index 8d93498e0d..d20c0e3e59 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/28/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_WindowsConnectNow
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_WindowsConnectNow policies
+## ADMX_WindowsConnectNow policies
-
@@ -41,7 +41,7 @@ manager: aaroncz
-**ADMX_WindowsConnectNow/WCN_DisableWcnUi_1**
+**ADMX_WindowsConnectNow/WCN_DisableWcnUi_1**
@@ -67,20 +67,20 @@ manager: aaroncz
-This policy setting prohibits access to Windows Connect Now (WCN) wizards.
+This policy setting prohibits access to Windows Connect Now (WCN) wizards.
-- If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks.
+- If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks.
-All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled.
+All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled.
-- If you disable or don't configure this policy setting, users can access the wizard tasks.
+- If you disable or don't configure this policy setting, users can access the wizard tasks.
They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit access of the Windows Connect Now wizards*
- GP name: *WCN_DisableWcnUi_1*
- GP path: *Network\Windows Connect Now*
@@ -91,7 +91,7 @@ ADMX Info:
-**ADMX_WindowsConnectNow/WCN_DisableWcnUi_2**
+**ADMX_WindowsConnectNow/WCN_DisableWcnUi_2**
@@ -117,13 +117,13 @@ ADMX Info:
-This policy setting prohibits access to Windows Connect Now (WCN) wizards.
+This policy setting prohibits access to Windows Connect Now (WCN) wizards.
-- If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks.
+- If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks.
-All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled.
+All the configuration-related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled.
-- If you disable or don't configure this policy setting, users can access the wizard tasks.
+- If you disable or don't configure this policy setting, users can access the wizard tasks.
They are "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
@@ -131,7 +131,7 @@ They are "Set up a wireless router or access point" and "Add a wireless device."
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prohibit access of the Windows Connect Now wizards*
- GP name: *WCN_DisableWcnUi_2*
- GP path: *Network\Windows Connect Now*
@@ -142,7 +142,7 @@ ADMX Info:
-**ADMX_WindowsConnectNow/WCN_EnableRegistrar**
+**ADMX_WindowsConnectNow/WCN_EnableRegistrar**
@@ -170,12 +170,12 @@ ADMX Info:
This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 WLAN, through the Windows Portable Device API (WPD), and via USB Flash drives.
-More options are available to allow discovery and configuration over a specific medium.
+More options are available to allow discovery and configuration over a specific medium.
-- If you enable this policy setting, more choices are available to turn off the operations over a specific medium.
-- If you disable this policy setting, operations are disabled over all media.
+- If you enable this policy setting, more choices are available to turn off the operations over a specific medium.
+- If you disable this policy setting, operations are disabled over all media.
-If you don't configure this policy setting, operations are enabled over all media.
+If you don't configure this policy setting, operations are enabled over all media.
The default for this policy setting allows operations over all media.
@@ -183,7 +183,7 @@ The default for this policy setting allows operations over all media.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configuration of wireless settings using Windows Connect Now*
- GP name: *WCN_EnableRegistrar*
- GP path: *Network\Windows Connect Now*
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
index 5dd0274b06..11268b40e9 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
@@ -8,24 +8,24 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 10/29/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_WindowsExplorer
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_WindowsExplorer policies
+## ADMX_WindowsExplorer policies
-
@@ -247,7 +247,7 @@ manager: aaroncz
-**ADMX_WindowsExplorer/CheckSameSourceAndTargetForFRAndDFS**
+**ADMX_WindowsExplorer/CheckSameSourceAndTargetForFRAndDFS**
@@ -286,7 +286,7 @@ If you disable or do not configure this policy setting, Folder Redirection does
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Verify old and new Folder Redirection targets point to the same share before redirecting*
- GP name: *CheckSameSourceAndTargetForFRAndDFS*
- GP path: *Windows Components\File Explorer*
@@ -298,7 +298,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/ClassicShell**
+**ADMX_WindowsExplorer/ClassicShell**
@@ -336,7 +336,7 @@ If you disable or not configure this policy, the default File Explorer behavior
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn on Classic Shell*
- GP name: *ClassicShell*
- GP path: *Windows Components\File Explorer*
@@ -347,7 +347,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/ConfirmFileDelete**
+**ADMX_WindowsExplorer/ConfirmFileDelete**
@@ -382,7 +382,7 @@ If you disable or do not configure this setting, the default behavior of not dis
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display confirmation dialog when deleting files*
- GP name: *ConfirmFileDelete*
- GP path: *Windows Components\File Explorer*
@@ -393,7 +393,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/DefaultLibrariesLocation**
+**ADMX_WindowsExplorer/DefaultLibrariesLocation**
@@ -429,7 +429,7 @@ If you disable or do not configure this policy setting, no changes are made to t
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Location where all default Library definition files for users/machines reside.*
- GP name: *DefaultLibrariesLocation*
- GP path: *Windows Components\File Explorer*
@@ -440,7 +440,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/DisableBindDirectlyToPropertySetStorage**
+**ADMX_WindowsExplorer/DisableBindDirectlyToPropertySetStorage**
@@ -476,7 +476,7 @@ This disables access to user-defined properties, and properties stored in NTFS s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable binding directly to IPropertySetStorage without intermediate layers.*
- GP name: *DisableBindDirectlyToPropertySetStorage*
- GP path: *Windows Components\File Explorer*
@@ -487,7 +487,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/DisableIndexedLibraryExperience**
+**ADMX_WindowsExplorer/DisableIndexedLibraryExperience**
@@ -517,7 +517,7 @@ This policy setting allows you to turn off Windows Libraries features that need
If you enable this policy, some Windows Libraries features will be turned off to better handle included folders that have been redirected to non-indexed network locations.
-Setting this policy will:
+Setting this policy will:
- Disable all Arrangement views except for "By Folder"
- Disable all Search filter suggestions other than "Date Modified" and "Size"
@@ -532,7 +532,7 @@ If you disable or do not configure this policy, all default Windows Libraries fe
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows Libraries features that rely on indexed file data*
- GP name: *DisableIndexedLibraryExperience*
- GP path: *Windows Components\File Explorer*
@@ -544,7 +544,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/DisableKnownFolders**
+**ADMX_WindowsExplorer/DisableKnownFolders**
@@ -583,7 +583,7 @@ You can specify a known folder using its known folder ID or using its canonical
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable Known Folders*
- GP name: *DisableKnownFolders*
- GP path: *Windows Components\File Explorer*
@@ -594,7 +594,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/DisableSearchBoxSuggestions**
+**ADMX_WindowsExplorer/DisableSearchBoxSuggestions**
@@ -633,7 +633,7 @@ These suggestions are based on their past entries into the Search Box.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off display of recent search entries in the File Explorer search box*
- GP name: *DisableSearchBoxSuggestions*
- GP path: *Windows Components\File Explorer*
@@ -645,7 +645,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/EnableShellShortcutIconRemotePath**
+**ADMX_WindowsExplorer/EnableShellShortcutIconRemotePath**
@@ -683,7 +683,7 @@ This policy setting determines whether remote paths can be used for file shortcu
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow the use of remote paths in file shortcut icons*
- GP name: *EnableShellShortcutIconRemotePath*
- GP path: *Windows Components\File Explorer*
@@ -695,7 +695,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/EnableSmartScreen**
+**ADMX_WindowsExplorer/EnableSmartScreen**
@@ -721,14 +721,14 @@ ADMX Info:
-This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious.
+This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious.
