deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 14:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into lsaldanha-4620497-batch16

Browse Source
This commit is contained in:
Lovina Saldanha 2021-01-15 09:19:37 +05:30 committed by GitHub
commit ff14cd640a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
468 changed files with 26007 additions and 3950 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.openpublishing.publish.config.json
View File

@ -390,7 +390,7 @@
"elizapo@microsoft.com"
],
"sync_notification_subscribers": [
"daniha@microsoft.com"
"dstrome@microsoft.com"
],
"branches_to_filter": [
""
@ -431,9 +431,9 @@
"template_folder": "_themes.pdf"
}
},
"need_generate_pdf": false,
"need_generate_intellisense": false,
"docs_build_engine": {
"name": "docfx_v3"
}
},
"need_generate_pdf": false,
"need_generate_intellisense": false
}

5
.openpublishing.redirection.json
View File

@ -1534,6 +1534,11 @@
"source_path": "windows/security/threat-protection/windows-defender-atp/get-machinegroups-collection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection",
"redirect_document_id": true
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md",
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list",
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md",

2
browsers/edge/TOC.md
View File

@ -28,6 +28,6 @@
## [Change history for Microsoft Edge](change-history-for-microsoft-edge.md)
## [Microsoft Edge Frequently Asked Questions (FAQs)](microsoft-edge-faq.yml)
## [Microsoft Edge Frequently Asked Questions (FAQ)](microsoft-edge-faq.yml)

2
browsers/edge/group-policies/sync-browser-settings-gp.md
View File

@ -38,7 +38,7 @@ You can find the Microsoft Edge Group Policy settings in the following location
To verify the settings:
1. In the upper-right corner of Microsoft Edge, click **More** \(**...**\).
2. Click **Settings**.
3. Under Account, see if the setting is toggled on or off.<p>![Verify configuration](../images/sync-settings.PNG)
3. Under Account, see if the setting is toggled on or off.<p>![Verify configuration](../images/sync-settings.png)
## Do not sync browser settings

0
browsers/edge/images/allow-smart-screen-validation.PNG → browsers/edge/images/allow-smart-screen-validation.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 14 KiB

After

Width:  |  Height:  |  Size: 14 KiB

0
browsers/edge/images/sync-settings.PNG → browsers/edge/images/sync-settings.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 14 KiB

After

Width:  |  Height:  |  Size: 14 KiB

2
browsers/edge/includes/configure-windows-defender-smartscreen-include.md
View File

@ -27,7 +27,7 @@ ms.topic: include
To verify Windows Defender SmartScreen is turned off (disabled):
1. Click or tap **More** (…) and select **Settings** > **View Advanced settings**.
2. Verify the setting **Help protect me from malicious sites and download with Windows Defender SmartScreen** is disabled.<p>![Verify that Windows Defender SmartScreen is turned off (disabled)](../images/allow-smart-screen-validation.PNG)
2. Verify the setting **Help protect me from malicious sites and download with Windows Defender SmartScreen** is disabled.<p>![Verify that Windows Defender SmartScreen is turned off (disabled)](../images/allow-smart-screen-validation.png)
### ADMX info and settings

21
browsers/edge/microsoft-edge-faq.yml
View File

@ -1,6 +1,6 @@
### YamlMime:FAQ
metadata:
title: Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros
title: Microsoft Edge - Frequently Asked Questions (FAQ) for IT Pros
ms.reviewer:
audience: itpro
manager: dansimp
@ -13,9 +13,9 @@ metadata:
ms.sitesec: library
ms.localizationpriority: medium
title: Frequently Asked Questions (FAQs) for IT Pros
title: Frequently Asked Questions (FAQ) for IT Pros
summary: |
>Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile
Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile
> [!NOTE]
> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
@ -49,21 +49,26 @@ sections:
To learn more about Microsoft's plan for phasing Flash out of Microsoft Edge and Internet Explorer, see [The End of an Era — Next Steps for Adobe Flash](https://blogs.windows.com/msedgedev/2017/07/25/flash-on-windows-timeline/#3Bcc3QjRw0l7XsZ4.97) (blog article).
- question: Does Microsoft Edge support ActiveX controls or BHOs like Silverlight or Java?
answer: No, Microsoft Edge doesn't support ActiveX controls and BHOs like Silverlight or Java. If you're running web apps that use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in Internet Explorer 11. Internet Explorer 11 offers additional security, manageability, performance, backward compatibility, and standards support.
answer: |
No, Microsoft Edge doesn't support ActiveX controls and Browser Helper Objects (BHOs) like Silverlight or Java. If you're running web apps that use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in Internet Explorer 11. Internet Explorer 11 offers additional security, manageability, performance, backward compatibility, and standards support.
- question: How often will Microsoft Edge be updated?
answer: In Windows 10, we're delivering Windows as a service, updated on a cadence driven by quality and the availability of new features. Microsoft Edge security updates are released every two to four weeks, while bigger feature updates are included in the Windows 10 releases on a semi-annual cadence.
answer: |
In Windows 10, we're delivering Windows as a service, updated on a cadence driven by quality and the availability of new features. Microsoft Edge security updates are released every two to four weeks, while bigger feature updates are included in the Windows 10 releases on a semi-annual cadence.
- question: How can I provide feedback on Microsoft Edge?
answer: Microsoft Edge is an evergreen browser - we'll continue to evolve both the web platform and the user interface with regular updates. To send feedback on user experience, or on broken or malicious sites, use the **Send Feedback** option under the ellipses icon (**...**) in the Microsoft Edge toolbar.
answer: |
Microsoft Edge is an evergreen browser - we'll continue to evolve both the web platform and the user interface with regular updates. To send feedback on user experience, or on broken or malicious sites, use the **Send Feedback** option under the ellipses icon (**...**) in the Microsoft Edge toolbar.
- question: Will Internet Explorer 11 continue to receive updates?
answer: |
We're committed to keeping Internet Explorer a supported, reliable, and safe browser. Internet Explorer is still a component of Windows and follows the support lifecycle of the OS on which it's installed. For details, see [Lifecycle FAQ - Internet Explorer](https://support.microsoft.com/help/17454/). While we continue to support and update Internet Explorer, the latest features and platform updates will only be available in Microsoft Edge.
- question: How do I find out which version of Microsoft Edge I have?
answer: In the upper-right corner of Microsoft Edge, select the ellipses icon (**...**), and then select **Settings**. Look in the **About Microsoft Edge** section to find your version.
answer: |
In the upper-right corner of Microsoft Edge, select the ellipses icon (**...**), and then select **Settings**. Look in the **About Microsoft Edge** section to find your version.
- question: What is Microsoft EdgeHTML?
answer: Microsoft EdgeHTML is the web rendering engine that powers the current Microsoft Edge web browser and Windows 10 web app platform (as opposed to *Microsoft Edge, based on Chromium*).
answer: |
Microsoft EdgeHTML is the web rendering engine that powers the current Microsoft Edge web browser and Windows 10 web app platform (as opposed to *Microsoft Edge, based on Chromium*).

2
browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
View File

@ -68,7 +68,7 @@ Additional information on Internet Explorer 11, including a Readiness Toolkit, t
## Availability of Internet Explorer 11
Automatic Updates will start to distribute Internet Explorer 11 shortly after the final release of the product and will distribute it through the Microsoft Endpoint Configuration Manager and WSUS.
Automatic Updates will start to distribute Internet Explorer 11 shortly after the final release of the product and will distribute it through the Microsoft Endpoint Manager and WSUS.
## Prevent automatic installation of Internet Explorer 11 with WSUS

2
education/windows/chromebook-migration-guide.md
View File

@ -457,7 +457,7 @@ Table 5. Select on-premises AD DS, Azure AD, or hybrid
<td align="left">X</td>
</tr>
<tr class="odd">
<td align="left">Use Microsoft Endpoint Configuration Manager for management</td>
<td align="left">Use Microsoft Endpoint Manager for management</td>
<td align="left">X</td>
<td align="left"></td>
<td align="left">X</td>

44
education/windows/deploy-windows-10-in-a-school-district.md
View File

@ -202,7 +202,7 @@ Before you select the deployment and management methods, you need to review the
|Scenario feature |Cloud-centric|On-premises and cloud|
|---|---|---|
|Identity management | Azure AD (stand-alone or integrated with on-premises AD DS) | AD DS integrated with Azure AD |
|Windows 10 deployment | MDT only | Microsoft Endpoint Configuration Manager with MDT |
|Windows 10 deployment | MDT only | Microsoft Endpoint Manager with MDT |
|Configuration setting management | Intune | Group Policy<br/><br/>Intune|
|App and update management | Intune |Microsoft Endpoint Configuration Manager<br/><br/>Intune|
@ -216,14 +216,14 @@ These scenarios assume the need to support:
Some constraints exist in these scenarios. As you select the deployment and management methods for your device, keep the following constraints in mind:
* You can use Group Policy or Intune to manage configuration settings on a device but not both.
* You can use Microsoft Endpoint Configuration Manager or Intune to manage apps and updates on a device but not both.
* You can use Microsoft Endpoint Manager or Intune to manage apps and updates on a device but not both.
* You cannot manage multiple users on a device with Intune if the device is AD DS domain joined.
Use the cloud-centric scenario and on-premises and cloud scenario as a guide for your district. You may need to customize these scenarios, however, based on your district. As you go through the [Select the deployment methods](#select-the-deployment-methods), [Select the configuration setting management methods](#select-the-configuration-setting-management-methods), and the [Select the app and update management products](#select-the-app-and-update-management-products) sections, remember these scenarios and use them as the basis for your district.
### Select the deployment methods
To deploy Windows 10 and your apps, you can use MDT by itself or Microsoft Endpoint Configuration Manager and MDT together. For a district, there are a few ways to deploy Windows 10 to devices. Table 2 lists the methods that this guide describes and recommends. Use this information to determine which combination of deployment methods is right for your institution.
To deploy Windows 10 and your apps, you can use MDT by itself or Microsoft Endpoint Manager and MDT together. For a district, there are a few ways to deploy Windows 10 to devices. Table 2 lists the methods that this guide describes and recommends. Use this information to determine which combination of deployment methods is right for your institution.
<table>
<colgroup>
@ -291,7 +291,7 @@ Select this method when you:</p>
</ul>
<p>The disadvantages of this method are that it:</p>
<ul>
<li>Carries an additional cost for Microsoft Endpoint Configuration Manager server licenses (if the institution does not have Configuration Manager already).</li>
<li>Carries an additional cost for Microsoft Endpoint Manager server licenses (if the institution does not have Configuration Manager already).</li>
<li>Can deploy Windows 10 only to domain-joined (institution-owned devices).</li>
<li>Requires an AD DS infrastructure (if the institution does not have AD DS already).</li>
</ul>
@ -307,7 +307,7 @@ Record the deployment methods you selected in Table 3.
|Selection | Deployment method|
|--------- | -----------------|
| |MDT by itself |
| |Microsoft Endpoint Configuration Manager and MDT|
| |Microsoft Endpoint Manager and MDT|
*Table 3. Deployment methods selected*
@ -483,12 +483,12 @@ Select this method when you:</p>
</tr>
<tr>
<td valign="top">Microsoft Endpoint Configuration Manager and Intune (hybrid)</td>
<td valign="top">Microsoft Endpoint Manager and Intune (hybrid)</td>
<td><p>Configuration Manager and Intune together extend Configuration Manager from an on-premises management system for domain-joined devices to a solution that can manage devices regardless of their location and connectivity options. This hybrid option provides the benefits of both Configuration Manager and Intune.<br/><br/>
Configuration Manager and Intune in the hybrid configuration allow you to support application management throughout the entire application life cycle. You can deploy, upgrade, manage multiple versions, and retire applications by using Configuration Manager, and you can manage Windows desktop and Microsoft Store applications for both institution-owned and personal devices.<br/><br/>
Select this method when you:</p>
<ul>
<li>Selected Microsoft Endpoint Configuration Manager to deploy Windows 10.</li>
<li>Selected Microsoft Endpoint Manager to deploy Windows 10.</li>
<li>Want to manage institution-owned and personal devices (does not require that the device be domain joined).</li>
<li>Want to manage domain-joined devices.</li>
<li>Want to manage Azure AD domain-joined devices.</li>
@ -525,9 +525,9 @@ Record the app and update management methods that you selected in Table 7.
|Selection | Management method|
|----------|------------------|
| |Microsoft Endpoint Configuration Manager by itself|
| |Microsoft Endpoint Manager by itself|
| |Intune by itself|
| |Microsoft Endpoint Configuration Manager and Intune (hybrid mode)|
| |Microsoft Endpoint Manager and Intune (hybrid mode)|
*Table 7. App and update management methods selected*
@ -570,11 +570,11 @@ For more information about how to create a deployment share, see [Step 3-1: Crea
### Install the Configuration Manager console
> [!NOTE]
> If you selected Microsoft Endpoint Configuration Manager to deploy Windows 10 or manage your devices (in the [Select the deployment methods](#select-the-deployment-methods) and [Select the configuration setting management methods](#select-the-configuration-setting-management-methods) sections, respectively), perform the steps in this section. Otherwise, skip this section and continue to the next.
> If you selected Microsoft Endpoint Manager to deploy Windows 10 or manage your devices (in the [Select the deployment methods](#select-the-deployment-methods) and [Select the configuration setting management methods](#select-the-configuration-setting-management-methods) sections, respectively), perform the steps in this section. Otherwise, skip this section and continue to the next.
You can use Configuration Manager to manage Windows 10 deployments, Windows desktop apps, Microsoft Store apps, and software updates. To manage Configuration Manager, you use the Configuration Manager console. You must install the Configuration Manager console on every device you use to manage Configuration Manager (specifically, the admin device). The Configuration Manager console is automatically installed when you install Configuration Manager primary site servers.
For more information about how to install the Configuration Manager console, see [Install Microsoft Endpoint Configuration Manager consoles](https://technet.microsoft.com/library/mt590197.aspx#bkmk_InstallConsole).
For more information about how to install the Configuration Manager console, see [Install Microsoft Endpoint Manager consoles](https://technet.microsoft.com/library/mt590197.aspx#bkmk_InstallConsole).
### Configure MDT integration with the Configuration Manager console
@ -733,7 +733,7 @@ The following Azure AD Premium features are not in Azure AD Basic:
* Allow designated users to manage group membership
* Dynamic group membership based on user metadata
* Azure AD Multi-Factor Authentication authentication (MFA; see [What is Azure AD Multi-Factor Authentication Authentication](https://azure.microsoft.com/documentation/articles/multi-factor-authentication/))
* Azure AD Multi-Factor Authentication (MFA; see [What is Azure AD Multi-Factor Authentication](https://azure.microsoft.com/documentation/articles/multi-factor-authentication/))
* Identify cloud apps that your users run
* Self-service recovery of BitLocker
* Add local administrator accounts to Windows 10 devices
@ -1148,7 +1148,7 @@ At the end of this section, you should know the Windows 10 editions and processo
## Prepare for deployment
Before you can deploy Windows 10 and your apps to devices, you need to prepare your MDT environment, Windows Deployment Services, and Microsoft Endpoint Configuration Manager (if you selected it to do operating system deployment in the [Select the deployment methods](#select-the-deployment-methods) section). In this section, you ensure that the deployment methods you selected in the [Select the deployment methods](#select-the-deployment-methods) section have the necessary Windows 10 editions and versions, Windows desktop apps, Microsoft Store apps, and device drivers.
Before you can deploy Windows 10 and your apps to devices, you need to prepare your MDT environment, Windows Deployment Services, and Microsoft Endpoint Manager (if you selected it to do operating system deployment in the [Select the deployment methods](#select-the-deployment-methods) section). In this section, you ensure that the deployment methods you selected in the [Select the deployment methods](#select-the-deployment-methods) section have the necessary Windows 10 editions and versions, Windows desktop apps, Microsoft Store apps, and device drivers.
### Configure the MDT deployment share
@ -1245,7 +1245,7 @@ For more information about how to update a deployment share, see <a href="https:
### Configure Microsoft Endpoint Configuration Manager
> [!NOTE]
> If you have already configured your Microsoft Endpoint Configuration Manager infrastructure to support the operating system deployment feature or if you selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next section.
> If you have already configured your Microsoft Endpoint Manager infrastructure to support the operating system deployment feature or if you selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next section.
Before you can use Configuration Manager to deploy Windows 10 and manage your apps and devices, you must configure Configuration Manager to support the operating system deployment feature. If you dont have an existing Configuration Manager infrastructure, you will need to deploy a new infrastructure.
@ -1255,7 +1255,7 @@ Deploying a new Configuration Manager infrastructure is beyond the scope of this
* [Start using Configuration Manager](https://technet.microsoft.com/library/mt608544.aspx)
#### To configure an existing Microsoft Endpoint Configuration Manager infrastructure for operating system deployment
#### To configure an existing Microsoft Endpoint Manager infrastructure for operating system deployment
1. Perform any necessary infrastructure remediation.
@ -1264,12 +1264,12 @@ Deploying a new Configuration Manager infrastructure is beyond the scope of this
You need to add the Windows PE boot images, Windows 10 operating system images, and other deployment content that you will use to deploy Windows 10 with ZTI. To add this content, use the Create MDT Task Sequence Wizard.
You can add this content by using Microsoft Endpoint Configuration Manager only (without MDT), but the Create MDT Task Sequence Wizard is the preferred method because the wizard prompts you for all the deployment content you need for a task sequence and provides a much more intuitive user experience. For more information, see [Create ZTI Task Sequences Using the Create MDT Task Sequence Wizard in Configuration Manager](https://technet.microsoft.com/library/dn759415.aspx#CreateZTITaskSequencesUsingtheCreateMDTTaskSequenceWizardinConfigurationManager).
You can add this content by using Microsoft Endpoint Manager only (without MDT), but the Create MDT Task Sequence Wizard is the preferred method because the wizard prompts you for all the deployment content you need for a task sequence and provides a much more intuitive user experience. For more information, see [Create ZTI Task Sequences Using the Create MDT Task Sequence Wizard in Configuration Manager](https://technet.microsoft.com/library/dn759415.aspx#CreateZTITaskSequencesUsingtheCreateMDTTaskSequenceWizardinConfigurationManager).
3. Add device drivers.
You must add device drivers for the different device types in your district. For example, if you have a mixture of Surface, HP Stream, Dell Inspiron, and Lenovo Yoga devices, then you must have the device drivers for each device.
Create a Microsoft Endpoint Configuration Manager driver package for each device type in your district. For more information, see [Manage drivers in Configuration Manager](https://technet.microsoft.com/library/mt627934.aspx).
Create a Microsoft Endpoint Manager driver package for each device type in your district. For more information, see [Manage drivers in Configuration Manager](https://technet.microsoft.com/library/mt627934.aspx).
4. Add Windows apps.
Install the Windows apps (Windows desktop and Microsoft Store apps) that you want to deploy after the task sequence deploys your customized image (a thick, reference image that include Windows 10 and your core Windows desktop apps). These apps are in addition to the apps included in your reference image. You can only deploy Microsoft Store apps after you deploy Windows 10 because you cannot capture Microsoft Store apps in a reference image. Microsoft Store apps target users, not devices.
@ -1301,7 +1301,7 @@ You can use Windows Deployment Services in conjunction with MDT to automatically
### Configure Window Deployment Services for Microsoft Endpoint Configuration Manager
> [!NOTE]
> If you have already configured your Microsoft Endpoint Configuration Manager infrastructure to support PXE boot or selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next.
> If you have already configured your Microsoft Endpoint Manager infrastructure to support PXE boot or selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next.
You can use Windows Deployment Services in conjunction with Configuration Manager to automatically initiate boot images on target devices. These boot images are Windows PE images that you use to boot the target devices, and then initiate Windows 10, app, and device driver deployment.
@ -1328,7 +1328,7 @@ You can use Windows Deployment Services in conjunction with Configuration Manage
#### Summary
Your MDT deployment share and Microsoft Endpoint Configuration Manager are now ready for deployment. Windows Deployment Services is ready to initiate the LTI or ZTI deployment process. You have set up and configured Windows Deployment Services for MDT and for Configuration Manager. You have also ensured that your boot images are available to Windows Deployment Services (for LTI) or the distribution points (for ZTI and Configuration Manager). Now, youre ready to capture the reference images for the different devices you have in your district.
Your MDT deployment share and Microsoft Endpoint Manager are now ready for deployment. Windows Deployment Services is ready to initiate the LTI or ZTI deployment process. You have set up and configured Windows Deployment Services for MDT and for Configuration Manager. You have also ensured that your boot images are available to Windows Deployment Services (for LTI) or the distribution points (for ZTI and Configuration Manager). Now, youre ready to capture the reference images for the different devices you have in your district.
## Capture the reference image
@ -1575,7 +1575,7 @@ For more information about Intune, see [Microsoft Intune Documentation](https://
### Deploy and manage apps by using Intune
If you selected to deploy and manage apps by using Microsoft Endpoint Configuration Manager and Intune in a hybrid configuration, then skip this section and continue to the [Deploy and manage apps by using Microsoft Endpoint Configuration Manager](#deploy-and-manage-apps-by-using-microsoft-endpoint-configuration-manager) section.
If you selected to deploy and manage apps by using Microsoft Endpoint Manager and Intune in a hybrid configuration, then skip this section and continue to the [Deploy and manage apps by using Microsoft Endpoint Configuration Manager](#deploy-and-manage-apps-by-using-microsoft-endpoint-configuration-manager) section.
You can use Intune to deploy Microsoft Store and Windows desktop apps. Intune provides improved control over which users receive specific apps. In addition, Intune allows you to deploy apps to companion devices (such as Windows 10 Mobile, iOS, or Android devices). Finally, Intune helps you manage app security and features, such as mobile application management policies that let you manage apps on devices that are not enrolled in Intune or that another solution manages.
@ -1589,7 +1589,7 @@ For more information about how to configure Intune to manage your apps, see the
### Deploy and manage apps by using Microsoft Endpoint Configuration Manager
You can use Microsoft Endpoint Configuration Manager to deploy Microsoft Store and Windows desktop apps. Configuration Manager allows you to create a Configuration Manager application that you can use to deploy apps to different devices (such as Windows 10 desktop, Windows 10 Mobile, iOS, or Android devices) by using *deployment types*. You can think of a Configuration Manager application as a box. You can think of deployment types as one or more sets of installation files and installation instructions within that box.
You can use Microsoft Endpoint Manager to deploy Microsoft Store and Windows desktop apps. Configuration Manager allows you to create a Configuration Manager application that you can use to deploy apps to different devices (such as Windows 10 desktop, Windows 10 Mobile, iOS, or Android devices) by using *deployment types*. You can think of a Configuration Manager application as a box. You can think of deployment types as one or more sets of installation files and installation instructions within that box.
For example, you could create a Skype application that contains a deployment type for Windows 10 desktop, Windows 10 Mobile, iOS, and Android. You can deploy the one application to multiple device types.
@ -1627,7 +1627,7 @@ For more information about how to configure Configuration Manager to manage Wind
#### Summary
In this section, you prepared your institution for device management. You identified the configuration settings that you want to use to manage your users and devices. You configured Group Policy or Intune to manage these configuration settings. You configured Intune or Microsoft Endpoint Configuration Manager to manage your apps. Finally, you configured Intune or Microsoft Endpoint Configuration Manager to manage software updates for Windows 10 and your apps.
In this section, you prepared your institution for device management. You identified the configuration settings that you want to use to manage your users and devices. You configured Group Policy or Intune to manage these configuration settings. You configured Intune or Microsoft Endpoint Manager to manage your apps. Finally, you configured Intune or Microsoft Endpoint Manager to manage software updates for Windows 10 and your apps.
## Deploy Windows 10 to devices

4
store-for-business/add-unsigned-app-to-code-integrity-policy.md
View File

@ -62,7 +62,7 @@ Before you get started, be sure to review these best practices and requirements:
**Best practices**
- **Naming convention** -- Using a naming convention makes it easier to find deployed catalog files. We'll use \*-Contoso.cat as the naming convention in this topic. For more information, see the section Inventorying catalog files by using Microsoft Endpoint Configuration Manager in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide).
- **Naming convention** -- Using a naming convention makes it easier to find deployed catalog files. We'll use \*-Contoso.cat as the naming convention in this topic. For more information, see the section Inventorying catalog files by using Microsoft Endpoint Manager in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide).
- **Where to deploy code integrity policy** -- The [code integrity policy that you created](#create-ci-policy) should be deployed to the system on which you are running Package Inspector. This will ensure that the code integrity policy binaries are trusted.
Copy the commands for each step into an elevated Windows PowerShell session. You'll use Package Inspector to find and trust all binaries in the app.
@ -117,4 +117,4 @@ Catalog signing is a vital step to adding your unsigned apps to your code integr
When you use the Device Guard signing portal to sign a catalog file, the signing certificate is added to the default policy. When you download the signed catalog file, you should also download the default policy and merge this code integrity policy with your existing code integrity policies to protect machines running the catalog file. You need to do this step to trust and run your catalog files. For more information, see the Merging code integrity policies in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide).
6. Open the root certificate that you downloaded, and follow the steps in **Certificate Import wizard** to install the certificate in your machine's certificate store.
7. Deploy signed catalogs to your managed devices. For more information, see Deploy catalog files with Group Policy, or Deploy catalog files with Microsoft Endpoint Configuration Manager in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide).
7. Deploy signed catalogs to your managed devices. For more information, see Deploy catalog files with Group Policy, or Deploy catalog files with Microsoft Endpoint Manager in the [Device Guard deployment guide](https://docs.microsoft.com/windows/device-security/device-guard/device-guard-deployment-guide).

2
windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
View File

@ -44,7 +44,7 @@ Each method accomplishes essentially the same task, but some methods may be bett
To add a locally installed application to a package or to a connection groups virtual environment, you add a subkey to the `RunVirtual` registry key in the Registry Editor, as described in the following sections.
There is no Group Policy setting available to manage this registry key, so you have to use Microsoft Endpoint Configuration Manager or another electronic software distribution (ESD) system, or manually edit the registry.
There is no Group Policy setting available to manage this registry key, so you have to use Microsoft Endpoint Manager or another electronic software distribution (ESD) system, or manually edit the registry.
Starting with App-V 5.0 SP3, when using RunVirtual, you can publish packages globally or to the user.

1
windows/client-management/TOC.md
View File

@ -1,5 +1,6 @@
# [Manage clients in Windows 10](index.md)
## [Administrative Tools in Windows 10](administrative-tools-in-windows-10.md)
### [Use Quick Assist to help users](quick-assist.md)
## [Create mandatory user profiles](mandatory-user-profile.md)
## [Connect to remote Azure Active Directory-joined PC](connect-to-remote-aadj-pc.md)
## [Join Windows 10 Mobile to Azure Active Directory](join-windows-10-mobile-to-azure-active-directory.md)

75
windows/client-management/connect-to-remote-aadj-pc.md
View File

@ -22,14 +22,15 @@ ms.topic: article
- Windows 10
From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/user-help/device-management-azuread-joined-devices-setup). Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics).
From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/devices/concept-azure-ad-join). Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics).
![Remote Desktop Connection client](images/rdp.png)
## Set up
- Both PCs (local and remote) must be running Windows 10, version 1607 or later. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 are not supported.
- Your local PC (where you are connecting from) must be either Azure AD joined or Hybrid Azure AD joined if using Windows 10 version 1607 and above, or Azure AD registered if using Windows 10 version 2004 and above. Remote connections to an Azure AD joined PC from an unjoined device or a non-Windows 10 device are not supported.
- Your local PC (where you are connecting from) must be either Azure AD-joined or Hybrid Azure AD-joined if using Windows 10, version 1607 and above, or [Azure AD registered](https://docs.microsoft.com/azure/active-directory/devices/concept-azure-ad-register) if using Windows 10, version 2004 and above. Remote connections to an Azure AD-joined PC from an unjoined device or a non-Windows 10 device are not supported.
- The local PC and remote PC must be in the same Azure AD tenant. Azure AD B2B guests are not supported for Remote desktop.
Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard), a new feature in Windows 10, version 1607, is turned off on the client PC you are using to connect to the remote PC.
@ -41,57 +42,45 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
![Allow remote connections to this computer](images/allow-rdp.png)
3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Click **Select Users -> Add** and enter the name of the user or group.
3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Users can be added either manually or through MDM policies:
> [!NOTE]
> You can specify individual Azure AD accounts for remote connections by having the user sign in to the remote device at least once, and then running the following PowerShell cmdlet:
> ```powershell
> net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"
> ```
> where *the-UPN-attribute-of-your-user* is the name of the user profile in C:\Users\, which is created based on the DisplayName attribute in Azure AD.
>
> This command only works for AADJ device users already added to any of the local groups (administrators).
> Otherwise this command throws the below error. For example:
> - for cloud only user: "There is no such global user or group : *name*"
> - for synced user: "There is no such global user or group : *name*" </br>
- Adding users manually
> [!NOTE]
> In Windows 10, version 1709, the user does not have to sign in to the remote device first.
>
> In Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.
You can specify individual Azure AD accounts for remote connections by running the following PowerShell cmdlet:
```powershell
net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"
```
where *the-UPN-attribute-of-your-user* is the name of the user profile in C:\Users\, which is created based on the DisplayName attribute in Azure AD.
4. Click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC.
This command only works for AADJ device users already added to any of the local groups (administrators).
Otherwise this command throws the below error. For example:
- for cloud only user: "There is no such global user or group : *name*"
- for synced user: "There is no such global user or group : *name*" </br>
> [!TIP]
> When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
> [!NOTE]
> For devices running Windows 10, version 1703 or earlier, the user must sign in to the remote device first before attempting remote connections.
>
> Starting in Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.
> [!Note]
> If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in the [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e).
- Adding users using policy
Starting in Windows 10, version 2004, you can add users or Azure AD groups to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD joined devices](https://docs.microsoft.com/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview).
> [!TIP]
> When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com.
> [!NOTE]
> If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in this [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e).
## Supported configurations
In organizations using integrated Active Directory and Azure AD, you can connect from a Hybrid-joined PC to an Azure AD-joined PC by using any of the following:
The table below lists the supported configurations for remotely connecting to an Azure AD-joined PC:
- Password
- Smartcards
- Windows Hello for Business, if the domain is managed by Microsoft Endpoint Configuration Manager.
| Criteria | RDP from Azure AD registered device| RDP from Azure AD joined device| RDP from hybrid Azure AD joined device |
| - | - | - | - |
| **Client operating systems**| Windows 10, version 2004 and above| Windows 10, version 1607 and above | Windows 10, version 1607 and above |
| **Supported credentials**| Password, smartcard| Password, smartcard, Windows Hello for Business certificate trust | Password, smartcard, Windows Hello for Business certificate trust |
In organizations using integrated Active Directory and Azure AD, you can connect from an Azure AD-joined PC to an AD-joined PC when the Azure AD-joined PC is on the corporate network by using any of the following:
- Password
- Smartcards
- Windows Hello for Business, if the organization has a mobile device management (MDM) subscription.
In organizations using integrated Active Directory and Azure AD, you can connect from an Azure AD-joined PC to another Azure AD-joined PC by using any of the following:
- Password
- Smartcards
- Windows Hello for Business, with or without an MDM subscription.
In organizations using only Azure AD, you can connect from an Azure AD-joined PC to another Azure AD-joined PC by using any of the following:
- Password
- Windows Hello for Business, with or without an MDM subscription.
> [!NOTE]
> If the RDP client is running Windows Server 2016 or Windows Server 2019, to be able to connect to Azure Active Directory-joined PCs, it must [allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities).

