54 KiB
title, description, author, manager, ms.author, ms.date, ms.localizationpriority, ms.prod, ms.reviewer, ms.technology, ms.topic
| title | description | author | manager | ms.author | ms.date | ms.localizationpriority | ms.prod | ms.reviewer | ms.technology | ms.topic |
|---|---|---|---|---|---|---|---|---|---|---|
| Policy CSP | Learn more about the Policy CSP Policy | vinaypamnani-msft | aaroncz | vinpa | 11/01/2022 | medium | windows-client | itpro-manage | article |
Policy CSP
The following example shows the Policy configuration service provider in tree format.
./Device/Vendor/MSFT/Policy
--- Config
------ {AreaName}
--------- {PolicyName}
--- ConfigOperations
------ ADMXInstall
--------- {AppName}
------------ {SettingsType}
--------------- {AdmxFileId}
------------ Properties
--------------- {SettingsType}
------------------ {AdmxFileId}
--------------------- Version
--- Result
------ {AreaName}
--------- {PolicyName}
./User/Vendor/MSFT/Policy
--- Config
------ {AreaName}
--------- {PolicyName}
--- Result
------ {AreaName}
--------- {PolicyName}
Device/Config
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ✔️ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 1507 [10.0.10240] and later |
./Device/Vendor/MSFT/Policy/Config
Node for grouping all policies configured by one source. The configuration source can use this path to set policy values and later query any policy value that it previously set. One policy can be configured by multiple configuration sources. If a configuration source wants to query the result of conflict resolution (for example, if Exchange and MDM both attempt to set a value,) the configuration source can use the Policy/Result path to retrieve the resulting value.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | node |
| Access Type | Add, Delete, Get |
Device/Config/{AreaName}
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ✔️ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 1507 [10.0.10240] and later |
./Device/Vendor/MSFT/Policy/Config/{AreaName}
The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value. See the individual Area DDFs for Policy CSP for a list of Areas that can be configured.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | node |
| Access Type | Add, Delete, Get |
| Dynamic Node Naming | ClientInventory |
Device/Config/{AreaName}/{PolicyName}
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ✔️ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 1507 [10.0.10240] and later |
./Device/Vendor/MSFT/Policy/Config/{AreaName}/{PolicyName}
Specifies the name/value pair used in the policy. See the individual Area DDFs for more information about the policies available to configure.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | null |
| Access Type | Add, Delete, Get, Replace |
| Dynamic Node Naming | ClientInventory |
Device/ConfigOperations
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 1507 [10.0.10240] and later |
./Device/Vendor/MSFT/Policy/ConfigOperations
The root node for grouping different configuration operations.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | node |
| Access Type | Add, Delete, Get |
Device/ConfigOperations/ADMXInstall
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 1709 [10.0.16299] and later |
./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall
Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall. Each ADMX-backed policy or preference that is added is assigned a unique ID. ADMX files that have been installed by using ConfigOperations/ADMXInstall can later be deleted by using the URI delete operation. Deleting an ADMX file will delete the ADMX file from disk, remove the metadata from the ADMXdefault registry hive, and delete all the policies that were set from the file. The MDM server can also delete all ADMX policies that are tied to a particular app by calling delete on the URI, ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | node |
| Access Type | Add, Delete, Get |
Device/ConfigOperations/ADMXInstall/{AppName}
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 1709 [10.0.16299] and later |
./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}
Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX file.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | node |