Some information is sent to Microsoft about files and programs run on PCs with this feature enabled.
-If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options:
+If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options:
- Warn and prevent bypass
-- Warn
+- Warn
If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs will not present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app. If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen will not warn the user again for that app if the user tells SmartScreen to run the app.
@@ -740,7 +740,7 @@ If you do not configure this policy, SmartScreen will be enabled by default, but
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Windows Defender SmartScreen*
- GP name: *EnableSmartScreen*
- GP path: *Windows Components\File Explorer*
@@ -751,7 +751,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/EnforceShellExtensionSecurity**
+**ADMX_WindowsExplorer/EnforceShellExtensionSecurity**
@@ -789,7 +789,7 @@ For shell extensions to run on a per-user basis, there must be an entry at HKEY_
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow only per user or approved shell extensions*
- GP name: *EnforceShellExtensionSecurity*
- GP path: *Windows Components\File Explorer*
@@ -800,7 +800,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/ExplorerRibbonStartsMinimized**
+**ADMX_WindowsExplorer/ExplorerRibbonStartsMinimized**
@@ -837,7 +837,7 @@ If you disable or do not configure this policy setting, users can choose how the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Start File Explorer with ribbon minimized*
- GP name: *ExplorerRibbonStartsMinimized*
- GP path: *Windows Components\File Explorer*
@@ -848,7 +848,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/HideContentViewModeSnippets**
+**ADMX_WindowsExplorer/HideContentViewModeSnippets**
@@ -883,7 +883,7 @@ This policy setting allows you to turn off the display of snippets in Content vi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the display of snippets in Content view mode*
- GP name: *HideContentViewModeSnippets*
- GP path: *Windows Components\File Explorer*
@@ -894,7 +894,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Internet**
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Internet**
@@ -934,7 +934,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
- GP name: *IZ_Policy_OpenSearchPreview_Internet*
- GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone*
@@ -945,7 +945,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_InternetLockdown**
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_InternetLockdown**
@@ -985,7 +985,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow OpenSearch queries in File Explorer*
- GP name: *IZ_Policy_OpenSearchPreview_InternetLockdown*
- GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone*
@@ -996,7 +996,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Intranet**
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Intranet**
@@ -1037,7 +1037,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
- GP name: *IZ_Policy_OpenSearchPreview_Intranet*
- GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone*
@@ -1048,7 +1048,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_IntranetLockdown**
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_IntranetLockdown**
@@ -1089,7 +1089,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
- GP name: *IZ_Policy_OpenSearchPreview_IntranetLockdown*
- GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone*
@@ -1100,7 +1100,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachine**
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachine**
@@ -1141,7 +1141,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
- GP name: *IZ_Policy_OpenSearchPreview_LocalMachine*
- GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone*
@@ -1152,7 +1152,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachineLockdown**
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachineLockdown**
@@ -1193,7 +1193,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
- GP name: *IZ_Policy_OpenSearchPreview_LocalMachineLockdown*
- GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone*
@@ -1204,7 +1204,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Restricted**
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Restricted**
@@ -1245,7 +1245,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
- GP name: *IZ_Policy_OpenSearchPreview_Restricted*
- GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone*
@@ -1256,7 +1256,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_RestrictedLockdown**
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_RestrictedLockdown**
@@ -1297,7 +1297,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
- GP name: *IZ_Policy_OpenSearchPreview_RestrictedLockdown*
- GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone*
@@ -1308,7 +1308,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Trusted**
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Trusted**
@@ -1349,7 +1349,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
- GP name: *IZ_Policy_OpenSearchPreview_Trusted*
- GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone*
@@ -1360,7 +1360,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_TrustedLockdown**
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_TrustedLockdown**
@@ -1401,7 +1401,7 @@ Changes to this setting may not be applied until the user logs off from Windows.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
- GP name: *IZ_Policy_OpenSearchPreview_TrustedLockdown*
- GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone*
@@ -1412,7 +1412,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Internet**
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Internet**
@@ -1451,7 +1451,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow OpenSearch queries in File Explorer*
- GP name: *IZ_Policy_OpenSearchQuery_Internet*
- GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone*
@@ -1462,7 +1462,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_InternetLockdown**
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_InternetLockdown**
@@ -1501,7 +1501,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow OpenSearch queries in File Explorer*
- GP name: *IZ_Policy_OpenSearchQuery_InternetLockdown*
- GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone*
@@ -1512,7 +1512,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Intranet**
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Intranet**
@@ -1551,7 +1551,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow OpenSearch queries in File Explorer*
- GP name: *IZ_Policy_OpenSearchQuery_Intranet*
- GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone*
@@ -1562,7 +1562,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_IntranetLockdown**
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_IntranetLockdown**
@@ -1601,7 +1601,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow OpenSearch queries in File Explorer*
- GP name: *IZ_Policy_OpenSearchQuery_IntranetLockdown*
- GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone*
@@ -1612,7 +1612,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachine**
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachine**
@@ -1651,7 +1651,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow OpenSearch queries in File Explorer*
- GP name: *IZ_Policy_OpenSearchQuery_LocalMachine*
- GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone*
@@ -1662,7 +1662,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachineLockdown**
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachineLockdown**
@@ -1701,7 +1701,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow OpenSearch queries in File Explorer*
- GP name: *IZ_Policy_OpenSearchQuery_LocalMachineLockdown*
- GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone*
@@ -1712,7 +1712,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Restricted**
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Restricted**
@@ -1751,7 +1751,7 @@ If you do not configure this policy setting, users cannot perform OpenSearch que
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow OpenSearch queries in File Explorer*
- GP name: *IZ_Policy_OpenSearchQuery_Restricted*
- GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone*
@@ -1763,7 +1763,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_RestrictedLockdown**
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_RestrictedLockdown**
@@ -1802,7 +1802,7 @@ If you do not configure this policy setting, users cannot perform OpenSearch que
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow OpenSearch queries in File Explorer*
- GP name: *IZ_Policy_OpenSearchQuery_RestrictedLockdown*
- GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone*
@@ -1814,7 +1814,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Trusted**
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Trusted**
@@ -1853,7 +1853,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow OpenSearch queries in File Explorer*
- GP name: *IZ_Policy_OpenSearchQuery_Trusted*
- GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone*
@@ -1864,7 +1864,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_TrustedLockdown**
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_TrustedLockdown**
@@ -1903,7 +1903,7 @@ If you do not configure this policy setting, users can perform OpenSearch querie
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow OpenSearch queries in File Explorer*
- GP name: *IZ_Policy_OpenSearchQuery_TrustedLockdown*
- GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone*
@@ -1914,7 +1914,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/LinkResolveIgnoreLinkInfo**
+**ADMX_WindowsExplorer/LinkResolveIgnoreLinkInfo**
@@ -1952,7 +1952,7 @@ If you disable or do not configure this policy setting, Windows searches for the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not track Shell shortcuts during roaming*
- GP name: *LinkResolveIgnoreLinkInfo*
- GP path: *Windows Components\File Explorer*
@@ -1963,7 +1963,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/MaxRecentDocs**
+**ADMX_WindowsExplorer/MaxRecentDocs**
@@ -1999,7 +1999,7 @@ If you disable or do not configure this policy setting, by default, the system d
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Maximum number of recent documents*
- GP name: *MaxRecentDocs*
- GP path: *Windows Components\File Explorer*
@@ -2010,7 +2010,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoBackButton**
+**ADMX_WindowsExplorer/NoBackButton**
@@ -2046,7 +2046,7 @@ If you disable or do not configure this policy setting, the Back button is displ
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide the common dialog back button*
- GP name: *NoBackButton*
- GP path: *Windows Components\File Explorer\Common Open File Dialog*
@@ -2057,7 +2057,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoCDBurning**
+**ADMX_WindowsExplorer/NoCDBurning**
@@ -2096,7 +2096,7 @@ If you disable or do not configure this policy setting, users are able to use th
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove CD Burning features*
- GP name: *NoCDBurning*
- GP path: *Windows Components\File Explorer*
@@ -2107,7 +2107,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoCacheThumbNailPictures**
+**ADMX_WindowsExplorer/NoCacheThumbNailPictures**
@@ -2146,7 +2146,7 @@ If you disable or do not configure this policy setting, thumbnail views are cach
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off caching of thumbnail pictures*
- GP name: *NoCacheThumbNailPictures*
- GP path: *Windows Components\File Explorer*
@@ -2157,7 +2157,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoChangeAnimation**
+**ADMX_WindowsExplorer/NoChangeAnimation**
@@ -2195,7 +2195,7 @@ If you disable or do not configure this policy setting, users are allowed to tur
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove UI to change menu animation setting*
- GP name: *NoChangeAnimation*
- GP path: *Windows Components\File Explorer*
@@ -2206,7 +2206,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoChangeKeyboardNavigationIndicators**
+**ADMX_WindowsExplorer/NoChangeKeyboardNavigationIndicators**
@@ -2240,7 +2240,7 @@ Effects, such as transitory underlines, are designed to enhance the user's exper
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove UI to change keyboard navigation indicator setting*
- GP name: *NoChangeKeyboardNavigationIndicators*
- GP path: *Windows Components\File Explorer*
@@ -2251,7 +2251,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoDFSTab**
+**ADMX_WindowsExplorer/NoDFSTab**
@@ -2287,7 +2287,7 @@ If you disable or do not configure this policy setting, the DFS tab is available
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove DFS tab*
- GP name: *NoDFSTab*
- GP path: *Windows Components\File Explorer*
@@ -2298,7 +2298,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoDrives**
+**ADMX_WindowsExplorer/NoDrives**
@@ -2339,7 +2339,7 @@ If you disable or do not configure this policy setting, all drives are displayed
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide these specified drives in My Computer*
- GP name: *NoDrives*
- GP path: *Windows Components\File Explorer*
@@ -2350,7 +2350,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoEntireNetwork**
+**ADMX_WindowsExplorer/NoEntireNetwork**
@@ -2391,7 +2391,7 @@ To remove computers in the user's workgroup or domain from lists of network reso
-ADMX Info:
+ADMX Info:
- GP Friendly name: *No Entire Network in Network Locations*
- GP name: *NoEntireNetwork*
- GP path: *Windows Components\File Explorer*
@@ -2402,7 +2402,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoFileMRU**
+**ADMX_WindowsExplorer/NoFileMRU**
@@ -2439,7 +2439,7 @@ To see an example of the standard Open dialog box, start WordPad and, on the **F
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide the dropdown list of recent files*
- GP name: *NoFileMRU*
- GP path: *Windows Components\File Explorer\Common Open File Dialog*
@@ -2450,7 +2450,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoFileMenu**
+**ADMX_WindowsExplorer/NoFileMenu**
@@ -2484,7 +2484,7 @@ This setting does not prevent users from using other methods to perform tasks av
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove File menu from File Explorer*
- GP name: *NoFileMenu*
- GP path: *Windows Components\File Explorer*
@@ -2495,7 +2495,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoFolderOptions**
+**ADMX_WindowsExplorer/NoFolderOptions**
@@ -2533,7 +2533,7 @@ If you disable or do not configure this policy setting, users can open Folder Op
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon*
- GP name: *NoFolderOptions*
- GP path: *Windows Components\File Explorer*
@@ -2544,7 +2544,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoHardwareTab**
+**ADMX_WindowsExplorer/NoHardwareTab**
@@ -2576,7 +2576,7 @@ Removes the Hardware tab. This setting removes the Hardware tab from Mouse, Keyb
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Hardware tab*
- GP name: *NoHardwareTab*
- GP path: *Windows Components\File Explorer*
@@ -2587,7 +2587,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoManageMyComputerVerb**
+**ADMX_WindowsExplorer/NoManageMyComputerVerb**
@@ -2626,7 +2626,7 @@ This setting does not remove the Computer Management item from the Start menu (S
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hides the Manage item on the File Explorer context menu*
- GP name: *NoManageMyComputerVerb*
- GP path: *Windows Components\File Explorer*
@@ -2637,7 +2637,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoMyComputerSharedDocuments**
+**ADMX_WindowsExplorer/NoMyComputerSharedDocuments**
@@ -2672,7 +2672,7 @@ This policy setting allows you to remove the Shared Documents folder from My Com
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Shared Documents from My Computer*
- GP name: *NoMyComputerSharedDocuments*
- GP path: *Windows Components\File Explorer*
@@ -2683,7 +2683,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoNetConnectDisconnect**
+**ADMX_WindowsExplorer/NoNetConnectDisconnect**
@@ -2724,7 +2724,7 @@ This setting does not prevent users from connecting to another computer by typin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove "Map Network Drive" and "Disconnect Network Drive"*
- GP name: *NoNetConnectDisconnect*
- GP path: *Windows Components\File Explorer*
@@ -2735,7 +2735,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoNewAppAlert**
+**ADMX_WindowsExplorer/NoNewAppAlert**
@@ -2769,7 +2769,7 @@ If this MDM Policy is enabled, no notifications will be shown. If the MDM Policy
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not show the 'new application installed' notification*
- GP name: *NoNewAppAlert*
- GP path: *Windows Components\File Explorer*
@@ -2780,7 +2780,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoPlacesBar**
+**ADMX_WindowsExplorer/NoPlacesBar**
@@ -2814,7 +2814,7 @@ To see an example of the standard Open dialog box, start WordPad and, on the **F
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide the common dialog places bar*
- GP name: *NoPlacesBar*
- GP path: *Windows Components\File Explorer\Common Open File Dialog*
@@ -2825,7 +2825,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoRecycleFiles**
+**ADMX_WindowsExplorer/NoRecycleFiles**
@@ -2861,7 +2861,7 @@ If you disable or do not configure this setting, files and folders deleted using
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not move deleted files to the Recycle Bin*
- GP name: *NoRecycleFiles*
- GP path: *Windows Components\File Explorer*
@@ -2872,7 +2872,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoRunAsInstallPrompt**
+**ADMX_WindowsExplorer/NoRunAsInstallPrompt**
@@ -2912,7 +2912,7 @@ By default, users aren't prompted for alternate logon credentials when installin
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do not request alternate credentials*
- GP name: *NoRunAsInstallPrompt*
- GP path: *Windows Components\File Explorer*
@@ -2923,7 +2923,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoSearchInternetTryHarderButton**
+**ADMX_WindowsExplorer/NoSearchInternetTryHarderButton**
@@ -2959,7 +2959,7 @@ If you do not configure this policy (default), there will be an "Internet" link
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove the Search the Internet "Search again" link*
- GP name: *NoSearchInternetTryHarderButton*
- GP path: *Windows Components\File Explorer*
@@ -2970,7 +2970,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoSecurityTab**
+**ADMX_WindowsExplorer/NoSecurityTab**
@@ -3006,7 +3006,7 @@ If you disable or do not configure this setting, users will be able to access th
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Security tab*
- GP name: *NoSecurityTab*
- GP path: *Windows Components\File Explorer*
@@ -3017,7 +3017,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoShellSearchButton**
+**ADMX_WindowsExplorer/NoShellSearchButton**
@@ -3053,7 +3053,7 @@ This policy setting does not affect the Search items on the File Explorer contex
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove Search button from File Explorer*
- GP name: *NoShellSearchButton*
- GP path: *Windows Components\File Explorer*
@@ -3064,7 +3064,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoStrCmpLogical**
+**ADMX_WindowsExplorer/NoStrCmpLogical**
@@ -3101,7 +3101,7 @@ If you disable or do not configure this policy setting, File Explorer will sort
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off numerical sorting in File Explorer*
- GP name: *NoStrCmpLogical*
- GP path: *Windows Components\File Explorer*
@@ -3112,7 +3112,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoViewContextMenu**
+**ADMX_WindowsExplorer/NoViewContextMenu**
@@ -3146,7 +3146,7 @@ If you enable this setting, menus do not appear when you right-click the desktop
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove File Explorer's default context menu*
- GP name: *NoViewContextMenu*
- GP path: *Windows Components\File Explorer*
@@ -3157,7 +3157,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoViewOnDrive**
+**ADMX_WindowsExplorer/NoViewOnDrive**
@@ -3198,7 +3198,7 @@ To use this setting, select a drive or combination of drives from the drop-down
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent access to drives from My Computer*
- GP name: *NoViewOnDrive*
- GP path: *Windows Components\File Explorer*
@@ -3209,7 +3209,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoWindowsHotKeys**
+**ADMX_WindowsExplorer/NoWindowsHotKeys**
@@ -3247,7 +3247,7 @@ If you disable or do not configure this setting, the Windows Key hotkeys are ava
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Windows Key hotkeys*
- GP name: *NoWindowsHotKeys*
- GP path: *Windows Components\File Explorer*
@@ -3258,7 +3258,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/NoWorkgroupContents**
+**ADMX_WindowsExplorer/NoWorkgroupContents**
@@ -3298,7 +3298,7 @@ To remove network computers from lists of network resources, use the "No Entire
-ADMX Info:
+ADMX Info:
- GP Friendly name: *No Computers Near Me in Network Locations*
- GP name: *NoWorkgroupContents*
- GP path: *Windows Components\File Explorer*
@@ -3309,7 +3309,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/PlacesBar**
+**ADMX_WindowsExplorer/PlacesBar**
@@ -3356,7 +3356,7 @@ If you disable or do not configure this setting the default list of items will b
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Items displayed in Places Bar*
- GP name: *PlacesBar*
- GP path: *Windows Components\File Explorer\Common Open File Dialog*
@@ -3367,7 +3367,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/PromptRunasInstallNetPath**
+**ADMX_WindowsExplorer/PromptRunasInstallNetPath**
@@ -3410,7 +3410,7 @@ If the dialog box does not appear, the installation proceeds with the current us
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Request credentials for network installations*
- GP name: *PromptRunasInstallNetPath*
- GP path: *Windows Components\File Explorer*
@@ -3421,7 +3421,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/RecycleBinSize**
+**ADMX_WindowsExplorer/RecycleBinSize**
@@ -3460,7 +3460,7 @@ If you disable or do not configure this setting, users can change the total amou
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Maximum allowed Recycle Bin size*
- GP name: *RecycleBinSize*
- GP path: *Windows Components\File Explorer*
@@ -3471,7 +3471,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_1**
+**ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_1**
@@ -3509,7 +3509,7 @@ If you do not configure this policy setting the protocol is in the protected mod
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off shell protocol protected mode*
- GP name: *ShellProtocolProtectedModeTitle_1*
- GP path: *Windows Components\File Explorer*
@@ -3520,7 +3520,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_2**
+**ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_2**
@@ -3558,7 +3558,7 @@ If you do not configure this policy setting the protocol is in the protected mod
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off shell protocol protected mode*
- GP name: *ShellProtocolProtectedModeTitle_2*
- GP path: *Windows Components\File Explorer*
@@ -3569,7 +3569,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/ShowHibernateOption**
+**ADMX_WindowsExplorer/ShowHibernateOption**
@@ -3607,7 +3607,7 @@ If you do not configure this policy setting, users will be able to choose whethe
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Show hibernate in the power options menu*
- GP name: *ShowHibernateOption*
- GP path: *Windows Components\File Explorer*
@@ -3618,7 +3618,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/ShowSleepOption**
+**ADMX_WindowsExplorer/ShowSleepOption**
@@ -3656,7 +3656,7 @@ If you do not configure this policy setting, users will be able to choose whethe
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Show sleep in the power options menu*
- GP name: *ShowSleepOption*
- GP path: *Windows Components\File Explorer*
@@ -3667,7 +3667,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/TryHarderPinnedLibrary**
+**ADMX_WindowsExplorer/TryHarderPinnedLibrary**
@@ -3707,7 +3707,7 @@ If you disable or do not configure this policy setting, no Libraries or Search C
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Pin Libraries or Search Connectors to the "Search again" links and the Start menu*
- GP name: *TryHarderPinnedLibrary*
- GP path: *Windows Components\File Explorer*
@@ -3718,7 +3718,7 @@ ADMX Info:
-**ADMX_WindowsExplorer/TryHarderPinnedOpenSearch**
+**ADMX_WindowsExplorer/TryHarderPinnedOpenSearch**
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
index e2b7d6b653..08d89d8ab4 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 08/13/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_WindowsMediaDRM
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_WindowsMediaDRM policies
+## ADMX_WindowsMediaDRM policies
-
@@ -35,7 +35,7 @@ manager: aaroncz
-**ADMX_WindowsMediaDRM/DisableOnline**
+**ADMX_WindowsMediaDRM/DisableOnline**
@@ -73,7 +73,7 @@ When this policy is either disabled or not configured, Windows Media DRM functio
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent Windows Media DRM Internet Access*
- GP name: *DisableOnline*
- GP path: *Windows Components\Windows Media Digital Rights Management*
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
index 15f9ca5c47..6e409c83d7 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
@@ -8,22 +8,22 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 10/09/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_WindowsMediaPlayer
> [!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_WindowsMediaPlayer policies
+## ADMX_WindowsMediaPlayer policies
-
@@ -95,7 +95,7 @@ manager: aaroncz
-**ADMX_WindowsMediaPlayer/ConfigureHTTPProxySettings**
+**ADMX_WindowsMediaPlayer/ConfigureHTTPProxySettings**
@@ -143,7 +143,7 @@ If you don't configure this policy setting, users can configure the HTTP proxy s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure HTTP Proxy*
- GP name: *ConfigureHTTPProxySettings*
- GP path: *Windows Components\Windows Media Player\Networking*