BIN
windows/client-management/images/quick-assist-flow.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 25 KiB

17
windows/client-management/mdm/TOC.md
View File

@ -202,19 +202,28 @@
#### [ADMX_ErrorReporting](policy-csp-admx-errorreporting.md)
#### [ADMX_EventForwarding](policy-csp-admx-eventforwarding.md)
#### [ADMX_EventLog](policy-csp-admx-eventlog.md)
#### [ADMX_Explorer](policy-csp-admx-explorer.md)
#### [ADMX_FileServerVSSProvider](policy-csp-admx-fileservervssprovider.md)
#### [ADMX_FileSys](policy-csp-admx-filesys.md)
#### [ADMX_FolderRedirection](policy-csp-admx-folderredirection.md)
#### [ADMX_Globalization](policy-csp-admx-globalization.md)
#### [ADMX_GroupPolicy](policy-csp-admx-grouppolicy.md)
#### [ADMX_Help](policy-csp-admx-help.md)
#### [ADMX_HelpAndSupport](policy-csp-admx-helpandsupport.md)
#### [ADMX_ICM](policy-csp-admx-icm.md)
#### [ADMX_kdc](policy-csp-admx-kdc.md)
#### [ADMX_Kerberos](policy-csp-admx-kerberos.md)
#### [ADMX_LanmanServer](policy-csp-admx-lanmanserver.md)
#### [ADMX_LanmanWorkstation](policy-csp-admx-lanmanworkstation.md)
#### [ADMX_LinkLayerTopologyDiscovery](policy-csp-admx-linklayertopologydiscovery.md)
#### [ADMX_Logon](policy-csp-admx-logon.md)
#### [ADMX_MicrosoftDefenderAntivirus](policy-csp-admx-microsoftdefenderantivirus.md)
#### [ADMX_MMC](policy-csp-admx-mmc.md)
#### [ADMX_MMCSnapins](policy-csp-admx-mmcsnapins.md)
#### [ADMX_MSAPolicy](policy-csp-admx-msapolicy.md)
#### [ADMX_msched](policy-csp-admx-msched.md)
#### [ADMX_MSDT](policy-csp-admx-msdt.md)
#### [ADMX_MSI](policy-csp-admx-msi.md)
#### [ADMX_nca](policy-csp-admx-nca.md)
#### [ADMX_NCSI](policy-csp-admx-ncsi.md)
#### [ADMX_Netlogon](policy-csp-admx-netlogon.md)
@ -222,9 +231,15 @@
#### [ADMX_OfflineFiles](policy-csp-admx-offlinefiles.md)
#### [ADMX_PeerToPeerCaching](policy-csp-admx-peertopeercaching.md)
#### [ADMX_PerformanceDiagnostics](policy-csp-admx-performancediagnostics.md)
#### [ADMX_Power](policy-csp-admx-power.md)
#### [ADMX_PowerShellExecutionPolicy](policy-csp-admx-powershellexecutionpolicy.md)
#### [ADMX_Printing](policy-csp-admx-printing.md)
#### [ADMX_Printing2](policy-csp-admx-printing2.md)
#### [ADMX_Programs](policy-csp-admx-programs.md)
#### [ADMX_Reliability](policy-csp-admx-reliability.md)
#### [ADMX_RemoteAssistance](policy-csp-admx-remoteassistance.md)
#### [ADMX_RemovableStorage](policy-csp-admx-removablestorage.md)
#### [ADMX_RPC](policy-csp-admx-rpc.md)
#### [ADMX_Scripts](policy-csp-admx-scripts.md)
#### [ADMX_sdiageng](policy-csp-admx-sdiageng.md)
#### [ADMX_Securitycenter](policy-csp-admx-securitycenter.md)
@ -234,6 +249,7 @@
#### [ADMX_SharedFolders](policy-csp-admx-sharedfolders.md)
#### [ADMX_Sharing](policy-csp-admx-sharing.md)
#### [ADMX_ShellCommandPromptRegEditTools](policy-csp-admx-shellcommandpromptregedittools.md)
#### [ADMX_SkyDrive](policy-csp-admx-skydrive.md)
#### [ADMX_Smartcard](policy-csp-admx-smartcard.md)
#### [ADMX_Snmp](policy-csp-admx-snmp.md)
#### [ADMX_StartMenu](policy-csp-admx-startmenu.md)
@ -252,6 +268,7 @@
#### [ADMX_WindowsExplorer](policy-csp-admx-windowsexplorer.md)
#### [ADMX_WindowsMediaDRM](policy-csp-admx-windowsmediadrm.md)
#### [ADMX_WindowsMediaPlayer](policy-csp-admx-windowsmediaplayer.md)
#### [ADMX_WindowsRemoteManagement](policy-csp-admx-windowsremotemanagement.md)
#### [ADMX_WindowsStore](policy-csp-admx-windowsstore.md)
#### [ADMX_WinInit](policy-csp-admx-wininit.md)
#### [ADMX_WinLogon](policy-csp-admx-winlogon.md)

4
windows/client-management/mdm/appv-deploy-and-config.md
View File

@ -1,6 +1,6 @@
---
title: Deploy and configure App-V apps using MDM
description: Configure, deploy, and manage Microsoft Application Virtualization (App-V) apps using Microsoft Endpoint Configuration Manager or App-V server.
description: Configure, deploy, and manage Microsoft Application Virtualization (App-V) apps using Microsoft Endpoint Manager or App-V server.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@ -15,7 +15,7 @@ manager: dansimp
## Executive summary
<p>Microsoft Application Virtualization (App-V) apps have typically been configured, deployed, and managed through on-premises group policies using Microsoft Endpoint Configuration Manager or App-V server. In Windows 10, version 1703, App-V apps can be configured, deployed, and managed using mobile device management (MDM), matching their on-premises counterparts.</p>
<p>Microsoft Application Virtualization (App-V) apps have typically been configured, deployed, and managed through on-premises group policies using Microsoft Endpoint Manager or App-V server. In Windows 10, version 1703, App-V apps can be configured, deployed, and managed using mobile device management (MDM), matching their on-premises counterparts.</p>
<p>MDM services can be used to publish App-V packages to clients running Windows 10, version 1703 (or later). All capabilities such as App-V enablement, configuration, and publishing can be completed using the EnterpriseAppVManagement CSP.</p>

15
windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
View File

@ -1,24 +1,29 @@
---
title: Azure AD and Microsoft Intune - Automatic MDM enrollment in the new Portal
description: Azure AD and Microsoft Intune - Automatic MDM enrollment in the new Portal
description: Azure AD and Microsoft Intune - Automatic MDM enrollment in the new portal
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: lomayor
ms.date: 01/17/2018
ms.date: 12/18/2020
ms.reviewer:
manager: dansimp
---
# Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal
Go to your Azure AD Blade, select the Mobility (MDM and MAM) and there should be the Microsoft Intune "App" Visible, select the Microsoft Intune and configure the Blade
> [!NOTE]
> Microsoft Intune portal can be accessed at the following link: [https://endpoint.microsoft.com](https://endpoint.microsoft.com).
1. Go to your Azure AD Blade.
2. Select **Mobility (MDM and MAM)**, and find the Microsoft Intune app.
3. Select **Microsoft Intune** and configure the blade.
![How to get to the Blade](images/azure-mdm-intune.png)
Configure the Blade
Configure the blade
![Configure the Blade](images/azure-intune-configure-scope.png)
Select all for allow all users to enroll a Device and make it Intune ready, or Some, then you can add a Group of Users.
You can specify settings to allow all users to enroll a device and make it Intune ready, or choose to allow some users (and then add a group of users).

8
windows/client-management/mdm/bitlocker-csp.md
View File

@ -300,6 +300,10 @@ If you disable or do not configure this setting, users can configure only basic
> [!NOTE]
> If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard.
> [!NOTE]
> Devices that pass Hardware Security Testability Specification (HSTI) validation or Modern
> Standby devices will not be able to configure a Startup PIN using this CSP. Users are required to manually configure the PIN.
Sample value for this node to enable this policy is:
```xml
@ -1126,12 +1130,12 @@ Supported values:
|-----|------------|
| 0 |The BitLocker policy requires user consent to launch the BitLocker Drive Encryption Wizard to start encryption of the OS volume but the user didn't consent.|
| 1 |The encryption method of the OS volume doesn't match the BitLocker policy.|
| 2 |The BitLocker policy requires a TPM protector to protect the OS volume, but a TPM isn't used.|
| 2 |The OS volume is unprotected.|
| 3 |The BitLocker policy requires a TPM-only protector for the OS volume, but TPM protection isn't used.|
| 4 |The BitLocker policy requires TPM+PIN protection for the OS volume, but a TPM+PIN protector isn't used.|
| 5 |The BitLocker policy requires TPM+startup key protection for the OS volume, but a TPM+startup key protector isn't used.|
| 6 |The BitLocker policy requires TPM+PIN+startup key protection for the OS volume, but a TPM+PIN+startup key protector isn't used.|
| 7 |The OS volume is unprotected.|
| 7 |The BitLocker policy requires a TPM protector to protect the OS volume, but a TPM isn't used.|
| 8 |Recovery key backup failed.|
| 9 |A fixed drive is unprotected.|
| 10 |The encryption method of the fixed drive doesn't match the BitLocker policy.|

2
windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
View File

@ -35,7 +35,7 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro
> [!NOTE]
> - Bulk-join is not supported in Azure Active Directory Join.
> - Bulk enrollment does not work in Intune standalone environment.
> - Bulk enrollment works in Microsoft Endpoint Configuration Manager where the ppkg is generated from the Configuration Manager console.
> - Bulk enrollment works in Microsoft Endpoint Manager where the ppkg is generated from the Configuration Manager console.
> - To change bulk enrollment settings, login to **AAD**, then **Devices**, and then click **Device Settings**. Change the number under **Maximum number of devices per user**.
## What you need

20
windows/client-management/mdm/defender-csp.md
View File

@ -390,6 +390,26 @@ Intune tamper protection setting UX supports three states:
When enabled or disabled exists on the client and admin moves the setting to not configured, it will not have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly.
<a href="" id="configuration-disablelocaladminmerge"></a>**Configuration/DisableLocalAdminMerge**<br>
This policy setting controls whether or not complex list settings configured by a local administrator are merged with managed settings. This setting applies to lists such as threats and exclusions.
If you disable or do not configure this setting, unique items defined in preference settings configured by the local administrator will be merged into the resulting effective policy. In the case of conflicts, management settings will override preference settings.
If you enable this setting, only items defined by management will be used in the resulting effective policy. Managed settings will override preference settings configured by the local administrator.
> [!NOTE]
> Applying this setting will not remove exclusions from the device registry, it will only prevent them from being applied/used. This is reflected in **Get-MpPreference**.
Supported OS versions: Windows 10
The data type is integer.
Supported operations are Add, Delete, Get, Replace.
Valid values are:
- 1 Enable.
- 0 (default) Disable.
<a href="" id="configuration-enablefilehashcomputation"></a>**Configuration/EnableFileHashComputation**
Enables or disables file hash computation feature.
When this feature is enabled Windows defender will compute hashes for files it scans.

105
windows/client-management/mdm/diagnosticlog-csp.md
View File

@ -199,8 +199,111 @@ A Get to the above URI will return the results of the data gathering for the las
Each data gathering node is annotated with the HRESULT of the action and the collection is also annotated with an overall HRESULT. In this example, note that the mdmdiagnosticstool.exe command failed.
The zip file which is created also contains a results.xml file whose contents align to the Data section in the SyncML for ArchiveResults. Accordingly, an IT admin using the zip file for troubleshooting can determine the order and success of each directive without needing a permanent record of the SyncML value for DiagnosticArchive/ArchiveResults.
### Making use of the uploaded data
The zip archive which is created and uploaded by the CSP contains a folder structure like the following:
```powershell
PS C:\> dir C:\DiagArchiveExamples\DiagLogs-MYDEVICE-20201202T182748Z
Directory: C:\DiagArchiveExamples\DiagLogs-MYDEVICE-20201202T182748Z
Mode LastWriteTime Length Name
---- ------------- ------ ----
la--- 1/4/2021 2:45 PM 1
la--- 1/4/2021 2:45 PM 2
la--- 12/2/2020 6:27 PM 2701 results.xml
```
Each data gathering directive from the original `Collection` XML corresponds to a folder in the output. For example, if the first directive was <RegistryKey HRESULT="0">HKLM\Software\Policies</RegistryKey> then folder `1` will contain the corresponding `export.reg` file.
The `results.xml` file is the authoritative map to the output. It includes a status code for each directive. The order of the directives in the file corresponds to the order of the output folders. Using `results.xml` the administrator can see what data was gathered, what failures may have occurred, and which folders contain which output. For example, the following `results.xml` content indicates that registry export of HKLM\Software\Policies was successful and the data can be found in folder `1`. It also indicates that `netsh.exe wlan show profiles` command failed.
```xml
<Collection HRESULT="0">
<ID>268b3056-8c15-47c6-a1bd-4bc257aef7b2</ID>
<RegistryKey HRESULT="0">HKLM\Software\Policies</RegistryKey>
<Command HRESULT="-2147024895">%windir%\system32\netsh.exe wlan show profiles</Command>
</Collection>
```
Administrators can apply automation to 'results.xml' to create their own preferred views of the data. For example, the following PowerShell one-liner extracts from the XML an ordered list of the directives with status code and details.
```powershell
Select-XML -Path results.xml -XPath '//RegistryKey | //Command | //Events | //FoldersFiles' | Foreach-Object -Begin {$i=1} -Process { [pscustomobject]@{DirectiveNumber=$i; DirectiveHRESULT=$_.Node.HRESULT; DirectiveInput=$_.Node.('#text')} ; $i++}
```
This example produces output similar to the following:
```
DirectiveNumber DirectiveHRESULT DirectiveInput
--------------- ---------------- --------------
1 0 HKLM\Software\Policies
2 0 HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall
3 0 HKLM\Software\Microsoft\IntuneManagementExtension
4 0 HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall
5 0 %windir%\system32\ipconfig.exe /all
6 0 %windir%\system32\netsh.exe advfirewall show allprofiles
7 0 %windir%\system32\netsh.exe advfirewall show global
8 -2147024895 %windir%\system32\netsh.exe wlan show profiles
```
The next example extracts the zip archive into a customized flattened file structure. Each file name includes the directive number, HRESULT, and so on. This example could be customized to make different choices about what information to include in the file names and what formatting choices to make for special characters.
```powershell
param( $DiagnosticArchiveZipPath = "C:\DiagArchiveExamples\DiagLogs-MYDEVICE-20201202T182748Z.zip" )
#region Formatting Choices
$flatFileNameTemplate = '({0:D2}) ({3}) (0x{2:X8})'
$maxLengthForInputTextPassedToOutput = 80
#endregion
#region Create Output Folders and Expand Zip
$diagnosticArchiveTempUnzippedPath = $DiagnosticArchiveZipPath + "_expanded"
if(-not (Test-Path $diagnosticArchiveTempUnzippedPath)){mkdir $diagnosticArchiveTempUnzippedPath}
$reformattedArchivePath = $DiagnosticArchiveZipPath + "_formatted"
if(-not (Test-Path $reformattedArchivePath)){mkdir $reformattedArchivePath}
Expand-Archive -Path $DiagnosticArchiveZipPath -DestinationPath $diagnosticArchiveTempUnzippedPath
#endregion
#region Discover and Move/rename Files
$resultElements = ([xml](Get-Content -Path (Join-Path -Path $diagnosticArchiveTempUnzippedPath -ChildPath "results.xml"))).Collection.ChildNodes | Foreach-Object{ $_ }
$n = 0
foreach( $element in $resultElements )
{
$directiveNumber = $n
$n++
if($element.Name -eq 'ID'){ continue }
$directiveType = $element.Name
$directiveStatus = [int]$element.Attributes.ItemOf('HRESULT').psbase.Value
$directiveUserInputRaw = $element.InnerText
$directiveUserInputFileNameCompatible = $directiveUserInputRaw -replace '[\\|/\[\]<>\:"\?\*%\.\s]','_'
$directiveUserInputTrimmed = $directiveUserInputFileNameCompatible.substring(0, [System.Math]::Min($maxLengthForInputTextPassedToOutput, $directiveUserInputFileNameCompatible.Length))
$directiveSummaryString = $flatFileNameTemplate -f $directiveNumber,$directiveType,$directiveStatus,$directiveUserInputTrimmed
$directiveOutputFolder = Join-Path -Path $diagnosticArchiveTempUnzippedPath -ChildPath $directiveNumber
$directiveOutputFiles = Get-ChildItem -Path $directiveOutputFolder -File
foreach( $file in $directiveOutputFiles)
{
$leafSummaryString = $directiveSummaryString,$file.Name -join ' '
Copy-Item $file.FullName -Destination (Join-Path -Path $reformattedArchivePath -ChildPath $leafSummaryString)
}
}
#endregion
Remove-Item -Path $diagnosticArchiveTempUnzippedPath -Force -Recurse
```
That example script produces a set of files similar to the following, which can be a useful view for an administrator interactively browsing the results without needing to navigate any sub-folders or refer to `results.xml` repeatedly:
```powershell
PS C:\> dir C:\DiagArchiveExamples\DiagLogs-MYDEVICE-20201202T182748Z.zip_formatted | format-table Length,Name
Length Name
------ ----
46640 (01) (HKLM_Software_Policies) (0x00000000) export.reg
203792 (02) (HKLM_Software_Microsoft_Windows_CurrentVersion_Uninstall) (0x00000000) export.reg
214902 (03) (HKLM_Software_Microsoft_IntuneManagementExtension) (0x00000000) export.reg
212278 (04) (HKLM_SOFTWARE_WOW6432Node_Microsoft_Windows_CurrentVersion_Uninstall) (0x00000000) export.reg
2400 (05) (_windir__system32_ipconfig_exe__all) (0x00000000) output.log
2147 (06) (_windir__system32_netsh_exe_advfirewall_show_allprofiles) (0x00000000) output.log
1043 (07) (_windir__system32_netsh_exe_advfirewall_show_global) (0x00000000) output.log
59 (08) (_windir__system32_netsh_exe_wlan_show_profiles) (0x80070001) output.log
1591 (09) (_windir__system32_ping_exe_-n_50_localhost) (0x00000000) output.log
5192 (10) (_windir__system32_Dsregcmd_exe__status) (0x00000000) output.log
```
## Policy area

4
windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
View File

@ -44,7 +44,8 @@ In Windows, after the user confirms the account deletion command and before the
This action utilizes the OMA DM generic alert 1226 function to send a user an MDM unenrollment user alert to the MDM server after the device accepts the user unenrollment request, but before it deletes any enterprise data. The server should set the expectation that unenrollment may succeed or fail, and the server can check whether the device is unenrolled by either checking whether the device calls back at scheduled time or by sending a push notification to the device to see whether it responds back. If the server plans to send a push notification, it should allow for some delay to give the device the time to complete the unenrollment work.
> **Note**  The user unenrollment is an OMA DM standard. For more information about the 1226 generic alert, refer to the OMA Device Management Protocol specification (OMA-TS-DM\_Protocol-V1\_2\_1-20080617-A), available from the [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=267526).
> [!NOTE]
> The user unenrollment is an OMA DM standard. For more information about the 1226 generic alert, refer to the OMA Device Management Protocol specification (OMA-TS-DM\_Protocol-V1\_2\_1-20080617-A), available from the [OMA website](https://www.openmobilealliance.org/release/DM/V1_1_2-20031209-A/).
 
The vendor uses the Type attribute to specify what type of generic alert it is. For device initiated MDM unenrollment, the alert type is **com.microsoft:mdm.unenrollment.userrequest**.
@ -157,4 +158,3 @@ When the disconnection is completed, the user is notified that the device has be

7
windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md
View File

@ -138,10 +138,11 @@ There are two ways to retrieve this file from the device; one pre-GDR1 and one p
2. Set a baseline for this configuration item with a “dummy” value (such as zzz), and ensure that you do not remediate it.
The dummy value is not set; it is only used for comparison.
3. After the report XML is sent to the device, Microsoft Endpoint Configuration Manager displays a compliance log that contains the report information. The log can contain significant amount of data.
3. After the report XML is sent to the device, Microsoft Endpoint Manager displays a compliance log that contains the report information. The log can contain significant amount of data.
4. Parse this log for the report XML content.
For a step-by-step walkthrough, see [Retrieve a device update report using Microsoft Endpoint Configuration Manager logs](#retrieve-a-device-update-report-using-microsoft-endpoint-configuration-manager-logs).
For a step-by-step walkthrough, see [Retrieve a device update report using Microsoft Endpoint Manager logs](#retrieve-a-device-update-report-using-microsoft-endpoint-manager-logs).
**Post-GDR1: Retrieve the report xml file using an SD card**
@ -460,7 +461,7 @@ DownloadFiles $inputFile $downloadCache $localCacheURL
```
<a href="" id="how-to-retrieve"></a>
## Retrieve a device update report using Microsoft Endpoint Configuration Manager logs
## Retrieve a device update report using Microsoft Endpoint Manager logs
**For pre-GDR1 devices**
Use this procedure for pre-GDR1 devices:

