mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00

ManikaDhiman 42f240f5f8 Added mixed reality policy settings

2020-10-06 15:54:55 -07:00

292 KiB

Raw Blame History

title, description, ms.assetid, ms.reviewer, manager, ms.author, ms.topic, ms.prod, ms.technology, author, ms.localizationpriority, ms.date

title	description	ms.assetid	ms.reviewer	manager	ms.author	ms.topic	ms.prod	ms.technology	author	ms.localizationpriority	ms.date
Policy CSP	Learn how the Policy configuration service provider (CSP) enables the enterprise to configure policies on Windows 10.	4F3A1134-D401-44FC-A583-6EDD3070BA4F		dansimp	dansimp	article	w10	windows	manikadhiman	medium	07/18/2019

Policy CSP

The Policy configuration service provider enables the enterprise to configure policies on Windows 10. Use this configuration service provider to configure any company policies.

The Policy configuration service provider has the following sub-categories:

Policy/Config/AreaName – Handles the policy configuration request from the server.
Policy/Result/AreaName – Provides a read-only path to policies enforced on the device.

Important

Policy scope is the level at which a policy can be configured. Some policies can only be configured at the device level, meaning the policy will take effect independent of who is logged into the device. Other policies can be configured at the user level, meaning the policy will only take effect for that user.

The allowed scope of a specific policy is represented below its table of supported Windows editions. To configure a policy under a specific scope (user vs. device), please use the following paths:

User scope:

./User/Vendor/MSFT/Policy/Config/AreaName/PolicyName to configure the policy.

./User/Vendor/MSFT/Policy/Result/AreaName/PolicyName to get the result.

Device scope:

./Device/Vendor/MSFT/Policy/Config/AreaName/PolicyName to configure the policy.

./Device/Vendor/MSFT/Policy/Result/AreaName/PolicyName to get the result.

For device wide configuration the Device/ portion may be omitted from the path, deeming the following paths respectively equivalent:

./Vendor/MSFT/Policy/Config/AreaName/PolicyName to configure the policy.

./Vendor/MSFT/Policy/Result/AreaName/PolicyName to get the result.

The following diagram shows the Policy configuration service provider in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning.

./Vendor/MSFT/Policy

The root node for the Policy configuration service provider.

Supported operation is Get.

Policy/Config

Node for grouping all policies configured by one source. The configuration source can use this path to set policy values and later query any policy value that it previously set. One policy can be configured by multiple configuration sources. If a configuration source wants to query the result of conflict resolution (for example, if Exchange and MDM both attempt to set a value,) the configuration source can use the Policy/Result path to retrieve the resulting value.

Supported operation is Get.

Policy/Config/AreaName

The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value.

Supported operations are Add, Get, and Delete.

Policy/Config/AreaName/PolicyName

Specifies the name/value pair used in the policy.

The following list shows some tips to help you when configuring policies:

Separate substring values by the Unicode  in the XML file.

Note

A query from a different caller could provide a different value as each caller could have different values for a named policy.

In SyncML, wrap this policy with the Atomic command so that the policy settings are treated as a single transaction.
Supported operations are Add, Get, Delete, and Replace.
Value type is string.

Policy/Result

Groups the evaluated policies from all providers that can be configured.

Supported operation is Get.

Policy/Result/AreaName

The area group that can be configured by a single technology independent of the providers.

Supported operation is Get.

Policy/Result/AreaName/PolicyName

Specifies the name/value pair used in the policy.

Supported operation is Get.

Policy/ConfigOperations

Added in Windows 10, version 1703. The root node for grouping different configuration operations.

Supported operations are Add, Get, and Delete.

Policy/ConfigOperations/ADMXInstall

Added in Windows 10, version 1703. Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall. Each ADMX-backed policy or preference that is added is assigned a unique ID. For more information about using Policy CSP to configure Win32 and Desktop Bridge app policies, see Win32 and Desktop Bridge app policy configuration.

Note

The OPAX settings that are managed by the Microsoft Office Customization Tool are not supported by MDM. For more information about this tool, see Office Customization Tool.

ADMX files that have been installed by using ConfigOperations/ADMXInstall can later be deleted by using the URI delete operation. Deleting an ADMX file will delete the ADMX file from disk, remove the metadata from the ADMXdefault registry hive, and delete all the policies that were set from the file. The MDM server can also delete all ADMX policies that are tied to a particular app by calling delete on the URI, ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}.

292 KiB Raw Blame History Unescape Escape

Policy CSP

Policies

AboveLock policies

Accounts policies

ActiveXControls policies

ADMX_AddRemovePrograms policies

ADMX_AppCompat policies

ADMX_AuditSettings policies

ADMX_Cpls policies

ADMX_CtrlAltDel policies

ADMX_DigitalLocker policies

ADMX_DnsClient policies

ADMX_DWM policies

ADMX_EncryptFilesonMove policies

ADMX_EventForwarding policies

ADMX_FileServerVSSProvider policies

ADMX_FileSys policies

ADMX_FolderRedirection policies

ADMX_Help policies

ADMX_HelpAndSupport policies

ADMX_kdc policies

ADMX_LanmanServer policies

ADMX_LinkLayerTopologyDiscovery policies

ADMX_MMC policies

ADMX_MSAPolicy policies

ADMX_nca policies

ADMX_NCSI policies

ADMX_Netlogon policies

ADMX_OfflineFiles policies

ADMX_PeerToPeerCaching policies

ADMX_PerformanceDiagnostics policies

ADMX_Reliability policies

ADMX_Scripts policies

ADMX_sdiageng policies

ADMX_Securitycenter policies

ADMX_Servicing policies

ADMX_SharedFolders policies

ADMX_Sharing policies

ADMX_ShellCommandPromptRegEditTools policies

ApplicationDefaults policies

ApplicationManagement policies

AppRuntime policies

AppVirtualization policies

AttachmentManager policies

Audit policies

Authentication policies

Autoplay policies

BitLocker policies

BITS policies

Bluetooth policies

Browser policies

Camera policies

Cellular policies

Connectivity policies

ControlPolicyConflict policies

CredentialProviders policies

CredentialsDelegation policies

CredentialsUI policies

Cryptography policies

DataProtection policies

DataUsage policies

Defender policies

DeliveryOptimization policies

Desktop policies

DeviceGuard policies

DeviceHealthMonitoring policies

DeviceInstallation policies

DeviceLock policies

Display policies

DmaGuard policies

Education policies

EnterpriseCloudPrint policies

ErrorReporting policies

EventLogService policies

Experience policies

ExploitGuard policies

FileExplorer policies

Games policies

Handwriting policies

292 KiB

Raw Blame History