@@ -154,7 +154,7 @@ ADMX Info:
-**ADMX_WindowsMediaPlayer/ConfigureMMSProxySettings**
+**ADMX_WindowsMediaPlayer/ConfigureMMSProxySettings**
@@ -201,7 +201,7 @@ If you don't configure this policy setting, users can configure the MMS proxy se
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure MMS Proxy*
- GP name: *ConfigureMMSProxySettings*
- GP path: *Windows Components\Windows Media Player\Networking*
@@ -212,7 +212,7 @@ ADMX Info:
-**ADMX_WindowsMediaPlayer/ConfigureRTSPProxySettings**
+**ADMX_WindowsMediaPlayer/ConfigureRTSPProxySettings**
@@ -257,7 +257,7 @@ If you don't configure this policy setting, users can configure the RTSP proxy s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure RTSP Proxy*
- GP name: *ConfigureRTSPProxySettings*
- GP path: *Windows Components\Windows Media Player\Networking*
@@ -268,7 +268,7 @@ ADMX Info:
-**ADMX_WindowsMediaPlayer/DisableAutoUpdate**
+**ADMX_WindowsMediaPlayer/DisableAutoUpdate**
@@ -307,7 +307,7 @@ If you disable or don't configure this policy setting, the dialog boxes are disp
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent Automatic Updates*
- GP name: *DisableAutoUpdate*
- GP path: *Windows Components\Windows Media Player*
@@ -318,7 +318,7 @@ ADMX Info:
-**ADMX_WindowsMediaPlayer/DisableNetworkSettings**
+**ADMX_WindowsMediaPlayer/DisableNetworkSettings**
@@ -354,7 +354,7 @@ If you disable or don't configure this policy setting, the Network tab appears a
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide Network Tab*
- GP name: *DisableNetworkSettings*
- GP path: *Windows Components\Windows Media Player\Networking*
@@ -365,7 +365,7 @@ ADMX Info:
-**ADMX_WindowsMediaPlayer/DisableSetupFirstUseConfiguration**
+**ADMX_WindowsMediaPlayer/DisableSetupFirstUseConfiguration**
@@ -403,7 +403,7 @@ If you don't configure this policy setting, and the "Set and lock skin" policy s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do Not Show First Use Dialog Boxes*
- GP name: *DisableSetupFirstUseConfiguration*
- GP path: *Windows Components\Windows Media Player*
@@ -414,7 +414,7 @@ ADMX Info:
-**ADMX_WindowsMediaPlayer/DoNotShowAnchor**
+**ADMX_WindowsMediaPlayer/DoNotShowAnchor**
@@ -452,7 +452,7 @@ When this policy isn't configured and the Set and Lock Skin policy is enabled, s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Do Not Show Anchor*
- GP name: *DoNotShowAnchor*
- GP path: *Windows Components\Windows Media Player\User Interface*
@@ -463,7 +463,7 @@ ADMX Info:
-**ADMX_WindowsMediaPlayer/DontUseFrameInterpolation**
+**ADMX_WindowsMediaPlayer/DontUseFrameInterpolation**
@@ -503,7 +503,7 @@ Video smoothing is available only on the Windows XP Home Edition and Windows XP
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent Video Smoothing*
- GP name: *DontUseFrameInterpolation*
- GP path: *Windows Components\Windows Media Player*
@@ -514,7 +514,7 @@ ADMX Info:
-**ADMX_WindowsMediaPlayer/EnableScreenSaver**
+**ADMX_WindowsMediaPlayer/EnableScreenSaver**
@@ -552,7 +552,7 @@ If you don't configure this policy setting, users can change the setting for the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Allow Screen Saver*
- GP name: *EnableScreenSaver*
- GP path: *Windows Components\Windows Media Player\Playback*
@@ -563,7 +563,7 @@ ADMX Info:
-**ADMX_WindowsMediaPlayer/HidePrivacyTab**
+**ADMX_WindowsMediaPlayer/HidePrivacyTab**
@@ -601,7 +601,7 @@ If you disable or don't configure this policy setting, the Privacy tab isn't hid
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent Automatic Updates*
- GP name: *HidePrivacyTab*
- GP path: *Windows Components\Windows Media Player\User Interface*
@@ -612,7 +612,7 @@ ADMX Info:
-**ADMX_WindowsMediaPlayer/HideSecurityTab**
+**ADMX_WindowsMediaPlayer/HideSecurityTab**
@@ -648,7 +648,7 @@ If you disable or don't configure this policy setting, users can configure the s
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Hide Security Tab*
- GP name: *HideSecurityTab*
- GP path: *Windows Components\Windows Media Player\User Interface*
@@ -659,7 +659,7 @@ ADMX Info:
-**ADMX_WindowsMediaPlayer/NetworkBuffering**
+**ADMX_WindowsMediaPlayer/NetworkBuffering**
@@ -700,7 +700,7 @@ If you disable or don't configure this policy setting, users can change the buff
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Configure Network Buffering*
- GP name: *NetworkBuffering*
- GP path: *Windows Components\Windows Media Player\Networking*
@@ -711,7 +711,7 @@ ADMX Info:
-**ADMX_WindowsMediaPlayer/PolicyCodecUpdate**
+**ADMX_WindowsMediaPlayer/PolicyCodecUpdate**
@@ -749,7 +749,7 @@ If you don't configure this policy setting, users can change the setting for the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent Codec Download*
- GP name: *PolicyCodecUpdate*
- GP path: *Windows Components\Windows Media Player\Playback*
@@ -760,7 +760,7 @@ ADMX Info:
-**ADMX_WindowsMediaPlayer/PreventCDDVDMetadataRetrieval**
+**ADMX_WindowsMediaPlayer/PreventCDDVDMetadataRetrieval**
@@ -796,7 +796,7 @@ If you disable or don't configure this policy setting, users can change the sett
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent CD and DVD Media Information Retrieval*
- GP name: *PreventCDDVDMetadataRetrieval*
- GP path: *Windows Components\Windows Media Player*
@@ -807,7 +807,7 @@ ADMX Info:
-**ADMX_WindowsMediaPlayer/PreventLibrarySharing**
+**ADMX_WindowsMediaPlayer/PreventLibrarySharing**
@@ -843,7 +843,7 @@ If you disable or don't configure this policy setting, anyone using Windows Medi
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent Media Sharing*
- GP name: *PreventLibrarySharing*
- GP path: *Windows Components\Windows Media Player*
@@ -854,7 +854,7 @@ ADMX Info:
-**ADMX_WindowsMediaPlayer/PreventMusicFileMetadataRetrieval**
+**ADMX_WindowsMediaPlayer/PreventMusicFileMetadataRetrieval**
@@ -890,7 +890,7 @@ If you disable or don't configure this policy setting, users can change the sett
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent Music File Media Information Retrieval*
- GP name: *PreventMusicFileMetadataRetrieval*
- GP path: *Windows Components\Windows Media Player*
@@ -901,7 +901,7 @@ ADMX Info:
-**ADMX_WindowsMediaPlayer/PreventQuickLaunchShortcut**
+**ADMX_WindowsMediaPlayer/PreventQuickLaunchShortcut**
@@ -937,7 +937,7 @@ If you disable or don't configure this policy setting, the user can choose wheth
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent Quick Launch Toolbar Shortcut Creation*
- GP name: *PreventQuickLaunchShortcut*
- GP path: *Windows Components\Windows Media Player*
@@ -948,7 +948,7 @@ ADMX Info:
-**ADMX_WindowsMediaPlayer/PreventRadioPresetsRetrieval**
+**ADMX_WindowsMediaPlayer/PreventRadioPresetsRetrieval**
@@ -983,7 +983,7 @@ If you disable or don't configure this policy setting, the Player automatically
-ADMX Info:
+ADMX Info:
- GP Friendly name: *PPrevent Radio Station Preset Retrieval*
- GP name: *PreventRadioPresetsRetrieval*
- GP path: *Windows Components\Windows Media Player*
@@ -994,7 +994,7 @@ ADMX Info:
-**ADMX_WindowsMediaPlayer/PreventWMPDeskTopShortcut**
+**ADMX_WindowsMediaPlayer/PreventWMPDeskTopShortcut**
@@ -1030,7 +1030,7 @@ If you disable or don't configure this policy setting, users can choose whether
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prevent Desktop Shortcut Creation*
- GP name: *PreventWMPDeskTopShortcut*
- GP path: *Windows Components\Windows Media Player*
@@ -1041,7 +1041,7 @@ ADMX Info:
-**ADMX_WindowsMediaPlayer/SkinLockDown**
+**ADMX_WindowsMediaPlayer/SkinLockDown**
@@ -1081,7 +1081,7 @@ If you disable or don't configure this policy setting, users can display the Pla
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set and Lock Skin*
- GP name: *SkinLockDown*
- GP path: *Windows Components\Windows Media Player\User Interface*
@@ -1092,7 +1092,7 @@ ADMX Info:
-**ADMX_WindowsMediaPlayer/WindowsStreamingMediaProtocols**
+**ADMX_WindowsMediaPlayer/WindowsStreamingMediaProtocols**
@@ -1132,7 +1132,7 @@ If you disable this policy setting, the Protocols for MMS URLs and Multicast str
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Streaming Media Protocols*
- GP name: *WindowsStreamingMediaProtocols*
- GP path: *Windows Components\Windows Media Player\Networking*
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
index 902f22ebc8..b8299ecfa4 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 12/16/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_WindowsRemoteManagement
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_WindowsRemoteManagement policies
+## ADMX_WindowsRemoteManagement policies
-
@@ -39,7 +39,7 @@ manager: aaroncz
-**ADMX_WindowsRemoteManagement/DisallowKerberos_1**
+**ADMX_WindowsRemoteManagement/DisallowKerberos_1**
@@ -68,7 +68,7 @@ manager: aaroncz
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network.
