deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-27 08:13:39 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #6003 from MicrosoftDocs/aljupudi-560146-Storage/WPDpolicies-01

Browse Source 
Updated policy-csp-storage with missing policy entries
This commit is contained in:
Diana Hanson
2022-01-07 11:04:18 -07:00
committed by GitHub
parent b631833ee6 726883ae61
commit f80e7c2cec
2 changed files with 271 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -8551,6 +8551,18 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
<dd>
<a href="./policy-csp-storage.md#storage-removablediskdenywriteaccess" id="storage-removablediskdenywriteaccess">Storage/RemovableDiskDenyWriteAccess</a>
</dd>
<dd>
<a href="./policy-csp-storage.md#storage-wpddevicesdenyreadaccessperdevice" id="storage-wpddevicesdenyreadaccessperdevice">Storage/WPDDevicesDenyReadAccessPerDevice</a>
</dd>
<dd>
<a href="./policy-csp-storage.md#storage-wpddevicesdenyreadaccessperuser" id="storage-wpddevicesdenyreadaccessperuser">Storage/WPDDevicesDenyReadAccessPerUser</a>
</dd>
<dd>
<a href="./policy-csp-storage.md#storage-wpddevicesdenywriteaccessperdevice" id="storage-wpddevicesdenywriteaccessperdevice">Storage/WPDDevicesDenyWriteAccessPerDevice</a>
</dd>
<dd>
<a href="./policy-csp-storage.md#storage-wpddevicesdenywriteaccessperuser" id="storage-wpddevicesdenywriteaccessperuser">Storage/WPDDevicesDenyWriteAccessPerUser</a>
</dd>
</dl>
### System policies

259
windows/client-management/mdm/policy-csp-storage.md
View File

@ -48,6 +48,18 @@ manager: dansimp
<dd>
<a href="#storage-removablediskdenywriteaccess">Storage/RemovableDiskDenyWriteAccess</a>
</dd>
<dd>
<a href="#storage-wpddevicesdenyreadaccessperdevice">Storage/WPDDevicesDenyReadAccessPerDevice</a>
</dd>
<dd>
<a href="#storage-wpddevicesdenyreadaccessperuser">Storage/WPDDevicesDenyReadAccessPerUser</a>
</dd>
<dd>
<a href="#storage-wpddevicesdenywriteaccessperdevice">Storage/WPDDevicesDenyWriteAccessPerDevice</a>
</dd>
<dd>
<a href="#storage-wpddevicesdenywriteaccessperuser">Storage/WPDDevicesDenyWriteAccessPerUser</a>
</dd>
</dl>
@ -566,5 +578,252 @@ See [Use custom settings for Windows 10 devices in Intune](/intune/custom-settin
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="storage-wpddevicesdenyreadaccessperdevice"></a>**Storage/WPDDevicesDenyReadAccessPerDevice**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy will do the enforcement over the following protocols which are used by most portable devices, e.g. mobile/IOS/Android:
- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
- Mass Storage Class (MSC) over USB
To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
If enabled, this policy will block end-user from Read access on any Windows Portal devices, e.g. mobile/iOS/Android.
>[!NOTE]
> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
Supported values for this policy are:
- Not configured
- Enabled
- Disabled
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP Friendly name: *WPD Devices: Deny read access*
- GP name: *WPDDevices_DenyRead_Access_2*
- GP path: *System/Removable Storage Access*
- GP ADMX file name: *RemovableStorage.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="storage-wpddevicesdenyreadaccessperuser"></a>**Storage/WPDDevicesDenyReadAccessPerUser**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
<hr/>
<!--/Scope-->
<!--Description-->
This policy will do the enforcement over the following protocols which are used by most portable devices, e.g. mobile/IOS/Android:
- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
- Mass Storage Class (MSC) over USB
To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
If enabled, this policy will block end-user from Read access on any Windows Portal devices, e.g. mobile/iOS/Android.
>[!NOTE]
> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
Supported values for this policy are:
- Not configured
- Enabled
- Disabled
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP Friendly name: *WPD Devices: Deny read access*
- GP name: *WPDDevices_DenyRead_Access_1*
- GP path: *System/Removable Storage Access*
- GP ADMX file name: *RemovableStorage.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="storage-wpddevicesdenywriteaccessperdevice"></a>**Storage/WPDDevicesDenyWriteAccessPerDevice**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy will do the enforcement over the following protocols which are used by most portable devices, e.g. mobile/IOS/Android:
- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
- Mass Storage Class (MSC) over USB
To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
If enabled, this will block end-user from Write access on any Windows Portal devices, e.g. mobile/iOS/Android.
>[!NOTE]
> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
Supported values for this policy are:
- Not configured
- Enabled
- Disabled
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP Friendly name: *WPD Devices: Deny write access*
- GP name: *WPDDevices_DenyWrite_Access_2*
- GP path: *System/Removable Storage Access*
- GP ADMX file name: *RemovableStorage.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="storage-wpddevicesdenywriteaccessperuser"></a>**Storage/WPDDevicesDenyWriteAccessPerUser**
<!--SupportedSKUs-->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
<hr/>
<!--/Scope-->
<!--Description-->
This policy will do the enforcement over the following protocols which are used by most portable devices, e.g. mobile/IOS/Android:
- Picture Transfer Protocol (PTP) over USB, IP, and Bluetooth
- Media Transfer Protocol (MTP) over USB, IP, and Bluetooth
- Mass Storage Class (MSC) over USB
To enable this policy, the minimum OS requirement is Windows 10, version 1809 and [KB5003217 (OS Build 17763.1971)](https://support.microsoft.com/en-us/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46).
If enabled, this will block end-user from Write access on any Windows Portal devices, e.g. mobile/iOS/Android.
>[!NOTE]
> WPD policy is not a reliable policy for removable storage - admin can not use WPD policy to block removable storage, e.g. if an end-user is using an USB thumb drive under a WPD policy, the policy may block PTP/MTP/etc, but end-user can still browser the USB via explorer.
Supported values for this policy are:
- Not configured
- Enabled
- Disabled
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP Friendly name: *WPD Devices: Deny write access*
- GP name: *WPDDevices_DenyWrite_Access_1*
- GP path: *System/Removable Storage Access*
- GP ADMX file name: *RemovableStorage.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
<!--/SupportedValues-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--/Policies-->