247
windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
View File

@ -261,6 +261,11 @@ ms.date: 10/08/2020
- [ADMX_EventLog/Channel_Log_Retention_2](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-2)
- [ADMX_EventLog/Channel_Log_Retention_3](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-3)
- [ADMX_EventLog/Channel_Log_Retention_4](./policy-csp-admx-eventlog.md#admx-eventlog-channel-log-retention-4)
- [ADMX_Explorer/AdminInfoUrl](./policy-csp-admx-explorer.md#admx-explorer-admininfourl)
- [ADMX_Explorer/AlwaysShowClassicMenu](./policy-csp-admx-explorer.md#admx-explorer-alwaysshowclassicmenu)
- [ADMX_Explorer/DisableRoamedProfileInit](./policy-csp-admx-explorer.md#admx-explorer-disableroamedprofileinit)
- [ADMX_Explorer/PreventItemCreationInUsersFilesFolder](./policy-csp-admx-explorer.md#admx-explorer-preventitemcreationinusersfilesfolder)
- [ADMX_Explorer/TurnOffSPIAnimations](./policy-csp-admx-explorer.md#admx-explorer-turnoffspianimations)
- [ADMX_FileServerVSSProvider/Pol_EncryptProtocol](./policy-csp-admx-fileservervssprovider.md#admx-fileservervssprovider-pol-encryptprotocol)
- [ADMX_FileSys/DisableCompression](./policy-csp-admx-filesys.md#admx-filesys-disablecompression)
- [ADMX_FileSys/DisableDeleteNotification](./policy-csp-admx-filesys.md#admx-filesys-disabledeletenotification)
@ -277,6 +282,73 @@ ms.date: 10/08/2020
- [ADMX_FolderRedirection/LocalizeXPRelativePaths_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-localizexprelativepaths-2)
- [ADMX_FolderRedirection/PrimaryComputer_FR_1](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-1)
- [ADMX_FolderRedirection/PrimaryComputer_FR_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-2)
- [ADMX_Globalization/BlockUserInputMethodsForSignIn](./policy-csp-admx-globalization.md#admx-globalization-blockuserinputmethodsforsignin)
- [ADMX_Globalization/CustomLocalesNoSelect_1](./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-1)
- [ADMX_Globalization/CustomLocalesNoSelect_2](./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-2)
- [ADMX_Globalization/HideAdminOptions](./policy-csp-admx-globalization.md#admx-globalization-hideadminoptions)
- [ADMX_Globalization/HideCurrentLocation](./policy-csp-admx-globalization.md#admx-globalization-hidecurrentlocation)
- [ADMX_Globalization/HideLanguageSelection](./policy-csp-admx-globalization.md#admx-globalization-hidelanguageselection)
- [ADMX_Globalization/HideLocaleSelectAndCustomize](./policy-csp-admx-globalization.md#admx-globalization-hidelocaleselectandcustomize)
- [ADMX_Globalization/ImplicitDataCollectionOff_1](./policy-csp-admx-globalization.md#admx-globalization-implicitdatacollectionoff-1)
- [ADMX_Globalization/ImplicitDataCollectionOff_2](./policy-csp-admx-globalization.md#admx-globalization-implicitdatacollectionoff-2)
- [ADMX_Globalization/LocaleSystemRestrict](./policy-csp-admx-globalization.md#admx-globalization-localesystemrestrict)
- [ADMX_Globalization/LocaleUserRestrict_1](./policy-csp-admx-globalization.md#admx-globalization-localeuserrestrict-1)
- [ADMX_Globalization/LocaleUserRestrict_2](./policy-csp-admx-globalization.md#admx-globalization-localeuserrestrict-2)
- [ADMX_Globalization/LockMachineUILanguage](./policy-csp-admx-globalization.md#admx-globalization-lockmachineuilanguage)
- [ADMX_Globalization/LockUserUILanguage](./policy-csp-admx-globalization.md#admx-globalization-lockuseruilanguage)
- [ADMX_Globalization/PreventGeoIdChange_1](./policy-csp-admx-globalization.md#admx-globalization-preventgeoidchange-1)
- [ADMX_Globalization/PreventGeoIdChange_2](./policy-csp-admx-globalization.md#admx-globalization-preventgeoidchange-2)
- [ADMX_Globalization/PreventUserOverrides_1](./policy-csp-admx-globalization.md#admx-globalization-preventuseroverrides-1)
- [ADMX_Globalization/PreventUserOverrides_2](./policy-csp-admx-globalization.md#admx-globalization-preventuseroverrides-2)
- [ADMX_Globalization/RestrictUILangSelect](./policy-csp-admx-globalization.md#admx-globalization-restrictuilangselect)
- [ADMX_Globalization/TurnOffAutocorrectMisspelledWords](./policy-csp-admx-globalization.md#admx-globalization-turnoffautocorrectmisspelledwords)
- [ADMX_Globalization/TurnOffHighlightMisspelledWords](./policy-csp-admx-globalization.md#admx-globalization-turnoffhighlightmisspelledwords)
- [ADMX_Globalization/TurnOffInsertSpace](./policy-csp-admx-globalization.md#admx-globalization-turnoffinsertspace)
- [ADMX_Globalization/TurnOffOfferTextPredictions](./policy-csp-admx-globalization.md#admx-globalization-turnoffoffertextpredictions)
- [ADMX_Globalization/Y2K](./policy-csp-admx-globalization.md#admx-globalization-y2k)
- [ADMX_GroupPolicy/AllowX-ForestPolicy-and-RUP](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-allowx-forestpolicy-and-rup)
- [ADMX_GroupPolicy/CSE_AppMgmt](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-appmgmt)
- [ADMX_GroupPolicy/CSE_DiskQuota](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-diskquota)
- [ADMX_GroupPolicy/CSE_EFSRecovery](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-efsrecovery)
- [ADMX_GroupPolicy/CSE_FolderRedirection](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-folderredirection)
- [ADMX_GroupPolicy/CSE_IEM](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-iem)
- [ADMX_GroupPolicy/CSE_IPSecurity](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-ipsecurity)
- [ADMX_GroupPolicy/CSE_Registry](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-registry)
- [ADMX_GroupPolicy/CSE_Scripts](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-scripts)
- [ADMX_GroupPolicy/CSE_Security](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-security)
- [ADMX_GroupPolicy/CSE_Wired](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-wired)
- [ADMX_GroupPolicy/CSE_Wireless](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-wireless)
- [ADMX_GroupPolicy/CorpConnSyncWaitTime](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-corpconnsyncwaittime)
- [ADMX_GroupPolicy/DenyRsopToInteractiveUser_1](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-denyrsoptointeractiveuser-1)
- [ADMX_GroupPolicy/DenyRsopToInteractiveUser_2](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-denyrsoptointeractiveuser-2)
- [ADMX_GroupPolicy/DisableAOACProcessing](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-disableaoacprocessing)
- [ADMX_GroupPolicy/DisableAutoADMUpdate](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-disableautoadmupdate)
- [ADMX_GroupPolicy/DisableBackgroundPolicy](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-disablebackgroundpolicy)
- [ADMX_GroupPolicy/DisableLGPOProcessing](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-disablelgpoprocessing)
- [ADMX_GroupPolicy/DisableUsersFromMachGP](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-disableusersfrommachgp)
- [ADMX_GroupPolicy/EnableCDP](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-enablecdp)
- [ADMX_GroupPolicy/EnableLogonOptimization](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-enablelogonoptimization)
- [ADMX_GroupPolicy/EnableLogonOptimizationOnServerSKU](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-enablelogonoptimizationonserversku)
- [ADMX_GroupPolicy/EnableMMX](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-enablemmx)
- [ADMX_GroupPolicy/EnforcePoliciesOnly](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-enforcepoliciesonly)
- [ADMX_GroupPolicy/FontMitigation](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-fontmitigation)
- [ADMX_GroupPolicy/GPDCOptions](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-gpdcoptions)
- [ADMX_GroupPolicy/GPTransferRate_1](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-gptransferrate-1)
- [ADMX_GroupPolicy/GPTransferRate_2](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-gptransferrate-2)
- [ADMX_GroupPolicy/GroupPolicyRefreshRate](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-grouppolicyrefreshrate)
- [ADMX_GroupPolicy/GroupPolicyRefreshRateDC](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-grouppolicyrefreshratedc)
- [ADMX_GroupPolicy/GroupPolicyRefreshRateUser](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-grouppolicyrefreshrateuser)
- [ADMX_GroupPolicy/LogonScriptDelay](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-logonscriptdelay)
- [ADMX_GroupPolicy/NewGPODisplayName](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-newgpodisplayname)
- [ADMX_GroupPolicy/NewGPOLinksDisabled](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-newgpolinksdisabled)
- [ADMX_GroupPolicy/OnlyUseLocalAdminFiles](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-onlyuselocaladminfiles)
- [ADMX_GroupPolicy/ProcessMitigationOptions](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-processmitigationoptions)
- [ADMX_GroupPolicy/RSoPLogging](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-rsoplogging)
- [ADMX_GroupPolicy/ResetDfsClientInfoDuringRefreshPolicy](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-resetdfsclientinfoduringrefreshpolicy)
- [ADMX_GroupPolicy/SlowLinkDefaultForDirectAccess](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-slowlinkdefaultfordirectaccess)
- [ADMX_GroupPolicy/SlowlinkDefaultToAsync](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-slowlinkdefaulttoasync)
- [ADMX_GroupPolicy/SyncWaitTime](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-syncwaittime)
- [ADMX_GroupPolicy/UserPolicyMode](./policy-csp-admx-grouppolicy.md#admx-grouppolicy-userpolicymode)
- [ADMX_Help/DisableHHDEP](./policy-csp-admx-help.md#admx-help-disablehhdep)
- [ADMX_Help/HelpQualifiedRootDir_Comp](./policy-csp-admx-help.md#admx-help-helpqualifiedrootdir-comp)
- [ADMX_Help/RestrictRunFromHelp](./policy-csp-admx-help.md#admx-help-restrictrunfromhelp)
@ -285,6 +357,32 @@ ms.date: 10/08/2020
- [ADMX_HelpAndSupport/HPExplicitFeedback](./policy-csp-admx-helpandsupport.md#admx-helpandsupport-hpexplicitfeedback)
- [ADMX_HelpAndSupport/HPImplicitFeedback](./policy-csp-admx-helpandsupport.md#admx-helpandsupport-hpimplicitfeedback)
- [ADMX_HelpAndSupport/HPOnlineAssistance](./policy-csp-admx-helpandsupport.md#admx-helpandsupport-hponlineassistance)
- [ADMX_ICM/CEIPEnable](./policy-csp-admx-icm.md#admx-icm-ceipenable)
- [ADMX_ICM/CertMgr_DisableAutoRootUpdates](./policy-csp-admx-icm.md#admx-icm-certmgr-disableautorootupdates)
- [ADMX_ICM/DisableHTTPPrinting_1](./policy-csp-admx-icm.md#admx-icm-disablehttpprinting-1)
- [ADMX_ICM/DisableWebPnPDownload_1](./policy-csp-admx-icm.md#admx-icm-disablewebpnpdownload-1)
- [ADMX_ICM/DriverSearchPlaces_DontSearchWindowsUpdate](./policy-csp-admx-icm.md#admx-icm-driversearchplaces-dontsearchwindowsupdate)
- [ADMX_ICM/EventViewer_DisableLinks](./policy-csp-admx-icm.md#admx-icm-eventviewer-disablelinks)
- [ADMX_ICM/HSS_HeadlinesPolicy](./policy-csp-admx-icm.md#admx-icm-hss-headlinespolicy)
- [ADMX_ICM/HSS_KBSearchPolicy](./policy-csp-admx-icm.md#admx-icm-hss-kbsearchpolicy)
- [ADMX_ICM/InternetManagement_RestrictCommunication_1](./policy-csp-admx-icm.md#admx-icm-internetmanagement-restrictcommunication-1)
- [ADMX_ICM/InternetManagement_RestrictCommunication_2](./policy-csp-admx-icm.md#admx-icm-internetmanagement-restrictcommunication-2)
- [ADMX_ICM/NC_ExitOnISP](./policy-csp-admx-icm.md#admx-icm-nc-exitonisp)
- [ADMX_ICM/NC_NoRegistration](./policy-csp-admx-icm.md#admx-icm-nc-noregistration)
- [ADMX_ICM/PCH_DoNotReport](./policy-csp-admx-icm.md#admx-icm-pch-donotreport)
- [ADMX_ICM/RemoveWindowsUpdate_ICM](./policy-csp-admx-icm.md#admx-icm-removewindowsupdate-icm)
- [ADMX_ICM/SearchCompanion_DisableFileUpdates](./policy-csp-admx-icm.md#admx-icm-searchcompanion-disablefileupdates)
- [ADMX_ICM/ShellNoUseInternetOpenWith_1](./policy-csp-admx-icm.md#admx-icm-shellnouseinternetopenwith-1)
- [ADMX_ICM/ShellNoUseInternetOpenWith_2](./policy-csp-admx-icm.md#admx-icm-shellnouseinternetopenwith-2)
- [ADMX_ICM/ShellNoUseStoreOpenWith_1](./policy-csp-admx-icm.md#admx-icm-shellnousestoreopenwith-1)
- [ADMX_ICM/ShellNoUseStoreOpenWith_2](./policy-csp-admx-icm.md#admx-icm-shellnousestoreopenwith-2)
- [ADMX_ICM/ShellPreventWPWDownload_1](./policy-csp-admx-icm.md#admx-icm-shellpreventwpwdownload-1)
- [ADMX_ICM/ShellRemoveOrderPrints_1](./policy-csp-admx-icm.md#admx-icm-shellremoveorderprints-1)
- [ADMX_ICM/ShellRemoveOrderPrints_2](./policy-csp-admx-icm.md#admx-icm-shellremoveorderprints-2)
- [ADMX_ICM/ShellRemovePublishToWeb_1](./policy-csp-admx-icm.md#admx-icm-shellremovepublishtoweb-1)
- [ADMX_ICM/ShellRemovePublishToWeb_2](./policy-csp-admx-icm.md#admx-icm-shellremovepublishtoweb-2)
- [ADMX_ICM/WinMSG_NoInstrumentation_1](./policy-csp-admx-icm.md#admx-icm-winmsg_noinstrumentation-1)
- [ADMX_ICM/WinMSG_NoInstrumentation_2](./policy-csp-admx-icm.md#admx-icm-winmsg_noinstrumentation-2)
- [ADMX_kdc/CbacAndArmor](./policy-csp-admx-kdc.md#admx-kdc-cbacandarmor)
- [ADMX_kdc/ForestSearch](./policy-csp-admx-kdc.md#admx-kdc-forestsearch)
- [ADMX_kdc/PKINITFreshness](./policy-csp-admx-kdc.md#admx-kdc-pkinitfreshness)
@ -303,8 +401,26 @@ ms.date: 10/08/2020
- [ADMX_LanmanServer/Pol_HashPublication](./policy-csp-admx-lanmanserver.md#admx-lanmanserver-pol-hashpublication)
- [ADMX_LanmanServer/Pol_HashSupportVersion](./policy-csp-admx-lanmanserver.md#admx-lanmanserver-pol-hashsupportversion)
- [ADMX_LanmanServer/Pol_HonorCipherSuiteOrder](./policy-csp-admx-lanmanserver.md#admx-lanmanserver-pol-honorciphersuiteorder)
- [ADMX_LanmanWorkstation/Pol_CipherSuiteOrder](./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-ciphersuiteorder)
- [ADMX_LanmanWorkstation/Pol_EnableHandleCachingForCAFiles](./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-enablehandlecachingforcafiles)
- [ADMX_LanmanWorkstation/Pol_EnableOfflineFilesforCAShares](./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-enableofflinefilesforcashares)
- [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablelltdio)
- [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablerspndr)
- [ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin](./policy-csp-admx-logon.md#admx-logon-blockuserfromshowingaccountdetailsonsignin)
- [ADMX_Logon/DisableAcrylicBackgroundOnLogon](./policy-csp-admx-logon.md#admx-logon-disableacrylicbackgroundonlogon)
- [ADMX_Logon/DisableExplorerRunLegacy_1](./policy-csp-admx-logon.md#admx-logon-disableexplorerrunlegacy-1)
- [ADMX_Logon/DisableExplorerRunLegacy_2](./policy-csp-admx-logon.md#admx-logon-disableexplorerrunlegacy-2)
- [ADMX_Logon/DisableExplorerRunOnceLegacy_1](./policy-csp-admx-logon.md#admx-logon-disableexplorerrunoncelegacy-1)
- [ADMX_Logon/DisableExplorerRunOnceLegacy_2](./policy-csp-admx-logon.md#admx-logon-disableexplorerrunoncelegacy-2)
- [ADMX_Logon/DisableStatusMessages](./policy-csp-admx-logon.md#admx-logon-disablestatusmessages)
- [ADMX_Logon/DontEnumerateConnectedUsers](./policy-csp-admx-logon.md#admx-logon-dontenumerateconnectedusers)
- [ADMX_Logon/NoWelcomeTips_1](./policy-csp-admx-logon.md#admx-logon-nowelcometips-1)
- [ADMX_Logon/NoWelcomeTips_2](./policy-csp-admx-logon.md#admx-logon-nowelcometips-2)
- [ADMX_Logon/Run_1](./policy-csp-admx-logon.md#admx-logon-run-1)
- [ADMX_Logon/Run_2](./policy-csp-admx-logon.md#admx-logon-run-2)
- [ADMX_Logon/SyncForegroundPolicy](./policy-csp-admx-logon.md#admx-logon-syncforegroundpolicy)
- [ADMX_Logon/UseOEMBackground](./policy-csp-admx-logon.md#admx-logon-useoembackground)
- [ADMX_Logon/VerboseStatus](./policy-csp-admx-logon.md#admx-logon-verbosestatus)
- [ADMX_MicrosoftDefenderAntivirus/AllowFastServiceStartup](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-allowfastservicestartup)
- [ADMX_MicrosoftDefenderAntivirus/DisableAntiSpywareDefender](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-disableantispywaredefender)
- [ADMX_MicrosoftDefenderAntivirus/DisableAutoExclusions](./policy-csp-admx-microsoftdefenderantivirus.md#admx-microsoftdefenderantivirus-disableautoexclusions)
@ -508,6 +624,35 @@ ms.date: 10/08/2020
- [ADMX_MMCSnapins/MMC_WirelessMon](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wirelessmon)
- [ADMX_MMCSnapins/MMC_WirelessNetworkPolicy](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wirelessnetworkpolicy)
- [ADMX_MSAPolicy/IncludeMicrosoftAccount_DisableUserAuthCmdLine](./policy-csp-admx-msapolicy.md#admx-msapolicy-microsoftaccount-disableuserauth)
- [ADMX_msched/ActivationBoundaryPolicy](./policy-csp-admx-msched.md#admx-msched-activationboundarypolicy)
- [ADMX_msched/RandomDelayPolicy](./policy-csp-admx-msched.md#admx-msched-randomdelaypolicy)
- [ADMX_MSDT/MsdtSupportProvider](./policy-csp-admx-msdt.md#admx-msdt-msdtsupportprovider)
- [ADMX_MSDT/MsdtToolDownloadPolicy](./policy-csp-admx-msdt.md#admx-msdt-msdttooldownloadpolicy)
- [ADMX_MSDT/WdiScenarioExecutionPolicy](./policy-csp-admx-msdt.md#admx-msdt-wdiscenarioexecutionpolicy)
- [ADMX_MSI/AllowLockdownBrowse](./policy-csp-admx-msi.md#admx-msi-allowlockdownbrowse)
- [ADMX_MSI/AllowLockdownMedia](./policy-csp-admx-msi.md#admx-msi-allowlockdownmedia)
- [ADMX_MSI/AllowLockdownPatch](./policy-csp-admx-msi.md#admx-msi-allowlockdownpatch)
- [ADMX_MSI/DisableAutomaticApplicationShutdown](./policy-csp-admx-msi.md#admx-msi-disableautomaticapplicationshutdown)
- [ADMX_MSI/DisableBrowse](./policy-csp-admx-msi.md#admx-msi-disablebrowse)
- [ADMX_MSI/DisableFlyweightPatching](./policy-csp-admx-msi.md#admx-msi-disableflyweightpatching)
- [ADMX_MSI/DisableLoggingFromPackage](./policy-csp-admx-msi.md#admx-msi-disableloggingfrompackage)
- [ADMX_MSI/DisableMSI](./policy-csp-admx-msi.md#admx-msi-disablemsi)
- [ADMX_MSI/DisableMedia](./policy-csp-admx-msi.md#admx-msi-disablemedia)
- [ADMX_MSI/DisablePatch](./policy-csp-admx-msi.md#admx-msi-disablepatch)
- [ADMX_MSI/DisableRollback_1](./policy-csp-admx-msi.md#admx-msi-disablerollback-1)
- [ADMX_MSI/DisableRollback_2](./policy-csp-admx-msi.md#admx-msi-disablerollback-2)
- [ADMX_MSI/DisableSharedComponent](./policy-csp-admx-msi.md#admx-msi-disablesharedcomponent)
- [ADMX_MSI/MSILogging](./policy-csp-admx-msi.md#admx-msi-msilogging)
- [ADMX_MSI/MSI_DisableLUAPatching](./policy-csp-admx-msi.md#admx-msi-msi-disableluapatching)
- [ADMX_MSI/MSI_DisablePatchUninstall](./policy-csp-admx-msi.md#admx-msi-msi-disablepatchuninstall)
- [ADMX_MSI/MSI_DisableSRCheckPoints](./policy-csp-admx-msi.md#admx-msi-msi-disablesrcheckpoints)
- [ADMX_MSI/MSI_DisableUserInstalls](./policy-csp-admx-msi.md#admx-msi-msi-disableuserinstalls)
- [ADMX_MSI/MSI_EnforceUpgradeComponentRules](./policy-csp-admx-msi.md#admx-msi-msi-enforceupgradecomponentrules)
- [ADMX_MSI/MSI_MaxPatchCacheSize](./policy-csp-admx-msi.md#admx-msi-msi-maxpatchcachesize)
- [ADMX_MSI/MsiDisableEmbeddedUI](./policy-csp-admx-msi.md#admx-msi-msidisableembeddedui)
- [ADMX_MSI/SafeForScripting](./policy-csp-admx-msi.md#admx-msi-safeforscripting)
- [ADMX_MSI/SearchOrder](./policy-csp-admx-msi.md#admx-msi-searchorder)
- [ADMX_MSI/TransformsSecure](./policy-csp-admx-msi.md#admx-msi-transformssecure)
- [ADMX_nca/CorporateResources](./policy-csp-admx-nca.md#admx-nca-corporateresources)
- [ADMX_nca/CustomCommands](./policy-csp-admx-nca.md#admx-nca-customcommands)
- [ADMX_nca/DTEs](./policy-csp-admx-nca.md#admx-nca-dtes)
@ -644,10 +789,71 @@ ms.date: 10/08/2020
- [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_2](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-2)
- [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_3](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-3)
- [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_4](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-4)
- [ADMX_Power/ACConnectivityInStandby_2](./policy-csp-admx-power.md#admx-power-acconnectivityinstandby-2)
- [ADMX_Power/ACCriticalSleepTransitionsDisable_2](./policy-csp-admx-power.md#admx-power-accriticalsleeptransitionsdisable-2)
- [ADMX_Power/ACStartMenuButtonAction_2](./policy-csp-admx-power.md#admx-power-acstartmenubuttonaction-2)
- [ADMX_Power/AllowSystemPowerRequestAC](./policy-csp-admx-power.md#admx-power-allowsystempowerrequestac)
- [ADMX_Power/AllowSystemPowerRequestDC](./policy-csp-admx-power.md#admx-power-allowsystempowerrequestdc)
- [ADMX_Power/AllowSystemSleepWithRemoteFilesOpenAC](./policy-csp-admx-power.md#admx-power-allowsystemsleepwithremotefilesopenac)
- [ADMX_Power/AllowSystemSleepWithRemoteFilesOpenDC](./policy-csp-admx-power.md#admx-power-allowsystemsleepwithremotefilesopendc)
- [ADMX_Power/CustomActiveSchemeOverride_2](./policy-csp-admx-power.md#admx-power-customactiveschemeoverride-2)
- [ADMX_Power/DCBatteryDischargeAction0_2](./policy-csp-admx-power.md#admx-power-dcbatterydischargeaction0-2)
- [ADMX_Power/DCBatteryDischargeAction1_2](./policy-csp-admx-power.md#admx-power-dcbatterydischargeaction1-2)
- [ADMX_Power/DCBatteryDischargeLevel0_2](./policy-csp-admx-power.md#admx-power-dcbatterydischargelevel0-2)
- [ADMX_Power/DCBatteryDischargeLevel1UINotification_2](./policy-csp-admx-power.md#admx-power-dcbatterydischargelevel1uinotification-2)
- [ADMX_Power/DCBatteryDischargeLevel1_2](./policy-csp-admx-power.md#admx-power-dcbatterydischargelevel1-2)
- [ADMX_Power/DCConnectivityInStandby_2](./policy-csp-admx-power.md#admx-power-dcconnectivityinstandby-2)
- [ADMX_Power/DCCriticalSleepTransitionsDisable_2](./policy-csp-admx-power.md#admx-power-dccriticalsleeptransitionsdisable-2)
- [ADMX_Power/DCStartMenuButtonAction_2](./policy-csp-admx-power.md#admx-power-dcstartmenubuttonaction-2)
- [ADMX_Power/DiskACPowerDownTimeOut_2](./policy-csp-admx-power.md#admx-power-diskacpowerdowntimeout-2)
- [ADMX_Power/DiskDCPowerDownTimeOut_2](./policy-csp-admx-power.md#admx-power-diskdcpowerdowntimeout-2)
- [ADMX_Power/Dont_PowerOff_AfterShutdown](./policy-csp-admx-power.md#admx-power-dont-poweroff-aftershutdown)
- [ADMX_Power/EnableDesktopSlideShowAC](./policy-csp-admx-power.md#admx-power-enabledesktopslideshowac)
- [ADMX_Power/EnableDesktopSlideShowDC](./policy-csp-admx-power.md#admx-power-enabledesktopslideshowdc)
- [ADMX_Power/InboxActiveSchemeOverride_2](./policy-csp-admx-power.md#admx-power-inboxactiveschemeoverride-2)
- [ADMX_Power/PW_PromptPasswordOnResume](./policy-csp-admx-power.md#admx-power-pw-promptpasswordonresume)
- [ADMX_Power/PowerThrottlingTurnOff](./policy-csp-admx-power.md#admx-power-powerthrottlingturnoff)
- [ADMX_Power/ReserveBatteryNotificationLevel](./policy-csp-admx-power.md#admx-power-reservebatterynotificationlevel)
- [ADMX_PowerShellExecutionPolicy/EnableModuleLogging](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enablemodulelogging)
- [ADMX_PowerShellExecutionPolicy/EnableScripts](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enablescripts)
- [ADMX_PowerShellExecutionPolicy/EnableTranscripting](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enabletranscripting)
- [ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enableupdatehelpdefaultsourcepath)
- [ADMX_Printing/AllowWebPrinting](./policy-csp-admx-printing.md#admx-printing-allowwebprinting)
- [ADMX_Printing/ApplicationDriverIsolation](./policy-csp-admx-printing.md#admx-printing-applicationdriverisolation)
- [ADMX_Printing/CustomizedSupportUrl](./policy-csp-admx-printing.md#admx-printing-customizedsupporturl)
- [ADMX_Printing/DoNotInstallCompatibleDriverFromWindowsUpdate](./policy-csp-admx-printing.md#admx-printing-donotinstallcompatibledriverfromwindowsupdate)
- [ADMX_Printing/DomainPrinters](./policy-csp-admx-printing.md#admx-printing-domainprinters)
- [ADMX_Printing/DownlevelBrowse](./policy-csp-admx-printing.md#admx-printing-downlevelbrowse)
- [ADMX_Printing/EMFDespooling](./policy-csp-admx-printing.md#admx-printing-emfdespooling)
- [ADMX_Printing/ForceSoftwareRasterization](./policy-csp-admx-printing.md#admx-printing-forcesoftwarerasterization)
- [ADMX_Printing/IntranetPrintersUrl](./policy-csp-admx-printing.md#admx-printing-intranetprintersurl)
- [ADMX_Printing/KMPrintersAreBlocked](./policy-csp-admx-printing.md#admx-printing-kmprintersareblocked)
- [ADMX_Printing/LegacyDefaultPrinterMode](./policy-csp-admx-printing.md#admx-printing-legacydefaultprintermode)
- [ADMX_Printing/MXDWUseLegacyOutputFormatMSXPS](./policy-csp-admx-printing.md#admx-printing-mxdwuselegacyoutputformatmsxps)
- [ADMX_Printing/NoDeletePrinter](./policy-csp-admx-printing.md#admx-printing-nodeleteprinter)
- [ADMX_Printing/NonDomainPrinters](./policy-csp-admx-printing.md#admx-printing-nondomainprinters)
- [ADMX_Printing/PackagePointAndPrintOnly](./policy-csp-admx-printing.md#admx-printing-packagepointandprintonly)
- [ADMX_Printing/PackagePointAndPrintOnly_Win7](./policy-csp-admx-printing.md#admx-printing-packagepointandprintonly-win7)
- [ADMX_Printing/PackagePointAndPrintServerList](./policy-csp-admx-printing.md#admx-printing-packagepointandprintserverlist)
- [ADMX_Printing/PackagePointAndPrintServerList_Win7](./policy-csp-admx-printing.md#admx-printing-packagepointandprintserverlist-win7)
- [ADMX_Printing/PhysicalLocation](./policy-csp-admx-printing.md#admx-printing-physicallocation)
- [ADMX_Printing/PhysicalLocationSupport](./policy-csp-admx-printing.md#admx-printing-physicallocationsupport)
- [ADMX_Printing/PrintDriverIsolationExecutionPolicy](./policy-csp-admx-printing.md#admx-printing-printdriverisolationexecutionpolicy
)
- [ADMX_Printing/PrintDriverIsolationOverrideCompat](./policy-csp-admx-printing.md#admx-printing-printdriverisolationoverridecompat)
- [ADMX_Printing/PrinterDirectorySearchScope](./policy-csp-admx-printing.md#admx-printing-printerdirectorysearchscope)
- [ADMX_Printing/PrinterServerThread](./policy-csp-admx-printing.md#admx-printing-printerserverthread)
- [ADMX_Printing/ShowJobTitleInEventLogs](./policy-csp-admx-printing.md#admx-printing-showjobtitleineventlogs)
- [ADMX_Printing/V4DriverDisallowPrinterExtension](./policy-csp-admx-printing.md#admx-printing-v4driverdisallowprinterextension)
- [ADMX_Printing2/AutoPublishing](./policy-csp-admx-printing2.md#admx-printing2-autopublishing)
- [ADMX_Printing2/ImmortalPrintQueue](./policy-csp-admx-printing2.md#admx-printing2-immortalprintqueue)
- [ADMX_Printing2/PruneDownlevel](./policy-csp-admx-printing2.md#admx-printing2-prunedownlevel)
- [ADMX_Printing2/PruningInterval](./policy-csp-admx-printing2.md#admx-printing2-pruninginterval)
- [ADMX_Printing2/PruningPriority](./policy-csp-admx-printing2.md#admx-printing2-pruningpriority)
- [ADMX_Printing2/PruningRetries](./policy-csp-admx-printing2.md#admx-printing2-pruningretries)
- [ADMX_Printing2/PruningRetryLog](./policy-csp-admx-printing2.md#admx-printing2-pruningretrylog)
- [ADMX_Printing2/RegisterSpoolerRemoteRpcEndPoint](./policy-csp-admx-printing2.md#admx-printing2-registerspoolerremoterpcendpoint)
- [ADMX_Printing2/VerifyPublishedState](./policy-csp-admx-printing2.md#admx-printing2-verifypublishedstate)
- [ADMX_Programs/NoDefaultPrograms](./policy-csp-admx-programs.md#admx-programs-nodefaultprograms)
- [ADMX_Programs/NoGetPrograms](./policy-csp-admx-programs.md#admx-programs-nogetprograms)
- [ADMX_Programs/NoInstalledUpdates](./policy-csp-admx-programs.md#admx-programs-noinstalledupdates)
@ -659,6 +865,44 @@ ms.date: 10/08/2020
- [ADMX_Reliability/PCH_ReportShutdownEvents](./policy-csp-admx-reliability.md#admx-reliability-pch-reportshutdownevents)
- [ADMX_Reliability/ShutdownEventTrackerStateFile](./policy-csp-admx-reliability.md#admx-reliability-shutdowneventtrackerstatefile)
- [ADMX_Reliability/ShutdownReason](./policy-csp-admx-reliability.md#admx-reliability-shutdownreason)
- [ADMX_RemoteAssistance/RA_EncryptedTicketOnly](./policy-csp-admx-remoteassistance.md#admx-remoteassistance-ra-encryptedticketonly)
- [ADMX_RemoteAssistance/RA_Optimize_Bandwidth](./policy-csp-admx-remoteassistance.md#admx-remoteassistance-ra-optimize-bandwidth)
- [ADMX_RemovableStorage/AccessRights_RebootTime_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-accessrights-reboottime-1)
- [ADMX_RemovableStorage/AccessRights_RebootTime_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-accessrights-reboottime-2)
- [ADMX_RemovableStorage/CDandDVD_DenyExecute_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-cdanddvd-denyexecute-access-2)
- [ADMX_RemovableStorage/CDandDVD_DenyRead_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-cdanddvd-denyread-access-1)
- [ADMX_RemovableStorage/CDandDVD_DenyRead_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-cdanddvd-denyread-access-2)
- [ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-cdanddvd-denywrite-access-1)
- [ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-cdanddvd-denywrite-access-2)
- [ADMX_RemovableStorage/CustomClasses_DenyRead_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-customclasses-denyread-access-1)
- [ADMX_RemovableStorage/CustomClasses_DenyRead_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-customclasses-denyread-access-2)
- [ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-customclasses-denywrite-access-1)
- [ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-customclasses-denywrite-access-2)
- [ADMX_RemovableStorage/FloppyDrives_DenyExecute_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-floppydrives-denyexecute-access-2)
- [ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-floppydrives-denyread-access-1)
- [ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-floppydrives-denyread-access-2)
- [ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-floppydrives-denywrite-access-1)
- [ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-floppydrives-denywrite-access-2)
- [ADMX_RemovableStorage/RemovableDisks_DenyExecute_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-removabledisks-denyexecute-access-2)
- [ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-removabledisks-denyread-access-1)
- [ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-removabledisks-denyread-access-2)
- [ADMX_RemovableStorage/RemovableDisks_DenyWrite_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-removabledisks-denywrite-access-1)
- [ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-removablestorageclasses-denyall-access-1)
- [ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-removablestorageclasses-denyall-access-2)
- [ADMX_RemovableStorage/Removable_Remote_Allow_Access](./policy-csp-admx-removablestorage.md#admx-removablestorage-removable-remote-allow-access)
- [ADMX_RemovableStorage/TapeDrives_DenyExecute_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-tapedrives-denyexecute-access-2)
- [ADMX_RemovableStorage/TapeDrives_DenyRead_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-tapedrives-denyread-access-1)
- [ADMX_RemovableStorage/TapeDrives_DenyRead_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-tapedrives-denyread-access-2)
- [ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-tapedrives-denywrite-access-1)
- [ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-tapedrives-denywrite-access-2)
- [ADMX_RemovableStorage/WPDDevices_DenyRead_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-wpddevices-denyread-access-1)
- [ADMX_RemovableStorage/WPDDevices_DenyRead_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-wpddevices-denyread-access-2)
- [ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_1](./policy-csp-admx-removablestorage.md#admx-removablestorage-wpddevices-denywrite-access-1)
- [ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_2](./policy-csp-admx-removablestorage.md#admx-removablestorage-wpddevices-denywrite-access-2)
- [ADMX_RPC/RpcExtendedErrorInformation](./policy-csp-admx-rpc.md#admx-rpc-rpcextendederrorinformation)
- [ADMX_RPC/RpcIgnoreDelegationFailure](./policy-csp-admx-rpc.md#admx-rpc-rpcignoredelegationfailure)
- [ADMX_RPC/RpcMinimumHttpConnectionTimeout](./policy-csp-admx-rpc.md#admx-rpc-rpcminimumhttpconnectiontimeout)
- [ADMX_RPC/RpcStateInformation](./policy-csp-admx-rpc.md#admx-rpc-rpcstateinformation)
- [ADMX_Scripts/Allow_Logon_Script_NetbiosDisabled](./policy-csp-admx-scripts.md#admx-scripts-allow-logon-script-netbiosdisabled)
- [ADMX_Scripts/MaxGPOScriptWaitPolicy](./policy-csp-admx-scripts.md#admx-scripts-maxgposcriptwaitpolicy)
- [ADMX_Scripts/Run_Computer_PS_Scripts_First](./policy-csp-admx-scripts.md#admx-scripts-run-computer-ps-scripts-first)
@ -697,6 +941,7 @@ ms.date: 10/08/2020
- [ADMX_ShellCommandPromptRegEditTools/DisableRegedit](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disableregedit)
- [ADMX_ShellCommandPromptRegEditTools/DisallowApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disallowapps)
- [ADMX_ShellCommandPromptRegEditTools/RestrictApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disablecmd)
- [ADMX_SkyDrive/PreventNetworkTrafficPreUserSignIn](./policy-csp-admx-skydrive.md#admx-skydrive-preventnetworktrafficpreusersignin)
- [ADMX_Smartcard/AllowCertificatesWithNoEKU](./policy-csp-admx-smartcard.md#admx-smartcard-allowcertificateswithnoeku)
- [ADMX_Smartcard/AllowIntegratedUnblock](./policy-csp-admx-smartcard.md#admx-smartcard-allowintegratedunblock)
- [ADMX_Smartcard/AllowSignatureOnlyKeys](./policy-csp-admx-smartcard.md#admx-smartcard-allowsignatureonlykeys)
@ -1072,6 +1317,8 @@ ms.date: 10/08/2020
- [ADMX_WindowsMediaPlayer/PreventWMPDeskTopShortcut](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventwmpdesktopshortcut)
- [ADMX_WindowsMediaPlayer/SkinLockDown](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-skinlockdown)
- [ADMX_WindowsMediaPlayer/WindowsStreamingMediaProtocols](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-windowsstreamingmediaprotocols)
- [ADMX_WindowsRemoteManagement/DisallowKerberos_1](./policy-csp-admx-windowsremotemanagement.md#admx-windowsremotemanagement-disallowkerberos-1)
- [ADMX_WindowsRemoteManagement/DisallowKerberos_2](./policy-csp-admx-windowsremotemanagement.md#admx-windowsremotemanagement-disallowkerberos-2)
- [ADMX_WindowsStore/DisableAutoDownloadWin8](./policy-csp-admx-windowsstore.md#admx-windowsstore-disableautodownloadwin8)
- [ADMX_WindowsStore/DisableOSUpgrade_1](./policy-csp-admx-windowsstore.md#admx-windowsstore-disableosupgrade-1)
- [ADMX_WindowsStore/DisableOSUpgrade_2](./policy-csp-admx-windowsstore.md#admx-windowsstore-disableosupgrade-2)

