mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-07 01:57:21 +00:00
36 KiB
36 KiB
title, description, author, manager, ms.author, ms.date, ms.localizationpriority, ms.prod, ms.technology, ms.topic
| title | description | author | manager | ms.author | ms.date | ms.localizationpriority | ms.prod | ms.technology | ms.topic |
|---|---|---|---|---|---|---|---|---|---|
| ADMX_MSS-legacy Policy CSP | Learn more about the ADMX_MSS-legacy Area in Policy CSP | vinaypamnani-msft | aaroncz | vinpa | 11/29/2022 | medium | windows-client | itpro-manage | reference |
Policy CSP - ADMX_MSS-legacy
Tip
Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.
You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.
The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.
Pol_MSS_AutoAdminLogon
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 2004 [10.0.19041.1202] and later ✔️ Windows 10, version 2009 [10.0.19042.1202] and later ✔️ Windows 10, version 21H1 [10.0.19043.1202] and later ✔️ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_AutoAdminLogon
Enable Automatic Logon (not recommended).
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Pol_MSS_AutoReboot
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 2004 [10.0.19041.1202] and later ✔️ Windows 10, version 2009 [10.0.19042.1202] and later ✔️ Windows 10, version 21H1 [10.0.19043.1202] and later ✔️ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_AutoReboot
Allow Windows to automatically restart after a system crash (recommended except for highly secure environments).
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Pol_MSS_AutoShareServer
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 2004 [10.0.19041.1202] and later ✔️ Windows 10, version 2009 [10.0.19042.1202] and later ✔️ Windows 10, version 21H1 [10.0.19043.1202] and later ✔️ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_AutoShareServer
Enable administrative shares on servers (recommended except for highly secure environments).
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Pol_MSS_AutoShareWks
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 2004 [10.0.19041.1202] and later ✔️ Windows 10, version 2009 [10.0.19042.1202] and later ✔️ Windows 10, version 21H1 [10.0.19043.1202] and later ✔️ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_AutoShareWks
Enable administrative shares on workstations (recommended except for highly secure environments).
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Pol_MSS_DisableSavePassword
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 2004 [10.0.19041.1202] and later ✔️ Windows 10, version 2009 [10.0.19042.1202] and later ✔️ Windows 10, version 21H1 [10.0.19043.1202] and later ✔️ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_DisableSavePassword
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Prevent the dial-up password from being saved (recommended).
Pol_MSS_EnableDeadGWDetect
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 2004 [10.0.19041.1202] and later ✔️ Windows 10, version 2009 [10.0.19042.1202] and later ✔️ Windows 10, version 21H1 [10.0.19043.1202] and later ✔️ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_EnableDeadGWDetect
Allow automatic detection of dead network gateways (could lead to DoS).
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Pol_MSS_HideFromBrowseList
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 2004 [10.0.19041.1202] and later ✔️ Windows 10, version 2009 [10.0.19042.1202] and later ✔️ Windows 10, version 21H1 [10.0.19043.1202] and later ✔️ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_HideFromBrowseList
Hide Computer From the Browse List (not recommended except for highly secure environments).
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Pol_MSS_KeepAliveTime
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 2004 [10.0.19041.1202] and later ✔️ Windows 10, version 2009 [10.0.19042.1202] and later ✔️ Windows 10, version 21H1 [10.0.19043.1202] and later ✔️ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_KeepAliveTime
Define how often keep-alive packets are sent in milliseconds.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Pol_MSS_NoDefaultExempt
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 2004 [10.0.19041.1202] and later ✔️ Windows 10, version 2009 [10.0.19042.1202] and later ✔️ Windows 10, version 21H1 [10.0.19043.1202] and later ✔️ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_NoDefaultExempt
Configure IPSec exemptions for various types of network traffic.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Pol_MSS_NtfsDisable8dot3NameCreation
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 2004 [10.0.19041.1202] and later ✔️ Windows 10, version 2009 [10.0.19042.1202] and later ✔️ Windows 10, version 21H1 [10.0.19043.1202] and later ✔️ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_NtfsDisable8dot3NameCreation
Enable the computer to stop generating 8.3 style filenames.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Pol_MSS_PerformRouterDiscovery
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 2004 [10.0.19041.1202] and later ✔️ Windows 10, version 2009 [10.0.19042.1202] and later ✔️ Windows 10, version 21H1 [10.0.19043.1202] and later ✔️ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_PerformRouterDiscovery
Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS).
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Pol_MSS_SafeDllSearchMode
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 2004 [10.0.19041.1202] and later ✔️ Windows 10, version 2009 [10.0.19042.1202] and later ✔️ Windows 10, version 21H1 [10.0.19043.1202] and later ✔️ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_SafeDllSearchMode
Enable Safe DLL search mode (recommended).
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Pol_MSS_ScreenSaverGracePeriod
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 2004 [10.0.19041.1202] and later ✔️ Windows 10, version 2009 [10.0.19042.1202] and later ✔️ Windows 10, version 21H1 [10.0.19043.1202] and later ✔️ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_ScreenSaverGracePeriod
he time in seconds before the screen saver grace period expires (0 recommended).
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Pol_MSS_SynAttackProtect
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 2004 [10.0.19041.1202] and later ✔️ Windows 10, version 2009 [10.0.19042.1202] and later ✔️ Windows 10, version 21H1 [10.0.19043.1202] and later ✔️ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_SynAttackProtect
Syn attack protection level (protects against DoS).
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Pol_MSS_TcpMaxConnectResponseRetransmissions
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 2004 [10.0.19041.1202] and later ✔️ Windows 10, version 2009 [10.0.19042.1202] and later ✔️ Windows 10, version 21H1 [10.0.19043.1202] and later ✔️ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_TcpMaxConnectResponseRetransmissions
SYN-ACK retransmissions when a connection request is not acknowledged.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Pol_MSS_TcpMaxDataRetransmissions
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 2004 [10.0.19041.1202] and later ✔️ Windows 10, version 2009 [10.0.19042.1202] and later ✔️ Windows 10, version 21H1 [10.0.19043.1202] and later ✔️ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_TcpMaxDataRetransmissions
Define how many times unacknowledged data is retransmitted (3 recommended, 5 is default).
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Pol_MSS_TcpMaxDataRetransmissionsIPv6
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 2004 [10.0.19041.1202] and later ✔️ Windows 10, version 2009 [10.0.19042.1202] and later ✔️ Windows 10, version 21H1 [10.0.19043.1202] and later ✔️ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_TcpMaxDataRetransmissionsIPv6
Define how many times unacknowledged data is retransmitted (3 recommended, 5 is default).
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Pol_MSS_WarningLevel
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 2004 [10.0.19041.1202] and later ✔️ Windows 10, version 2009 [10.0.19042.1202] and later ✔️ Windows 10, version 21H1 [10.0.19043.1202] and later ✔️ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_WarningLevel
Percentage threshold for the security event log at which the system will generate a warning.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |