8.8 KiB
title, description, ms.author, ms.topic, ms.prod, ms.technology, author, ms.localizationpriority, ms.date, ms.reviewer, manager
| title | description | ms.author | ms.topic | ms.prod | ms.technology | author | ms.localizationpriority | ms.date | ms.reviewer | manager |
|---|---|---|---|---|---|---|---|---|---|---|
| Policy CSP - AttachmentManager | Manage Windows marks file attachments with information about their zone of origin, such as restricted, internet, intranet, local. | dansimp | article | w10 | windows | manikadhiman | medium | 09/27/2019 | dansimp |
Policy CSP - AttachmentManager
AttachmentManager policies
- AttachmentManager/DoNotPreserveZoneInformation
- AttachmentManager/HideZoneInfoMechanism
- AttachmentManager/NotifyAntivirusPrograms
AttachmentManager/DoNotPreserveZoneInformation
| Windows Edition | Supported? |
|---|---|
| Home |  |
| Pro |  |
| Business | |
| Enterprise | |
| Education | |
[!div class = "checklist"]
- User
This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information, Windows cannot make proper risk assessments.
If you enable this policy setting, Windows does not mark file attachments with their zone information.
If you disable this policy setting, Windows marks file attachments with their zone information.
If you do not configure this policy setting, Windows marks file attachments with their zone information.
Tip
This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.
You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.
The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.
ADMX Info:
- GP Friendly name: Do not preserve zone information in file attachments
- GP name: AM_MarkZoneOnSavedAtttachments
- GP path: Windows Components/Attachment Manager
- GP ADMX file name: AttachmentManager.admx
AttachmentManager/HideZoneInfoMechanism
| Windows Edition | Supported? |
|---|---|
| Home | |
| Pro | |
| Business | |
| Enterprise | |
| Education | |
[!div class = "checklist"]
- User
This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening.
If you enable this policy setting, Windows hides the check box and Unblock button.
If you disable this policy setting, Windows shows the check box and Unblock button.
If you do not configure this policy setting, Windows hides the check box and Unblock button.
Tip
This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.
You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.
The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.
ADMX Info:
- GP Friendly name: Hide mechanisms to remove zone information
- GP name: AM_RemoveZoneInfo
- GP path: Windows Components/Attachment Manager
- GP ADMX file name: AttachmentManager.admx
AttachmentManager/NotifyAntivirusPrograms
| Windows Edition | Supported? |
|---|---|
| Home | |
| Pro | |
| Business | |
| Enterprise | |
| Education | |
[!div class = "checklist"]
- User
This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer's email server, additional calls would be redundant.
If you enable this policy setting, Windows tells the registered antivirus program to scan the file when a user opens a file attachment. If the antivirus program fails, the attachment is blocked from being opened.
If you disable this policy setting, Windows does not call the registered antivirus programs when file attachments are opened.
If you do not configure this policy setting, Windows does not call the registered antivirus programs when file attachments are opened.
Tip
This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.
You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.
The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.
ADMX Info:
- GP English name: Notify antivirus programs when opening attachments
- GP name: AM_CallIOfficeAntiVirus
- GP path: Windows Components/Attachment Manager
- GP ADMX file name: AttachmentManager.admx
Footnotes:
- 1 - Available in Windows 10, version 1607.
- 2 - Available in Windows 10, version 1703.
- 3 - Available in Windows 10, version 1709.
- 4 - Available in Windows 10, version 1803.
- 5 - Available in Windows 10, version 1809.
- 6 - Available in Windows 10, version 1903.
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.