mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-08 18:47:22 +00:00
247 lines
8.5 KiB
Markdown
247 lines
8.5 KiB
Markdown
---
|
|
title: Policy CSP - MSSecurityGuide
|
|
description: Policy CSP - MSSecurityGuide
|
|
ms.author: maricia
|
|
ms.topic: article
|
|
ms.prod: w10
|
|
ms.technology: windows
|
|
author: nickbrower
|
|
ms.date: 03/12/2018
|
|
---
|
|
|
|
# Policy CSP - MSSecurityGuide
|
|
|
|
> [!WARNING]
|
|
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
|
|
|
|
|
|
<hr/>
|
|
|
|
<!--Policies-->
|
|
## MSSecurityGuide policies
|
|
|
|
<dl>
|
|
<dd>
|
|
<a href="#mssecurityguide-applyuacrestrictionstolocalaccountsonnetworklogon">MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon</a>
|
|
</dd>
|
|
<dd>
|
|
<a href="#mssecurityguide-configuresmbv1clientdriver">MSSecurityGuide/ConfigureSMBV1ClientDriver</a>
|
|
</dd>
|
|
<dd>
|
|
<a href="#mssecurityguide-configuresmbv1server">MSSecurityGuide/ConfigureSMBV1Server</a>
|
|
</dd>
|
|
<dd>
|
|
<a href="#mssecurityguide-enablestructuredexceptionhandlingoverwriteprotection">MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection</a>
|
|
</dd>
|
|
<dd>
|
|
<a href="#mssecurityguide-turnonwindowsdefenderprotectionagainstpotentiallyunwantedapplications">MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications</a>
|
|
</dd>
|
|
<dd>
|
|
<a href="#mssecurityguide-wdigestauthentication">MSSecurityGuide/WDigestAuthentication</a>
|
|
</dd>
|
|
</dl>
|
|
|
|
|
|
<hr/>
|
|
|
|
<!--Policy-->
|
|
<a href="" id="mssecurityguide-applyuacrestrictionstolocalaccountsonnetworklogon"></a>**MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon**
|
|
|
|
<!--Scope-->
|
|
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
|
|
|
> [!div class = "checklist"]
|
|
> * Device
|
|
|
|
<hr/>
|
|
|
|
<!--/Scope-->
|
|
<!--Description-->
|
|
|
|
<!--/Description-->
|
|
> [!TIP]
|
|
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
|
|
|
|
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
|
|
|
|
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
|
|
|
|
<!--ADMXBacked-->
|
|
ADMX Info:
|
|
- GP name: *Pol_SecGuide_0201_LATFP*
|
|
- GP ADMX file name: *SecGuide.admx*
|
|
|
|
<!--/ADMXBacked-->
|
|
<!--/Policy-->
|
|
|
|
<hr/>
|
|
|
|
<!--Policy-->
|
|
<a href="" id="mssecurityguide-configuresmbv1clientdriver"></a>**MSSecurityGuide/ConfigureSMBV1ClientDriver**
|
|
|
|
<!--Scope-->
|
|
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
|
|
|
> [!div class = "checklist"]
|
|
> * Device
|
|
|
|
<hr/>
|
|
|
|
<!--/Scope-->
|
|
<!--Description-->
|
|
|
|
<!--/Description-->
|
|
> [!TIP]
|
|
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
|
|
|
|
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
|
|
|
|
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
|
|
|
|
<!--ADMXBacked-->
|
|
ADMX Info:
|
|
- GP name: *Pol_SecGuide_0002_SMBv1_ClientDriver*
|
|
- GP ADMX file name: *SecGuide.admx*
|
|
|
|
<!--/ADMXBacked-->
|
|
<!--/Policy-->
|
|
|
|
<hr/>
|
|
|
|
<!--Policy-->
|
|
<a href="" id="mssecurityguide-configuresmbv1server"></a>**MSSecurityGuide/ConfigureSMBV1Server**
|
|
|
|
<!--Scope-->
|
|
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
|
|
|
> [!div class = "checklist"]
|
|
> * Device
|
|
|
|
<hr/>
|
|
|
|
<!--/Scope-->
|
|
<!--Description-->
|
|
|
|
<!--/Description-->
|
|
> [!TIP]
|
|
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
|
|
|
|
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
|
|
|
|
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
|
|
|
|
<!--ADMXBacked-->
|
|
ADMX Info:
|
|
- GP name: *Pol_SecGuide_0001_SMBv1_Server*
|
|
- GP ADMX file name: *SecGuide.admx*
|
|
|
|
<!--/ADMXBacked-->
|
|
<!--/Policy-->
|
|
|
|
<hr/>
|
|
|
|
<!--Policy-->
|
|
<a href="" id="mssecurityguide-enablestructuredexceptionhandlingoverwriteprotection"></a>**MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection**
|
|
|
|
<!--Scope-->
|
|
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
|
|
|
> [!div class = "checklist"]
|
|
> * Device
|
|
|
|
<hr/>
|
|
|
|
<!--/Scope-->
|
|
<!--Description-->
|
|
|
|
<!--/Description-->
|
|
> [!TIP]
|
|
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
|
|
|
|
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
|
|
|
|
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
|
|
|
|
<!--ADMXBacked-->
|
|
ADMX Info:
|
|
- GP name: *Pol_SecGuide_0102_SEHOP*
|
|
- GP ADMX file name: *SecGuide.admx*
|
|
|
|
<!--/ADMXBacked-->
|
|
<!--/Policy-->
|
|
|
|
<hr/>
|
|
|
|
<!--Policy-->
|
|
<a href="" id="mssecurityguide-turnonwindowsdefenderprotectionagainstpotentiallyunwantedapplications"></a>**MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications**
|
|
|
|
<!--Scope-->
|
|
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
|
|
|
> [!div class = "checklist"]
|
|
> * Device
|
|
|
|
<hr/>
|
|
|
|
<!--/Scope-->
|
|
<!--Description-->
|
|
|
|
<!--/Description-->
|
|
> [!TIP]
|
|
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
|
|
|
|
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
|
|
|
|
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
|
|
|
|
<!--ADMXBacked-->
|
|
ADMX Info:
|
|
- GP name: *Pol_SecGuide_0101_WDPUA*
|
|
- GP ADMX file name: *SecGuide.admx*
|
|
|
|
<!--/ADMXBacked-->
|
|
<!--/Policy-->
|
|
|
|
<hr/>
|
|
|
|
<!--Policy-->
|
|
<a href="" id="mssecurityguide-wdigestauthentication"></a>**MSSecurityGuide/WDigestAuthentication**
|
|
|
|
<!--Scope-->
|
|
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
|
|
|
> [!div class = "checklist"]
|
|
> * Device
|
|
|
|
<hr/>
|
|
|
|
<!--/Scope-->
|
|
<!--Description-->
|
|
|
|
<!--/Description-->
|
|
> [!TIP]
|
|
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
|
|
|
|
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
|
|
|
|
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
|
|
|
|
<!--ADMXBacked-->
|
|
ADMX Info:
|
|
- GP name: *Pol_SecGuide_0202_WDigestAuthn*
|
|
- GP ADMX file name: *SecGuide.admx*
|
|
|
|
<!--/ADMXBacked-->
|
|
<!--/Policy-->
|
|
<hr/>
|
|
|
|
Footnote:
|
|
|
|
- 1 - Added in Windows 10, version 1607.
|
|
- 2 - Added in Windows 10, version 1703.
|
|
- 3 - Added in Windows 10, version 1709.
|
|
- 4 - Added in Windows 10, version 1803.
|
|
|
|
<!--/Policies-->
|
|
|