824
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -1033,6 +1033,26 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
</dl>
### ADMX_Explorer policies
<dl>
<dd>
<a href="./policy-csp-admx-explorer.md#admx-explorer-admininfourl" id="admx-explorer-admininfourl">ADMX_Explorer/AdminInfoUrl</a>
</dd>
<dd>
<a href="./policy-csp-admx-explorer.md#admx-explorer-alwaysshowclassicmenu" id="admx-explorer-alwaysshowclassicmenu">ADMX_Explorer/AlwaysShowClassicMenu</a>
</dd>
<dd>
<a href="./policy-csp-admx-explorer.md#admx-explorer-disableroamedprofileinit" id="admx-explorer-disableroamedprofileinit">ADMX_Explorer/DisableRoamedProfileInit</a>
</dd>
<dd>
<a href="./policy-csp-admx-explorer.md#admx-explorer-preventitemcreationinusersfilesfolder" id="admx-explorer-preventitemcreationinusersfilesfolder">ADMX_Explorer/PreventItemCreationInUsersFilesFolder</a>
</dd>
<dd>
<a href="./policy-csp-admx-explorer.md#admx-explorer-turnoffspianimations" id="admx-explorer-turnoffspianimations">ADMX_Explorer/TurnOffSPIAnimations</a>
</dd>
</dl>
### ADMX_FileServerVSSProvider policies
<dl>
<dd>
@ -1109,6 +1129,217 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
</dl>
### ADMX_Globalization policies
<dl>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-blockuserinputmethodsforsignin" id="admx-globalization-blockuserinputmethodsforsignin">ADMX_Globalization/BlockUserInputMethodsForSignIn</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-1" id="admx-globalization-customlocalesnoselect-1">ADMX_Globalization/CustomLocalesNoSelect_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-2" id="admx-globalization-customlocalesnoselect-2">ADMX_Globalization/CustomLocalesNoSelect_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-hideadminoptions" id="admx-globalization-hideadminoptions">ADMX_Globalization/HideAdminOptions</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-hidecurrentlocation" id="admx-globalization-hidecurrentlocation">ADMX_Globalization/HideCurrentLocation</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-hidelanguageselection" id="admx-globalization-hidelanguageselection">ADMX_Globalization/HideLanguageSelection</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-hidelocaleselectandcustomize" id="admx-globalization-hidelocaleselectandcustomize">ADMX_Globalization/HideLocaleSelectAndCustomize</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-implicitdatacollectionoff-1" id="admx-globalization-implicitdatacollectionoff-1">ADMX_Globalization/ImplicitDataCollectionOff_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-implicitdatacollectionoff-2" id="admx-globalization-implicitdatacollectionoff-2">ADMX_Globalization/ImplicitDataCollectionOff_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-localesystemrestrict" id="admx-globalization-localesystemrestrict">ADMX_Globalization/LocaleSystemRestrict</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-localeuserrestrict-1" id="admx-globalization-localeuserrestrict-1">ADMX_Globalization/LocaleUserRestrict_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-localeuserrestrict-2" id="admx-globalization-localeuserrestrict-2">ADMX_Globalization/LocaleUserRestrict_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-lockmachineuilanguage" id="admx-globalization-lockmachineuilanguage">ADMX_Globalization/LockMachineUILanguage</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-lockuseruilanguage" id="admx-globalization-lockuseruilanguage">ADMX_Globalization/LockUserUILanguage</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-preventgeoidchange-1" id="admx-globalization-preventgeoidchange-1">ADMX_Globalization/PreventGeoIdChange_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-preventgeoidchange-2" id="admx-globalization-preventgeoidchange-2">ADMX_Globalization/PreventGeoIdChange_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-preventuseroverrides-1" id="admx-globalization-preventuseroverrides-1">ADMX_Globalization/PreventUserOverrides_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-preventuseroverrides-2" id="admx-globalization-preventuseroverrides-2">ADMX_Globalization/PreventUserOverrides_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-restrictuilangselect" id="admx-globalization-restrictuilangselect">ADMX_Globalization/RestrictUILangSelect</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-turnoffautocorrectmisspelledwords" id="admx-globalization-turnoffautocorrectmisspelledwords">ADMX_Globalization/TurnOffAutocorrectMisspelledWords</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-turnoffhighlightmisspelledwords" id="admx-globalization-turnoffhighlightmisspelledwords">ADMX_Globalization/TurnOffHighlightMisspelledWords</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-turnoffinsertspace" id="admx-globalization-turnoffinsertspace">ADMX_Globalization/TurnOffInsertSpace</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-turnoffoffertextpredictions" id="admx-globalization-turnoffoffertextpredictions">ADMX_Globalization/TurnOffOfferTextPredictions</a>
</dd>
<dd>
<a href="./policy-csp-admx-globalization.md#admx-globalization-y2k" id="admx-globalization-y2k">ADMX_Globalization/Y2K</a>
</dd>
</dl>
### ADMX_GroupPolicy policies
<dl>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-allowx-forestpolicy-and-rup" id="admx-grouppolicy-allowx-forestpolicy-and-rup">ADMX_GroupPolicy/AllowX-ForestPolicy-and-RUP</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-appmgmt" id="admx-grouppolicy-cse-appmgmt">ADMX_GroupPolicy/CSE_AppMgmt</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-diskquota" id="admx-grouppolicy-cse-diskquota">ADMX_GroupPolicy/CSE_DiskQuota</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-efsrecovery" id="admx-grouppolicy-cse-efsrecovery">ADMX_GroupPolicy/CSE_EFSRecovery</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-folderredirection" id="admx-grouppolicy-cse-folderredirection">ADMX_GroupPolicy/CSE_FolderRedirection</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-iem" id="admx-grouppolicy-cse-iem">ADMX_GroupPolicy/CSE_IEM</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-ipsecurity" id="admx-grouppolicy-cse-ipsecurity">ADMX_GroupPolicy/CSE_IPSecurity</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-registry" id="admx-grouppolicy-cse-registry">ADMX_GroupPolicy/CSE_Registry</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-scripts" id="admx-grouppolicy-cse-scripts">ADMX_GroupPolicy/CSE_Scripts</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-security" id="admx-grouppolicy-cse-security">ADMX_GroupPolicy/CSE_Security</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-wired" id="admx-grouppolicy-cse-wired">ADMX_GroupPolicy/CSE_Wired</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-cse-wireless" id="admx-grouppolicy-cse-wireless">ADMX_GroupPolicy/CSE_Wireless</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-corpconnsyncwaittime" id="admx-grouppolicy-corpconnsyncwaittime">ADMX_GroupPolicy/CorpConnSyncWaitTime</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-denyrsoptointeractiveuser-1" id="admx-grouppolicy-denyrsoptointeractiveuser-1">ADMX_GroupPolicy/DenyRsopToInteractiveUser_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-denyrsoptointeractiveuser-2" id="admx-grouppolicy-denyrsoptointeractiveuser-2">ADMX_GroupPolicy/DenyRsopToInteractiveUser_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-disableaoacprocessing" id="admx-grouppolicy-disableaoacprocessing">ADMX_GroupPolicy/DisableAOACProcessing</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-disableautoadmupdate" id="admx-grouppolicy-disableautoadmupdate">ADMX_GroupPolicy/DisableAutoADMUpdate</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-disablebackgroundpolicy" id="admx-grouppolicy-disablebackgroundpolicy">ADMX_GroupPolicy/DisableBackgroundPolicy</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-disablelgpoprocessing" id="admx-grouppolicy-disablelgpoprocessing">ADMX_GroupPolicy/DisableLGPOProcessing</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-disableusersfrommachgp" id="admx-grouppolicy-disableusersfrommachgp">ADMX_GroupPolicy/DisableUsersFromMachGP</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-enablecdp" id="admx-grouppolicy-enablecdp">ADMX_GroupPolicy/EnableCDP</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-enablelogonoptimization" id="admx-grouppolicy-enablelogonoptimization">ADMX_GroupPolicy/EnableLogonOptimization</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-enablelogonoptimizationonserversku" id="admx-grouppolicy-enablelogonoptimizationonserversku">ADMX_GroupPolicy/EnableLogonOptimizationOnServerSKU</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-enablemmx" id="admx-grouppolicy-enablemmx">ADMX_GroupPolicy/EnableMMX</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-enforcepoliciesonly" id="admx-grouppolicy-enforcepoliciesonly">ADMX_GroupPolicy/EnforcePoliciesOnly</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-fontmitigation" id="admx-grouppolicy-fontmitigation">ADMX_GroupPolicy/FontMitigation</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-gpdcoptions" id="admx-grouppolicy-gpdcoptions">ADMX_GroupPolicy/GPDCOptions</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-gptransferrate-1" id="admx-grouppolicy-gptransferrate-1">ADMX_GroupPolicy/GPTransferRate_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-gptransferrate-2" id="admx-grouppolicy-gptransferrate-2">ADMX_GroupPolicy/GPTransferRate_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-grouppolicyrefreshrate" id="admx-grouppolicy-grouppolicyrefreshrate">ADMX_GroupPolicy/GroupPolicyRefreshRate</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-grouppolicyrefreshratedc" id="admx-grouppolicy-grouppolicyrefreshratedc">ADMX_GroupPolicy/GroupPolicyRefreshRateDC</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-grouppolicyrefreshrateuser" id="admx-grouppolicy-grouppolicyrefreshrateuser">ADMX_GroupPolicy/GroupPolicyRefreshRateUser</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-logonscriptdelay" id="admx-grouppolicy-logonscriptdelay">ADMX_GroupPolicy/LogonScriptDelay</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-newgpodisplayname" id="admx-grouppolicy-newgpodisplayname">ADMX_GroupPolicy/NewGPODisplayName</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-newgpolinksdisabled" id="admx-grouppolicy-newgpolinksdisabled">ADMX_GroupPolicy/NewGPOLinksDisabled</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-onlyuselocaladminfiles" id="admx-grouppolicy-onlyuselocaladminfiles">ADMX_GroupPolicy/OnlyUseLocalAdminFiles</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-processmitigationoptions" id="admx-grouppolicy-processmitigationoptions">ADMX_GroupPolicy/ProcessMitigationOptions</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-rsoplogging" id="admx-grouppolicy-rsoplogging">ADMX_GroupPolicy/RSoPLogging</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-resetdfsclientinfoduringrefreshpolicy" id="admx-grouppolicy-resetdfsclientinfoduringrefreshpolicy">ADMX_GroupPolicy/ResetDfsClientInfoDuringRefreshPolicy</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-slowlinkdefaultfordirectaccess" id="admx-grouppolicy-slowlinkdefaultfordirectaccess">ADMX_GroupPolicy/SlowLinkDefaultForDirectAccess</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-slowlinkdefaulttoasync" id="admx-grouppolicy-slowlinkdefaulttoasync">ADMX_GroupPolicy/SlowlinkDefaultToAsync</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-syncwaittime" id="admx-grouppolicy-syncwaittime">ADMX_GroupPolicy/SyncWaitTime</a>
</dd>
<dd>
<a href="./policy-csp-admx-grouppolicy.md#admx-grouppolicy-userpolicymode" id="admx-grouppolicy-userpolicymode">ADMX_GroupPolicy/UserPolicyMode</a>
</dd>
</dl>
### ADMX_HelpAndSupport policies
<dl>
<dd>
@ -1125,6 +1356,89 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
</dl>
## ADMX_ICM policies
<dl>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-ceipenable" id="admx-icm-ceipenable">ADMX_ICM/CEIPEnable</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-certmgr-disableautorootupdates" id="admx-icm-certmgr-disableautorootupdates">ADMX_ICM/CertMgr_DisableAutoRootUpdates</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-disablehttpprinting-1" id="admx-icm-disablehttpprinting-1">ADMX_ICM/DisableHTTPPrinting_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-disablewebpnpdownload-1" id="admx-icm-disablewebpnpdownload-1">ADMX_ICM/DisableWebPnPDownload_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-driversearchplaces-dontsearchwindowsupdate" id="admx-icm-driversearchplaces-dontsearchwindowsupdate">ADMX_ICM/DriverSearchPlaces_DontSearchWindowsUpdate</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-eventviewer-disablelinks" id="admx-icm-eventviewer-disablelinks">ADMX_ICM/EventViewer_DisableLinks</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-hss-headlinespolicy" id="admx-icm-hss-headlinespolicy">ADMX_ICM/HSS_HeadlinesPolicy</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-hss-kbsearchpolicy" id="admx-icm-hss-kbsearchpolicy">ADMX_ICM/HSS_KBSearchPolicy</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-internetmanagement-restrictcommunication-1" id="admx-icm-internetmanagement-restrictcommunication-1">ADMX_ICM/InternetManagement_RestrictCommunication_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-internetmanagement-restrictcommunication-2" id="admx-icm-internetmanagement-restrictcommunication-2">ADMX_ICM/InternetManagement_RestrictCommunication_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-nc-exitonisp" id="admx-icm-nc-exitonisp">ADMX_ICM/NC_ExitOnISP</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-nc-noregistration" id="admx-icm-nc-noregistration">ADMX_ICM/NC_NoRegistration</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-pch-donotreport" id="admx-icm-pch-donotreport">ADMX_ICM/PCH_DoNotReport</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-removewindowsupdate-icm" id="admx-icm-removewindowsupdate-icm">ADMX_ICM/RemoveWindowsUpdate_ICM</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-searchcompanion-disablefileupdates" id="admx-icm-searchcompanion-disablefileupdates">ADMX_ICM/SearchCompanion_DisableFileUpdates</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-shellnouseinternetopenwith-1" id="admx-icm-shellnouseinternetopenwith-1">ADMX_ICM/ShellNoUseInternetOpenWith_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-shellnouseinternetopenwith-2" id="admx-icm-shellnouseinternetopenwith-2">ADMX_ICM/ShellNoUseInternetOpenWith_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-shellnousestoreopenwith-1" id="admx-icm-shellnousestoreopenwith-1">ADMX_ICM/ShellNoUseStoreOpenWith_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-shellnousestoreopenwith-2" id="admx-icm-shellnousestoreopenwith-2">ADMX_ICM/ShellNoUseStoreOpenWith_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-shellpreventwpwdownload-1" id="admx-icm-shellpreventwpwdownload-1">ADMX_ICM/ShellPreventWPWDownload_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-shellremoveorderprints-1" id="admx-icm-shellremoveorderprints-1">ADMX_ICM/ShellRemoveOrderPrints_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-shellremoveorderprints-2" id="admx-icm-shellremoveorderprints-2">ADMX_ICM/ShellRemoveOrderPrints_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-shellremovepublishtoweb-1" id="admx-icm-shellremovepublishtoweb-1">ADMX_ICM/ShellRemovePublishToWeb_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-shellremovepublishtoweb-2" id="admx-icm-shellremovepublishtoweb-2">ADMX_ICM/ShellRemovePublishToWeb_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-winmsg_noinstrumentation-1" id="admx-icm-winmsg_noinstrumentation-1">ADMX_ICM/WinMSG_NoInstrumentation_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-icm.md#admx-icm-winmsg_noinstrumentation-2" id="admx-icm-winmsg_noinstrumentation-2">ADMX_ICM/WinMSG_NoInstrumentation_2</a>
</dd>
</dl>
### ADMX_kdc policies
<dl>
<dd>
@ -1192,6 +1506,20 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
</dl>
### ADMX_LanmanWorkstation policies
<dl>
<dd>
<a href="./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-ciphersuiteorder" id="admx-lanmanworkstation-pol-ciphersuiteorder">ADMX_LanmanWorkstation/Pol_CipherSuiteOrder</a>
</dd>
<dd>
<a href="./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-enablehandlecachingforcafiles" id="admx-lanmanworkstation-pol-enablehandlecachingforcafiles">ADMX_LanmanWorkstation/Pol_EnableHandleCachingForCAFiles</a>
</dd>
<dd>
<a href="./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-enableofflinefilesforcashares" id="admx-lanmanworkstation-pol-enableofflinefilesforcashares">ADMX_LanmanWorkstation/Pol_EnableOfflineFilesforCAShares</a>
</dd>
</dl>
### ADMX_LinkLayerTopologyDiscovery policies
<dl>
<dd>
@ -1202,6 +1530,56 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
</dl>
### ADMX_Logon policies
<dl>
<dd>
<a href="./policy-csp-admx-logon.md#admx-logon-blockuserfromshowingaccountdetailsonsignin" id="admx-logon-blockuserfromshowingaccountdetailsonsignin">ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin</a>
</dd>
<dd>
<a href="./policy-csp-admx-logon.md#admx-logon-disableacrylicbackgroundonlogon" id="admx-logon-disableacrylicbackgroundonlogon">ADMX_Logon/DisableAcrylicBackgroundOnLogon</a>
</dd>
<dd>
<a href="./policy-csp-admx-logon.md#admx-logon-disableexplorerrunlegacy-1" id="admx-logon-disableexplorerrunlegacy-1">ADMX_Logon/DisableExplorerRunLegacy_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-logon.md#admx-logon-disableexplorerrunlegacy-2" id="admx-logon-disableexplorerrunlegacy-2">ADMX_Logon/DisableExplorerRunLegacy_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-logon.md#admx-logon-disableexplorerrunoncelegacy-1" id="admx-logon-disableexplorerrunoncelegacy-1">ADMX_Logon/DisableExplorerRunOnceLegacy_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-logon.md#admx-logon-disableexplorerrunoncelegacy-2" id="admx-logon-disableexplorerrunoncelegacy-2">ADMX_Logon/DisableExplorerRunOnceLegacy_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-logon.md#admx-logon-disablestatusmessages" id="admx-logon-disablestatusmessages">ADMX_Logon/DisableStatusMessages</a>
</dd>
<dd>
<a href="./policy-csp-admx-logon.md#admx-logon-dontenumerateconnectedusers" id="admx-logon-dontenumerateconnectedusers">ADMX_Logon/DontEnumerateConnectedUsers</a>
</dd>
<dd>
<a href="./policy-csp-admx-logon.md#admx-logon-nowelcometips-1" id="admx-logon-nowelcometips-1">ADMX_Logon/NoWelcomeTips_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-logon.md#admx-logon-nowelcometips-2" id="admx-logon-nowelcometips-2">ADMX_Logon/NoWelcomeTips_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-logon.md#admx-logon-run-1" id="admx-logon-run-1">ADMX_Logon/Run_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-logon.md#admx-logon-run-2" id="admx-logon-run-2">ADMX_Logon/Run_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-logon.md#admx-logon-syncforegroundpolicy" id="admx-logon-syncforegroundpolicy">ADMX_Logon/SyncForegroundPolicy</a>
</dd>
<dd>
<a href="./policy-csp-admx-logon.md#admx-logon-useoembackground" id="admx-logon-useoembackground">ADMX_Logon/UseOEMBackground</a>
</dd>
<dd>
<a href="./policy-csp-admx-logon.md#admx-logon-verbosestatus" id="admx-logon-verbosestatus">ADMX_Logon/VerboseStatus</a>
</dd>
</dl>
### ADMX_MicrosoftDefenderAntivirus policies
<dl>
@ -1829,6 +2207,108 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
<dd>
### ADMX_msched policies
<dl>
<dd>
<a href="./policy-csp-admx-msched.md#admx-msched-activationboundarypolicy" id="admx-msched-activationboundarypolicy">ADMX_msched/ActivationBoundaryPolicy</a>
</dd>
<dd>
<a href="./policy-csp-admx-msched.md#admx-msched-randomdelaypolicy" id="admx-msched-randomdelaypolicy">ADMX_msched/RandomDelayPolicy</a>
</dd>
</dl>
### ADMX_MSDT policies
<dl>
<dd>
<a href="./policy-csp-admx-msdt.md#admx-msdt-msdtsupportprovider" id="admx-msdt-msdtsupportprovider">ADMX_MSDT/MsdtSupportProvider</a>
</dd>
<dd>
<a href="./policy-csp-admx-msdt.md#admx-msdt-msdttooldownloadpolicy" id="admx-msdt-msdttooldownloadpolicy">ADMX_MSDT/MsdtToolDownloadPolicy</a>
</dd>
<dd>
<a href="./policy-csp-admx-msdt.md#admx-msdt-wdiscenarioexecutionpolicy" id="admx-msdt-wdiscenarioexecutionpolicy">ADMX_MSDT/WdiScenarioExecutionPolicy</a>
</dd>
</dl>
### ADMX_MSI policies
<dl>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-allowlockdownbrowse" id="admx-msi-allowlockdownbrowse">ADMX_MSI/AllowLockdownBrowse</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-allowlockdownmedia" id="admx-msi-allowlockdownmedia">ADMX_MSI/AllowLockdownMedia</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-allowlockdownpatch" id="admx-msi-allowlockdownpatch">ADMX_MSI/AllowLockdownPatch</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-disableautomaticapplicationshutdown" id="admx-msi-disableautomaticapplicationshutdown">ADMX_MSI/DisableAutomaticApplicationShutdown</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-disablebrowse" id="admx-msi-disablebrowse">ADMX_MSI/DisableBrowse</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-disableflyweightpatching" id="admx-msi-disableflyweightpatching">ADMX_MSI/DisableFlyweightPatching</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-disableloggingfrompackage" id="admx-msi-disableloggingfrompackage">ADMX_MSI/DisableLoggingFromPackage</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-disablemsi" id="admx-msi-disablemsi">ADMX_MSI/DisableMSI</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-disablemedia" id="admx-msi-disablemedia">ADMX_MSI/DisableMedia</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-disablepatch" id="admx-msi-disablepatch">ADMX_MSI/DisablePatch</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-disablerollback-1" id="admx-msi-disablerollback-1">ADMX_MSI/DisableRollback_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-disablerollback-2" id="admx-msi-disablerollback-2">ADMX_MSI/DisableRollback_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-disablesharedcomponent" id="admx-msi-disablesharedcomponent">ADMX_MSI/DisableSharedComponent</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-msilogging" id="admx-msi-msilogging">ADMX_MSI/MSILogging</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-msi-disableluapatching" id="admx-msi-msi-disableluapatching">ADMX_MSI/MSI_DisableLUAPatching</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-msi-disablepatchuninstall" id="admx-msi-msi-disablepatchuninstall">ADMX_MSI/MSI_DisablePatchUninstall</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-msi-disablesrcheckpoints" id="admx-msi-msi-disablesrcheckpoints">ADMX_MSI/MSI_DisableSRCheckPoints</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-msi-disableuserinstalls" id="admx-msi-msi-disableuserinstalls">ADMX_MSI/MSI_DisableUserInstalls</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-msi-enforceupgradecomponentrules" id="admx-msi-msi-enforceupgradecomponentrules">ADMX_MSI/MSI_EnforceUpgradeComponentRules</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-msi-maxpatchcachesize" id="admx-msi-msi-maxpatchcachesize">ADMX_MSI/MSI_MaxPatchCacheSize</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-msidisableembeddedui" id="admx-msi-msidisableembeddedui">ADMX_MSI/MsiDisableEmbeddedUI</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-safeforscripting" id="admx-msi-safeforscripting">ADMX_MSI/SafeForScripting</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-searchorder" id="admx-msi-searchorder">ADMX_MSI/SearchOrder</a>
</dd>
<dd>
<a href="./policy-csp-admx-msi.md#admx-msi-transformssecure" id="admx-msi-transformssecure">ADMX_MSI/TransformsSecure</a>
</dd>
</dl>
### ADMX_nca policies
<dl>
<dd>
@ -2269,6 +2749,86 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
</dl>
### ADMX_Power policies
<dl>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-acconnectivityinstandby-2" id="admx-power-acconnectivityinstandby-2">ADMX_Power/ACConnectivityInStandby_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-accriticalsleeptransitionsdisable-2" id="admx-power-accriticalsleeptransitionsdisable-2">ADMX_Power/ACCriticalSleepTransitionsDisable_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-acstartmenubuttonaction-2" id="admx-power-acstartmenubuttonaction-2">ADMX_Power/ACStartMenuButtonAction_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-allowsystempowerrequestac" id="admx-power-allowsystempowerrequestac">ADMX_Power/AllowSystemPowerRequestAC</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-allowsystempowerrequestdc" id="admx-power-allowsystempowerrequestdc">ADMX_Power/AllowSystemPowerRequestDC</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-allowsystemsleepwithremotefilesopenac" id="admx-power-allowsystemsleepwithremotefilesopenac">ADMX_Power/AllowSystemSleepWithRemoteFilesOpenAC</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-allowsystemsleepwithremotefilesopendc" id="admx-power-allowsystemsleepwithremotefilesopendc">ADMX_Power/AllowSystemSleepWithRemoteFilesOpenDC</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-customactiveschemeoverride-2" id="admx-power-customactiveschemeoverride-2">ADMX_Power/CustomActiveSchemeOverride_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-dcbatterydischargeaction0-2" id="admx-power-dcbatterydischargeaction0-2">ADMX_Power/DCBatteryDischargeAction0_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-dcbatterydischargeaction1-2" id="admx-power-dcbatterydischargeaction1-2">ADMX_Power/DCBatteryDischargeAction1_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-dcbatterydischargelevel0-2" id="admx-power-dcbatterydischargelevel0-2">ADMX_Power/DCBatteryDischargeLevel0_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-dcbatterydischargelevel1uinotification-2" id="admx-power-dcbatterydischargelevel1uinotification-2">ADMX_Power/DCBatteryDischargeLevel1UINotification_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-dcbatterydischargelevel1-2" id="admx-power-dcbatterydischargelevel1-2">ADMX_Power/DCBatteryDischargeLevel1_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-dcconnectivityinstandby-2" id="admx-power-dcconnectivityinstandby-2">ADMX_Power/DCConnectivityInStandby_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-dccriticalsleeptransitionsdisable-2" id="admx-power-dccriticalsleeptransitionsdisable-2">ADMX_Power/DCCriticalSleepTransitionsDisable_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-dcstartmenubuttonaction-2" id="admx-power-dcstartmenubuttonaction-2">ADMX_Power/DCStartMenuButtonAction_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-diskacpowerdowntimeout-2" id="admx-power-diskacpowerdowntimeout-2">ADMX_Power/DiskACPowerDownTimeOut_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-diskdcpowerdowntimeout-2" id="admx-power-diskdcpowerdowntimeout-2">ADMX_Power/DiskDCPowerDownTimeOut_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-dont-poweroff-aftershutdown" id="admx-power-dont-poweroff-aftershutdown">ADMX_Power/Dont_PowerOff_AfterShutdown</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-enabledesktopslideshowac" id="admx-power-enabledesktopslideshowac">ADMX_Power/EnableDesktopSlideShowAC</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-enabledesktopslideshowdc" id="admx-power-enabledesktopslideshowdc">ADMX_Power/EnableDesktopSlideShowDC</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-inboxactiveschemeoverride-2" id="admx-power-inboxactiveschemeoverride-2">ADMX_Power/InboxActiveSchemeOverride_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-pw-promptpasswordonresume" id="admx-power-pw-promptpasswordonresume">ADMX_Power/PW_PromptPasswordOnResume</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-powerthrottlingturnoff" id="admx-power-powerthrottlingturnoff">ADMX_Power/PowerThrottlingTurnOff</a>
</dd>
<dd>
<a href="./policy-csp-admx-power.md#admx-power-reservebatterynotificationlevel" id="admx-power-reservebatterynotificationlevel">ADMX_Power/ReserveBatteryNotificationLevel</a>
</dd>
</dl>
### ADMX_PowerShellExecutionPolicy policies
<dl>
@ -2286,6 +2846,122 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
</dl>
### ADMX_Printing policies
<dl>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-allowwebprinting" id="admx-printing-allowwebprinting">ADMX_Printing/AllowWebPrinting</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-applicationdriverisolation" id="admx-printing-applicationdriverisolation">ADMX_Printing/ApplicationDriverIsolation</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-customizedsupporturl" id="admx-printing-customizedsupporturl">ADMX_Printing/CustomizedSupportUrl</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-donotinstallcompatibledriverfromwindowsupdate" id="admx-printing-donotinstallcompatibledriverfromwindowsupdate">ADMX_Printing/DoNotInstallCompatibleDriverFromWindowsUpdate</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-domainprinters" id="admx-printing-domainprinters">ADMX_Printing/DomainPrinters</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-downlevelbrowse" id="admx-printing-downlevelbrowse">ADMX_Printing/DownlevelBrowse</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-emfdespooling" id="admx-printing-emfdespooling">ADMX_Printing/EMFDespooling</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-forcesoftwarerasterization" id="admx-printing-forcesoftwarerasterization">ADMX_Printing/ForceSoftwareRasterization</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-intranetprintersurl" id="admx-printing-intranetprintersurl">ADMX_Printing/IntranetPrintersUrl</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-kmprintersareblocked" id="admx-printing-kmprintersareblocked">ADMX_Printing/KMPrintersAreBlocked</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-legacydefaultprintermode" id="admx-printing-legacydefaultprintermode">ADMX_Printing/LegacyDefaultPrinterMode</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-mxdwuselegacyoutputformatmsxps" id="admx-printing-mxdwuselegacyoutputformatmsxps">ADMX_Printing/MXDWUseLegacyOutputFormatMSXPS</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-nodeleteprinter" id="admx-printing-nodeleteprinter">ADMX_Printing/NoDeletePrinter</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-nondomainprinters" id="admx-printing-nondomainprinters">ADMX_Printing/NonDomainPrinters</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-packagepointandprintonly" id="admx-printing-packagepointandprintonly">ADMX_Printing/PackagePointAndPrintOnly</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-packagepointandprintonly-win7" id="admx-printing-packagepointandprintonly-win7">ADMX_Printing/PackagePointAndPrintOnly_Win7</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-packagepointandprintserverlist" id="admx-printing-packagepointandprintserverlist">ADMX_Printing/PackagePointAndPrintServerList</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-packagepointandprintserverlist-win7" id="admx-printing-packagepointandprintserverlist-win7">ADMX_Printing/PackagePointAndPrintServerList_Win7</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-physicallocation" id="admx-printing-physicallocation">ADMX_Printing/PhysicalLocation</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-physicallocationsupport" id="admx-printing-physicallocationsupport">ADMX_Printing/PhysicalLocationSupport</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-printdriverisolationexecutionpolicy
" id="admx-printing-printdriverisolationexecutionpolicy">ADMX_Printing/PrintDriverIsolationExecutionPolicy</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-printdriverisolationoverridecompat" id="admx-printing-printdriverisolationoverridecompat">ADMX_Printing/PrintDriverIsolationOverrideCompat</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-printerdirectorysearchscope" id="admx-printing-printerdirectorysearchscope">ADMX_Printing/PrinterDirectorySearchScope</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-printerserverthread" id="admx-printing-printerserverthread">ADMX_Printing/PrinterServerThread</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-showjobtitleineventlogs" id="admx-printing-showjobtitleineventlogs">ADMX_Printing/ShowJobTitleInEventLogs</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing.md#admx-printing-v4driverdisallowprinterextension" id="admx-printing-v4driverdisallowprinterextension">ADMX_Printing/V4DriverDisallowPrinterExtension</a>
</dd>
</dl>
### ADMX_Printing2 policies
<dl>
<dd>
<a href="./policy-csp-admx-printing2.md#admx-printing2-autopublishing" id="admx-printing2-autopublishing">ADMX_Printing2/AutoPublishing</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing2.md#admx-printing2-immortalprintqueue" id="admx-printing2-immortalprintqueue">ADMX_Printing2/ImmortalPrintQueue</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing2.md#admx-printing2-prunedownlevel" id="admx-printing2-prunedownlevel">ADMX_Printing2/PruneDownlevel</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing2.md#admx-printing2-pruninginterval" id="admx-printing2-pruninginterval">ADMX_Printing2/PruningInterval</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing2.md#admx-printing2-pruningpriority" id="admx-printing2-pruningpriority">ADMX_Printing2/PruningPriority</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing2.md#admx-printing2-pruningretries" id="admx-printing2-pruningretries">ADMX_Printing2/PruningRetries</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing2.md#admx-printing2-pruningretrylog" id="admx-printing2-pruningretrylog">ADMX_Printing2/PruningRetryLog</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing2.md#admx-printing2-registerspoolerremoterpcendpoint" id="admx-printing2-registerspoolerremoterpcendpoint">ADMX_Printing2/RegisterSpoolerRemoteRpcEndPoint</a>
</dd>
<dd>
<a href="./policy-csp-admx-printing2.md#admx-printing2-verifypublishedstate" id="admx-printing2-verifypublishedstate">ADMX_Printing2/VerifyPublishedState</a>
</dd>
</dl>
### ADMX_Programs policies
<dl>
@ -2329,6 +3005,135 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
</dl>
### ADMX_RemoteAssistance policies
<dl>
<dd>
<a href="./policy-csp-admx-remoteassistance.md#admx-remoteassistance-ra-encryptedticketonly" id="admx-remoteassistance-ra-encryptedticketonly">ADMX_RemoteAssistance/RA_EncryptedTicketOnly</a>
</dd>
<dd>
<a href="./policy-csp-admx-remoteassistance.md#admx-remoteassistance-ra-optimize-bandwidth" id="admx-remoteassistance-ra-optimize-bandwidth">ADMX_RemoteAssistance/RA_Optimize_Bandwidth</a>
</dd>
</dl>
### ADMX_RemovableStorage policies
<dl>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-accessrights-reboottime-1" id="admx-removablestorage-accessrights-reboottime-1">ADMX_RemovableStorage/AccessRights_RebootTime_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-accessrights-reboottime-2" id="admx-removablestorage-accessrights-reboottime-2">ADMX_RemovableStorage/AccessRights_RebootTime_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-cdanddvd-denyexecute-access-2" id="admx-removablestorage-cdanddvd-denyexecute-access-2">ADMX_RemovableStorage/CDandDVD_DenyExecute_Access_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-cdanddvd-denyread-access-1" id="admx-removablestorage-cdanddvd-denyread-access-1">ADMX_RemovableStorage/CDandDVD_DenyRead_Access_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-cdanddvd-denyread-access-2" id="admx-removablestorage-cdanddvd-denyread-access-2">ADMX_RemovableStorage/CDandDVD_DenyRead_Access_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-cdanddvd-denywrite-access-1" id="admx-removablestorage-cdanddvd-denywrite-access-1">ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-cdanddvd-denywrite-access-2" id="admx-removablestorage-cdanddvd-denywrite-access-2">ADMX_RemovableStorage/CDandDVD_DenyWrite_Access_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-customclasses-denyread-access-1" id="admx-removablestorage-customclasses-denyread-access-1">ADMX_RemovableStorage/CustomClasses_DenyRead_Access_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-customclasses-denyread-access-2" id="admx-removablestorage-customclasses-denyread-access-2">ADMX_RemovableStorage/CustomClasses_DenyRead_Access_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-customclasses-denywrite-access-1" id="admx-removablestorage-customclasses-denywrite-access-1">ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-customclasses-denywrite-access-2" id="admx-removablestorage-customclasses-denywrite-access-2">ADMX_RemovableStorage/CustomClasses_DenyWrite_Access_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-floppydrives-denyexecute-access-2" id="admx-removablestorage-floppydrives-denyexecute-access-2">ADMX_RemovableStorage/FloppyDrives_DenyExecute_Access_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-floppydrives-denyread-access-1" id="admx-removablestorage-floppydrives-denyread-access-1">ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-floppydrives-denyread-access-2" id="admx-removablestorage-floppydrives-denyread-access-2">ADMX_RemovableStorage/FloppyDrives_DenyRead_Access_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-floppydrives-denywrite-access-1" id="admx-removablestorage-floppydrives-denywrite-access-1">ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-floppydrives-denywrite-access-2" id="admx-removablestorage-floppydrives-denywrite-access-2">ADMX_RemovableStorage/FloppyDrives_DenyWrite_Access_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-removabledisks-denyexecute-access-2" id="admx-removablestorage-removabledisks-denyexecute-access-2">ADMX_RemovableStorage/RemovableDisks_DenyExecute_Access_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-removabledisks-denyread-access-1" id="admx-removablestorage-removabledisks-denyread-access-1">ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-removabledisks-denyread-access-2" id="admx-removablestorage-removabledisks-denyread-access-2">ADMX_RemovableStorage/RemovableDisks_DenyRead_Access_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-removabledisks-denywrite-access-1" id="admx-removablestorage-removabledisks-denywrite-access-1">ADMX_RemovableStorage/RemovableDisks_DenyWrite_Access_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-removablestorageclasses-denyall-access-1" id="admx-removablestorage-removablestorageclasses-denyall-access-1">ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-removablestorageclasses-denyall-access-2" id="admx-removablestorage-removablestorageclasses-denyall-access-2">ADMX_RemovableStorage/RemovableStorageClasses_DenyAll_Access_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-removable-remote-allow-access" id="admx-removablestorage-removable-remote-allow-access">ADMX_RemovableStorage/Removable_Remote_Allow_Access</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-tapedrives-denyexecute-access-2" id="admx-removablestorage-tapedrives-denyexecute-access-2">ADMX_RemovableStorage/TapeDrives_DenyExecute_Access_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-tapedrives-denyread-access-1" id="admx-removablestorage-tapedrives-denyread-access-1">ADMX_RemovableStorage/TapeDrives_DenyRead_Access_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-tapedrives-denyread-access-2" id="admx-removablestorage-tapedrives-denyread-access-2">ADMX_RemovableStorage/TapeDrives_DenyRead_Access_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-tapedrives-denywrite-access-1" id="admx-removablestorage-tapedrives-denywrite-access-1">ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-tapedrives-denywrite-access-2" id="admx-removablestorage-tapedrives-denywrite-access-2">ADMX_RemovableStorage/TapeDrives_DenyWrite_Access_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-wpddevices-denyread-access-1" id="admx-removablestorage-wpddevices-denyread-access-1">ADMX_RemovableStorage/WPDDevices_DenyRead_Access_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-wpddevices-denyread-access-2" id="admx-removablestorage-wpddevices-denyread-access-2">ADMX_RemovableStorage/WPDDevices_DenyRead_Access_2</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-wpddevices-denywrite-access-1" id="admx-removablestorage-wpddevices-denywrite-access-1">ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-removablestorage.md#admx-removablestorage-wpddevices-denywrite-access-2" id="admx-removablestorage-wpddevices-denywrite-access-2">ADMX_RemovableStorage/WPDDevices_DenyWrite_Access_2</a>
</dd>
</dl>
### ADMX_RPC policies
<dl>
<dd>
<a href="./policy-csp-admx-rpc.md#admx-rpc-rpcextendederrorinformation" id="admx-rpc-rpcextendederrorinformation">ADMX_RPC/RpcExtendedErrorInformation</a>
</dd>
<dd>
<a href="./policy-csp-admx-rpc.md#admx-rpc-rpcignoredelegationfailure" id="admx-rpc-rpcignoredelegationfailure">ADMX_RPC/RpcIgnoreDelegationFailure</a>
</dd>
<dd>
<a href="./policy-csp-admx-rpc.md#admx-rpc-rpcminimumhttpconnectiontimeout" id="admx-rpc-rpcminimumhttpconnectiontimeout">ADMX_RPC/RpcMinimumHttpConnectionTimeout</a>
</dd>
<dd>
<a href="./policy-csp-admx-rpc.md#admx-rpc-rpcstateinformation" id="admx-rpc-rpcstateinformation">ADMX_RPC/RpcStateInformation</a>
</dd>
</dl>
### ADMX_Scripts policies
<dl>
@ -2488,6 +3293,14 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
</dl>
### ADMX_SkyDrive policies
<dl>
<dd>
<a href="./policy-csp-admx-skydrive.md#admx-skydrive-preventnetworktrafficpreusersignin" id="admx-skydrive-preventnetworktrafficpreusersignin">ADMX_SkyDrive/PreventNetworkTrafficPreUserSignIn</a>
</dd>
</dl>
### ADMX_Smartcard policies
<dl>
@ -3704,6 +4517,17 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
</dl>
### ADMX_WindowsRemoteManagement policies
<dl>
<dd>
<a href="./policy-csp-admx-windowsremotemanagement.md#admx-windowsremotemanagement-disallowkerberos-1" id="admx-windowsremotemanagement-disallowkerberos-1">ADMX_WindowsRemoteManagement/DisallowKerberos_1</a>
</dd>
<dd>
<a href="./policy-csp-admx-windowsremotemanagement.md#admx-windowsremotemanagement-disallowkerberos-2" id="admx-windowsremotemanagement-disallowkerberos-2">ADMX_WindowsRemoteManagement/DisallowKerberos_2</a>
</dd>
</dl>
### ADMX_WindowsStore policies
<dl>

22
windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
View File

@ -106,7 +106,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. The policy setting specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. You can use the Category box on the "Add New Programs" page to display programs in other categories.
Available in the latest Windows 10 Insider Preview Build. The policy setting specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, only the programs in the category you specify are displayed when the "Add New Programs" page opens. You can use the Category box on the "Add New Programs" page to display programs in other categories.
To use this setting, type the name of a category in the Category box for this setting. You must enter a category that is already defined in Add or Remove Programs. To define a category, use Software Installation.
@ -189,7 +189,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting removes the "Add a program from CD-ROM or floppy disk" section from the Add New Programs page. This prevents users from using Add or Remove Programs to install programs from removable media.
Available in the latest Windows 10 Insider Preview Build. This policy setting removes the "Add a program from CD-ROM or floppy disk" section from the Add New Programs page. This prevents users from using Add or Remove Programs to install programs from removable media.
If you disable this setting or do not configure it, the "Add a program from CD-ROM or floppy disk" option is available to all users. This setting does not prevent users from using other tools and methods to add or remove program components.
@ -270,7 +270,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting removes the "Add programs from Microsoft" section from the Add New Programs page. This setting prevents users from using Add or Remove Programs to connect to Windows Update.
Available in the latest Windows 10 Insider Preview Build. This policy setting removes the "Add programs from Microsoft" section from the Add New Programs page. This setting prevents users from using Add or Remove Programs to connect to Windows Update.
If you disable this setting or do not configure it, "Add programs from Microsoft" is available to all users. This setting does not prevent users from using other tools and methods to connect to Windows Update.
@ -351,7 +351,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them. Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files.
Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" section from the Add New Programs page. The "Add programs from your network" section lists published programs and provides an easy way to install them. Published programs are those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their use, or to enable users to install them without having to search for installation files.
If you enable this setting, users cannot tell which programs have been published by the system administrator, and they cannot use Add or Remove Programs to install published programs. However, they can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on the desktop or on the Start menu.
@ -433,7 +433,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting removes the Add New Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Add New Programs button lets users install programs published or assigned by a system administrator.
Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Add New Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Add New Programs button lets users install programs published or assigned by a system administrator.
If you disable this setting or do not configure it, the Add New Programs button is available to all users. This setting does not prevent users from using other tools and methods to install programs.
@ -511,7 +511,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus. Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs.
Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and removes the Add or Remove Programs item from menus. Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs.
If you disable this setting or do not configure it, Add or Remove Programs is available to all users. When enabled, this setting takes precedence over the other settings in this folder. This setting does not prevent users from using other tools and methods to install or uninstall programs.
@ -589,7 +589,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations.
Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations.
If you disable this setting or do not configure it, the Set Program Access and Defaults button is available to all users. This setting does not prevent users from using other tools and methods to change program access or defaults. This setting does not prevent the Set Program Access and Defaults icon from appearing on the Start menu. See the "Remove Set Program Access and Defaults from Start menu" setting.
@ -668,7 +668,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Change or Remove Programs button lets users uninstall, repair, add, or remove features of installed programs.
Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the attached page. The Change or Remove Programs button lets users uninstall, repair, add, or remove features of installed programs.
If you disable this setting or do not configure it, the Change or Remove Programs page is available to all users. This setting does not prevent users from using other tools and methods to delete or uninstall programs.
@ -746,7 +746,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from using Add or Remove Programs to configure installed services. This setting removes the "Set up services" section of the Add/Remove Windows Components page. The "Set up services" section lists system services that have not been configured and offers users easy access to the configuration tools.
Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from using Add or Remove Programs to configure installed services. This setting removes the "Set up services" section of the Add/Remove Windows Components page. The "Set up services" section lists system services that have not been configured and offers users easy access to the configuration tools.
If you disable this setting or do not configure it, "Set up services" appears only when there are unconfigured system services. If you enable this setting, "Set up services" never appears. This setting does not prevent users from using other methods to configure services.
@ -827,7 +827,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting removes links to the Support Info dialog box from programs on the Change or Remove Programs page. Programs listed on the Change or Remove Programs page can include a "Click here for support information" hyperlink. When clicked, the hyperlink opens a dialog box that displays troubleshooting information, including a link to the installation files and data that users need to obtain product support, such as the Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet, such as the Microsoft Product Support Services Web page.
Available in the latest Windows 10 Insider Preview Build. This policy setting removes links to the Support Info dialog box from programs on the Change or Remove Programs page. Programs listed on the Change or Remove Programs page can include a "Click here for support information" hyperlink. When clicked, the hyperlink opens a dialog box that displays troubleshooting information, including a link to the installation files and data that users need to obtain product support, such as the Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet, such as the Microsoft Product Support Services Web page.
If you disable this setting or do not configure it, the Support Info hyperlink appears.
@ -908,7 +908,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting removes the Add/Remove Windows Components button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Add/Remove Windows Components button lets users configure installed services and use the Windows Component Wizard to add, remove, and configure components of Windows from the installation files.
Available in the latest Windows 10 Insider Preview Build. This policy setting removes the Add/Remove Windows Components button from the Add or Remove Programs bar. As a result, users cannot view or change the associated page. The Add/Remove Windows Components button lets users configure installed services and use the Windows Component Wizard to add, remove, and configure components of Windows from the installation files.
If you disable this setting or do not configure it, the Add/Remove Windows Components button is available to all users. This setting does not prevent users from using other tools and methods to configure services or add or remove program components. However, this setting blocks user access to the Windows Component Wizard.