-If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network.
+If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network.
If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client.
@@ -76,7 +76,7 @@ If you disable or do not configure this policy setting, the WinRM service accept
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disallow Kerberos authentication*
- GP name: *DisallowKerberos_1*
- GP path: *Windows Components\Windows Remote Management (WinRM)\WinRM Service*
@@ -88,7 +88,7 @@ ADMX Info:
-**ADMX_WindowsRemoteManagement/DisallowKerberos_2**
+**ADMX_WindowsRemoteManagement/DisallowKerberos_2**
@@ -125,7 +125,7 @@ If you disable or do not configure this policy setting, the WinRM client uses th
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disallow Kerberos authentication*
- GP name: *DisallowKerberos_2*
- GP path: *Windows Components\Windows Remote Management (WinRM)\WinRM Client*
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
index 3a56097a51..72b0e4f609 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
@@ -8,16 +8,16 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 10/26/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_WindowsStore
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
@@ -26,7 +26,7 @@ manager: aaroncz
-## ADMX_WindowsStore policies
+## ADMX_WindowsStore policies
-
@@ -50,7 +50,7 @@ manager: aaroncz
-**ADMX_WindowsStore/DisableAutoDownloadWin8**
+**ADMX_WindowsStore/DisableAutoDownloadWin8**
@@ -86,7 +86,7 @@ If you don't configure this setting, the automatic download of app updates is de
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Automatic Download of updates on Win8 machines*
- GP name: *DisableAutoDownloadWin8*
- GP path: *Windows Components\Store*
@@ -99,7 +99,7 @@ ADMX Info:
-**ADMX_WindowsStore/DisableOSUpgrade_1**
+**ADMX_WindowsStore/DisableOSUpgrade_1**
@@ -136,7 +136,7 @@ If you disable or do not configure this setting the Store application will offer
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the offer to update to the latest version of Windows*
- GP name: *DisableOSUpgrade_1*
- GP path: *Windows Components\Store*
@@ -149,7 +149,7 @@ ADMX Info:
-**ADMX_WindowsStore/DisableOSUpgrade_2**
+**ADMX_WindowsStore/DisableOSUpgrade_2**
@@ -186,7 +186,7 @@ If you disable or do not configure this setting the Store application will offer
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the offer to update to the latest version of Windows*
- GP name: *DisableOSUpgrade_2*
- GP path: *Windows Components\Store*
@@ -199,7 +199,7 @@ ADMX Info:
-**ADMX_WindowsStore/RemoveWindowsStore_1**
+**ADMX_WindowsStore/RemoveWindowsStore_1**
@@ -236,7 +236,7 @@ If you disable or don't configure this setting, access to the Store application
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the Store application*
- GP name: *RemoveWindowsStore_1*
- GP path: *Windows Components\Store*
@@ -249,7 +249,7 @@ ADMX Info:
-**ADMX_WindowsStore/RemoveWindowsStore_2**
+**ADMX_WindowsStore/RemoveWindowsStore_2**
@@ -286,7 +286,7 @@ If you disable or don't configure this setting, access to the Store application
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off the Store application*
- GP name: *RemoveWindowsStore_2*
- GP path: *Windows Components\Store*
diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md
index 0f1c09fbca..8a8b1900c9 100644
--- a/windows/client-management/mdm/policy-csp-admx-wininit.md
+++ b/windows/client-management/mdm/policy-csp-admx-wininit.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/29/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_WinInit
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_WinInit policies
+## ADMX_WinInit policies
-
@@ -42,7 +42,7 @@ manager: aaroncz
-**ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription**
+**ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription**
@@ -79,7 +79,7 @@ If you disable or don't configure this policy setting, the system creates the na
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off legacy remote shutdown interface*
- GP name: *DisableNamedPipeShutdownPolicyDescription*
- GP path: *Windows Components\Shutdown Options*
@@ -90,7 +90,7 @@ ADMX Info:
-**ADMX_WinInit/Hiberboot**
+**ADMX_WinInit/Hiberboot**
@@ -117,7 +117,7 @@ ADMX Info:
-This policy setting controls the use of fast startup.
+This policy setting controls the use of fast startup.
If you enable this policy setting, the system requires hibernate to be enabled.