| Access Type | Add, Delete, Get |
| Dynamic Node Naming | UniqueName: Specifies the name of the Win32 or Desktop Bridge app associated with the ADMX file. |
Device/ConfigOperations/ADMXInstall/{AppName}/{SettingsType}
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 1709 [10.0.16299] and later |
./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}/{SettingsType}
Setting Type of Win32 App. Policy Or Preference
Description framework properties:
| Property name | Property value |
|---|---|
| Format | node |
| Access Type | Add, Delete, Get |
| Dynamic Node Naming | UniqueName: Setting Type of Win32 App. Policy Or Preference |
Device/ConfigOperations/ADMXInstall/{AppName}/{SettingsType}/{AdmxFileId}
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 1709 [10.0.16299] and later |
./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}/{SettingsType}/{AdmxFileId}
Unique ID of ADMX file
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
| Dynamic Node Naming | ServerGeneratedUniqueIdentifier |
Device/ConfigOperations/ADMXInstall/{AppName}/Properties
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 1709 [10.0.16299.1481] and later ✔️ Windows 10, version 1803 [10.0.17134.1099] and later ✔️ Windows 10, version 1809 [10.0.17763.832] and later ✔️ Windows 10, version 1903 [10.0.18362.387] and later ✔️ Windows 10, version 1909 [10.0.18363] and later |
./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}/Properties
Properties of Win32 App ADMX Ingestion
Description framework properties:
| Property name | Property value |
|---|---|
| Format | node |
| Access Type | Add, Delete, Get |
Device/ConfigOperations/ADMXInstall/{AppName}/Properties/{SettingsType}
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 1709 [10.0.16299.1481] and later ✔️ Windows 10, version 1803 [10.0.17134.1099] and later ✔️ Windows 10, version 1809 [10.0.17763.832] and later ✔️ Windows 10, version 1903 [10.0.18362.387] and later ✔️ Windows 10, version 1909 [10.0.18363] and later |
./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}/Properties/{SettingsType}
Setting Type of Win32 App. Policy Or Preference
Description framework properties:
| Property name | Property value |
|---|---|
| Format | node |
| Access Type | Add, Delete, Get |
| Dynamic Node Naming | UniqueName: Setting Type of Win32 App. Policy Or Preference |
Device/ConfigOperations/ADMXInstall/{AppName}/Properties/{SettingsType}/{AdmxFileId}
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 1709 [10.0.16299.1481] and later ✔️ Windows 10, version 1803 [10.0.17134.1099] and later ✔️ Windows 10, version 1809 [10.0.17763.832] and later ✔️ Windows 10, version 1903 [10.0.18362.387] and later ✔️ Windows 10, version 1909 [10.0.18363] and later |
./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}/Properties/{SettingsType}/{AdmxFileId}
Unique ID of ADMX file
Description framework properties:
| Property name | Property value |
|---|---|
| Format | node |
| Access Type | Add, Delete, Get |
| Dynamic Node Naming | ServerGeneratedUniqueIdentifier |
Device/ConfigOperations/ADMXInstall/{AppName}/Properties/{SettingsType}/{AdmxFileId}/Version
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ❌ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 1709 [10.0.16299.1481] and later ✔️ Windows 10, version 1803 [10.0.17134.1099] and later ✔️ Windows 10, version 1809 [10.0.17763.832] and later ✔️ Windows 10, version 1903 [10.0.18362.387] and later ✔️ Windows 10, version 1909 [10.0.18363] and later |
./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/{AppName}/Properties/{SettingsType}/{AdmxFileId}/Version
Version of ADMX file. This can be set by the server to keep a record of the versioning of the ADMX file ingested by the device.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Device/Result
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ✔️ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 1507 [10.0.10240] and later |
./Device/Vendor/MSFT/Policy/Result
Groups the evaluated policies from all providers that can be configured.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | node |
| Access Type | Get |
Device/Result/{AreaName}
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ✔️ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 1507 [10.0.10240] and later |