18
windows/client-management/mdm/policy-csp-admx-appcompat.md
View File

@ -108,7 +108,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether to prevent the MS-DOS subsystem (**ntvdm.exe**) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to prevent the MS-DOS subsystem (**ntvdm.exe**) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.
You can use this setting to turn off the MS-DOS subsystem, which will reduce resource usage and prevent users from running 16-bit applications. To run any 16-bit application or any application with 16-bit components, **ntvdm.exe** must be allowed to run. The MS-DOS subsystem starts when the first 16-bit application is launched. While the MS-DOS subsystem is running, any subsequent 16-bit applications launch faster, but overall resource usage on the system is increased.
@ -185,7 +185,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.
The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications.
@ -256,7 +256,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. The policy setting controls the state of the Application Telemetry engine in the system.
Available in the latest Windows 10 Insider Preview Build. The policy setting controls the state of the Application Telemetry engine in the system.
Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.
@ -331,7 +331,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. The policy setting controls the state of the Switchback compatibility engine in the system.
Available in the latest Windows 10 Insider Preview Build. The policy setting controls the state of the Switchback compatibility engine in the system.
Switchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavior to old applications and new behavior to new applications.
@ -407,7 +407,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls the state of the application compatibility engine in the system.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of the application compatibility engine in the system.
The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes, or displays an Application Help message if the application has a know problem.
@ -485,7 +485,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
Available in the latest Windows 10 Insider Preview Build. This policy setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Compatibility Assistant, use the 'Turn off Program Compatibility Assistant' setting under Computer Configuration\Administrative Templates\Windows Components\Application Compatibility.
<!--/Description-->
@ -552,7 +552,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected, the PCA will prompt the user with recommended solutions. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected, the PCA will prompt the user with recommended solutions. To configure the diagnostic settings for the PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics.
If you enable this policy setting, the PCA will be turned off. The user will not be presented with solutions to known compatibility issues when running applications. Turning off the PCA can be useful for system administrators who require better performance and are already aware of application compatibility issues.
@ -626,7 +626,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls the state of Steps Recorder.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of Steps Recorder.
Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input, user interface data, and screenshots. Steps Recorder includes an option to turn on and off data collection.
@ -699,7 +699,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls the state of the Inventory Collector.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls the state of the Inventory Collector.
The Inventory Collector inventories applications, files, devices, and drivers on the system and sends the information to Microsoft. This information is used to help diagnose compatibility problems.

2
windows/client-management/mdm/policy-csp-admx-auditsettings.md
View File

@ -74,7 +74,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled.
If you enable this policy setting, the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied.

4
windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
View File

@ -78,7 +78,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).
Available in the latest Windows 10 Insider Preview Build. This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).
If you enable this policy setting, SSL cipher suites are prioritized in the order specified.
@ -151,7 +151,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines the priority order of ECC curves used with ECDHE cipher suites.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines the priority order of ECC curves used with ECDHE cipher suites.
If you enable this policy setting, ECC curves are prioritized in the order specified. Enter one curve name per line.

4
windows/client-management/mdm/policy-csp-admx-com.md
View File

@ -78,7 +78,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components.
@ -153,7 +153,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components.

2
windows/client-management/mdm/policy-csp-admx-cpls.md
View File

@ -74,7 +74,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.
> [!NOTE]
> The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist, an empty frame is displayed.

8
windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
View File

@ -83,7 +83,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from changing their Windows password on demand.
Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from changing their Windows password on demand.
If you enable this policy setting, the 'Change Password' button on the Windows Security dialog box will not appear when you press Ctrl+Alt+Del.
@ -153,7 +153,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from locking the system.
Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from locking the system.
While locked, the desktop is hidden and the system cannot be used. Only the user who locked the system or the system administrator can unlock it.
@ -226,7 +226,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from starting Task Manager.
Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from starting Task Manager.
Task Manager (**taskmgr.exe**) lets users start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, including system services, find the executable names of programs, and change the priority of the process in which programs run.
@ -297,7 +297,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting disables or removes all menu items and buttons that log the user off the system.
Available in the latest Windows 10 Insider Preview Build. This policy setting disables or removes all menu items and buttons that log the user off the system.
If you enable this policy setting, users will not see the Log off menu item when they press Ctrl+Alt+Del. This will prevent them from logging off unless they restart or shutdown the computer, or clicking Log off from the Start menu.

4
windows/client-management/mdm/policy-csp-admx-digitallocker.md
View File

@ -77,7 +77,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether Digital Locker can run.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Digital Locker can run.
Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.
@ -148,7 +148,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether Digital Locker can run.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Digital Locker can run.
Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.

44
windows/client-management/mdm/policy-csp-admx-dnsclient.md
View File

@ -137,7 +137,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualified domain names.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualified domain names.
If you enable this policy setting, NetBT queries will be issued for multi-label and fully qualified domain names, such as "www.example.com" in addition to single-label names.
@ -205,7 +205,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that computers may attach suffixes to an unqualified multi-label name before sending subsequent DNS queries if the original name query fails.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that computers may attach suffixes to an unqualified multi-label name before sending subsequent DNS queries if the original name query fails.
A name containing dots, but not dot-terminated, is called an unqualified multi-label name, for example "server.corp" is an unqualified multi-label name. The name "server.corp.contoso.com." is an example of a fully qualified name because it contains a terminating dot.
@ -282,7 +282,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies a connection-specific DNS suffix. This policy setting supersedes local connection-specific DNS suffixes, and those configured using DHCP. To use this policy setting, click Enabled, and then enter a string value representing the DNS suffix.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies a connection-specific DNS suffix. This policy setting supersedes local connection-specific DNS suffixes, and those configured using DHCP. To use this policy setting, click Enabled, and then enter a string value representing the DNS suffix.
If you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by computers that receive this policy setting.
@ -351,7 +351,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if the devolution level that DNS clients will use if they perform primary DNS suffix devolution during the name resolution process.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies if the devolution level that DNS clients will use if they perform primary DNS suffix devolution during the name resolution process.
With devolution, a DNS client creates queries by appending a single-label, unqualified domain name with the parent suffix of the primary DNS suffix name, and the parent of that suffix, and so on, stopping if the name is successfully resolved or at a level determined by devolution settings. Devolution can be used when a user or application submits a query for a single-label domain name.
@ -438,7 +438,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the computer is on non-domain networks with no WINS servers configured.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the computer is on non-domain networks with no WINS servers configured.
If this policy setting is enabled, IDNs are not converted to Punycode.
@ -507,7 +507,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the DNS client should convert internationalized domain names (IDNs) to the Nameprep form, a canonical Unicode representation of the string.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the DNS client should convert internationalized domain names (IDNs) to the Nameprep form, a canonical Unicode representation of the string.
If this policy setting is enabled, IDNs are converted to the Nameprep form.
@ -576,7 +576,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP.
Available in the latest Windows 10 Insider Preview Build. This policy setting defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP.
To use this policy setting, click Enabled, and then enter a space-delimited list of IP addresses in the available field. To use this policy setting, you must enter at least one IP address.
@ -647,7 +647,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that responses from link local name resolution protocols received over a network interface that is higher in the binding order are preferred over DNS responses from network interfaces lower in the binding order. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT).
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that responses from link local name resolution protocols received over a network interface that is higher in the binding order are preferred over DNS responses from network interfaces lower in the binding order. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT).
If you enable this policy setting, responses from link local protocols will be preferred over DNS responses if the local responses are from a network with a higher binding order.
@ -720,7 +720,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the primary DNS suffix used by computers in DNS name registration and DNS name resolution.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the primary DNS suffix used by computers in DNS name registration and DNS name resolution.
To use this policy setting, click Enabled and enter the entire primary DNS suffix you want to assign. For example: microsoft.com.
@ -795,7 +795,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix, in addition to registering these records with a concatenation of its computer name and the primary DNS suffix.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix, in addition to registering these records with a concatenation of its computer name and the primary DNS suffix.
By default, a DNS client performing dynamic DNS registration registers A and PTR resource records with a concatenation of its computer name and the primary DNS suffix. For example, a computer name of mycomputer and a primary DNS suffix of microsoft.com will be registered as: mycomputer.microsoft.com.
@ -869,7 +869,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if DNS client computers will register PTR resource records.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies if DNS client computers will register PTR resource records.
By default, DNS clients configured to perform dynamic DNS registration will attempt to register PTR resource record only if they successfully registered the corresponding A resource record.
@ -945,7 +945,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.
If you enable this policy setting, or you do not configure this policy setting, computers will attempt to use dynamic DNS registration on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and this policy setting must not be disabled.
@ -1014,7 +1014,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.
This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.
@ -1087,7 +1087,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates.
Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers, even if the record has not changed. This reregistration is required to indicate to DNS servers that records are current and should not be automatically removed (scavenged) when a DNS server is configured to delete stale records.
@ -1163,7 +1163,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied.
To specify the TTL, click Enabled and then enter a value in seconds (for example, 900 is 15 minutes).
@ -1234,7 +1234,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name.
An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com."
@ -1310,7 +1310,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that a multi-homed DNS client should optimize name resolution across networks. The setting improves performance by issuing parallel DNS, link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT) queries across all networks. In the event that multiple positive responses are received, the network binding order is used to determine which response to accept.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that a multi-homed DNS client should optimize name resolution across networks. The setting improves performance by issuing parallel DNS, link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT) queries across all networks. In the event that multiple positive responses are received, the network binding order is used to determine which response to accept.
If you enable this policy setting, the DNS client will not perform any optimizations. DNS queries will be issued across all networks first. LLMNR queries will be issued if the DNS queries fail, followed by NetBT queries if LLMNR queries fail.
@ -1379,7 +1379,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that the DNS client should prefer responses from link local name resolution protocols on non-domain networks over DNS responses when issuing queries for flat names. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT).
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that the DNS client should prefer responses from link local name resolution protocols on non-domain networks over DNS responses when issuing queries for flat names. Examples of link local name resolution protocols include link local multicast name resolution (LLMNR) and NetBIOS over TCP/IP (NetBT).
If you enable this policy setting, the DNS client will prefer DNS responses, followed by LLMNR, followed by NetBT for all networks.
@ -1451,7 +1451,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the security level for dynamic DNS updates.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the security level for dynamic DNS updates.
To use this policy setting, click Enabled and then select one of the following values:
@ -1526,7 +1526,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones, for example: "com."
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones, for example: "com."
By default, a DNS client that is configured to perform dynamic DNS update will update the DNS zone that is authoritative for its DNS resource records unless the authoritative zone is a top-level domain or root zone.
@ -1597,7 +1597,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies if the DNS client performs primary DNS suffix devolution during the name resolution process.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies if the DNS client performs primary DNS suffix devolution during the name resolution process.
With devolution, a DNS client creates queries by appending a single-label, unqualified domain name with the parent suffix of the primary DNS suffix name, and the parent of that suffix, and so on, stopping if the name is successfully resolved or at a level determined by devolution settings. Devolution can be used when a user or application submits a query for a single-label domain name.
@ -1684,7 +1684,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies that link local multicast name resolution (LLMNR) is disabled on client computers.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that link local multicast name resolution (LLMNR) is disabled on client computers.
LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a client computer to another client computer on the same subnet that also has LLMNR enabled. LLMNR does not require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution is not possible.

12
windows/client-management/mdm/policy-csp-admx-dwm.md
View File

@ -89,7 +89,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls the default color for window frames when the user does not specify a color.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls the default color for window frames when the user does not specify a color.
If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user does not specify a color.
@ -162,7 +162,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls the default color for window frames when the user does not specify a color.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls the default color for window frames when the user does not specify a color.
If you enable this policy setting and specify a default color, this color is used in glass window frames, if the user does not specify a color.
@ -234,7 +234,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows.
If you enable this policy setting, window animations are turned off.
@ -305,7 +305,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows.
If you enable this policy setting, window animations are turned off.
@ -376,7 +376,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls the ability to change the color of window frames.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls the ability to change the color of window frames.
If you enable this policy setting, you prevent users from changing the default window frame color.
@ -448,7 +448,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls the ability to change the color of window frames.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls the ability to change the color of window frames.
If you enable this policy setting, you prevent users from changing the default window frame color.

2
windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
View File

@ -74,7 +74,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder.
Available in the latest Windows 10 Insider Preview Build. This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder.
If you enable this policy setting, File Explorer will not automatically encrypt files that are moved to an encrypted folder.

4
windows/client-management/mdm/policy-csp-admx-eventforwarding.md
View File

@ -78,7 +78,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls resource usage for the forwarder (source computer) by controlling the events/per second sent to the Event Collector.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls resource usage for the forwarder (source computer) by controlling the events/per second sent to the Event Collector.
If you enable this policy setting, you can control the volume of events sent to the Event Collector by the source computer. This may be required in high volume environments.
@ -151,7 +151,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure the server address, refresh interval, and issuer certificate authority (CA) of a target Subscription Manager.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the server address, refresh interval, and issuer certificate authority (CA) of a target Subscription Manager.
If you enable this policy setting, you can configure the Source Computer to contact a specific FQDN (Fully Qualified Domain Name) or IP Address and request subscription specifics.

400
windows/client-management/mdm/policy-csp-admx-explorer.md Normal file
View File

@ -0,0 +1,400 @@
---
title: Policy CSP - ADMX_Explorer
description: Policy CSP - ADMX_Explorer
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 12/08/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_Explorer
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_Explorer policies
<dl>
<dd>
<a href="#admx-explorer-admininfourl">ADMX_Explorer/AdminInfoUrl</a>
</dd>
<dd>
<a href="#admx-explorer-alwaysshowclassicmenu">ADMX_Explorer/AlwaysShowClassicMenu</a>
</dd>
<dd>
<a href="#admx-explorer-disableroamedprofileinit">ADMX_Explorer/DisableRoamedProfileInit</a>
</dd>
<dd>
<a href="#admx-explorer-preventitemcreationinusersfilesfolder">ADMX_Explorer/PreventItemCreationInUsersFilesFolder</a>
</dd>
<dd>
<a href="#admx-explorer-turnoffspianimations">ADMX_Explorer/TurnOffSPIAnimations</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-explorer-admininfourl"></a>**ADMX_Explorer/AdminInfoUrl**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set a support web page link*
- GP name: *AdminInfoUrl*
- GP path: *Windows Components\File Explorer*
- GP ADMX file name: *Explorer.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-explorer-alwaysshowclassicmenu"></a>**ADMX_Explorer/AlwaysShowClassicMenu**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting configures File Explorer to always display the menu bar.
> [!NOTE]
> By default, the menu bar is not displayed in File Explorer.
If you enable this policy setting, the menu bar will be displayed in File Explorer.
If you disable or do not configure this policy setting, the menu bar will not be displayed in File Explorer.
> [!NOTE]
> When the menu bar is not displayed, users can access the menu bar by pressing the 'ALT' key.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Display the menu bar in File Explorer*
- GP name: *AlwaysShowClassicMenu*
- GP path: *Windows Components\File Explorer*
- GP ADMX file name: *Explorer.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-explorer-disableroamedprofileinit"></a>**ADMX_Explorer/DisableRoamedProfileInit**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting allows administrators who have configured roaming profile in conjunction with Delete Cached Roaming Profile Group Policy setting to ensure that Explorer will not reinitialize default program associations and other settings to default values.
If you enable this policy setting on a machine that does not contain all programs installed in the same manner as it was on the machine on which the user had last logged on, unexpected behavior could occur.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Do not reinitialize a pre-existing roamed user profile when it is loaded on a machine for the first time*
- GP name: *DisableRoamedProfileInit*
- GP path: *Windows Components\File Explorer*
- GP ADMX file name: *Explorer.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-explorer-preventitemcreationinusersfilesfolder"></a>**ADMX_Explorer/PreventItemCreationInUsersFilesFolder**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer.
If you enable this policy setting, users will no longer be able to add new items such as files or folders to the root of their Users Files folder in File Explorer.
If you disable or do not configure this policy setting, users will be able to add new items such as files or folders to the root of their Users Files folder in File Explorer.
> [!NOTE]
> Enabling this policy setting does not prevent the user from being able to add new items such as files and folders to their actual file system profile folder at %userprofile%.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prevent users from adding files to the root of their Users Files folder.*
- GP name: *PreventItemCreationInUsersFilesFolder*
- GP path: *Windows Components\File Explorer*
- GP ADMX file name: *Explorer.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-explorer-turnoffspianimations"></a>**ADMX_Explorer/TurnOffSPIAnimations**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * User
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy is similar to settings directly available to computer users. Disabling animations can improve usability for users with some visual disabilities as well as improving performance and battery life in some scenarios.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn off common control and window animations*
- GP name: *TurnOffSPIAnimations*
- GP path: *Windows Components\File Explorer*
- GP ADMX file name: *Explorer.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

2
windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
View File

@ -74,7 +74,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the RPC protocol messages used by VSS for SMB2 File Shares feature is enabled.
VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares.

16
windows/client-management/mdm/policy-csp-admx-filesys.md
View File

@ -93,7 +93,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files.
Available in the latest Windows 10 Insider Preview Build. Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files.
<!--/Description-->
> [!TIP]
@ -157,7 +157,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation.
Available in the latest Windows 10 Insider Preview Build. Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation.
A value of 0, the default, will enable delete notifications for all volumes.
@ -224,7 +224,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files.
Available in the latest Windows 10 Insider Preview Build. Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files.
<!--/Description-->
> [!TIP]
@ -287,7 +287,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be encrypted.
Available in the latest Windows 10 Insider Preview Build. Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be encrypted.
<!--/Description-->
> [!TIP]
@ -350,7 +350,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it. Enabling this setting will cause the long paths to be accessible within the process.
Available in the latest Windows 10 Insider Preview Build. Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it. Enabling this setting will cause the long paths to be accessible within the process.
<!--/Description-->
> [!TIP]
@ -413,7 +413,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting provides control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system.
Available in the latest Windows 10 Insider Preview Build. This policy setting provides control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system.
If you enable short names on all volumes then short names will always be generated. If you disable them on all volumes then they will never be generated. If you set short name creation to be configurable on a per volume basis then an on-disk flag will determine whether or not short names are created on a given volume. If you disable short name creation on all data volumes then short names will only be generated for files created on the system volume.
@ -479,7 +479,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links:
Available in the latest Windows 10 Insider Preview Build. Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links:
- Local Link to a Local Target
- Local Link to a Remote Target
@ -552,7 +552,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. TXF deprecated features included savepoints, secondary RM, miniversion and roll forward. Enable it if you want to use the APIs.
Available in the latest Windows 10 Insider Preview Build. TXF deprecated features included savepoints, secondary RM, miniversion and roll forward. Enable it if you want to use the APIs.
<!--/Description-->
> [!TIP]

14
windows/client-management/mdm/policy-csp-admx-folderredirection.md
View File

@ -91,7 +91,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to control whether all redirected shell folders, such as Contacts, Documents, Desktop, Favorites, Music, Pictures, Videos, Start Menu, and AppData\Roaming, are available offline by default.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether all redirected shell folders, such as Contacts, Documents, Desktop, Favorites, Music, Pictures, Videos, Start Menu, and AppData\Roaming, are available offline by default.
If you enable this policy setting, users must manually select the files they wish to make available offline.
@ -166,7 +166,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to control whether individual redirected shell folders are available offline by default.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether individual redirected shell folders are available offline by default.
For the folders affected by this setting, users must manually select the files they wish to make available offline.
@ -240,7 +240,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether the contents of redirected folders is copied from the old location to the new location or simply renamed in the Offline Files cache when a folder is redirected to a new location.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the contents of redirected folders is copied from the old location to the new location or simply renamed in the Offline Files cache when a folder is redirected to a new location.
If you enable this policy setting, when the path to a redirected folder is changed from one network location to another and Folder Redirection is configured to move the content to the new location, instead of copying the content to the new location, the cached content is renamed in the local cache and not copied to the new location. To use this policy setting, you must move or restore the server content to the new network location using a method that preserves the state of the files, including their timestamps, before updating the Folder Redirection location.
@ -309,7 +309,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.
If you enable this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirecting the Start Menu or legacy My Documents folder.
@ -381,7 +381,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Videos subfolders when redirecting the parent Start Menu and legacy My Documents folder respectively.
If you enable this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirecting the Start Menu or legacy My Documents folder.
@ -452,7 +452,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.
To designate a user's primary computers, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function.
@ -525,7 +525,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to improve logon performance and to increase security for user data on computers where the user might not want to download private data, such as on a meeting room computer or on a computer in a remote office.
To designate a user's primary computers, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function.

1896
windows/client-management/mdm/policy-csp-admx-globalization.md Normal file
View File

File diff suppressed because it is too large Load Diff

3411
windows/client-management/mdm/policy-csp-admx-grouppolicy.md Normal file
View File

File diff suppressed because it is too large Load Diff

8
windows/client-management/mdm/policy-csp-admx-help.md
View File

@ -83,7 +83,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention.
Data Execution Prevention (DEP) is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows by monitoring your programs to make sure that they use system memory safely.
@ -154,7 +154,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively, you can disable these commands on the entire system. It is strongly recommended that only folders requiring administrative privileges be added to this policy setting.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively, you can disable these commands on the entire system. It is strongly recommended that only folders requiring administrative privileges be added to this policy setting.
If you enable this policy setting, the commands function only for .chm files in the specified folders and their subfolders.
@ -237,7 +237,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to restrict programs from being run from online Help.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to restrict programs from being run from online Help.
If you enable this policy setting, you can prevent specified programs from being run from Help. When you enable this policy setting, enter the file names names of the programs you want to restrict, separated by commas.
@ -311,7 +311,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to restrict programs from being run from online Help.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to restrict programs from being run from online Help.
If you enable this policy setting, you can prevent specified programs from being run from Help. When you enable this policy setting, enter the file names names of the programs you want to restrict, separated by commas.

8
windows/client-management/mdm/policy-csp-admx-helpandsupport.md
View File

@ -83,7 +83,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether active content links in trusted assistance content are rendered. By default, the Help viewer renders trusted assistance content with active elements such as ShellExecute links and Guided Help links.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether active content links in trusted assistance content are rendered. By default, the Help viewer renders trusted assistance content with active elements such as ShellExecute links and Guided Help links.
If you enable this policy setting, active content links are not rendered. The text is displayed, but there are no clickable links for these elements.
@ -152,7 +152,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether users can provide ratings for Help content.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether users can provide ratings for Help content.
If you enable this policy setting, ratings controls are not added to Help content.
@ -222,7 +222,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it.
If you enable this policy setting, users cannot participate in the Help Experience Improvement program.
@ -291,7 +291,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows.
If you enable this policy setting, users are prevented from accessing online assistance content from Windows Online.

1990
windows/client-management/mdm/policy-csp-admx-icm.md Normal file
View File

File diff suppressed because it is too large Load Diff

12
windows/client-management/mdm/policy-csp-admx-kdc.md
View File

@ -89,7 +89,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure a domain controller to support claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure a domain controller to support claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication.
If you enable this policy setting, client computers that support claims and compound authentication for Dynamic Access Control and are Kerberos armor-aware will use this feature for Kerberos authentication messages. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain.
@ -185,7 +185,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting defines the list of trusting forests that the Key Distribution Center (KDC) searches when attempting to resolve two-part service principal names (SPNs).
Available in the latest Windows 10 Insider Preview Build. This policy setting defines the list of trusting forests that the Key Distribution Center (KDC) searches when attempting to resolve two-part service principal names (SPNs).
If you enable this policy setting, the KDC will search the forests in this list if it is unable to resolve a two-part SPN in the local forest. The forest search is performed by using a global catalog or name suffix hints. If a match is found, the KDC will return a referral ticket to the client for the appropriate domain.
@ -256,7 +256,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Support for PKInit Freshness Extension requires Windows Server 2016 domain functional level (DFL). If the domain controllers domain is not at Windows Server 2016 DFL or higher this policy will not be applied.
Available in the latest Windows 10 Insider Preview Build. Support for PKInit Freshness Extension requires Windows Server 2016 domain functional level (DFL). If the domain controllers domain is not at Windows Server 2016 DFL or higher this policy will not be applied.
This policy setting allows you to configure a domain controller (DC) to support the PKInit Freshness Extension.
@ -331,7 +331,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure a domain controller to request compound authentication.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure a domain controller to request compound authentication.
> [!NOTE]
> For a domain controller to request compound authentication, the policy "KDC support for claims, compound authentication, and Kerberos armoring" must be configured and enabled.
@ -403,7 +403,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure at what size Kerberos tickets will trigger the warning event issued during Kerberos authentication. The ticket size warnings are logged in the System log.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure at what size Kerberos tickets will trigger the warning event issued during Kerberos authentication. The ticket size warnings are logged in the System log.
If you enable this policy setting, you can set the threshold limit for Kerberos ticket which trigger the warning events. If set too high, then authentication failures might be occurring even though warning events are not being logged. If set too low, then there will be too many ticket warnings in the log to be useful for analysis. This value should be set to the same value as the Kerberos policy "Set maximum Kerberos SSPI context token buffer size" or the smallest MaxTokenSize used in your environment if you are not configuring using Group Policy.
@ -472,7 +472,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether the domain controller provides information about previous logons to client computers.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the domain controller provides information about previous logons to client computers.
If you enable this policy setting, the domain controller provides the information message about previous logons.

8
windows/client-management/mdm/policy-csp-admx-lanmanserver.md
View File

@ -83,7 +83,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines the cipher suites used by the SMB server.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines the cipher suites used by the SMB server.
If you enable this policy setting, cipher suites are prioritized in the order specified.
@ -172,7 +172,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether a hash generation service generates hashes, also called content information, for data that is stored in shared folders. This policy setting must be applied to server computers that have the File Services role and both the File Server and the BranchCache for Network Files role services installed.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether a hash generation service generates hashes, also called content information, for data that is stored in shared folders. This policy setting must be applied to server computers that have the File Services role and both the File Server and the BranchCache for Network Files role services installed.
Policy configuration
@ -255,7 +255,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the BranchCache hash generation service supports version 1 (V1) hashes, version 2 (V2) hashes, or both V1 and V2 hashes. Hashes, also called content information, are created based on the data in shared folders where BranchCache is enabled.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the BranchCache hash generation service supports version 1 (V1) hashes, version 2 (V2) hashes, or both V1 and V2 hashes. Hashes, also called content information, are created based on the data in shared folders where BranchCache is enabled.
If you specify only one version that is supported, content information for that version is the only type that is generated by BranchCache, and it is the only type of content information that can be retrieved by client computers. For example, if you enable support for V1 hashes, BranchCache generates only V1 hashes and client computers can retrieve only V1 hashes.
@ -338,7 +338,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines how the SMB server selects a cipher suite when negotiating a new connection with an SMB client.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines how the SMB server selects a cipher suite when negotiating a new connection with an SMB client.
If you enable this policy setting, the SMB server will select the cipher suite it most prefers from the list of client-supported cipher suites, ignoring the client's preferences.

284
windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md Normal file
View File

@ -0,0 +1,284 @@
---
title: Policy CSP - ADMX_LanmanWorkstation
description: Policy CSP - ADMX_LanmanWorkstation
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 12/08/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_LanmanWorkstation
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_LanmanWorkstation policies
<dl>
<dd>
<a href="#admx-lanmanworkstation-pol-ciphersuiteorder">ADMX_LanmanWorkstation/Pol_CipherSuiteOrder</a>
</dd>
<dd>
<a href="#admx-lanmanworkstation-pol-enablehandlecachingforcafiles">ADMX_LanmanWorkstation/Pol_EnableHandleCachingForCAFiles</a>
</dd>
<dd>
<a href="#admx-lanmanworkstation-pol-enableofflinefilesforcashares">ADMX_LanmanWorkstation/Pol_EnableOfflineFilesforCAShares</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-lanmanworkstation-pol-ciphersuiteorder"></a>**ADMX_LanmanWorkstation/Pol_CipherSuiteOrder**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting determines the cipher suites used by the SMB client.
If you enable this policy setting, cipher suites are prioritized in the order specified.
If you enable this policy setting and do not specify at least one supported cipher suite, or if you disable or do not configure this policy setting, the default cipher suite order is used.
SMB 3.11 cipher suites:
- AES_128_GCM
- AES_128_CCM
- AES_256_GCM
- AES_256_CCM
> [!NOTE]
> AES_256 is not supported on Windows 10 version 20H2 and lower. If you enter only AES_256 crypto lines, the older clients will not be able to connect anymore.
SMB 3.0 and 3.02 cipher suites:
- AES_128_CCM
How to modify this setting:
Arrange the desired cipher suites in the edit box, one cipher suite per line, in order from most to least preferred, with the most preferred cipher suite at the top. Remove any cipher suites you don't want to use.
> [!NOTE]
> When configuring this security setting, changes will not take effect until you restart Windows.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Cipher suite order*
- GP name: *Pol_CipherSuiteOrder*
- GP path: *Network\Lanman Workstation*
- GP ADMX file name: *LanmanWorkstation.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-lanmanworkstation-pol-enablehandlecachingforcafiles"></a>**ADMX_LanmanWorkstation/Pol_EnableHandleCachingForCAFiles**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting determines the behavior of SMB handle caching for clients connecting to an SMB share where the Continuous Availability (CA) flag is enabled.
If you enable this policy setting, the SMB client will allow cached handles to files on CA shares. This may lead to better performance when repeatedly accessing a large number of unstructured data files on CA shares running in Microsoft Azure Files.
If you disable or do not configure this policy setting, Windows will prevent use of cached handles to files opened through CA shares.
> [!NOTE]
> This policy has no effect when connecting Scale-out File Server shares provided by a Windows Server. Microsoft does not recommend enabling this policy for clients that routinely connect to files hosted on a Windows Failover Cluster with the File Server for General Use role, as it can lead to adverse failover times and increased memory and CPU usage.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Handle Caching on Continuous Availability Shares*
- GP name: *Pol_EnableHandleCachingForCAFiles*
- GP path: *Network\Lanman Workstation*
- GP ADMX file name: *LanmanWorkstation.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-lanmanworkstation-pol-enableofflinefilesforcashares"></a>**ADMX_LanmanWorkstation/Pol_EnableOfflineFilesforCAShares**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting determines the behavior of Offline Files on clients connecting to an SMB share where the Continuous Availability (CA) flag is enabled.
If you enable this policy setting, the "Always Available offline" option will appear in the File Explorer menu on a Windows computer when connecting to a CA-enabled share. Pinning of files on CA-enabled shares using client-side caching will also be possible.
If you disable or do not configure this policy setting, Windows will prevent use of Offline Files with CA-enabled shares.
> [!NOTE]
> Microsoft does not recommend enabling this group policy. Use of CA with Offline Files will lead to very long transition times between the online and offline states.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Offline Files Availability on Continuous Availability Shares*
- GP name: *Pol_EnableOfflineFilesforCAShares*
- GP path: *Network\Lanman Workstation*
- GP ADMX file name: *LanmanWorkstation.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

4
windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
View File

@ -77,7 +77,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting changes the operational behavior of the Mapper I/O network protocol driver.
Available in the latest Windows 10 Insider Preview Build. This policy setting changes the operational behavior of the Mapper I/O network protocol driver.
LLTDIO allows a computer to discover the topology of a network it's connected to. It also allows a computer to initiate Quality-of-Service requests such as bandwidth estimation and network health analysis.
@ -148,7 +148,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting changes the operational behavior of the Responder network protocol driver.
Available in the latest Windows 10 Insider Preview Build. This policy setting changes the operational behavior of the Responder network protocol driver.
The Responder allows a computer to participate in Link Layer Topology Discovery requests so that it can be discovered and located on the network. It also allows a computer to participate in Quality-of-Service activities such as bandwidth estimation and network health analysis.

1207
windows/client-management/mdm/policy-csp-admx-logon.md Normal file
View File

File diff suppressed because it is too large Load Diff

10
windows/client-management/mdm/policy-csp-admx-mmc.md
View File

@ -86,7 +86,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits use of this snap-in.
If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.
@ -165,7 +165,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits use of this snap-in.
If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.
@ -244,7 +244,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits use of this snap-in.
If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-in is prohibited.
@ -323,7 +323,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from entering author mode.
Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from entering author mode.
This setting prevents users from opening the Microsoft Management Console (MMC) in author mode, explicitly opening console files in author mode, and opening any console files that open in author mode by default.
@ -396,7 +396,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins.
Available in the latest Windows 10 Insider Preview Build. This policy setting lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins.
- If you enable this setting, all snap-ins are prohibited, except those that you explicitly permit. Use this setting if you plan to prohibit use of most snap-ins.

