deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-11 20:17:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-applicationmanagement.md
Nicholas Brower 956c6fdc4a Merged PR 6306: Adding 1803 footnote to Policy CSP. 
"updating policies (id=4934)"
2018-03-12 17:54:50 +00:00

20 KiB
Raw Blame History

title, description, ms.author, ms.topic, ms.prod, ms.technology, author, ms.date
title description ms.author ms.topic ms.prod ms.technology author ms.date
Policy CSP - ApplicationManagement Policy CSP - ApplicationManagement maricia article w10 windows nickbrower 03/12/2018

Policy CSP - ApplicationManagement

ApplicationManagement policies

ApplicationManagement/AllowAllTrustedApps
ApplicationManagement/AllowAppStoreAutoUpdate
ApplicationManagement/AllowDeveloperUnlock
ApplicationManagement/AllowGameDVR
ApplicationManagement/AllowSharedUserAppData
ApplicationManagement/AllowStore
ApplicationManagement/ApplicationRestrictions
ApplicationManagement/DisableStoreOriginatedApps
ApplicationManagement/RequirePrivateStoreOnly
ApplicationManagement/RestrictAppDataToSystemVolume
ApplicationManagement/RestrictAppToSystemVolume

ApplicationManagement/AllowAllTrustedApps

Home Pro Business Enterprise Education Mobile Mobile Enterprise
check mark check mark check mark check mark check mark check mark

Scope:

[!div class = "checklist"]

  • Device

Specifies whether non Microsoft Store apps are allowed.

Most restricted value is 0.

ADMX Info:

  • GP English name: Allow all trusted apps to install
  • GP name: AppxDeploymentAllowAllTrustedApps
  • GP path: Windows Components/App Package Deployment
  • GP ADMX file name: AppxPackageManager.admx

The following list shows the supported values:

  • 0 - Explicit deny.
  • 1 - Explicit allow unlock.
  • 65535 (default) - Not configured.

ApplicationManagement/AllowAppStoreAutoUpdate

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark check mark

Scope:

[!div class = "checklist"]

  • Device

Specifies whether automatic update of apps from Microsoft Store are allowed.

Most restricted value is 0.

ADMX Info:

  • GP English name: Turn off Automatic Download and Install of updates
  • GP name: DisableAutoInstall
  • GP path: Windows Components/Store
  • GP ADMX file name: WindowsStore.admx

The following list shows the supported values:

  • 0 Not allowed.
  • 1 (default) Allowed.

ApplicationManagement/AllowDeveloperUnlock

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark check mark

Scope:

[!div class = "checklist"]

  • Device

Specifies whether developer unlock is allowed.

Most restricted value is 0.

ADMX Info:

  • GP English name: Allows development of Windows Store apps and installing them from an integrated development environment (IDE)
  • GP name: AllowDevelopmentWithoutDevLicense
  • GP path: Windows Components/App Package Deployment
  • GP ADMX file name: AppxPackageManager.admx

The following list shows the supported values:

  • 0 - Explicit deny.
  • 1 - Explicit allow unlock.
  • 65535 (default) - Not configured.

ApplicationManagement/AllowGameDVR

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark cross mark cross mark

Scope:

[!div class = "checklist"]

  • Device

Note

 The policy is only enforced in Windows 10 for desktop.

Specifies whether DVR and broadcasting is allowed.

Most restricted value is 0.

ADMX Info:

  • GP English name: Enables or disables Windows Game Recording and Broadcasting
  • GP name: AllowGameDVR
  • GP path: Windows Components/Windows Game Recording and Broadcasting
  • GP ADMX file name: GameDVR.admx

The following list shows the supported values:

  • 0 Not allowed.
  • 1 (default) Allowed.

ApplicationManagement/AllowSharedUserAppData

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark check mark

Scope:

[!div class = "checklist"]

  • Device

Specifies whether multiple users of the same app can share data.

Most restricted value is 0.

ADMX Info:

  • GP English name: Allow a Windows app to share application data between users
  • GP name: AllowSharedLocalAppData
  • GP path: Windows Components/App Package Deployment
  • GP ADMX file name: AppxPackageManager.admx

The following list shows the supported values:

  • 0 (default) Not allowed.
  • 1 Allowed.