./Device/Vendor/MSFT/Policy/Result/{AreaName}
The area group that can be configured by a single technology independent of the providers. See the individual Area DDFs for Policy CSP for a list of Areas that can be configured.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | node |
| Access Type | Get |
| Dynamic Node Naming | ClientInventory |
Device/Result/{AreaName}/{PolicyName}
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ✔️ User |
❌ Home ✔️ Pro ✔️ Enterprise ✔️ Education ✔️ Windows SE |
✔️ Windows 10, version 1507 [10.0.10240] and later |
./Device/Vendor/MSFT/Policy/Result/{AreaName}/{PolicyName}
Specifies the name/value pair used in the policy. See the individual Area DDFs for more information about the policies available to configure.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | null |
| Access Type | Get |
| Dynamic Node Naming | ClientInventory |
User/Config
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ✔️ User |
❌ Home ❌ Pro ❌ Enterprise ❌ Education ❌ Windows SE |
./User/Vendor/MSFT/Policy/Config
Node for grouping all policies configured by one source. The configuration source can use this path to set policy values and later query any policy value that it previously set. One policy can be configured by multiple configuration sources. If a configuration source wants to query the result of conflict resolution (for example, if Exchange and MDM both attempt to set a value,) the configuration source can use the Policy/Result path to retrieve the resulting value.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | node |
| Access Type | Add, Delete, Get |
User/Config/{AreaName}
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ✔️ User |
❌ Home ❌ Pro ❌ Enterprise ❌ Education ❌ Windows SE |
./User/Vendor/MSFT/Policy/Config/{AreaName}
The area group that can be configured by a single technology for a single provider. Once added, you cannot change the value. See the individual Area DDFs for Policy CSP for a list of Areas that can be configured.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | node |
| Access Type | Add, Delete, Get |
| Dynamic Node Naming | ClientInventory |
User/Config/{AreaName}/{PolicyName}
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ✔️ User |
❌ Home ❌ Pro ❌ Enterprise ❌ Education ❌ Windows SE |
./User/Vendor/MSFT/Policy/Config/{AreaName}/{PolicyName}
Specifies the name/value pair used in the policy. See the individual Area DDFs for more information about the policies available to configure.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | null |
| Access Type | Add, Delete, Get, Replace |
| Dynamic Node Naming | ClientInventory |
User/Result
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ✔️ User |
❌ Home ❌ Pro ❌ Enterprise ❌ Education ❌ Windows SE |
./User/Vendor/MSFT/Policy/Result
Groups the evaluated policies from all providers that can be configured.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | node |
| Access Type | Get |
User/Result/{AreaName}
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ✔️ User |
❌ Home ❌ Pro ❌ Enterprise ❌ Education ❌ Windows SE |
./User/Vendor/MSFT/Policy/Result/{AreaName}
The area group that can be configured by a single technology independent of the providers. See the individual Area DDFs for Policy CSP for a list of Areas that can be configured.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | node |
| Access Type | Get |
| Dynamic Node Naming | ClientInventory |
User/Result/{AreaName}/{PolicyName}
| Scope | Editions | Applicable OS |
|---|---|---|
| ✔️ Device ✔️ User |
❌ Home ❌ Pro ❌ Enterprise ❌ Education ❌ Windows SE |
./User/Vendor/MSFT/Policy/Result/{AreaName}/{PolicyName}
Specifies the name/value pair used in the policy. See the individual Area DDFs for more information about the policies available to configure.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | null |
| Access Type | Get |
| Dynamic Node Naming | ServerGeneratedUniqueIdentifier |
Policy CSPs
- AboveLock
- Accounts
- ActiveXControls
- ADMX_ActiveXInstallService
- ADMX_AddRemovePrograms
- ADMX_AdmPwd
- ADMX_AppCompat
- ADMX_AppxPackageManager
- ADMX_AppXRuntime
- ADMX_AttachmentManager
- ADMX_AuditSettings
- ADMX_Bits
- ADMX_CipherSuiteOrder