210
windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
View File

@ -383,7 +383,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -460,7 +460,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -538,7 +538,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -616,7 +616,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -694,7 +694,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -772,7 +772,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -850,7 +850,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -928,7 +928,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -1006,7 +1006,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -1084,7 +1084,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -1162,7 +1162,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -1240,7 +1240,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -1317,7 +1317,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -1394,7 +1394,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -1471,7 +1471,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -1548,7 +1548,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -1625,7 +1625,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -1702,7 +1702,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -1779,7 +1779,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -1856,7 +1856,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -1933,7 +1933,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -2010,7 +2010,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -2087,7 +2087,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -2164,7 +2164,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -2241,7 +2241,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -2318,7 +2318,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -2395,7 +2395,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -2472,7 +2472,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -2549,7 +2549,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -2627,7 +2627,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -2704,7 +2704,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -2781,7 +2781,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -2858,7 +2858,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -2935,7 +2935,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -3012,7 +3012,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -3089,7 +3089,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -3166,7 +3166,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -3243,7 +3243,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits use of the Group Policy tab in property sheets for the Active Directory Users and Computers and Active Directory Sites and Services snap-ins.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits use of the Group Policy tab in property sheets for the Active Directory Users and Computers and Active Directory Sites and Services snap-ins.
If you enable this setting, the Group Policy tab is displayed in the property sheet for a site, domain, or organizational unit displayed by the Active Directory Users and Computers and Active Directory Sites and Services snap-ins. If you disable the setting, the Group Policy tab is not displayed in those snap-ins.
@ -3322,7 +3322,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -3399,7 +3399,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -3476,7 +3476,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -3553,7 +3553,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -3630,7 +3630,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -3707,7 +3707,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -3784,7 +3784,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -3861,7 +3861,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -3938,7 +3938,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -4015,7 +4015,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -4092,7 +4092,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -4169,7 +4169,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -4246,7 +4246,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -4323,7 +4323,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -4400,7 +4400,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -4477,7 +4477,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -4554,7 +4554,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -4631,7 +4631,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -4708,7 +4708,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -4785,7 +4785,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -4862,7 +4862,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -4939,7 +4939,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -5016,7 +5016,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -5093,7 +5093,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -5170,7 +5170,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -5247,7 +5247,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -5324,7 +5324,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -5401,7 +5401,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -5478,7 +5478,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -5555,7 +5555,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -5632,7 +5632,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -5709,7 +5709,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -5786,7 +5786,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -5863,7 +5863,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -5940,7 +5940,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -6017,7 +6017,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -6094,7 +6094,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -6171,7 +6171,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -6248,7 +6248,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -6325,7 +6325,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -6402,7 +6402,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -6479,7 +6479,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -6556,7 +6556,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -6633,7 +6633,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -6710,7 +6710,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -6787,7 +6787,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -6864,7 +6864,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -6941,7 +6941,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -7018,7 +7018,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -7095,7 +7095,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -7172,7 +7172,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -7249,7 +7249,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -7326,7 +7326,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -7403,7 +7403,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -7480,7 +7480,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -7557,7 +7557,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -7634,7 +7634,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -7711,7 +7711,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -7788,7 +7788,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -7865,7 +7865,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -7942,7 +7942,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -8019,7 +8019,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -8096,7 +8096,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -8173,7 +8173,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -8250,7 +8250,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -8327,7 +8327,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.
@ -8404,7 +8404,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits or prohibits the use of this snap-in.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits or prohibits the use of this snap-in.
If you enable this policy setting, the snap-in is permitted and can be added into the Microsoft Management Console or run from the command line as a standalone console.

2
windows/client-management/mdm/policy-csp-admx-msapolicy.md
View File

@ -74,7 +74,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether users can provide Microsoft accounts for authentication for applications or services. If this setting is enabled, all applications and services on the device are prevented from using Microsoft accounts for authentication.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether users can provide Microsoft accounts for authentication for applications or services. If this setting is enabled, all applications and services on the device are prevented from using Microsoft accounts for authentication.
This applies both to existing users of a device and new users who may be added. However, any application or service that has already authenticated a user will not be affected by enabling this setting until the authentication cache expires.

191
windows/client-management/mdm/policy-csp-admx-msched.md Normal file
View File

@ -0,0 +1,191 @@
---
title: Policy CSP - ADMX_msched
description: Policy CSP - ADMX_msched
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 12/08/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_msched
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_msched policies
<dl>
<dd>
<a href="#admx-msched-activationboundarypolicy">ADMX_msched/ActivationBoundaryPolicy</a>
</dd>
<dd>
<a href="#admx-msched-randomdelaypolicy">ADMX_msched/RandomDelayPolicy</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-msched-activationboundarypolicy"></a>**ADMX_msched/ActivationBoundaryPolicy**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Automatic Maintenance activation boundary. The maintenance activation boundary is the daily scheduled time at which Automatic Maintenance starts.
If you enable this policy setting, this will override the default daily scheduled time as specified in Security and Maintenance/Automatic Maintenance Control Panel.
If you disable or do not configure this policy setting, the daily scheduled time as specified in Security and Maintenance/Automatic Maintenance Control Panel will apply.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Automatic Maintenance Activation Boundary*
- GP name: *ActivationBoundaryPolicy*
- GP path: *Windows Components\Maintenance Scheduler*
- GP ADMX file name: *msched.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-msched-randomdelaypolicy"></a>**ADMX_msched/RandomDelayPolicy**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Automatic Maintenance activation random delay.
The maintenance random delay is the amount of time up to which Automatic Maintenance will delay starting from its Activation Boundary.
If you enable this policy setting, Automatic Maintenance will delay starting from its Activation Boundary, by up to this time.
If you do not configure this policy setting, 4 hour random delay will be applied to Automatic Maintenance.
If you disable this policy setting, no random delay will be applied to Automatic Maintenance.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Automatic Maintenance Random Delay*
- GP name: *RandomDelayPolicy*
- GP path: *Windows Components\Maintenance Scheduler*
- GP ADMX file name: *msched.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

288
windows/client-management/mdm/policy-csp-admx-msdt.md Normal file
View File

@ -0,0 +1,288 @@
---
title: Policy CSP - ADMX_MSDT
description: Policy CSP - ADMX_MSDT
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 12/09/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_MSDT
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_MSDT policies
<dl>
<dd>
<a href="#admx-msdt-msdtsupportprovider">ADMX_MSDT/MsdtSupportProvider</a>
</dd>
<dd>
<a href="#admx-msdt-msdttooldownloadpolicy">ADMX_MSDT/MsdtToolDownloadPolicy</a>
</dd>
<dd>
<a href="#admx-msdt-wdiscenarioexecutionpolicy">ADMX_MSDT/WdiScenarioExecutionPolicy</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-msdt-msdtsupportprovider"></a>**ADMX_MSDT/MsdtSupportProvider**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interactive communication with the support provider. MSDT gathers diagnostic data for analysis by support professionals.
If you enable this policy setting, users can use MSDT to collect and send diagnostic data to a support professional to resolve a problem.
By default, the support provider is set to Microsoft Corporation.
If you disable this policy setting, MSDT cannot run in support mode, and no data can be collected or sent to the support provider.
If you do not configure this policy setting, MSDT support mode is enabled by default.
No reboots or service restarts are required for this policy setting to take effect. Changes take effect immediately.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider*
- GP name: *MsdtSupportProvider*
- GP path: *System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool*
- GP ADMX file name: *MSDT.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-msdt-msdttooldownloadpolicy"></a>**ADMX_MSDT/MsdtToolDownloadPolicy**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting restricts the tool download policy for Microsoft Support Diagnostic Tool.
Microsoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals.
For some problems, MSDT may prompt the user to download additional tools for troubleshooting. These tools are required to completely troubleshoot the problem.
If tool download is restricted, it may not be possible to find the root cause of the problem.
If you enable this policy setting for remote troubleshooting, MSDT prompts the user to download additional tools to diagnose problems on remote computers only.
If you enable this policy setting for local and remote troubleshooting, MSDT always prompts for additional tool downloading.
If you disable this policy setting, MSDT never downloads tools, and is unable to diagnose problems on remote computers.
If you do not configure this policy setting, MSDT prompts the user before downloading any additional tools. No reboots or service restarts are required for this policy setting to take effect. Changes take effect immediately.
This policy setting will take effect only when MSDT is enabled.
This policy setting will only take effect when the Diagnostic Policy Service (DPS) is in the running state.
When the service is stopped or disabled, diagnostic scenarios are not executed.
The DPS can be configured with the Services snap-in to the Microsoft Management Console.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Microsoft Support Diagnostic Tool: Restrict tool download*
- GP name: *MsdtToolDownloadPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool*
- GP ADMX file name: *MSDT.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-msdt-wdiscenarioexecutionpolicy"></a>**ADMX_MSDT/WdiScenarioExecutionPolicy**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting determines the execution level for Microsoft Support Diagnostic Tool.
Microsoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals. If you enable this policy setting, administrators can use MSDT to collect and send diagnostic data to a support professional to resolve a problem.
If you disable this policy setting, MSDT cannot gather diagnostic data. If you do not configure this policy setting, MSDT is turned on by default.
This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.
No reboots or service restarts are required for this policy setting to take effect. Changes take effect immediately.
This policy setting will only take effect when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Microsoft Support Diagnostic Tool: Configure execution level*
- GP name: *WdiScenarioExecutionPolicy*
- GP path: *System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool*
- GP ADMX file name: *MSDT.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

1874
windows/client-management/mdm/policy-csp-admx-msi.md Normal file
View File

File diff suppressed because it is too large Load Diff

16
windows/client-management/mdm/policy-csp-admx-nca.md
View File

@ -95,7 +95,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource.
Each string can be one of the following types:
@ -174,7 +174,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies commands configured by the administrator for custom logging. These commands will run in addition to default log commands.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies commands configured by the administrator for custom logging. These commands will run in addition to default log commands.
<!--/Description-->
> [!TIP]
@ -239,7 +239,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints.
By default, NCA uses the same DirectAccess server that the DirectAccess client computer connection is using. In default configurations of DirectAccess, there are typically two IPsec tunnel endpoints: one for the infrastructure tunnel and one for the intranet tunnel. You should configure one endpoint for each tunnel.
@ -310,7 +310,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the string that appears for DirectAccess connectivity when the user clicks the Networking notification area icon. For example, you can specify “Contoso Intranet Access” for the DirectAccess clients of the Contoso Corporation.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the string that appears for DirectAccess connectivity when the user clicks the Networking notification area icon. For example, you can specify “Contoso Intranet Access” for the DirectAccess clients of the Contoso Corporation.
If this setting is not configured, the string that appears for DirectAccess connectivity is “Corporate Connection”.
@ -377,7 +377,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.
If the user clicks the Disconnect option, NCA removes the DirectAccess rules from the Name Resolution Policy Table (NRPT) and the DirectAccess client computer uses whatever normal name resolution is available to the client computer in its current network configuration, including sending all DNS queries to the local intranet or Internet DNS servers. Note that NCA does not remove the existing IPsec tunnels and users can still access intranet resources across the DirectAccess server by specifying IPv6 addresses rather than names.
@ -453,7 +453,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether NCA service runs in Passive Mode or not.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether NCA service runs in Passive Mode or not.
Set this to Disabled to keep NCA probing actively all the time. If this setting is not configured, NCA probing is in active mode by default.
<!--/Description-->
@ -519,7 +519,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon.
Set this to Disabled to prevent user confusion when you are just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access.
@ -588,7 +588,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator.
When the user sends the log files to the Administrator, NCA uses the default e-mail client to open a new message with the support email address in the To: field of the message, then attaches the generated log files as a .html file. The user can review the message and add additional information before sending the message.

14
windows/client-management/mdm/policy-csp-admx-ncsi.md
View File

@ -92,7 +92,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity.
Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity.
<!--/Description-->
> [!TIP]
@ -157,7 +157,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful resolution of this host name to the expected address indicates corporate connectivity.
Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful resolution of this host name to the expected address indicates corporate connectivity.
<!--/Description-->
> [!TIP]
@ -222,7 +222,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity.
Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity.
<!--/Description-->
> [!TIP]
@ -287,7 +287,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting enables you to specify the URL of the corporate website, against which an active probe is performed.
Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify the URL of the corporate website, against which an active probe is performed.
<!--/Description-->
> [!TIP]
@ -355,7 +355,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network.
Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network.
<!--/Description-->
> [!TIP]
@ -420,7 +420,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting enables you to specify DNS binding behavior. NCSI by default will restrict DNS lookups to the interface it is currently probing on. If you enable this setting, NCSI will allow the DNS lookups to happen on any interface.
Available in the latest Windows 10 Insider Preview Build. This policy setting enables you to specify DNS binding behavior. NCSI by default will restrict DNS lookups to the interface it is currently probing on. If you enable this setting, NCSI will allow the DNS lookups to happen on any interface.
<!--/Description-->
> [!TIP]
@ -485,7 +485,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This Policy setting enables you to specify passive polling behavior. NCSI polls various measurements throughout the network stack on a frequent interval to determine if network connectivity has been lost. Use the options to control the passive polling behavior.
Available in the latest Windows 10 Insider Preview Build. This Policy setting enables you to specify passive polling behavior. NCSI polls various measurements throughout the network stack on a frequent interval to determine if network connectivity has been lost. Use the options to control the passive polling behavior.
<!--/Description-->
> [!TIP]

70
windows/client-management/mdm/policy-csp-admx-netlogon.md
View File

@ -176,7 +176,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting configures how a domain controller (DC) behaves when responding to a client whose IP address does not map to any configured site.
Available in the latest Windows 10 Insider Preview Build. This policy setting configures how a domain controller (DC) behaves when responding to a client whose IP address does not map to any configured site.
Domain controllers use the client IP address during a DC locator ping request to compute which Active Directory site the client belongs to. If no site mapping can be computed, the DC may do an address lookup on the client network name to discover other IP addresses which may then be used to compute a matching site for the client.
@ -253,7 +253,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6, the returned DC IP address was IPv4. But with the support of IPv6, the DC Locator APIs can return IPv6 DC address. The returned IPv6 DC address may not be correctly handled by some of the existing applications. So this policy is provided to support such scenarios.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6, the returned DC IP address was IPv4. But with the support of IPv6, the DC Locator APIs can return IPv6 DC address. The returned IPv6 DC address may not be correctly handled by some of the existing applications. So this policy is provided to support such scenarios.
By default, DC Locator APIs can return IPv4/IPv6 DC address. But if some applications are broken due to the returned IPv6 DC address, this policy can be used to disable the default behavior and enforce to return only IPv4 DC address. Once applications are fixed, this policy can be used to enable the default behavior.
@ -328,7 +328,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the computers to which this setting is applied attempts DNS name resolution of single-label domain names, by appending different registered DNS suffixes, and uses NetBIOS name resolution only if DNS name resolution fails. This policy, including the specified default behavior, is not used if the AllowSingleLabelDnsDomain policy setting is enabled.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the computers to which this setting is applied attempts DNS name resolution of single-label domain names, by appending different registered DNS suffixes, and uses NetBIOS name resolution only if DNS name resolution fails. This policy, including the specified default behavior, is not used if the AllowSingleLabelDnsDomain policy setting is enabled.
By default, when no setting is specified for this policy, the behavior is the same as explicitly enabling this policy, unless the AllowSingleLabelDnsDomain policy setting is enabled.
@ -401,7 +401,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier are not as secure as newer algorithms used in Windows 2000 or later, including this version of Windows.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier are not as secure as newer algorithms used in Windows 2000 or later, including this version of Windows.
By default, Net Logon will not allow the older cryptography algorithms to be used and will not include them in the negotiation of cryptography algorithms. Therefore, computers running Windows NT 4.0 will not be able to establish a connection to this domain controller.
@ -476,7 +476,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names.
By default, the behavior specified in the AllowDnsSuffixSearch is used. If the AllowDnsSuffixSearch policy is disabled, then NetBIOS name resolution is used exclusively, to locate a domain controller hosting an Active Directory domain specified with a single-label name.
@ -551,7 +551,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC.
If you enable this policy setting, the DCs to which this setting is applied dynamically register DC Locator site-specific DNS SRV records for the closest sites where no DC for the same domain, or no Global Catalog for the same forest, exists.
@ -624,7 +624,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to control the domain controller (DC) location algorithm. By default, the DC location algorithm prefers DNS-based discovery if the DNS domain name is known. If DNS-based discovery fails and the NetBIOS domain name is known, the algorithm then uses NetBIOS-based discovery as a fallback mechanism.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the domain controller (DC) location algorithm. By default, the DC location algorithm prefers DNS-based discovery if the DNS domain name is known. If DNS-based discovery fails and the NetBIOS domain name is known, the algorithm then uses NetBIOS-based discovery as a fallback mechanism.
NetBIOS-based discovery uses a WINS server and mailslot messages but does not use site information. Hence it does not ensure that clients will discover the closest DC. It also allows a hub-site client to discover a branch-site DC even if the branch-site DC only registers site-specific DNS records (as recommended). For these reasons, NetBIOS-based discovery is not recommended.
@ -700,7 +700,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password.
Available in the latest Windows 10 Insider Preview Build. This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password.
Contacting the PDC emulator is useful in case the clients password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection.
@ -775,7 +775,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.
The default value for this setting is 10 minutes (10*60).
@ -853,7 +853,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines the maximum retry interval allowed when applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines the maximum retry interval allowed when applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC.
For example, the retry intervals may be set at 10 minutes, then 20 minutes and then 40 minutes, but when the interval reaches the value set in this setting, that value becomes the retry interval for all subsequent retries until the value set in Final DC Discovery Retry Setting is reached.
@ -933,7 +933,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain controllers (DC) are unable to find a DC. For example, retires may be set to occur according to the Use maximum DC discovery retry interval policy setting, but when the value set in this policy setting is reached, no more retries occur. If a value for this policy setting is smaller than the value in the Use maximum DC discovery retry interval policy setting, the value for Use maximum DC discovery retry interval policy setting is used.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain controllers (DC) are unable to find a DC. For example, retires may be set to occur according to the Use maximum DC discovery retry interval policy setting, but when the value set in this policy setting is reached, no more retries occur. If a value for this policy setting is smaller than the value in the Use maximum DC discovery retry interval policy setting, the value for Use maximum DC discovery retry interval policy setting is used.
The default value for this setting is to not quit retrying (0). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.
@ -1005,7 +1005,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs, and it is applied before returning the DC information to the caller program. The default value for this setting is infinite (4294967200). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any larger value is treated as infinity. The minimum value for this setting is to always refresh (0).
Available in the latest Windows 10 Insider Preview Build. This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs, and it is applied before returning the DC information to the caller program. The default value for this setting is infinite (4294967200). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any larger value is treated as infinity. The minimum value for this setting is to always refresh (0).
<!--/Description-->
> [!TIP]
@ -1072,7 +1072,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the level of debug output for the Net Logon service.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the level of debug output for the Net Logon service.
The Net Logon service outputs debug information to the log file netlogon.log in the directory %windir%\debug. By default, no debug information is logged.
@ -1147,7 +1147,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines which DC Locator DNS records are not registered by the Net Logon service.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines which DC Locator DNS records are not registered by the Net Logon service.
If you enable this policy setting, select Enabled and specify a list of space-delimited mnemonics (instructions) for the DC Locator DNS records that will not be registered by the DCs to which this setting is applied.
@ -1246,7 +1246,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.
DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers, even if their records data has not changed. If authoritative DNS servers are configured to perform scavenging of the stale records, this reregistration is required to instruct the DNS servers configured to automatically remove (scavenge) stale records that these records are current and should be preserved in the database.
@ -1322,7 +1322,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting configures whether the domain controllers to which this setting is applied will lowercase their DNS host name when registering SRV records.
Available in the latest Windows 10 Insider Preview Build. This policy setting configures whether the domain controllers to which this setting is applied will lowercase their DNS host name when registering SRV records.
If enabled, domain controllers will lowercase their DNS host name when registering domain controller SRV records. A best-effort attempt will be made to delete any previously registered SRV records that contain mixed-case DNS host names. For more information and potential manual cleanup procedures, see the link below.
@ -1398,7 +1398,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered, and they are used to locate the domain controller (DC).
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered, and they are used to locate the domain controller (DC).
To specify the TTL for DC Locator DNS records, click Enabled, and then enter a value in seconds (for example, the value "900" is 15 minutes).
@ -1468,7 +1468,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the additional time for the computer to wait for the domain controllers (DC) response when logging on to the network.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the additional time for the computer to wait for the domain controllers (DC) response when logging on to the network.
To specify the expected dial-up delay at logon, click Enabled, and then enter the desired value in seconds (for example, the value "60" is 1 minute).
@ -1539,7 +1539,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator.
The Domain Controller Locator (DC Locator) service is used by clients to find domain controllers for their Active Directory domain. When DC Locator finds a domain controller, it caches domain controllers to improve the efficiency of the location algorithm. As long as the cached domain controller meets the requirements and is running, DC Locator will continue to return it. If a new domain controller is introduced, existing clients will only discover it when a Force Rediscovery is carried out by DC Locator. To adapt to changes in network conditions DC Locator will by default carry out a Force Rediscovery according to a specific time interval and maintain efficient load-balancing of clients across all available domain controllers in all domains or forests. The default time interval for Force Rediscovery by DC Locator is 12 hours. Force Rediscovery can also be triggered if a call to DC Locator uses the DS_FORCE_REDISCOVERY flag. Rediscovery resets the timer on the cached domain controller entries.
@ -1614,7 +1614,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides, and records registered by a GC configured to register GC Locator DNS SRV records for those sites without a GC that are closest to it.
The GC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they are used to locate the GC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. A GC is a domain controller that contains a partial replica of every domain in Active Directory.
@ -1687,7 +1687,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC).
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC).
> [!NOTE]
> To locate a remote DC based on its NetBIOS (single-label) domain name, DC Locator first gets the list of DCs from a WINS server that is configured in its local client settings. DC Locator then sends a mailslot message to each remote DC to get more information. DC location succeeds only if a remote DC responds to the mailslot message.
@ -1763,7 +1763,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.
The Priority field in the SRV record sets the preference for target hosts (specified in the SRV records Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed.
@ -1836,7 +1836,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC.
The Weight field in the SRV record can be used in addition to the Priority value to provide a load-balancing mechanism where multiple servers are specified in the SRV records Target field and are all set to the same priority. The probability with which the DNS client randomly selects the target host to be contacted is proportional to the Weight field value in the SRV record.
@ -1909,7 +1909,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\debug when logging is enabled.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\debug when logging is enabled.
By default, the maximum size of the log file is 20MB. If you enable this policy setting, the maximum size of the log file is set to the specified size. Once this size is reached the log file is saved to netlogon.bak and netlogon.log is truncated. A reasonable value based on available storage should be specified.
@ -1980,7 +1980,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific, application directory partition-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific, application directory partition-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it.
The application directory partition DC Locator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they are used to locate the application directory partition-specific DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.
@ -2053,7 +2053,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting, DC Discovery immediately fails, without attempting to find the DC.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting, DC Discovery immediately fails, without attempting to find the DC.
The default value for this setting is 45 seconds. The maximum value for this setting is 7 days (7*24*60*60). The minimum value for this setting is 0.
@ -2125,7 +2125,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.
If you enable this policy setting, the Netlogon share will honor file sharing semantics that grant requests for exclusive read access to files on the share even when the caller has only read permission.
@ -2203,7 +2203,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that do not periodically attempt to locate DCs, and it is applied before the returning the DC information to the caller program. This policy setting is relevant to only those callers of DsGetDcName that have not specified the DS_BACKGROUND_ONLY flag.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that do not periodically attempt to locate DCs, and it is applied before the returning the DC information to the caller program. This policy setting is relevant to only those callers of DsGetDcName that have not specified the DS_BACKGROUND_ONLY flag.
The default value for this setting is 30 minutes (1800). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any larger value will be treated as infinity. The minimum value for this setting is to always refresh (0).
@ -2272,7 +2272,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting configures whether the computers to which this setting is applied are more aggressive when trying to locate a domain controller (DC).
Available in the latest Windows 10 Insider Preview Build. This policy setting configures whether the computers to which this setting is applied are more aggressive when trying to locate a domain controller (DC).
When an environment has a large number of DCs running both old and new operating systems, the default DC locator discovery behavior may be insufficient to find DCs running a newer operating system. This policy setting can be enabled to configure DC locator to be more aggressive about trying to locate a DC in such an environment, by pinging DCs at a higher frequency. Enabling this setting may result in additional network traffic and increased load on DCs. You should disable this setting once all DCs are running the same OS version.
@ -2350,7 +2350,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines the interval at which Netlogon performs the following scavenging operations:
Available in the latest Windows 10 Insider Preview Build. This policy setting determines the interval at which Netlogon performs the following scavenging operations:
- Checks if a password on a secure channel needs to be modified, and modifies it if necessary.
@ -2427,7 +2427,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites without a DC that are closest to it.
The DC Locator DNS records are dynamically registered by the Net Logon service, and they are used to locate the DC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.
@ -2500,7 +2500,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the Active Directory site to which computers belong.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the Active Directory site to which computers belong.
An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.
@ -2573,7 +2573,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.
When this setting is enabled, the SYSVOL share will honor file sharing semantics that grant requests for exclusive read access to files on the share even when the caller has only read permission.
@ -2651,7 +2651,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site is not found. In scenarios with multiple sites, failing over to the try next closest site during DC Location streamlines network traffic more effectively.
Available in the latest Windows 10 Insider Preview Build. This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site is not found. In scenarios with multiple sites, failing over to the try next closest site during DC Location streamlines network traffic more effectively.
The DC Locator service is used by clients to find domain controllers for their Active Directory domain. The default behavior for DC Locator is to find a DC in the same site. If none are found in the same site, a DC in another site, which might be several site-hops away, could be returned by DC Locator. Site proximity between two sites is determined by the total site-link cost between them. A site is closer if it has a lower site link cost than another site with a higher site link cost.
@ -2726,7 +2726,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC.
If you enable this policy setting, DCs to which this setting is applied dynamically register DC Locator DNS resource records through dynamic DNS update-enabled network connections.

94
windows/client-management/mdm/policy-csp-admx-offlinefiles.md
View File

@ -209,7 +209,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting makes subfolders available offline whenever their parent folder is made available offline.
Available in the latest Windows 10 Insider Preview Build. This policy setting makes subfolders available offline whenever their parent folder is made available offline.
This setting automatically extends the "make available offline" setting to all new and existing subfolders of a folder. Users do not have the option of excluding subfolders.
@ -280,7 +280,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.
Available in the latest Windows 10 Insider Preview Build. This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.
If you enable this policy setting, the files you enter are always available offline to users of the computer. To specify a file or folder, click Show. In the Show Contents dialog box in the Value Name column, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.
@ -354,7 +354,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.
Available in the latest Windows 10 Insider Preview Build. This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.
If you enable this policy setting, the files you enter are always available offline to users of the computer. To specify a file or folder, click Show. In the Show Contents dialog box in the Value Name column, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.
@ -428,7 +428,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls when background synchronization occurs while operating in slow-link mode, and applies to any user who logs onto the specified machine while this policy is in effect. To control slow-link mode, use the "Configure slow-link mode" policy setting.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls when background synchronization occurs while operating in slow-link mode, and applies to any user who logs onto the specified machine while this policy is in effect. To control slow-link mode, use the "Configure slow-link mode" policy setting.
If you enable this policy setting, you can control when Windows synchronizes in the background while operating in slow-link mode. Use the 'Sync Interval' and 'Sync Variance' values to override the default sync interval and variance settings. Use 'Blockout Start Time' and 'Blockout Duration' to set a period of time where background sync is disabled. Use the 'Maximum Allowed Time Without A Sync' value to ensure that all network folders on the machine are synchronized with the server on a regular basis.
@ -499,7 +499,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting limits the amount of disk space that can be used to store offline files. This includes the space used by automatically cached files and files that are specifically made available offline. Files can be automatically cached if the user accesses a file on an automatic caching network share.
Available in the latest Windows 10 Insider Preview Build. This policy setting limits the amount of disk space that can be used to store offline files. This includes the space used by automatically cached files and files that are specifically made available offline. Files can be automatically cached if the user accesses a file on an automatic caching network share.
This setting also disables the ability to adjust, through the Offline Files control panel applet, the disk space limits on the Offline Files cache. This prevents users from trying to change the option while a policy setting controls it.
@ -580,7 +580,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
This setting also disables the "When a network connection is lost" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
@ -664,7 +664,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
This setting also disables the "When a network connection is lost" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
@ -748,7 +748,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Limits the percentage of the computer's disk space that can be used to store automatically cached offline files.
Available in the latest Windows 10 Insider Preview Build. Limits the percentage of the computer's disk space that can be used to store automatically cached offline files.
This setting also disables the "Amount of disk space to use for temporary offline files" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
@ -828,7 +828,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185.This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the user's computer for use when the computer is not connected to the network.
Available in the latest Windows 10 Insider Preview Build.This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the user's computer for use when the computer is not connected to the network.
If you enable this policy setting, Offline Files is enabled and users cannot disable it.
@ -902,7 +902,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether offline files are encrypted.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are encrypted.
Offline files are locally cached copies of files from a network share. Encrypting this cache reduces the likelihood that a user could access files from the Offline Files cache without proper permissions.
@ -979,7 +979,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines which events the Offline Files feature records in the event log.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines which events the Offline Files feature records in the event log.
Offline Files records events in the Application log in Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify additional events you want Offline Files to record.
@ -1059,7 +1059,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines which events the Offline Files feature records in the event log.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines which events the Offline Files feature records in the event log.
Offline Files records events in the Application log in Event Viewer when it detects errors. By default, Offline Files records an event only when the offline files storage cache is corrupted. However, you can use this setting to specify additional events you want Offline Files to record.
@ -1139,7 +1139,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting enables administrators to block certain file types from being created in the folders that have been made available offline.
Available in the latest Windows 10 Insider Preview Build. This policy setting enables administrators to block certain file types from being created in the folders that have been made available offline.
If you enable this policy setting, a user will be unable to create files with the specified file extensions in any of the folders that have been made available offline.
@ -1208,7 +1208,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Lists types of files that cannot be used offline.
Available in the latest Windows 10 Insider Preview Build. Lists types of files that cannot be used offline.
This setting lets you exclude certain types of files from automatic and manual caching for offline use. The system does not cache files of the type specified in this setting even when they reside on a network share configured for automatic caching. Also, if users try to make a file of this type available offline, the operation will fail and the following message will be displayed in the Synchronization Manager progress dialog box: "Files of this type cannot be made available offline."
@ -1282,7 +1282,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
This setting also disables the "When a network connection is lost" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
@ -1366,7 +1366,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
This setting also disables the "When a network connection is lost" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
@ -1450,7 +1450,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting disables the Offline Files folder.
Available in the latest Windows 10 Insider Preview Build. This policy setting disables the Offline Files folder.
This setting disables the "View Files" button on the Offline Files tab. As a result, users cannot use the Offline Files folder to view or open copies of network files stored on their computer. Also, they cannot use the folder to view characteristics of offline files, such as their server status, type, or location.
@ -1524,7 +1524,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting disables the Offline Files folder.
Available in the latest Windows 10 Insider Preview Build. This policy setting disables the Offline Files folder.
This setting disables the "View Files" button on the Offline Files tab. As a result, users cannot use the Offline Files folder to view or open copies of network files stored on their computer. Also, they cannot use the folder to view characteristics of offline files, such as their server status, type, or location.
@ -1598,7 +1598,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from enabling, disabling, or changing the configuration of Offline Files.
Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from enabling, disabling, or changing the configuration of Offline Files.
This setting removes the Offline Files tab from the Folder Options dialog box. It also removes the Settings item from the Offline Files context menu and disables the Settings button on the Offline Files Status dialog box. As a result, users cannot view or change the options on the Offline Files tab or Offline Files dialog box.
@ -1672,7 +1672,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from enabling, disabling, or changing the configuration of Offline Files.
Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from enabling, disabling, or changing the configuration of Offline Files.
This setting removes the Offline Files tab from the Folder Options dialog box. It also removes the Settings item from the Offline Files context menu and disables the Settings button on the Offline Files Status dialog box. As a result, users cannot view or change the options on the Offline Files tab or Offline Files dialog box.
@ -1746,7 +1746,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from making network files and folders available offline.
Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from making network files and folders available offline.
If you enable this policy setting, users cannot designate files to be saved on their computer for offline use. However, Windows will still cache local copies of files that reside on network shares designated for automatic caching.
@ -1819,7 +1819,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from making network files and folders available offline.
Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from making network files and folders available offline.
If you enable this policy setting, users cannot designate files to be saved on their computer for offline use. However, Windows will still cache local copies of files that reside on network shares designated for automatic caching.
@ -1892,7 +1892,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.
If you enable this policy setting, the "Make Available Offline" command is not available for the files and folders that you list. To specify these files and folders, click Show. In the Show Contents dialog box, in the Value Name column box, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.
@ -1969,7 +1969,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.
If you enable this policy setting, the "Make Available Offline" command is not available for the files and folders that you list. To specify these files and folders, click Show. In the Show Contents dialog box, in the Value Name column box, type the fully qualified UNC path to the file or folder. Leave the Value column field blank.
@ -2046,7 +2046,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Hides or displays reminder balloons, and prevents users from changing the setting.
Available in the latest Windows 10 Insider Preview Build. Hides or displays reminder balloons, and prevents users from changing the setting.
Reminder balloons appear above the Offline Files icon in the notification area to notify users when they have lost the connection to a networked file and are working on a local copy of the file. Users can then decide how to proceed.
@ -2126,7 +2126,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Hides or displays reminder balloons, and prevents users from changing the setting.
Available in the latest Windows 10 Insider Preview Build. Hides or displays reminder balloons, and prevents users from changing the setting.
Reminder balloons appear above the Offline Files icon in the notification area to notify users when they have lost the connection to a networked file and are working on a local copy of the file. Users can then decide how to proceed.
@ -2206,7 +2206,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files cache for future reads. When a user tries to access a file that has been transparently cached, Windows reads from the cached copy after verifying its integrity. This improves end-user response times and decreases bandwidth consumption over WAN links.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files cache for future reads. When a user tries to access a file that has been transparently cached, Windows reads from the cached copy after verifying its integrity. This improves end-user response times and decreases bandwidth consumption over WAN links.
The cached files are temporary and are not available to the user when offline. The cached files are not kept in sync with the version on the server, and the most current version from the server is always available for subsequent reads.
@ -2279,7 +2279,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting makes subfolders available offline whenever their parent folder is made available offline.
Available in the latest Windows 10 Insider Preview Build. This policy setting makes subfolders available offline whenever their parent folder is made available offline.
This setting automatically extends the "make available offline" setting to all new and existing subfolders of a folder. Users do not have the option of excluding subfolders.
@ -2350,7 +2350,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting deletes local copies of the user's offline files when the user logs off.
Available in the latest Windows 10 Insider Preview Build. This policy setting deletes local copies of the user's offline files when the user logs off.
This setting specifies that automatically and manually cached offline files are retained only while the user is logged on to the computer. When the user logs off, the system deletes all local copies of offline files.
@ -2422,7 +2422,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to turn on economical application of administratively assigned Offline Files.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn on economical application of administratively assigned Offline Files.
If you enable or do not configure this policy setting, only new files and folders in administratively assigned folders are synchronized at logon. Files and folders that are already available offline are skipped and are synchronized later.
@ -2491,7 +2491,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines how often reminder balloon updates appear.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines how often reminder balloon updates appear.
If you enable this setting, you can select how often reminder balloons updates appear and also prevent users from changing this setting.
@ -2565,7 +2565,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines how often reminder balloon updates appear.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines how often reminder balloon updates appear.
If you enable this setting, you can select how often reminder balloons updates appear and also prevent users from changing this setting.
@ -2639,7 +2639,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines how long the first reminder balloon for a network status change is displayed.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines how long the first reminder balloon for a network status change is displayed.
Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder.
@ -2708,7 +2708,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines how long the first reminder balloon for a network status change is displayed.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines how long the first reminder balloon for a network status change is displayed.
Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder.
@ -2777,7 +2777,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines how long updated reminder balloons are displayed.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines how long updated reminder balloons are displayed.
Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the update reminder.
@ -2846,7 +2846,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines how long updated reminder balloons are displayed.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines how long updated reminder balloons are displayed.
Reminder balloons appear when the user's connection to a network file is lost or reconnected, and they are updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the update reminder.
@ -2915,7 +2915,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls the network latency and throughput thresholds that will cause a client computers to transition files and folders that are already available offline to the slow-link mode so that the user's access to this data is not degraded due to network slowness. When Offline Files is operating in the slow-link mode, all network file requests are satisfied from the Offline Files cache. This is similar to a user working offline.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls the network latency and throughput thresholds that will cause a client computers to transition files and folders that are already available offline to the slow-link mode so that the user's access to this data is not degraded due to network slowness. When Offline Files is operating in the slow-link mode, all network file requests are satisfied from the Offline Files cache. This is similar to a user working offline.
If you enable this policy setting, Offline Files uses the slow-link mode if the network throughput between the client and the server is below (slower than) the Throughput threshold parameter, or if the round-trip network latency is above (slower than) the Latency threshold parameter.
@ -2994,7 +2994,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting configures the threshold value at which Offline Files considers a network connection to be "slow". Any network speed below this value is considered to be slow.
Available in the latest Windows 10 Insider Preview Build. This policy setting configures the threshold value at which Offline Files considers a network connection to be "slow". Any network speed below this value is considered to be slow.
When a connection is considered slow, Offline Files automatically adjust its behavior to avoid excessive synchronization traffic and will not automatically reconnect to a server when the presence of a server is detected.
@ -3068,7 +3068,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether offline files are fully synchronized when users log off.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are fully synchronized when users log off.
This setting also disables the "Synchronize all offline files before logging off" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
@ -3146,7 +3146,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether offline files are fully synchronized when users log off.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are fully synchronized when users log off.
This setting also disables the "Synchronize all offline files before logging off" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
@ -3224,7 +3224,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether offline files are fully synchronized when users log on.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are fully synchronized when users log on.
This setting also disables the "Synchronize all offline files before logging on" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
@ -3304,7 +3304,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether offline files are fully synchronized when users log on.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are fully synchronized when users log on.
This setting also disables the "Synchronize all offline files before logging on" option on the Offline Files tab. This prevents users from trying to change the option while a setting controls it.
@ -3382,7 +3382,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether offline files are synchronized before a computer is suspended.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are synchronized before a computer is suspended.
If you enable this setting, offline files are synchronized whenever the computer is suspended. Setting the synchronization action to "Quick" ensures only that all files in the cache are complete. Setting the synchronization action to "Full" ensures that all cached files and folders are up-to-date with the most current version.
@ -3454,7 +3454,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether offline files are synchronized before a computer is suspended.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are synchronized before a computer is suspended.
If you enable this setting, offline files are synchronized whenever the computer is suspended. Setting the synchronization action to "Quick" ensures only that all files in the cache are complete. Setting the synchronization action to "Full" ensures that all cached files and folders are up-to-date with the most current version.
@ -3526,7 +3526,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether offline files are synchronized in the background when it could result in extra charges on cell phone or broadband plans.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether offline files are synchronized in the background when it could result in extra charges on cell phone or broadband plans.
If you enable this setting, synchronization can occur in the background when the user's network is roaming, near, or over the plan's data limit. This may result in extra charges on cell phone or broadband plans.
@ -3595,7 +3595,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode.
Available in the latest Windows 10 Insider Preview Build. This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode.
If you enable this policy setting, the "Work offline" command is not displayed in File Explorer.
@ -3664,7 +3664,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode.
Available in the latest Windows 10 Insider Preview Build. This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode.
If you enable this policy setting, the "Work offline" command is not displayed in File Explorer.