ApplicationManagement/AllowStore

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark cross mark cross mark cross mark check mark check mark

Scope:

[!div class = "checklist"]

  • Device

Specifies whether app store is allowed at the device.

Most restricted value is 0.

The following list shows the supported values:

  • 0 Not allowed.
  • 1 (default) Allowed.

ApplicationManagement/ApplicationRestrictions

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark cross mark cross mark cross mark check mark check mark

Scope:

[!div class = "checklist"]

  • Device

Note

 This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the AppLocker CSP instead.

  An XML blob that specifies the application restrictions company want to put to the device. It could be an app allow list, app disallow list, allowed publisher IDs, and so on. For a list of Windows apps and product IDs, see inbox apps. For more information about the XML, see the ApplicationRestrictions XSD.

Note

 When you upgrade Windows Phone 8.1 devices to Windows 10 Mobile with a list of allowed apps, some Windows inbox apps get blocked causing unexpected behavior. To work around this issue, you must include the inbox apps that you need to your list of allowed apps.

Here's additional guidance for the upgrade process:

  • Use Windows 10 product IDs for the apps listed in inbox apps.
  • Use the new Microsoft publisher name (PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US") and Publisher="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" if you are using the publisher policy. Do not remove the Windows Phone 8.1 publisher if you are using it.
  • In the SyncML, you must use lowercase product ID.
  • Do not duplicate a product ID. Messaging and Skype Video use the same product ID. Duplicates cause an error.
  • You cannot disable or enable Contact Support and Windows Feedback apps using ApplicationManagement/ApplicationRestrictions policy, although these are listed in the inbox apps.

An application that is running may not be immediately terminated.

Value type is chr.

Value evaluation rule - The information for PolicyManager is opaque. There is no most restricted value evaluation. Whenever there is a change to the value, the device parses the node value and enforces specified policies.

ApplicationManagement/DisableStoreOriginatedApps

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark cross mark check mark1 check mark1 cross mark cross mark

Scope:

[!div class = "checklist"]

  • Device

Added in Windows 10, version 1607. Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded.

ADMX Info:

  • GP English name: *Disable all apps from Microsoft Store *
  • GP name: DisableStoreApps
  • GP path: Windows Components/Store
  • GP ADMX file name: WindowsStore.admx

The following list shows the supported values:

  • 0 (default) Enable launch of apps.
  • 1 Disable launch of apps.

ApplicationManagement/RequirePrivateStoreOnly

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark cross mark check mark check mark check mark check mark

Scope:

[!div class = "checklist"]

  • User
  • Device

Allows disabling of the retail catalog and only enables the Private store.

Most restricted value is 1.

ADMX Info:

  • GP name: RequirePrivateStoreOnly
  • GP ADMX file name: WindowsStore.admx

The following list shows the supported values:

  • 0 (default) Allow both public and Private store.
  • 1 Only Private store is enabled.

ApplicationManagement/RestrictAppDataToSystemVolume

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark check mark

Scope:

[!div class = "checklist"]

  • Device

Specifies whether application data is restricted to the system drive.

Most restricted value is 1.

ADMX Info:

  • GP English name: Prevent users' app data from being stored on non-system volumes
  • GP name: RestrictAppDataToSystemVolume
  • GP path: Windows Components/App Package Deployment
  • GP ADMX file name: AppxPackageManager.admx

The following list shows the supported values:

  • 0 (default) Not restricted.
  • 1 Restricted.

ApplicationManagement/RestrictAppToSystemVolume

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark check mark

Scope:

[!div class = "checklist"]

  • Device

Specifies whether the installation of applications is restricted to the system drive.

Most restricted value is 1.

ADMX Info:

  • GP English name: Disable installing Windows apps on non-system volumes
  • GP name: DisableDeploymentToNonSystemVolumes
  • GP path: Windows Components/App Package Deployment
  • GP ADMX file name: AppxPackageManager.admx

The following list shows the supported values:

  • 0 (default) Not restricted.
  • 1 Restricted.

Footnote:

  • 1 - Added in Windows 10, version 1607.
  • 2 - Added in Windows 10, version 1703.
  • 3 - Added in Windows 10, version 1709.
  • 4 - Added in Windows 10, version 1803.

ApplicationManagement policies supported by Windows Holographic for Business

ApplicationManagement policies supported by IoT Core