- ADMX_COM
- ADMX_ControlPanel
- ADMX_ControlPanelDisplay
- ADMX_Cpls
- ADMX_CredentialProviders
- ADMX_CredSsp
- ADMX_CredUI
- ADMX_CtrlAltDel
- ADMX_DataCollection
- ADMX_DCOM
- ADMX_Desktop
- ADMX_DeviceCompat
- ADMX_DeviceGuard
- ADMX_DeviceInstallation
- ADMX_DeviceSetup
- ADMX_DFS
- ADMX_DigitalLocker
- ADMX_DiskDiagnostic
- ADMX_DiskNVCache
- ADMX_DiskQuota
- ADMX_DistributedLinkTracking
- ADMX_DnsClient
- ADMX_DWM
- ADMX_EAIME
- ADMX_EncryptFilesonMove
- ADMX_EnhancedStorage
- ADMX_ErrorReporting
- ADMX_EventForwarding
- ADMX_EventLog
- ADMX_EventLogging
- ADMX_EventViewer
- ADMX_Explorer
- ADMX_ExternalBoot
- ADMX_FileRecovery
- ADMX_FileRevocation
- ADMX_FileServerVSSProvider
- ADMX_FileSys
- ADMX_FolderRedirection
- ADMX_FramePanes
- ADMX_fthsvc
- ADMX_Globalization
- ADMX_GroupPolicy
- ADMX_Help
- ADMX_HelpAndSupport
- ADMX_hotspotauth
- ADMX_ICM
- ADMX_IIS
- ADMX_iSCSI
- ADMX_kdc
- ADMX_Kerberos
- ADMX_LanmanServer
- ADMX_LanmanWorkstation
- ADMX_LeakDiagnostic
- ADMX_LinkLayerTopologyDiscovery
- ADMX_LocationProviderAdm
- ADMX_Logon
- ADMX_MicrosoftDefenderAntivirus
- ADMX_MMC
- ADMX_MMCSnapins
- ADMX_MobilePCMobilityCenter
- ADMX_MobilePCPresentationSettings
- ADMX_MSAPolicy
- ADMX_msched
- ADMX_MSDT
- ADMX_MSI
- ADMX_MsiFileRecovery
- ADMX_MSS-legacy
- ADMX_nca
- ADMX_NCSI
- ADMX_Netlogon
- ADMX_NetworkConnections
- ADMX_OfflineFiles
- ADMX_pca
- ADMX_PeerToPeerCaching
- ADMX_PenTraining
- ADMX_PerformanceDiagnostics
- ADMX_Power
- ADMX_PowerShellExecutionPolicy
- ADMX_PreviousVersions
- ADMX_Printing
- ADMX_Printing2
- ADMX_Programs
- ADMX_PushToInstall
- ADMX_QOS
- ADMX_Radar
- ADMX_Reliability
- ADMX_RemoteAssistance
- ADMX_RemovableStorage
- ADMX_RPC
- ADMX_sam
- ADMX_Scripts
- ADMX_sdiageng
- ADMX_sdiagschd
- ADMX_Securitycenter
- ADMX_Sensors
- ADMX_ServerManager
- ADMX_Servicing
- ADMX_SettingSync
- ADMX_SharedFolders
- ADMX_Sharing
- ADMX_ShellCommandPromptRegEditTools
- ADMX_Smartcard
- ADMX_Snmp
- ADMX_SoundRec
- ADMX_srmfci
- ADMX_StartMenu
- ADMX_SystemRestore
- ADMX_TabletPCInputPanel
- ADMX_TabletShell
- ADMX_Taskbar
- ADMX_tcpip
- ADMX_TerminalServer
- ADMX_Thumbnails
- ADMX_TouchInput
- ADMX_TPM
- ADMX_UserExperienceVirtualization
- ADMX_UserProfiles
- ADMX_W32Time
- ADMX_WCM
- ADMX_WDI
- ADMX_WinCal
- ADMX_WindowsColorSystem
- ADMX_WindowsConnectNow
- ADMX_WindowsExplorer
- ADMX_WindowsMediaDRM
- ADMX_WindowsMediaPlayer
- ADMX_WindowsRemoteManagement
- ADMX_WindowsStore
- ADMX_WinInit
- ADMX_WinLogon
- ADMX_Winsrv
- ADMX_wlansvc
- ADMX_WordWheel
- ADMX_WorkFoldersClient
- ADMX_WPN
- ApplicationDefaults
- ApplicationManagement
- AppRuntime
- AppVirtualization
- AttachmentManager
- Audit
- Authentication
- Autoplay
- Bitlocker
- BITS
- Bluetooth
- Browser
- Camera
- Cellular
- CloudPC
- Connectivity
- ControlPolicyConflict
- CredentialProviders
- CredentialsDelegation
- CredentialsUI
- Cryptography
- DataProtection
- DataUsage
- Defender
- DeliveryOptimization
- Desktop
- DesktopAppInstaller
- DeviceGuard
- DeviceHealthMonitoring
- DeviceInstallation
- DeviceLock
- Display
- DmaGuard
- Eap
- Education
- EnterpriseCloudPrint
- ErrorReporting
- EventLogService
- Experience
- ExploitGuard
- FederatedAuthentication
- FileExplorer
- Games
- Handwriting
- HumanPresence
- InternetExplorer
- Kerberos
- KioskBrowser
- LanmanWorkstation
- Licensing
- LocalPoliciesSecurityOptions
- LocalSecurityAuthority
- LocalUsersAndGroups
- LockDown
- Maps
- MemoryDump
- Messaging
- MixedReality
- MSSecurityGuide
- MSSLegacy
- Multitasking
- NetworkIsolation
- NetworkListManager
- NewsAndInterests
- Notifications
- Power
- Printers
- Privacy
- RemoteAssistance
- RemoteDesktop
- RemoteDesktopServices
- RemoteManagement
- RemoteProcedureCall
- RemoteShell
- RestrictedGroups
- Search
- Security
- ServiceControlManager
- Settings
- SettingsSync
- SmartScreen
- Speech
- Start
- Stickers
- Storage
- System
- SystemServices
- TaskManager
- TaskScheduler
- TenantDefinedTelemetry
- TenantRestrictions
- TextInput
- TimeLanguageSettings
- Troubleshooting
- Update
- UserRights
- VirtualizationBasedTechnology
- WebThreatDefense
- Wifi
- WindowsAutopilot
- WindowsConnectionManager
- WindowsDefenderSecurityCenter
- WindowsInkWorkspace
- WindowsLogon
- WindowsPowerShell
- WindowsSandbox
- WirelessDisplay