18
windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
View File

@ -97,7 +97,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting, you must specify whether the client computers are hosted cache mode or distributed cache mode clients. To do so, configure one of the following the policy settings:
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting, you must specify whether the client computers are hosted cache mode or distributed cache mode clients. To do so, configure one of the following the policy settings:
- Set BranchCache Distributed Cache mode
- Set BranchCache Hosted Cache mode
@ -177,7 +177,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether BranchCache distributed cache mode is enabled on client computers to which this policy is applied. In addition to this policy, you must use the policy "Turn on BranchCache" to enable BranchCache on client computers.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether BranchCache distributed cache mode is enabled on client computers to which this policy is applied. In addition to this policy, you must use the policy "Turn on BranchCache" to enable BranchCache on client computers.
In distributed cache mode, client computers download content from BranchCache-enabled main office content servers, cache the content locally, and serve the content to other BranchCache distributed cache mode clients in the branch office.
@ -255,7 +255,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether BranchCache hosted cache mode is enabled on client computers to which this policy is applied. In addition to this policy, you must use the policy "Turn on BranchCache" to enable BranchCache on client computers.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether BranchCache hosted cache mode is enabled on client computers to which this policy is applied. In addition to this policy, you must use the policy "Turn on BranchCache" to enable BranchCache on client computers.
When a client computer is configured as a hosted cache mode client, it is able to download cached content from a hosted cache server that is located at the branch office. In addition, when the hosted cache client obtains content from a content server, the client can upload the content to the hosted cache server for access by other hosted cache clients at the branch office.
@ -339,7 +339,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether client computers should attempt the automatic configuration of hosted cache mode by searching for hosted cache servers publishing service connection points that are associated with the client's current Active Directory site. If you enable this policy setting, client computers to which the policy setting is applied search for hosted cache servers using Active Directory, and will prefer both these servers and hosted cache mode rather than manual BranchCache configuration or BranchCache configuration by other group policies.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether client computers should attempt the automatic configuration of hosted cache mode by searching for hosted cache servers publishing service connection points that are associated with the client's current Active Directory site. If you enable this policy setting, client computers to which the policy setting is applied search for hosted cache servers using Active Directory, and will prefer both these servers and hosted cache mode rather than manual BranchCache configuration or BranchCache configuration by other group policies.
If you enable this policy setting in addition to the "Turn on BranchCache" policy setting, BranchCache clients attempt to discover hosted cache servers in the local branch office. If client computers detect hosted cache servers, hosted cache mode is turned on. If they do not detect hosted cache servers, hosted cache mode is not turned on, and the client uses any other configuration that is specified manually or by Group Policy.
@ -426,7 +426,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether client computers are configured to use hosted cache mode and provides the computer name of the hosted cache servers that are available to the client computers. Hosted cache mode enables client computers in branch offices to retrieve content from one or more hosted cache servers that are installed in the same office location. You can use this setting to automatically configure client computers that are configured for hosted cache mode with the computer names of the hosted cache servers in the branch office.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether client computers are configured to use hosted cache mode and provides the computer name of the hosted cache servers that are available to the client computers. Hosted cache mode enables client computers in branch offices to retrieve content from one or more hosted cache servers that are installed in the same office location. You can use this setting to automatically configure client computers that are configured for hosted cache mode with the computer names of the hosted cache servers in the branch office.
If you enable this policy setting and specify valid computer names of hosted cache servers, hosted cache mode is enabled for all client computers to which the policy setting is applied. For this policy setting to take effect, you must also enable the "Turn on BranchCache" policy setting.
@ -509,7 +509,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting, which is the maximum round trip network latency allowed before caching begins, clients do not cache content until the network latency reaches the specified value; when network latency is greater than the value, clients begin caching content after they receive it from the file servers.
Available in the latest Windows 10 Insider Preview Build. This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting, which is the maximum round trip network latency allowed before caching begins, clients do not cache content until the network latency reaches the specified value; when network latency is greater than the value, clients begin caching content after they receive it from the file servers.
Policy configuration
@ -586,7 +586,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client computers.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client computers.
If you enable this policy setting, you can configure the percentage of total disk space to allocate for the cache.
@ -670,7 +670,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the default age in days for which segments are valid in the BranchCache data cache on client computers.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the default age in days for which segments are valid in the BranchCache data cache on client computers.
If you enable this policy setting, you can configure the age for segments in the data cache.
@ -751,7 +751,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether BranchCache-capable client computers operate in a downgraded mode in order to maintain compatibility with previous versions of BranchCache. If client computers do not use the same BranchCache version, cache efficiency might be reduced because client computers that are using different versions of BranchCache might store cache data in incompatible formats.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether BranchCache-capable client computers operate in a downgraded mode in order to maintain compatibility with previous versions of BranchCache. If client computers do not use the same BranchCache version, cache efficiency might be reduced because client computers that are using different versions of BranchCache might store cache data in incompatible formats.
If you enable this policy setting, all clients use the version of BranchCache that you specify in "Select from the following versions."

8
windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
View File

@ -83,7 +83,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines the execution level for Windows Boot Performance Diagnostics.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines the execution level for Windows Boot Performance Diagnostics.
If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Boot Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Boot Performance problems and indicate to the user that assisted resolution is available.
@ -160,7 +160,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Determines the execution level for Windows Standby/Resume Performance Diagnostics.
Available in the latest Windows 10 Insider Preview Build. Determines the execution level for Windows Standby/Resume Performance Diagnostics.
If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available.
@ -237,7 +237,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines the execution level for Windows Shutdown Performance Diagnostics.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines the execution level for Windows Shutdown Performance Diagnostics.
If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Shutdown Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Shutdown Performance problems and indicate to the user that assisted resolution is available.
@ -314,7 +314,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Determines the execution level for Windows Standby/Resume Performance Diagnostics.
Available in the latest Windows 10 Insider Preview Build. Determines the execution level for Windows Standby/Resume Performance Diagnostics.
If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detection and troubleshooting only, the Diagnostic Policy Service (DPS) will detect Windows Standby/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted resolution is available.

1882
windows/client-management/mdm/policy-csp-admx-power.md Normal file
View File

File diff suppressed because it is too large Load Diff

2027
windows/client-management/mdm/policy-csp-admx-printing.md Normal file
View File

File diff suppressed because it is too large Load Diff

741
windows/client-management/mdm/policy-csp-admx-printing2.md Normal file
View File

@ -0,0 +1,741 @@
---
title: Policy CSP - ADMX_Printing2
description: Policy CSP - ADMX_Printing2
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 12/15/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_Printing2
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_Printing2 policies
<dl>
<dd>
<a href="#admx-printing2-autopublishing">ADMX_Printing2/AutoPublishing</a>
</dd>
<dd>
<a href="#admx-printing2-immortalprintqueue">ADMX_Printing2/ImmortalPrintQueue</a>
</dd>
<dd>
<a href="#admx-printing2-prunedownlevel">ADMX_Printing2/PruneDownlevel</a>
</dd>
<dd>
<a href="#admx-printing2-pruninginterval">ADMX_Printing2/PruningInterval</a>
</dd>
<dd>
<a href="#admx-printing2-pruningpriority">ADMX_Printing2/PruningPriority</a>
</dd>
<dd>
<a href="#admx-printing2-pruningretries">ADMX_Printing2/PruningRetries</a>
</dd>
<dd>
<a href="#admx-printing2-pruningretrylog">ADMX_Printing2/PruningRetryLog</a>
</dd>
<dd>
<a href="#admx-printing2-registerspoolerremoterpcendpoint">ADMX_Printing2/RegisterSpoolerRemoteRpcEndPoint</a>
</dd>
<dd>
<a href="#admx-printing2-verifypublishedstate">ADMX_Printing2/VerifyPublishedState</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-printing2-autopublishing"></a>**ADMX_Printing2/AutoPublishing**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. Determines whether the Add Printer Wizard automatically publishes the computer's shared printers in Active Directory.
If you enable this setting or do not configure it, the Add Printer Wizard automatically publishes all shared printers.
If you disable this setting, the Add Printer Wizard does not automatically publish printers. However, you can publish shared printers manually.
The default behavior is to automatically publish shared printers in Active Directory.
> [!NOTE]
> This setting is ignored if the "Allow printers to be published" setting is disabled.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Automatically publish new printers in Active Directory*
- GP name: *AutoPublishing*
- GP path: *Printers*
- GP ADMX file name: *Printing2.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-printing2-immortalprintqueue"></a>**ADMX_Printing2/ImmortalPrintQueue**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. Determines whether the domain controller can prune (delete from Active Directory) the printers published by this computer.
By default, the pruning service on the domain controller prunes printer objects from Active Directory if the computer that published them does not respond to contact requests. When the computer that published the printers restarts, it republishes any deleted printer objects.
If you enable this setting or do not configure it, the domain controller prunes this computer's printers when the computer does not respond.
If you disable this setting, the domain controller does not prune this computer's printers. This setting is designed to prevent printers from being pruned when the computer is temporarily disconnected from the network.
> [!NOTE]
> You can use the "Directory Pruning Interval" and "Directory Pruning Retry" settings to adjust the contact interval and number of contact attempts.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Allow pruning of published printers*
- GP name: *ImmortalPrintQueue*
- GP path: *Printers*
- GP ADMX file name: *Printing2.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-printing2-prunedownlevel"></a>**ADMX_Printing2/PruneDownlevel**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. Determines whether the pruning service on a domain controller prunes printer objects that are not automatically republished whenever the host computer does not respond,just as it does with Windows 2000 printers. This setting applies to printers running operating systems other than Windows 2000 and to Windows 2000 printers published outside their forest.
The Windows pruning service prunes printer objects from Active Directory when the computer that published them does not respond to contact requests. Computers running Windows 2000 Professional detect and republish deleted printer objects when they rejoin the network. However, because non-Windows 2000 computers and computers in other domains cannot republish printers in Active Directory automatically, by default, the system never prunes their printer objects.
You can enable this setting to change the default behavior. To use this setting, select one of the following options from the "Prune non-republishing printers" box:
- "Never" specifies that printer objects that are not automatically republished are never pruned. "Never" is the default.
- "Only if Print Server is found" prunes printer objects that are not automatically republished only when the print server responds, but the printer is unavailable.
- "Whenever printer is not found" prunes printer objects that are not automatically republished whenever the host computer does not respond, just as it does with Windows 2000 printers.
> [!NOTE]
> This setting applies to printers published by using Active Directory Users and Computers or Pubprn.vbs. It does not apply to printers published by using Printers in Control Panel.
> [!TIP]
> If you disable automatic pruning, remember to delete printer objects manually whenever you remove a printer or print server.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prune printers that are not automatically republished*
- GP name: *PruneDownlevel*
- GP path: *Printers*
- GP ADMX file name: *Printing2.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-printing2-pruninginterval"></a>**ADMX_Printing2/PruningInterval**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational.
The pruning service periodically contacts computers that have published printers. If a computer does not respond to the contact message (optionally, after repeated attempts), the pruning service "prunes" (deletes from Active Directory) printer objects the computer has published.
By default, the pruning service contacts computers every eight hours and allows two repeated contact attempts before deleting printers from Active Directory.
If you enable this setting, you can change the interval between contact attempts.
If you do not configure or disable this setting the default values will be used.
> [!NOTE]
> This setting is used only on domain controllers.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Directory pruning interval*
- GP name: *PruningInterval*
- GP path: *Printers*
- GP ADMX file name: *Printing2.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-printing2-pruningpriority"></a>**ADMX_Printing2/PruningPriority**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. Sets the priority of the pruning thread.
The pruning thread, which runs only on domain controllers, deletes printer objects from Active Directory if the printer that published the object does not respond to contact attempts. This process keeps printer information in Active Directory current.
The thread priority influences the order in which the thread receives processor time and determines how likely it is to be preempted by higher priority threads.
By default, the pruning thread runs at normal priority. However, you can adjust the priority to improve the performance of this service.
> [!NOTE]
> This setting is used only on domain controllers.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Directory pruning priority*
- GP name: *PruningPriority*
- GP path: *Printers*
- GP ADMX file name: *Printing2.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-printing2-pruningretries"></a>**ADMX_Printing2/PruningRetries**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning the computer's printers.
The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact message, the message is repeated for the specified number of times. If the computer still fails to respond, then the pruning service "prunes" (deletes from Active Directory) printer objects the computer has published.
By default, the pruning service contacts computers every eight hours and allows two retries before deleting printers from Active Directory. You can use this setting to change the number of retries.
If you enable this setting, you can change the interval between attempts.
If you do not configure or disable this setting, the default values are used.
> [!NOTE]
> This setting is used only on domain controllers.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Directory pruning retry*
- GP name: *PruningRetries*
- GP path: *Printers*
- GP ADMX file name: *Printing2.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-printing2-pruningretrylog"></a>**ADMX_Printing2/PruningRetryLog**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before pruning the computer's printers.
The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact attempt, the attempt is retried a specified number of times, at a specified interval. The "Directory pruning retry" setting determines the number of times the attempt is retried; the default value is two retries. The "Directory Pruning Interval" setting determines the time interval between retries; the default value is every eight hours. If the computer has not responded by the last contact attempt, its printers are pruned from the directory.
If you enable this policy setting, the contact events are recorded in the event log.
If you disable or do not configure this policy setting, the contact events are not recorded in the event log.
Note: This setting does not affect the logging of pruning events; the actual pruning of a printer is always logged.
> [!NOTE]
> This setting is used only on domain controllers.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Log directory pruning retry events*
- GP name: *PruningRetryLog*
- GP path: *Printers*
- GP ADMX file name: *Printing2.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-printing2-registerspoolerremoterpcendpoint"></a>**ADMX_Printing2/RegisterSpoolerRemoteRpcEndPoint**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy controls whether the print spooler will accept client connections.
When the policy is not configured or enabled, the spooler will always accept client connections.
When the policy is disabled, the spooler will not accept client connections nor allow users to share printers. All printers currently shared will continue to be shared.
The spooler must be restarted for changes to this policy to take effect.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Allow Print Spooler to accept client connections*
- GP name: *RegisterSpoolerRemoteRpcEndPoint*
- GP path: *Printers*
- GP ADMX file name: *Printing2.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-printing2-verifypublishedstate"></a>**ADMX_Printing2/VerifyPublishedState**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. Directs the system to periodically verify that the printers published by this computer still appear in Active Directory. This setting also specifies how often the system repeats the verification.
By default, the system only verifies published printers at startup. This setting allows for periodic verification while the computer is operating.
To enable this additional verification, enable this setting, and then select a verification interval.
To disable verification, disable this setting, or enable this setting and select "Never" for the verification interval.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Check published state*
- GP name: *VerifyPublishedState*
- GP path: *Printers*
- GP ADMX file name: *Printing2.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

8
windows/client-management/mdm/policy-csp-admx-reliability.md
View File

@ -83,7 +83,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows the system to detect the time of unexpected shutdowns by writing the current time to disk on a schedule controlled by the Timestamp Interval.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows the system to detect the time of unexpected shutdowns by writing the current time to disk on a schedule controlled by the Timestamp Interval.
If you enable this policy setting, you are able to specify how often the Persistent System Timestamp is refreshed and subsequently written to the disk. You can specify the Timestamp Interval in seconds.
@ -159,7 +159,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls whether or not unplanned shutdown events can be reported when error reporting is enabled.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether or not unplanned shutdown events can be reported when error reporting is enabled.
If you enable this policy setting, error reporting includes unplanned shutdown events.
@ -234,7 +234,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting defines when the Shutdown Event Tracker System State Data feature is activated.
Available in the latest Windows 10 Insider Preview Build. This policy setting defines when the Shutdown Event Tracker System State Data feature is activated.
The system state data file contains information about the basic system state as well as the state of all running processes.
@ -312,7 +312,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. The Shutdown Event Tracker can be displayed when you shut down a workstation or server. This is an extra set of questions that is displayed when you invoke a shutdown to collect information related to why you are shutting down the computer.
Available in the latest Windows 10 Insider Preview Build. The Shutdown Event Tracker can be displayed when you shut down a workstation or server. This is an extra set of questions that is displayed when you invoke a shutdown to collect information related to why you are shutting down the computer.
If you enable this setting and choose "Always" from the drop-down menu list, the Shutdown Event Tracker is displayed when the computer shuts down.

205
windows/client-management/mdm/policy-csp-admx-remoteassistance.md Normal file
View File

@ -0,0 +1,205 @@
---
title: Policy CSP - ADMX_RemoteAssistance
description: Policy CSP - ADMX_RemoteAssistance
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 12/14/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_RemoteAssistance
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_RemoteAssistance policies
<dl>
<dd>
<a href="#admx-remoteassistance-ra-encryptedticketonly">ADMX_RemoteAssistance/RA_EncryptedTicketOnly</a>
</dd>
<dd>
<a href="#admx-remoteassistance-ra-optimize-bandwidth">ADMX_RemoteAssistance/RA_Optimize_Bandwidth</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-remoteassistance-ra-encryptedticketonly"></a>**ADMX_RemoteAssistance/RA_EncryptedTicketOnly**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting does not affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance.
If you enable this policy setting, only computers running this version (or later versions) of the operating system can connect to this computer.
If you disable this policy setting, computers running this version and a previous version of the operating system can connect to this computer.
If you do not configure this policy setting, users can configure the setting in System Properties in the Control Panel.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Allow only Windows Vista or later connections*
- GP name: *RA_EncryptedTicketOnly*
- GP path: *System\Remote Assistance*
- GP ADMX file name: *RemoteAssistance.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-remoteassistance-ra-optimize-bandwidth"></a>**ADMX_RemoteAssistance/RA_Optimize_Bandwidth**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to improve performance in low bandwidth scenarios.
This setting is incrementally scaled from "No optimization" to "Full optimization". Each incremental setting includes the previous optimization setting.
For example:
"Turn off background" will include the following optimizations:
- No full window drag
- Turn off background
"Full optimization" will include the following optimizations:
- Use 16-bit color (8-bit color in Windows Vista)
- Turn off font smoothing (not supported in Windows Vista)
- No full window drag
- Turn off background
If you enable this policy setting, bandwidth optimization occurs at the level specified.
If you disable this policy setting, application-based settings are used.
If you do not configure this policy setting, application-based settings are used.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Turn on bandwidth optimization*
- GP name: *RA_Optimize_Bandwidth*
- GP path: *System\Remote Assistance*
- GP ADMX file name: *RemoteAssistance.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

2328
windows/client-management/mdm/policy-csp-admx-removablestorage.md Normal file
View File

File diff suppressed because it is too large Load Diff

390
windows/client-management/mdm/policy-csp-admx-rpc.md Normal file
View File

@ -0,0 +1,390 @@
---
title: Policy CSP - ADMX_RPC
description: Policy CSP - ADMX_RPC
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 12/08/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_RPC
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_RPC policies
<dl>
<dd>
<a href="#admx-rpc-rpcextendederrorinformation">ADMX_RPC/RpcExtendedErrorInformation</a>
</dd>
<dd>
<a href="#admx-rpc-rpcignoredelegationfailure">ADMX_RPC/RpcIgnoreDelegationFailure</a>
</dd>
<dd>
<a href="#admx-rpc-rpcminimumhttpconnectiontimeout">ADMX_RPC/RpcMinimumHttpConnectionTimeout</a>
</dd>
<dd>
<a href="#admx-rpc-rpcstateinformation">ADMX_RPC/RpcStateInformation</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-rpc-rpcextendederrorinformation"></a>**ADMX_RPC/RpcExtendedErrorInformation**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the RPC runtime generates extended error information when an error occurs.
Extended error information includes the local time that the error occurred, the RPC version, and the name of the computer on which the error occurred, or from which it was propagated. Programs can retrieve the extended error information by using standard Windows application programming interfaces (APIs).
If you disable this policy setting, the RPC Runtime only generates a status code to indicate an error condition.
If you do not configure this policy setting, it remains disabled. It will only generate a status code to indicate an error condition.
If you enable this policy setting, the RPC runtime will generate extended error information.
You must select an error response type in the drop-down box.
- "Off" disables all extended error information for all processes. RPC only generates an error code.
- "On with Exceptions" enables extended error information, but lets you disable it for selected processes. To disable extended error information for a process while this policy setting is in effect, the command that starts the process must begin with one of the strings in the Extended Error Information Exception field.
- "Off with Exceptions" disables extended error information, but lets you enable it for selected processes. To enable extended error information for a process while this policy setting is in effect, the command that starts the process must begin with one of the strings in the Extended Error Information Exception field.
- "On" enables extended error information for all processes.
> [!NOTE]
> For information about the Extended Error Information Exception field, see the Windows Software Development Kit (SDK).
>
> Extended error information is formatted to be compatible with other operating systems and older Microsoft operating systems, but only newer Microsoft operating systems can read and respond to the information.
>
> The default policy setting, "Off," is designed for systems where extended error information is considered to be sensitive, and it should not be made available remotely.
>
> This policy setting will not be applied until the system is rebooted.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Propagate extended error information*
- GP name: *RpcExtendedErrorInformation*
- GP path: *System\Remote Procedure Call*
- GP ADMX file name: *RPC.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-rpc-rpcignoredelegationfailure"></a>**ADMX_RPC/RpcIgnoreDelegationFailure**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the RPC Runtime ignores delegation failures when delegation is requested.
The constrained delegation model, introduced in Windows Server 2003, does not report that delegation was enabled on a security context when a client connects to a server. Callers of RPC and COM are encouraged to use the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag, but some applications written for the traditional delegation model prior to Windows Server 2003 may not use this flag and will encounter RPC_S_SEC_PKG_ERROR when connecting to a server that uses constrained delegation.
If you disable this policy setting, the RPC Runtime will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation.
If you do not configure this policy setting, it remains disabled and will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect to servers using constrained delegation.
If you enable this policy setting, then:
- "Off" directs the RPC Runtime to generate RPC_S_SEC_PKG_ERROR if the client asks for delegation, but the created security context does not support delegation.
- "On" directs the RPC Runtime to accept security contexts that do not support delegation even if delegation was asked for.
> [!NOTE]
> This policy setting will not be applied until the system is rebooted.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Ignore Delegation Failure*
- GP name: *RpcIgnoreDelegationFailure*
- GP path: *System\Remote Procedure Call*
- GP ADMX file name: *RPC.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-rpc-rpcminimumhttpconnectiontimeout"></a>**ADMX_RPC/RpcMinimumHttpConnectionTimeout**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting controls the idle connection timeout for RPC/HTTP connections.
This policy setting is useful in cases where a network agent like an HTTP proxy or a router uses a lower idle connection timeout than the IIS server running the RPC/HTTP proxy. In such cases, RPC/HTTP clients may encounter errors because connections will be timed out faster than expected. Using this policy setting you can force the RPC Runtime and the RPC/HTTP Proxy to use a lower connection timeout.
This policy setting is only applicable when the RPC Client, the RPC Server and the RPC HTTP Proxy are all running Windows Server 2003 family/Windows XP SP1 or higher versions. If either the RPC Client or the RPC Server or the RPC HTTP Proxy run on an older version of Windows, this policy setting will be ignored.
The minimum allowed value for this policy setting is 90 seconds. The maximum is 7200 seconds (2 hours).
If you disable this policy setting, the idle connection timeout on the IIS server running the RPC HTTP proxy will be used.
If you do not configure this policy setting, it will remain disabled. The idle connection timeout on the IIS server running the RPC HTTP proxy will be used.
If you enable this policy setting, and the IIS server running the RPC HTTP proxy is configured with a lower idle connection timeout, the timeout on the IIS server is used. Otherwise, the provided timeout value is used. The timeout is given in seconds.
> [!NOTE]
> This policy setting will not be applied until the system is rebooted.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Set Minimum Idle Connection Timeout for RPC/HTTP connections*
- GP name: *RpcMinimumHttpConnectionTimeout*
- GP path: *System\Remote Procedure Call*
- GP ADMX file name: *RPC.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-rpc-rpcstateinformation"></a>**ADMX_RPC/RpcStateInformation**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the RPC Runtime maintains RPC state information for the system, and how much information it maintains. Basic state information, which consists only of the most commonly needed state data, is required for troubleshooting RPC problems.
If you disable this policy setting, the RPC runtime defaults to "Auto2" level.
If you do not configure this policy setting, the RPC defaults to "Auto2" level.
If you enable this policy setting, you can use the drop-down box to determine which systems maintain RPC state information.
- "None" indicates that the system does not maintain any RPC state information. Note: Because the basic state information required for troubleshooting has a negligible effect on performance and uses only about 4K of memory, this setting is not recommended for most installations.
- "Auto1" directs RPC to maintain basic state information only if the computer has at least 64 MB of memory.
- "Auto2" directs RPC to maintain basic state information only if the computer has at least 128 MB of memory and is running Windows 2000 Server, Windows 2000 Advanced Server, or Windows 2000 Datacenter Server.
- "Server" directs RPC to maintain basic state information on the computer, regardless of its capacity.
- "Full" directs RPC to maintain complete RPC state information on the system, regardless of its capacity. Because this level can degrade performance, it is recommended for use only while you are investigating an RPC problem.
> [!NOTE]
> To retrieve the RPC state information from a system that maintains it, you must use a debugging tool.
>
> This policy setting will not be applied until the system is rebooted.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Maintain RPC Troubleshooting State Information*
- GP name: *RpcStateInformation*
- GP path: *System\Remote Procedure Call*
- GP ADMX file name: *RPC.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

24
windows/client-management/mdm/policy-csp-admx-scripts.md
View File

@ -107,7 +107,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows user logon scripts to run when the logon cross-forest, DNS suffixes are not configured, and NetBIOS or WINS is disabled. This policy setting affects all user accounts interactively logging on to the computer.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows user logon scripts to run when the logon cross-forest, DNS suffixes are not configured, and NetBIOS or WINS is disabled. This policy setting affects all user accounts interactively logging on to the computer.
If you enable this policy setting, user logon scripts run if NetBIOS or WINS is disabled during cross-forest logons without the DNS suffixes being configured.
@ -176,7 +176,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines how long the system waits for scripts applied by Group Policy to run.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines how long the system waits for scripts applied by Group Policy to run.
This setting limits the total time allowed for all logon, logoff, startup, and shutdown scripts applied by Group Policy to finish running. If the scripts have not finished running when the specified time expires, the system stops script processing and records an error event.
@ -251,7 +251,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts.
If you enable this policy setting, within each applicable Group Policy Object (GPO), Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown.
@ -343,7 +343,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier.
Available in the latest Windows 10 Insider Preview Build. This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier.
Logon scripts are batch files of instructions that run when the user logs on. By default, Windows 2000 displays the instructions in logon scripts written for Windows NT 4.0 and earlier in a command window as they run, although it does not display logon scripts written for Windows 2000.
@ -416,7 +416,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting displays the instructions in logoff scripts as they run.
Available in the latest Windows 10 Insider Preview Build. This policy setting displays the instructions in logoff scripts as they run.
Logoff scripts are batch files of instructions that run when the user logs off. By default, the system does not display the instructions in the logoff script.
@ -487,7 +487,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.
Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.
If you enable this policy setting, File Explorer does not start until the logon scripts have finished running. This policy setting ensures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop.
@ -558,7 +558,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.
Available in the latest Windows 10 Insider Preview Build. This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.
If you enable this policy setting, File Explorer does not start until the logon scripts have finished running. This policy setting ensures that logon script processing is complete before the user starts working, but it can delay the appearance of the desktop.
@ -629,7 +629,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting displays the instructions in logon scripts as they run.
Available in the latest Windows 10 Insider Preview Build. This policy setting displays the instructions in logon scripts as they run.
Logon scripts are batch files of instructions that run when the user logs on. By default, the system does not display the instructions in logon scripts.
@ -700,7 +700,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting displays the instructions in shutdown scripts as they run.
Available in the latest Windows 10 Insider Preview Build. This policy setting displays the instructions in shutdown scripts as they run.
Shutdown scripts are batch files of instructions that run when the user restarts the system or shuts it down. By default, the system does not display the instructions in the shutdown script.
@ -771,7 +771,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting lets the system run startup scripts simultaneously.
Available in the latest Windows 10 Insider Preview Build. This policy setting lets the system run startup scripts simultaneously.
Startup scripts are batch files that run before the user is invited to log on. By default, the system waits for each startup script to complete before it runs the next startup script.
@ -845,7 +845,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting displays the instructions in startup scripts as they run.
Available in the latest Windows 10 Insider Preview Build. This policy setting displays the instructions in startup scripts as they run.
Startup scripts are batch files of instructions that run before the user is invited to log on. By default, the system does not display the instructions in the startup script.
@ -920,7 +920,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during user logon and logoff. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during user logon and logoff. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts.
If you enable this policy setting, within each applicable Group Policy Object (GPO), PowerShell scripts are run before non-PowerShell scripts during user logon and logoff.