@@ -127,7 +127,7 @@ If you disable or don't configure this policy setting, the local setting is used
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Require use of fast startup*
- GP name: *Hiberboot*
- GP path: *System\Shutdown*
@@ -138,7 +138,7 @@ ADMX Info:
-**ADMX_WinInit/ShutdownTimeoutHungSessionsDescription**
+**ADMX_WinInit/ShutdownTimeoutHungSessionsDescription**
@@ -175,7 +175,7 @@ If you disable or don't configure this policy setting, the default timeout value
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Timeout for hung logon sessions during shutdown*
- GP name: *ShutdownTimeoutHungSessionsDescription*
- GP path: *Windows Components\Shutdown Options*
diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md
index 767e746db8..012a7d7690 100644
--- a/windows/client-management/mdm/policy-csp-admx-winlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/09/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_WinLogon
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_WinLogon policies
+## ADMX_WinLogon policies
-
@@ -51,7 +51,7 @@ manager: aaroncz
-**ADMX_WinLogon/CustomShell**
+**ADMX_WinLogon/CustomShell**
@@ -91,7 +91,7 @@ If you disable this setting or don't configure it, the setting is ignored and th
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Custom User Interface*
- GP name: *CustomShell*
- GP path: *System*
@@ -102,7 +102,7 @@ ADMX Info:
-**ADMX_WinLogon/DisplayLastLogonInfoDescription**
+**ADMX_WinLogon/DisplayLastLogonInfoDescription**
@@ -141,7 +141,7 @@ If you disable or don't configure this setting, messages about the previous sign
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Display information about previous logons during user logon*
- GP name: *DisplayLastLogonInfoDescription*
- GP path: *Windows Components\Windows Logon Options*
@@ -153,7 +153,7 @@ ADMX Info:
-**ADMX_WinLogon/LogonHoursNotificationPolicyDescription**
+**ADMX_WinLogon/LogonHoursNotificationPolicyDescription**
@@ -193,7 +193,7 @@ If you disable or don't configure this setting, users receive warnings before th
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Remove logon hours expiration warnings*
- GP name: *LogonHoursNotificationPolicyDescription*
- GP path: *Windows Components\Windows Logon Options*
@@ -204,7 +204,7 @@ ADMX Info:
-**ADMX_WinLogon/LogonHoursPolicyDescription**
+**ADMX_WinLogon/LogonHoursPolicyDescription**
@@ -246,7 +246,7 @@ If you disable or don't configure this setting, the system takes no action when
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set action to take when logon hours expire*
- GP name: *LogonHoursPolicyDescription*
- GP path: *Windows Components\Windows Logon Options*
@@ -257,7 +257,7 @@ ADMX Info:
-**ADMX_WinLogon/ReportCachedLogonPolicyDescription**
+**ADMX_WinLogon/ReportCachedLogonPolicyDescription**
@@ -295,7 +295,7 @@ If disabled or not configured, no pop up will be displayed to the user.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Report when logon server was not available during user logon*
- GP name: *ReportCachedLogonPolicyDescription*
- GP path: *Windows Components\Windows Logon Options*
@@ -306,7 +306,7 @@ ADMX Info:
-**ADMX_WinLogon/SoftwareSASGeneration**
+**ADMX_WinLogon/SoftwareSASGeneration**
@@ -335,7 +335,7 @@ ADMX Info:
This policy setting controls whether the software can simulate the Secure Attention Sequence (SAS).
-If you enable this policy setting, you have one of four options:
+If you enable this policy setting, you have one of four options:
- If you set this policy setting to "None," user mode software can't simulate the SAS.
- If you set this policy setting to "Services," services can simulate the SAS.
@@ -348,7 +348,7 @@ If you disable or don't configure this setting, only Ease of Access applications
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Disable or enable software Secure Attention Sequence*
- GP name: *SoftwareSASGeneration*
- GP path: *Windows Components\Windows Logon Options*
diff --git a/windows/client-management/mdm/policy-csp-admx-winsrv.md b/windows/client-management/mdm/policy-csp-admx-winsrv.md
index 7d744cb320..97358dd535 100644
--- a/windows/client-management/mdm/policy-csp-admx-winsrv.md
+++ b/windows/client-management/mdm/policy-csp-admx-winsrv.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 02/25/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_Winsrv
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_Winsrv policies
+## ADMX_Winsrv policies
-
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_Winsrv/AllowBlockingAppsAtShutdown**
+**ADMX_Winsrv/AllowBlockingAppsAtShutdown**
@@ -77,7 +77,7 @@ By default, such applications are automatically terminated if they attempt to ca
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off automatic termination of applications that block or cancel shutdown*
- GP name: *AllowBlockingAppsAtShutdown*
- GP path: *System\Shutdown Options*
diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
index 146fa04b1b..08d8dffcc2 100644
--- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md
+++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 10/27/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_wlansvc
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_wlansvc policies
+## ADMX_wlansvc policies
-
@@ -42,7 +42,7 @@ manager: aaroncz
-**ADMX_wlansvc/SetCost**
+**ADMX_wlansvc/SetCost**
@@ -73,14 +73,14 @@ This policy setting configures the cost of Wireless LAN (WLAN) connections on th
If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all WLAN connections on the local machine:
- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints.
-- Fixed: Use of this connection isn't restricted by usage charges and capacity constraints up to a certain data limit.
+- Fixed: Use of this connection isn't restricted by usage charges and capacity constraints up to a certain data limit.
- Variable: This connection is costed on a per byte basis. If this policy setting is disabled or isn't configured, the cost of Wireless LAN connections is Unrestricted by default.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set Cost*
- GP name: *IncludeCmdLine*
- GP path: *Network\WLAN Service\WLAN Media Cost*
@@ -91,7 +91,7 @@ ADMX Info:
-**ADMX_wlansvc/SetPINEnforced**
+**ADMX_wlansvc/SetPINEnforced**
@@ -127,7 +127,7 @@ If this policy setting is disabled or isn't configured, by default Push Button p
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Require PIN pairing*
- GP name: *SetPINEnforced*
- GP path: *Network\Wireless Display*
@@ -138,7 +138,7 @@ ADMX Info:
-**ADMX_wlansvc/SetPINPreferred**
+**ADMX_wlansvc/SetPINPreferred**
@@ -174,7 +174,7 @@ If this policy setting is disabled or isn't configured, by default Push Button p
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Prefer PIN pairing*
- GP name: *SetPINPreferred*
- GP path: *Network\Wireless Display*
diff --git a/windows/client-management/mdm/policy-csp-admx-wordwheel.md b/windows/client-management/mdm/policy-csp-admx-wordwheel.md
index b027226ee8..dc59bb9d08 100644
--- a/windows/client-management/mdm/policy-csp-admx-wordwheel.md
+++ b/windows/client-management/mdm/policy-csp-admx-wordwheel.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/22/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_WordWheel
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_WordWheel policies
+## ADMX_WordWheel policies
-
@@ -36,7 +36,7 @@ manager: aaroncz
-**ADMX_WordWheel/CustomSearch**
+**ADMX_WordWheel/CustomSearch**
@@ -62,16 +62,16 @@ manager: aaroncz
-Set up the menu name and URL for the custom Internet search provider.
+Set up the menu name and URL for the custom Internet search provider.
-- If you enable this setting, the specified menu name and URL will be used for Internet searches.
+- If you enable this setting, the specified menu name and URL will be used for Internet searches.
- If you disable or not configure this setting, the default Internet search provider will be used.
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Custom Instant Search Internet search provider*
- GP name: *CustomSearch*
- GP path: *Windows Components\Instant Search*
diff --git a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
index 56d08ee87f..89150e959b 100644
--- a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
+++ b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 09/22/2021
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_WorkFoldersClient
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_WorkFoldersClient policies
+## ADMX_WorkFoldersClient policies
-
@@ -43,7 +43,7 @@ manager: aaroncz
-**ADMX_WorkFoldersClient/Pol_UserEnableTokenBroker**
+**ADMX_WorkFoldersClient/Pol_UserEnableTokenBroker**
@@ -71,7 +71,7 @@ manager: aaroncz
This policy setting specifies whether Work Folders should be set up automatically for all users of the affected computer.
-- If you enable this policy setting, Work Folders will be set up automatically for all users of the affected computer.
+- If you enable this policy setting, Work Folders will be set up automatically for all users of the affected computer.
This folder creation prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. Work Folders will use the settings specified in the "Specify Work Folders settings" policy setting in User Configuration\Administrative Templates\Windows Components\WorkFolders. If the "Specify Work Folders settings" policy setting doesn't apply to a user, Work Folders isn't automatically set up.
- If you disable or don't configure this policy setting, Work Folders uses the "Force automatic setup" option of the "Specify Work Folders settings" policy setting to determine whether to automatically set up Work Folders for a given user.
