9.9 KiB
title, description, ms.author, ms.localizationpriority, ms.topic, ms.prod, ms.technology, author, ms.date, ms.reviewer, manager
| title | description | ms.author | ms.localizationpriority | ms.topic | ms.prod | ms.technology | author | ms.date | ms.reviewer | manager |
|---|---|---|---|---|---|---|---|---|---|---|
| Policy CSP - ADMX_FileSys | Learn about the Policy CSP - ADMX_FileSys. | vinpa | medium | article | w10 | windows | vinaypamnani-msft | 09/02/2020 | aaroncz |
Policy CSP - ADMX_FileSys
ADMX_FileSys policies
Tip
This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.
You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.
The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.
- ADMX_FileSys/DisableCompression
- ADMX_FileSys/DisableDeleteNotification
- ADMX_FileSys/DisableEncryption
- ADMX_FileSys/EnablePagefileEncryption
- ADMX_FileSys/LongPathsEnabled
- ADMX_FileSys/ShortNameCreationSettings
- ADMX_FileSys/SymlinkEvaluation
- ADMX_FileSys/TxfDeprecatedFunctionality
ADMX_FileSys/DisableCompression
| Edition | Windows 10 | Windows 11 |
|---|---|---|
| Home | No | No |
| Pro | Yes | Yes |
| Windows SE | No | Yes |
| Business | Yes | Yes |
| Enterprise | Yes | Yes |
| Education | Yes | Yes |
[!div class = "checklist"]
- Device
Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files.
ADMX Info:
- GP Friendly name: Do not allow compression on all NTFS volumes
- GP name: DisableCompression
- GP path: System/Filesystem/NTFS
- GP ADMX file name: FileSys.admx
ADMX_FileSys/DisableDeleteNotification
| Edition | Windows 10 | Windows 11 |
|---|---|---|
| Home | No | No |
| Pro | Yes | Yes |
| Windows SE | No | Yes |
| Business | Yes | Yes |
| Enterprise | Yes | Yes |
| Education | Yes | Yes |
[!div class = "checklist"]
- Device
Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation.
A value of 0, the default, will enable delete notifications for all volumes.
A value of 1 will disable delete notifications for all volumes.
ADMX Info:
- GP Friendly name: Disable delete notifications on all volumes
- GP name: DisableDeleteNotification
- GP path: System/Filesystem
- GP ADMX file name: FileSys.admx
ADMX_FileSys/DisableEncryption
| Edition | Windows 10 | Windows 11 |
|---|---|---|
| Home | No | No |
| Pro | Yes | Yes |
| Windows SE | No | Yes |
| Business | Yes | Yes |
| Enterprise | Yes | Yes |
| Education | Yes | Yes |
[!div class = "checklist"]
- Device
Encryption can add to the processing overhead of filesystem operations.
Enabling this setting will prevent access to and creation of encrypted files.
ADMX Info:
- GP Friendly name: Do not allow encryption on all NTFS volumes
- GP name: DisableEncryption
- GP path: System/Filesystem/NTFS
- GP ADMX file name: FileSys.admx
ADMX_FileSys/EnablePagefileEncryption
| Edition | Windows 10 | Windows 11 |
|---|---|---|
| Home | No | No |
| Pro | Yes | Yes |
| Windows SE | No | Yes |
| Business | Yes | Yes |
| Enterprise | Yes | Yes |
| Education | Yes | Yes |
[!div class = "checklist"]
- Device
Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations.
Enabling this setting will cause the page files to be encrypted.
ADMX Info:
- GP Friendly name: Enable NTFS pagefile encryption
- GP name: EnablePagefileEncryption
- GP path: System/Filesystem/NTFS
- GP ADMX file name: FileSys.admx
| Edition | Windows 10 | Windows 11 |
|---|---|---|
| Home | No | No |
| Pro | Yes | Yes |
| Windows SE | No | Yes |
| Business | Yes | Yes |
| Enterprise | Yes | Yes |
| Education | Yes | Yes |
[!div class = "checklist"]
- Device
Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit per node on file systems that support it.
Enabling this setting will cause the long paths to be accessible within the process.
ADMX Info:
- GP Friendly name: Enable Win32 long paths
- GP name: LongPathsEnabled
- GP path: System/Filesystem
- GP ADMX file name: FileSys.admx
ADMX_FileSys/ShortNameCreationSettings
| Edition | Windows 10 | Windows 11 |
|---|---|---|
| Home | No | No |
| Pro | Yes | Yes |
| Windows SE | No | Yes |
| Business | Yes | Yes |
| Enterprise | Yes | Yes |
| Education | Yes | Yes |
[!div class = "checklist"]
- Device
This policy setting provides control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the system.
If you enable short names on all volumes, then short names will always be generated. If you disable them on all volumes, then they'll never be generated. If you set short name creation to be configurable on a per volume basis, then an on-disk flag will determine whether or not short names are created on a given volume.
If you disable short name creation on all data volumes, then short names will only be generated for files created on the system volume.
ADMX Info:
- GP Friendly name: Short name creation options
- GP name: ShortNameCreationSettings
- GP path: System/Filesystem/NTFS
- GP ADMX file name: FileSys.admx
ADMX_FileSys/SymlinkEvaluation
| Edition | Windows 10 | Windows 11 |
|---|---|---|
| Home | No | No |
| Pro | Yes | Yes |
| Windows SE | No | Yes |
| Business | Yes | Yes |
| Enterprise | Yes | Yes |
| Education | Yes | Yes |
[!div class = "checklist"]
- Device
Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links:
- Local Link to a Local Target
- Local Link to a Remote Target
- Remote Link to Remote Target
- Remote Link to Local Target
For more information, see the Windows Help section.
Note
If this policy is disabled or not configured, local administrators may select the types of symbolic links to be evaluated.
ADMX Info:
- GP Friendly name: Selectively allow the evaluation of a symbolic link
- GP name: SymlinkEvaluation
- GP path: System/Filesystem
- GP ADMX file name: FileSys.admx
ADMX_FileSys/TxfDeprecatedFunctionality
| Edition | Windows 10 | Windows 11 |
|---|---|---|
| Home | No | No |
| Pro | Yes | Yes |
| Windows SE | No | Yes |
| Business | Yes | Yes |
| Enterprise | Yes | Yes |
| Education | Yes | Yes |
[!div class = "checklist"]
- Device
TXF deprecated features included savepoints, secondary RM, miniversion and roll forward. Enable it if you want to use the APIs.
ADMX Info:
- GP Friendly name: Enable / disable TXF deprecated features
- GP name: TxfDeprecatedFunctionality
- GP path: System/Filesystem/NTFS
- GP ADMX file name: FileSys.admx