6
windows/client-management/mdm/policy-csp-admx-sdiageng.md
View File

@ -80,7 +80,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states, "Do you want the most up-to-date troubleshooting content?"
Available in the latest Windows 10 Insider Preview Build. This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states, "Do you want the most up-to-date troubleshooting content?"
If you enable or do not configure this policy setting, users who are connected to the Internet can access and search troubleshooting content that is hosted on Microsoft content servers from within the Troubleshooting Control Panel user interface.
@ -149,7 +149,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers.
If you enable or do not configure this policy setting, users can access and run the troubleshooting tools from the Troubleshooting Control Panel.
@ -220,7 +220,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers.
If you enable this policy setting, the scripted diagnostics execution engine validates the signer of any diagnostic package and runs only those signed by trusted publishers.

2
windows/client-management/mdm/policy-csp-admx-securitycenter.md
View File

@ -74,7 +74,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk. The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center is not enabled on the domain, neither the notifications nor the Security Center status section are displayed.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security settings and notifies the user when the computer might be at risk. The Security Center Control Panel category view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security Center is not enabled on the domain, neither the notifications nor the Security Center status section are displayed.
Note that Security Center can only be turned off for computers that are joined to a Windows domain. When a computer is not joined to a Windows domain, the policy setting will have no effect.

2
windows/client-management/mdm/policy-csp-admx-servicing.md
View File

@ -74,7 +74,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies the network locations that will be used for the repair of operating system corruption and for enabling optional features that have had their payload files removed.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the network locations that will be used for the repair of operating system corruption and for enabling optional features that have had their payload files removed.
If you enable this policy setting and specify the new location, the files in that location will be used to repair operating system corruption and for enabling optional features that have had their payload files removed. You must enter the fully qualified path to the new location in the ""Alternate source file path"" text box. Multiple locations can be specified when each path is separated by a semicolon.

4
windows/client-management/mdm/policy-csp-admx-sharedfolders.md
View File

@ -76,7 +76,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS).
Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS).
If you enable or do not configure this policy setting, users can use the "Publish in Active Directory" option to publish DFS roots as shared folders in AD DS .
@ -149,7 +149,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS).
Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS).
If you enable or do not configure this policy setting, users can use the "Publish in Active Directory" option in the Shared Folders snap-in to publish shared folders in AD DS.

2
windows/client-management/mdm/policy-csp-admx-sharing.md
View File

@ -73,7 +73,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to share a file within their profile.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to share a file within their profile.
If you enable this policy setting, users cannot share files within their profile using the sharing wizard. Also, the sharing wizard cannot create a share at %root%\users and can only be used to create SMB shares on folders.

8
windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
View File

@ -83,7 +83,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prevents users from running the interactive command prompt, Cmd.exe. This policy setting also determines whether batch files (.cmd and .bat) can run on the computer.
Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from running the interactive command prompt, Cmd.exe. This policy setting also determines whether batch files (.cmd and .bat) can run on the computer.
If you enable this policy setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action.
@ -155,7 +155,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Disables the Windows registry editor Regedit.exe.
Available in the latest Windows 10 Insider Preview Build. Disables the Windows registry editor Regedit.exe.
If you enable this policy setting and the user tries to start Regedit.exe, a message appears explaining that a policy setting prevents the action.
@ -227,7 +227,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prevents Windows from running the programs you specify in this policy setting.
Available in the latest Windows 10 Insider Preview Build. This policy setting prevents Windows from running the programs you specify in this policy setting.
If you enable this policy setting, users cannot run programs that you add to the list of disallowed applications.
@ -302,7 +302,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Limits the Windows programs that users have permission to run on the computer.
Available in the latest Windows 10 Insider Preview Build. Limits the Windows programs that users have permission to run on the computer.
If you enable this policy setting, users can only run programs that you add to the list of allowed applications.

116
windows/client-management/mdm/policy-csp-admx-skydrive.md Normal file
View File

@ -0,0 +1,116 @@
---
title: Policy CSP - ADMX_SkyDrive
description: Policy CSP - ADMX_SkyDrive
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 12/08/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_SkyDrive
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_SkyDrive policies
<dl>
<dd>
<a href="#admx-skydrive-preventnetworktrafficpreusersignin">ADMX_SkyDrive/PreventNetworkTrafficPreUserSignIn</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-skydrive-preventnetworktrafficpreusersignin"></a>**ADMX_SkyDrive/PreventNetworkTrafficPreUserSignIn**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. Enable this setting to prevent the OneDrive sync client (OneDrive.exe) from generating network traffic (checking for updates, etc.) until the user signs in to OneDrive or starts syncing files to the local computer.
If you enable this setting, users must sign in to the OneDrive sync client on the local computer, or select to sync OneDrive or SharePoint files on the computer, for the sync client to start automatically.
If this setting is not enabled, the OneDrive sync client will start automatically when users sign in to Windows.
If you enable or disable this setting, do not return the setting to Not Configured. Doing so will not change the configuration and the last configured setting will remain in effect.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Prevent OneDrive from generating network traffic until the user signs in to OneDrive*
- GP name: *PreventNetworkTrafficPreUserSignIn*
- GP path: *Windows Components\OneDrive*
- GP ADMX file name: *SkyDrive.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

32
windows/client-management/mdm/policy-csp-admx-smartcard.md
View File

@ -119,7 +119,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon.
Available in the latest Windows 10 Insider Preview Build. This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon.
In versions of Windows prior to Windows Vista, smart card certificates that are used for logon require an enhanced key usage (EKU) extension with a smart card logon object identifier. This policy setting can be used to modify that restriction.
@ -194,7 +194,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).
Available in the latest Windows 10 Insider Preview Build. This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).
In order to use the integrated unblock feature your smart card must support this feature. Please check with your hardware manufacturer to see if your smart card supports this feature.
@ -265,7 +265,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting lets you allow signature key-based certificates to be enumerated and available for logon.
Available in the latest Windows 10 Insider Preview Build. This policy setting lets you allow signature key-based certificates to be enumerated and available for logon.
If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen.
@ -334,7 +334,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid.
Available in the latest Windows 10 Insider Preview Build. This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid.
Under previous versions of Microsoft Windows, certificates were required to contain a valid time and not be expired. The certificate must still be accepted by the domain controller in order to be used. This setting only controls the displaying of the certificate on the client machine.
@ -405,7 +405,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted.
If you enable or do not configure this policy setting then certificate propagation will occur when you insert your smart card.
@ -474,7 +474,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the cleanup behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate cleanup will occur on logoff.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the cleanup behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate cleanup will occur on logoff.
<!--/Description-->
> [!TIP]
@ -539,7 +539,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.
If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card.
@ -611,7 +611,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prevents plaintext PINs from being returned by Credential Manager.
Available in the latest Windows 10 Insider Preview Build. This policy setting prevents plaintext PINs from being returned by Credential Manager.
If you enable this policy setting, Credential Manager does not return a plaintext PIN.
@ -683,7 +683,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain.
If you enable this policy setting, ECC certificates on a smart card can be used to log on to a domain.
@ -755,7 +755,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting lets you configure if all your valid logon certificates are displayed.
Available in the latest Windows 10 Insider Preview Build. This policy setting lets you configure if all your valid logon certificates are displayed.
During the certificate renewal period, a user can have multiple valid logon certificates issued from the same certificate template. This can cause confusion as to which certificate to select for logon. The common case for this behavior is when a certificate is renewed and the old one has not yet expired. Two certificates are determined to be the same if they are issued from the same template with the same major version and they are for the same user (determined by their UPN).
@ -831,7 +831,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the reading of all certificates from the smart card for logon.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the reading of all certificates from the smart card for logon.
During logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.
@ -902,7 +902,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the displayed message when a smart card is blocked.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the displayed message when a smart card is blocked.
If you enable this policy setting, the specified message will be displayed to the user when the smart card is blocked.
@ -974,7 +974,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon.
Available in the latest Windows 10 Insider Preview Build. This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon.
By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example, if the certificate subject was CN=User1, OU=Users, DN=example, DN=com and had an UPN of user1@example.com then "User1" will be displayed along with "user1@example.com." If the UPN is not present then the entire subject name will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization.
@ -1045,7 +1045,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to control whether Smart Card Plug and Play is enabled.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether Smart Card Plug and Play is enabled.
If you enable or do not configure this policy setting, Smart Card Plug and Play will be enabled and the system will attempt to install a Smart Card device driver when a card is inserted in a Smart Card Reader for the first time.
@ -1117,7 +1117,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed.
If you enable or do not configure this policy setting, a confirmation message will be displayed when a smart card device driver is installed.
@ -1189,7 +1189,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain, thereby associating a certificate with that user.
Available in the latest Windows 10 Insider Preview Build. This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain, thereby associating a certificate with that user.
If you enable this policy setting then an optional field that allows a user to enter their user name or user name and domain will be displayed.

6
windows/client-management/mdm/policy-csp-admx-snmp.md
View File

@ -80,7 +80,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.
Available in the latest Windows 10 Insider Preview Build. This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.
SNMP is a protocol designed to give a user the capability to remotely manage a computer network, by polling and setting terminal values and monitoring network events.
@ -161,7 +161,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.
Available in the latest Windows 10 Insider Preview Build. This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.
Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.
@ -241,7 +241,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.
Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.

2
windows/client-management/mdm/policy-csp-admx-systemrestore.md
View File

@ -74,7 +74,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Allows you to disable System Restore configuration through System Protection.
Available in the latest Windows 10 Insider Preview Build. Allows you to disable System Restore configuration through System Protection.
This policy setting allows you to turn off System Restore configuration through System Protection.

26
windows/client-management/mdm/policy-csp-admx-tcpip.md
View File

@ -110,7 +110,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host.
If you enable this policy setting, you can specify a relay name for a 6to4 host.
@ -179,7 +179,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host.
If you enable this policy setting, you can specify the value for the duration at which the relay name is resolved periodically.
@ -248,7 +248,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure 6to4, an address assignment and router-to-router automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 uses the global address prefix: 2002:WWXX:YYZZ::/48 in which the letters are a hexadecimal representation of the global IPv4 address (w.x.y.z) assigned to a site.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure 6to4, an address assignment and router-to-router automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 uses the global address prefix: 2002:WWXX:YYZZ::/48 in which the letters are a hexadecimal representation of the global IPv4 address (w.x.y.z) assigned to a site.
If you disable or do not configure this policy setting, the local host setting is used.
@ -323,7 +323,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure IP-HTTPS, a tunneling technology that uses the HTTPS protocol to provide IP connectivity to a remote network.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure IP-HTTPS, a tunneling technology that uses the HTTPS protocol to provide IP connectivity to a remote network.
If you disable or do not configure this policy setting, the local host settings are used.
@ -398,7 +398,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure IP Stateless Autoconfiguration Limits.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure IP Stateless Autoconfiguration Limits.
If you enable or do not configure this policy setting, IP Stateless Autoconfiguration Limits will be enabled and system will limit the number of autoconfigured addresses and routes.
@ -467,7 +467,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router.
If you enable this policy setting, you can specify a router name or IPv4 address for an ISATAP router. If you enter an IPv4 address of the ISATAP router in the text box, DNS services are not required.
@ -536,7 +536,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), an address-to-router and host-to-host, host-to-router and router-to-host automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 hosts across an IPv4 intranet.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), an address-to-router and host-to-host, host-to-router and router-to-host automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 hosts across an IPv4 intranet.
If you disable or do not configure this policy setting, the local host setting is used.
@ -611,7 +611,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0, the operating system will select a port (recommended). If you select a UDP port that is already in use by a system, the Teredo client will fail to initialize.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0, the operating system will select a port (recommended). If you select a UDP port that is already in use by a system, the Teredo client will fail to initialize.
If you enable this policy setting, you can customize a UDP port for the Teredo client.
@ -680,7 +680,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to set Teredo to be ready to communicate, a process referred to as qualification. By default, Teredo enters a dormant state when not in use. The qualification process brings it out of a dormant state.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set Teredo to be ready to communicate, a process referred to as qualification. By default, Teredo enters a dormant state when not in use. The qualification process brings it out of a dormant state.
If you disable or do not configure this policy setting, the local host setting is used.
@ -751,7 +751,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure the Teredo refresh rate.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the Teredo refresh rate.
> [!NOTE]
> On a periodic basis (by default, every 30 seconds), Teredo clients send a single Router Solicitation packet to the Teredo server. The Teredo server sends a Router Advertisement Packet in response. This periodic packet refreshes the IP address and UDP port mapping in the translation table of the Teredo client's NAT device.
@ -823,7 +823,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied.
If you enable this policy setting, you can specify a Teredo server name that applies to a Teredo client.
@ -892,7 +892,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure Teredo, an address assignment and automatic tunneling technology that provides unicast IPv6 connectivity across the IPv4 Internet.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Teredo, an address assignment and automatic tunneling technology that provides unicast IPv6 connectivity across the IPv4 Internet.
If you disable or do not configure this policy setting, the local host settings are used.
@ -969,7 +969,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly.
If you do not configure this policy setting, the local host settings are used.

6
windows/client-management/mdm/policy-csp-admx-thumbnails.md
View File

@ -79,7 +79,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on the local computer.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on the local computer.
File Explorer displays thumbnail images by default.
@ -150,7 +150,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on network folders.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on network folders.
File Explorer displays thumbnail images on network folders by default.
@ -221,7 +221,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Turns off the caching of thumbnails in hidden thumbs.db files.
Available in the latest Windows 10 Insider Preview Build. Turns off the caching of thumbnails in hidden thumbs.db files.
This policy setting allows you to configure File Explorer to cache thumbnails of items residing in network folders in hidden thumbs.db files.

20
windows/client-management/mdm/policy-csp-admx-tpm.md
View File

@ -101,7 +101,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands blocked by Windows.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands blocked by Windows.
If you enable this policy setting, Windows will block the specified commands from being sent to the TPM on the computer. TPM commands are referenced by a command number. For example, command number 129 is TPM_OwnerReadInternalPub, and command number 170 is TPM_FieldUpgrade. To find the command number associated with each TPM command with TPM 1.2, run "tpm.msc" and navigate to the "Command Management" section.
@ -170,7 +170,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting configures the system to prompt the user to clear the TPM if the TPM is detected to be in any state other than Ready. This policy will take effect only if the systems TPM is in a state other than Ready, including if the TPM is “Ready, with reduced functionality”. The prompt to clear the TPM will start occurring after the next reboot, upon user login only if the logged in user is part of the Administrators group for the system. The prompt can be dismissed, but will reappear after every reboot and login until the policy is disabled or until the TPM is in a Ready state.
Available in the latest Windows 10 Insider Preview Build. This policy setting configures the system to prompt the user to clear the TPM if the TPM is detected to be in any state other than Ready. This policy will take effect only if the systems TPM is in a state other than Ready, including if the TPM is “Ready, with reduced functionality”. The prompt to clear the TPM will start occurring after the next reboot, upon user login only if the logged in user is part of the Administrators group for the system. The prompt can be dismissed, but will reappear after every reboot and login until the policy is disabled or until the TPM is in a Ready state.
<!--/Description-->
> [!TIP]
@ -235,7 +235,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.
If you enable this policy setting, Windows will ignore the computer's default list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the local list.
@ -306,7 +306,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.
If you enable this policy setting, Windows will ignore the computer's local list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the default list.
@ -377,7 +377,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information stored locally, the operating system and TPM-based applications can perform certain TPM actions which require TPM owner authorization without requiring the user to enter the TPM owner password.
Available in the latest Windows 10 Insider Preview Build. This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information stored locally, the operating system and TPM-based applications can perform certain TPM actions which require TPM owner authorization without requiring the user to enter the TPM owner password.
You can choose to have the operating system store either the full TPM owner authorization value, the TPM administrative delegation blob plus the TPM user delegation blob, or none.
@ -455,7 +455,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This group policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and will not interfere with their workflows.
Available in the latest Windows 10 Insider Preview Build. This group policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and will not interfere with their workflows.
<!--/Description-->
> [!TIP]
@ -520,7 +520,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the duration in minutes for counting standard user authorization failures for Trusted Platform Module (TPM) commands requiring authorization. If the number of TPM commands with an authorization failure within the duration equals a threshold, a standard user is prevented from sending commands requiring authorization to the TPM.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the duration in minutes for counting standard user authorization failures for Trusted Platform Module (TPM) commands requiring authorization. If the number of TPM commands with an authorization failure within the duration equals a threshold, a standard user is prevented from sending commands requiring authorization to the TPM.
This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.
@ -601,7 +601,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the maximum number of authorization failures for each standard user for the Trusted Platform Module (TPM). If the number of authorization failures for the user within the duration for Standard User Lockout Duration equals this value, the standard user is prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the maximum number of authorization failures for each standard user for the Trusted Platform Module (TPM). If the number of authorization failures for the user within the duration for Standard User Lockout Duration equals this value, the standard user is prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.
This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.
@ -684,7 +684,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the maximum number of authorization failures for all standard users for the Trusted Platform Module (TPM). If the total number of authorization failures for all standard users within the duration for Standard User Lockout Duration equals this value, all standard users are prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage the maximum number of authorization failures for all standard users for the Trusted Platform Module (TPM). If the total number of authorization failures for all standard users within the duration for Standard User Lockout Duration equals this value, all standard users are prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.
This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.
@ -767,7 +767,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. Setting this policy will take effect only if a) the TPM was originally prepared using a version of Windows after Windows 10 Version 1607 and b) the System has a TPM 2.0. Note that enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this group policy. The only way for the disabled setting of this policy to take effect on a system where it was once enabled is to a) disable it from group policy and b)clear the TPM on the system.
Available in the latest Windows 10 Insider Preview Build. This policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. Setting this policy will take effect only if a) the TPM was originally prepared using a version of Windows after Windows 10 Version 1607 and b) the System has a TPM 2.0. Note that enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this group policy. The only way for the disabled setting of this policy to take effect on a system where it was once enabled is to a) disable it from group policy and b)clear the TPM on the system.
<!--/Description-->
> [!TIP]

252
windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
View File

File diff suppressed because it is too large Load Diff

8
windows/client-management/mdm/policy-csp-admx-w32time.md
View File

@ -83,7 +83,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify Clock discipline and General values for the Windows Time service (W32time) for domain controllers including RODCs.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify Clock discipline and General values for the Windows Time service (W32time) for domain controllers including RODCs.
If this policy setting is enabled, W32time Service on target machines use the settings provided here. Otherwise, the service on target machines use locally configured settings values.
@ -228,7 +228,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies a set of parameters for controlling the Windows NTP Client.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies a set of parameters for controlling the Windows NTP Client.
If you enable this policy setting, you can specify the following parameters for the Windows NTP Client.
@ -318,7 +318,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the Windows NTP Client is enabled.
Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the Windows NTP Client is enabled.
Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider.
@ -389,7 +389,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify whether the Windows NTP Server is enabled.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the Windows NTP Server is enabled.
If you enable this policy setting for the Windows NTP Server, your computer can service NTP requests from other computers.

4
windows/client-management/mdm/policy-csp-admx-wincal.md
View File

@ -77,7 +77,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
Available in the latest Windows 10 Insider Preview Build. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
If you enable this setting, Windows Calendar will be turned off.
@ -150,7 +150,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
Available in the latest Windows 10 Insider Preview Build. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
If you enable this setting, Windows Calendar will be turned off.

2
windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md
View File

@ -75,7 +75,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. By default, Add features to Windows 10 is available for all administrators.
Available in the latest Windows 10 Insider Preview Build. By default, Add features to Windows 10 is available for all administrators.
If you enable this policy setting, the wizard will not run.

6
windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
View File

@ -80,7 +80,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prohibits access to Windows Connect Now (WCN) wizards.
Available in the latest Windows 10 Insider Preview Build. This policy setting prohibits access to Windows Connect Now (WCN) wizards.
If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled.
@ -149,7 +149,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prohibits access to Windows Connect Now (WCN) wizards.
Available in the latest Windows 10 Insider Preview Build. This policy setting prohibits access to Windows Connect Now (WCN) wizards.
If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled.
@ -218,7 +218,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 WLAN, through the Windows Portable Device API (WPD), and via USB Flash drives.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 WLAN, through the Windows Portable Device API (WPD), and via USB Flash drives.
Additional options are available to allow discovery and configuration over a specific medium.

2
windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
View File

@ -74,7 +74,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet).
Available in the latest Windows 10 Insider Preview Build. This policy setting prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet).
When enabled, Windows Media DRM is prevented from accessing the Internet (or intranet) for license acquisition and security upgrades.

42
windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
View File

@ -134,7 +134,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify the HTTP proxy settings for Windows Media Player.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the HTTP proxy settings for Windows Media Player.
If you enable this policy setting, select one of the following proxy types:
@ -215,7 +215,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify the MMS proxy settings for Windows Media Player.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the MMS proxy settings for Windows Media Player.
If you enable this policy setting, select one of the following proxy types:
@ -295,7 +295,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify the RTSP proxy settings for Windows Media Player.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the RTSP proxy settings for Windows Media Player.
If you enable this policy setting, select one of the following proxy types:
@ -373,7 +373,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to turn off do not show first use dialog boxes.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off do not show first use dialog boxes.
If you enable this policy setting, the Privacy Options and Installation Options dialog boxes are prevented from being displayed the first time a user starts Windows Media Player.
@ -444,7 +444,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to hide the Network tab.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to hide the Network tab.
If you enable this policy setting, the Network tab in Windows Media Player is hidden. The default network settings are used unless the user has previously defined network settings for the Player.
@ -513,7 +513,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode.
If you enable this policy setting, the anchor window is hidden when the Player is in skin mode. In addition, the option on the Player tab in the Player that enables users to choose whether the anchor window displays is not available.
@ -584,7 +584,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting prevents the anchor window from being displayed when Windows Media Player is in skin mode.
Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the anchor window from being displayed when Windows Media Player is in skin mode.
This policy hides the anchor window when the Player is in skin mode. In addition, the option on the Player tab in the Player that enables users to choose whether the anchor window displays is not available.
@ -655,7 +655,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent video smoothing from occurring.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent video smoothing from occurring.
If you enable this policy setting, video smoothing is prevented, which can improve video playback on computers with limited resources. In addition, the Use Video Smoothing check box in the Video Acceleration Settings dialog box in the Player is cleared and is not available.
@ -728,7 +728,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows a screen saver to interrupt playback.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows a screen saver to interrupt playback.
If you enable this policy setting, a screen saver is displayed during playback of digital media according to the options selected on the Screen Saver tab in the Display Properties dialog box in Control Panel. The Allow screen saver during playback check box on the Player tab in the Player is selected and is not available.
@ -799,7 +799,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to hide the Privacy tab in Windows Media Player.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to hide the Privacy tab in Windows Media Player.
If you enable this policy setting, the "Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet" check box on the Media Library tab is available, even though the Privacy tab is hidden, unless the "Prevent music file media information retrieval" policy setting is enabled.
@ -870,7 +870,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to hide the Security tab in Windows Media Player.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to hide the Security tab in Windows Media Player.
If you enable this policy setting, the default security settings for the options on the Security tab are used unless the user changed the settings previously. Users can still change security and zone settings by using Internet Explorer unless these settings have been hidden or disabled by Internet Explorer policies.
@ -939,7 +939,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify whether network buffering uses the default or a specified number of seconds.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether network buffering uses the default or a specified number of seconds.
If you enable this policy setting, select one of the following options to specify the number of seconds streaming media is buffered before it is played.
@ -1013,7 +1013,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent Windows Media Player from downloading codecs.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent Windows Media Player from downloading codecs.
If you enable this policy setting, the Player is prevented from automatically downloading codecs to your computer. In addition, the Download codecs automatically check box on the Player tab in the Player is not available.
@ -1084,7 +1084,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet.
If you enable this policy setting, the Player is prevented from automatically obtaining media information from the Internet for CDs and DVDs played by users. In addition, the Retrieve media information for CDs and DVDs from the Internet check box on the Privacy Options tab in the first use dialog box and on the Privacy tab in the Player are not selected and are not available.
@ -1153,7 +1153,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent media sharing from Windows Media Player.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent media sharing from Windows Media Player.
If you enable this policy setting, any user on this computer is prevented from sharing digital media content from Windows Media Player with other computers and devices that are on the same network. Media sharing is disabled from Windows Media Player or from programs that depend on the Player's media sharing feature.
@ -1222,7 +1222,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent media information for music files from being retrieved from the Internet.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent media information for music files from being retrieved from the Internet.
If you enable this policy setting, the Player is prevented from automatically obtaining media information for music files such as Windows Media Audio (WMA) and MP3 files from the Internet. In addition, the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box in the first use dialog box and on the Privacy and Media Library tabs in the Player are not selected and are not available.
@ -1291,7 +1291,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent a shortcut for the Player from being added to the Quick Launch bar.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent a shortcut for the Player from being added to the Quick Launch bar.
If you enable this policy setting, the user cannot add the shortcut for the Player to the Quick Launch bar.
@ -1359,7 +1359,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent radio station presets from being retrieved from the Internet.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent radio station presets from being retrieved from the Internet.
If you enable this policy setting, the Player is prevented from automatically retrieving radio station presets from the Internet and displaying them in Media Library. In addition, presets that exist before the policy is configured are not be updated, and presets a user adds are not be displayed.
@ -1428,7 +1428,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to prevent a shortcut icon for the Player from being added to the user's desktop.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent a shortcut icon for the Player from being added to the user's desktop.
If you enable this policy setting, users cannot add the Player shortcut icon to their desktops.
@ -1497,7 +1497,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to set and lock Windows Media Player in skin mode, using a specified skin.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set and lock Windows Media Player in skin mode, using a specified skin.
If you enable this policy setting, the Player displays only in skin mode using the skin specified in the Skin box on the Setting tab.
@ -1570,7 +1570,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify that Windows Media Player can attempt to use selected protocols when receiving streaming media from a server running Windows Media Services.
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify that Windows Media Player can attempt to use selected protocols when receiving streaming media from a server running Windows Media Services.
If you enable this policy setting, the protocols that are selected on the Network tab of the Player are used to receive a stream initiated through an MMS or RTSP URL from a Windows Media server. If the RSTP/UDP check box is selected, a user can specify UDP ports in the Use ports check box. If the user does not specify UDP ports, the Player uses default ports when using the UDP protocol. This policy setting also specifies that multicast streams can be received if the "Allow the Player to receive multicast streams" check box on the Network tab is selected.

184
windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md Normal file
View File

@ -0,0 +1,184 @@
---
title: Policy CSP - ADMX_WindowsRemoteManagement
description: Policy CSP - ADMX_WindowsRemoteManagement
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 12/16/2020
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_WindowsRemoteManagement
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_WindowsRemoteManagement policies
<dl>
<dd>
<a href="#admx-windowsremotemanagement-disallowkerberos-1">ADMX_WindowsRemoteManagement/DisallowKerberos_1</a>
</dd>
<dd>
<a href="#admx-windowsremotemanagement-disallowkerberos-2">ADMX_WindowsRemoteManagement/DisallowKerberos_2</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-windowsremotemanagement-disallowkerberos-1"></a>**ADMX_WindowsRemoteManagement/DisallowKerberos_1**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos credentials over the network.
If you enable this policy setting, the WinRM service does not accept Kerberos credentials over the network. If you disable or do not configure this policy setting, the WinRM service accepts Kerberos authentication from a remote client.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Disallow Kerberos authentication*
- GP name: *DisallowKerberos_1*
- GP path: *Windows Components\Windows Remote Management (WinRM)\WinRM Service*
- GP ADMX file name: *WindowsRemoteManagement.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="admx-windowsremotemanagement-disallowkerberos-2"></a>**ADMX_WindowsRemoteManagement/DisallowKerberos_2**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly.
If you enable this policy setting, the Windows Remote Management (WinRM) client does not use Kerberos authentication directly. Kerberos can still be used if the WinRM client is using the Negotiate authentication and Kerberos is selected.
If you disable or do not configure this policy setting, the WinRM client uses the Kerberos authentication directly.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Disallow Kerberos authentication*
- GP name: *DisallowKerberos_2*
- GP path: *Windows Components\Windows Remote Management (WinRM)\WinRM Client*
- GP ADMX file name: *WindowsRemoteManagement.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

6
windows/client-management/mdm/policy-csp-admx-wininit.md
View File

@ -80,7 +80,7 @@ manager: dansimp
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system.
If you enable this policy setting, the system does not create the named pipe remote shutdown interface.
@ -149,7 +149,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting controls the use of fast startup.
Available in the latest Windows 10 Insider Preview Build. This policy setting controls the use of fast startup.
If you enable this policy setting, the system requires hibernate to be enabled.
@ -218,7 +218,7 @@ ADMX Info:
<!--/Scope-->
<!--Description-->
Available in Windows 10 Insider Preview Build 20185. This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown.
Available in the latest Windows 10 Insider Preview Build. This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown.
If you enable this policy setting, the system waits for the hung logon sessions for the number of minutes specified.

10
windows/client-management/mdm/policy-csp-defender.md
View File

@ -2317,6 +2317,15 @@ Added in Windows 10, version 1607. Specifies the level of detection for potenti
> Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which might be unexpected or unwanted. By default in Windows 10 (version 2004 and later), Microsoft Defender Antivirus blocks apps that are considered PUA, for Enterprise (E5) devices. For more information about PUA, see [Detect and block potentially unwanted applications](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus).
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Configure detection for potentially unwanted applications*
- GP name: *Root_PUAProtection*
- GP element: *Root_PUAProtection*
- GP path: *Windows Components/Microsoft Defender Antivirus*
- GP ADMX file name: *WindowsDefender.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
@ -3112,6 +3121,7 @@ Footnotes:
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 9 - Available in Windows 10, version 20H2.
<!--/Policies-->

72
windows/client-management/mdm/policy-csp-experience.md
View File

@ -1227,76 +1227,6 @@ The following list shows the supported values:
<hr/>
<!--Policy-->
<a href="" id="experience-disablecloudoptimizedcontent"></a>**Experience/DisableCloudOptimizedContent**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting lets you turn off cloud optimized content in all Windows experiences.
If you enable this policy setting, Windows experiences that use the cloud optimized content client component will present the default fallback content.
If you disable or do not configure this policy setting, Windows experiences will be able to use cloud optimized content.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:
- GP English name: *Turn off cloud optimized content*
- GP name: *DisableCloudOptimizedContent*
- GP path: *Windows Components/Cloud Content*
- GP ADMX file name: *CloudContent.admx*
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 (default) Disabled.
- 1 Enabled.
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="experience-donotshowfeedbacknotifications"></a>**Experience/DoNotShowFeedbackNotifications**
@ -1428,7 +1358,7 @@ ADMX Info:
<!--SupportedValues-->
Supported values:
- 0 (default) - Allowed/turned on. The "browser" group syncs automatically between users devices and lets users to make changes.
- 0 (default) - Allowed/turned on. The "browser" group synchronizes automatically between users' devices and lets users make changes.
- 2 - Prevented/turned off. The "browser" group does not use the _Sync your Settings_ option.

19
windows/client-management/mdm/vpnv2-csp.md
View File

@ -281,25 +281,6 @@ Valid values:
Value type is bool. Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-lockdown"></a>**VPNv2/**<em>ProfileName</em>**/LockDown** (./Device only profile)
Lockdown profile.
Valid values:
- False (default) - this is not a LockDown profile.
- True - this is a LockDown profile.
When the LockDown profile is turned on, it does the following things:
- First, it automatically becomes an "always on" profile.
- Second, it can never be disconnected.
- Third, if the profile is not connected, then the user has no network.
- Fourth, no other profiles may be connected or modified.
A Lockdown profile must be deleted before you can add, remove, or connect other profiles.
Value type is bool. Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-devicetunnel"></a>**VPNv2/**<em>ProfileName</em>**/DeviceTunnel** (./Device only profile)
Device tunnel profile.

1
windows/client-management/mdm/vpnv2-profile-xsd.md
View File

@ -31,7 +31,6 @@ Here's the XSD for the ProfileXML node in the VPNv2 CSP and VpnManagementAgent::
<xs:element name="AlwaysOn" type="xs:boolean" minOccurs="0" maxOccurs="1" />
<xs:element name="DnsSuffix" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="TrustedNetworkDetection" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="LockDown" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
<xs:element name="DeviceTunnel" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
<xs:element name="RegisterDNS" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
<xs:element name="ByPassForLocal" type="xs:boolean" minOccurs="0" maxOccurs="1"/>

2
windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
View File

@ -125,7 +125,7 @@ The following list shows the supported values:
- 1 - Non-enterprise content embedded on enterprise sites are stopped from opening in Internet Explorer or Microsoft Edge outside of Microsoft Defender Application Guard.
> [!NOTE]
> This policy setting is no longer supported in the new Microsoft Edge browser. The policy will be deprecated and removed in a future release.
> This policy setting is no longer supported in the new Microsoft Edge browser. The policy will be deprecated and removed in a future release. Webpages that contain mixed content, both enterprise and non-enterprise, may load incorrectly or fail completely if this feature is enabled.
<!--ADMXMapped-->
ADMX Info:

Some files were not shown because too many files have changed in this diff Show More