@@ -81,7 +81,7 @@ This folder creation prevents users from choosing not to use Work Folders on the
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Force automatic setup for all users*
- GP name: *Pol_UserEnableTokenBroker*
- GP path: *Windows Components\Work Folders*
@@ -93,7 +93,7 @@ ADMX Info:
-**ADMX_WorkFoldersClient/Pol_UserEnableWorkFolders**
+**ADMX_WorkFoldersClient/Pol_UserEnableWorkFolders**
@@ -119,20 +119,20 @@ ADMX Info:
-This policy setting specifies the Work Folders server for affected users, and whether or not users are allowed to change settings when setting up Work Folders on a domain-joined computer.
+This policy setting specifies the Work Folders server for affected users, and whether or not users are allowed to change settings when setting up Work Folders on a domain-joined computer.
-- If you enable this policy setting, affected users receive Work Folders settings when they sign in to a domain-joined PC.
+- If you enable this policy setting, affected users receive Work Folders settings when they sign in to a domain-joined PC.
-If this policy setting is disabled or not configured, no Work Folders settings are specified for the affected users, though users can manually set up Work Folders by using the Work Folders Control Panel item. The "Work Folders URL" can specify either the URL used by the organization for Work Folders discovery, or the specific URL of the file server that stores the affected users' data. The "Work Folders Local Path" specifies the local folder used on the client machine to sync files. This path may contain environment variables.
+If this policy setting is disabled or not configured, no Work Folders settings are specified for the affected users, though users can manually set up Work Folders by using the Work Folders Control Panel item. The "Work Folders URL" can specify either the URL used by the organization for Work Folders discovery, or the specific URL of the file server that stores the affected users' data. The "Work Folders Local Path" specifies the local folder used on the client machine to sync files. This path may contain environment variables.
> [!NOTE]
> In order for this configuration to take effect, a valid 'Work Folders URL' must also be specified.
-The “On-demand file access preference” option controls whether to enable on-demand file access. When enabled, the user controls which files in Work Folders are available offline on a given PC. The rest of the files in Work Folders are always visible and don’t take up any space on the PC, but the user must be connected to the Internet to access them. If you enable this policy setting, on-demand file access is enabled.
+The “On-demand file access preference” option controls whether to enable on-demand file access. When enabled, the user controls which files in Work Folders are available offline on a given PC. The rest of the files in Work Folders are always visible and don’t take up any space on the PC, but the user must be connected to the Internet to access them. If you enable this policy setting, on-demand file access is enabled.
-- If you disable this policy setting, on-demand file access is disabled, and enough storage space to store all the user’s files is required on each of their PCs.
+- If you disable this policy setting, on-demand file access is disabled, and enough storage space to store all the user’s files is required on each of their PCs.
-If you specify User choice or don't configure this policy setting, the user decides whether to enable on-demand file access. However, if the Force automatic setup policy setting is enabled, Work Folders is set up automatically with on-demand file access enabled.
+If you specify User choice or don't configure this policy setting, the user decides whether to enable on-demand file access. However, if the Force automatic setup policy setting is enabled, Work Folders is set up automatically with on-demand file access enabled.
The "Force automatic setup" option specifies that Work Folders should be set up automatically without prompting users. This automatic setup prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually specifying the local folder in which Work Folders stores files. By default, Work Folders is stored in the "%USERPROFILE%\Work Folders" folder. If this option isn't specified, users must use the Work Folders Control Panel item on their computers to set up Work Folders.
@@ -140,7 +140,7 @@ The "Force automatic setup" option specifies that Work Folders should be set up
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Specify Work Folders settings*
- GP name: *Pol_UserEnableWorkFolders*
- GP path: *Windows Components\Work Folders*
@@ -151,7 +151,7 @@ ADMX Info:
-**ADMX_WorkFoldersClient/Pol_MachineEnableWorkFolders**
+**ADMX_WorkFoldersClient/Pol_MachineEnableWorkFolders**
@@ -183,7 +183,7 @@ This policy specifies whether Work Folders should use Token Broker for interacti
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Enables the use of Token Broker for AD FS authentication*
- GP name: *Pol_MachineEnableWorkFolders*
- GP path: *Windows Components\Work Folders*
diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md
index 6397e4e333..2333cc28cd 100644
--- a/windows/client-management/mdm/policy-csp-admx-wpn.md
+++ b/windows/client-management/mdm/policy-csp-admx-wpn.md
@@ -8,23 +8,23 @@ ms.prod: w10
ms.technology: windows
author: vinaypamnani-msft
ms.date: 11/13/2020
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - ADMX_WPN
>[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## ADMX_WPN policies
+## ADMX_WPN policies
-
@@ -51,7 +51,7 @@ manager: aaroncz
-**ADMX_WPN/NoCallsDuringQuietHours**
+**ADMX_WPN/NoCallsDuringQuietHours**
@@ -90,7 +90,7 @@ If you don't configure this policy setting, voice and video calls will be allowe
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off calls during Quiet Hours*
- GP name: *NoCallsDuringQuietHours*
- GP path: *Start Menu and Taskbar\Notifications*
@@ -101,7 +101,7 @@ ADMX Info:
-**ADMX_WPN/NoLockScreenToastNotification**
+**ADMX_WPN/NoLockScreenToastNotification**
@@ -140,7 +140,7 @@ No reboots or service restarts are required for this policy setting to take effe
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off toast notifications on the lock screen*
- GP name: *NoLockScreenToastNotification*
- GP path: *Start Menu and Taskbar\Notifications*
@@ -151,7 +151,7 @@ ADMX Info:
-**ADMX_WPN/NoQuietHours**
+**ADMX_WPN/NoQuietHours**
@@ -190,7 +190,7 @@ If you don't configure this policy setting, Quiet Hours are enabled by default b
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off Quiet Hours*
- GP name: *NoQuietHours*
- GP path: *Start Menu and Taskbar\Notifications*
@@ -201,7 +201,7 @@ ADMX Info:
-**ADMX_WPN/NoToastNotification**
+**ADMX_WPN/NoToastNotification**
@@ -244,7 +244,7 @@ No reboots or service restarts are required for this policy setting to take effe
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Turn off toast notifications*
- GP name: *NoToastNotification*
- GP path: *Start Menu and Taskbar\Notifications*
@@ -255,7 +255,7 @@ ADMX Info:
-**ADMX_WPN/QuietHoursDailyBeginMinute**
+**ADMX_WPN/QuietHoursDailyBeginMinute**
@@ -294,7 +294,7 @@ If you don't configure this policy setting, a default value will be used, which
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set the time Quiet Hours begins each day*
- GP name: *QuietHoursDailyBeginMinute*
- GP path: *Start Menu and Taskbar\Notifications*
@@ -305,7 +305,7 @@ ADMX Info:
-**ADMX_WPN/QuietHoursDailyEndMinute**
+**ADMX_WPN/QuietHoursDailyEndMinute**
@@ -344,7 +344,7 @@ If you don't configure this policy setting, a default value will be used, which
-ADMX Info:
+ADMX Info:
- GP Friendly name: *Set the time Quiet Hours ends each day*
- GP name: *QuietHoursDailyEndMinute*
- GP path: *Start Menu and Taskbar\Notifications*
diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md
index ab3b3c38da..1ac1b7663b 100644
--- a/windows/client-management/mdm/policy-csp-appruntime.md
+++ b/windows/client-management/mdm/policy-csp-appruntime.md
@@ -8,24 +8,24 @@ ms.technology: windows
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
---
# Policy CSP - AppRuntime
> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
->
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
->
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../mdm/understanding-admx-backed-policies.md).
+>
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../mdm/understanding-admx-backed-policies.md#enabling-a-policy).
+>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-## AppRuntime policies
+## AppRuntime policies