Let’s first look at the comparative figures between the last article from October 2019 and now. The most changes have been made to Edge Bowser and Internet Explorer. There are also new settings for BitLocker. These were previously only configurable via their own policies in Intune.
Please check also our article User-related administrative templates in Intune (version 2101).
Category | October 2019 | February 2021 |
---|---|---|
App-V | 28 | 28 |
BitLocker | 0 | 8 |
Edge | 244 | 414 |
Error Reporting | 5 | 5 |
Internet Explorer | 260 | 248 |
Network | 10 | 10 |
Microsoft Office | 56 | 63 |
OneDrive | 19 | 23 |
Power Management | 10 | 10 |
Remote Assistance | 4 | 4 |
Remote Desktop Services | 6 | 6 |
Remote Management | 24 | 22 |
RSS | 2 | 2 |
Security | 53 | 52 |
Total | 721 | 895 |
Device-specific administrative templates in Intune 2101
Device-specific ADMX for App-V
Name | Policy Pfad |
---|---|
Enable App-V Client | \System\App-V |
Enable Migration Mode | \System\App-V\Client Coexistence |
Roaming File Exclusions | \System\App-V\Integration |
Integration Root User | \System\App-V\Integration |
Roaming Registry Exclusions | \System\App-V\Integration |
Integration Root Global | \System\App-V\Integration |
Enable automatic cleanup of unused appv packages | \System\App-V\PackageManagement |
Publishing Sevrer 4 Settings | \System\App-V\Publishing |
Publishing Server 2 Settings | \System\App-V\Publishing |
Publishing Server 1 Settings | \System\App-V\Publishing |
Enable Publishing Refresh UX | \System\App-V\Publishing |
Publishing Server 5 Settings | \System\App-V\Publishing |
Publishing Server 3 Settings | \System\App-V\Publishing |
Reporting Server | \System\App-V\Reporting |
Enable Package Scripts | \System\App-V\Scripting |
Specify what to load in background (aka AutoLoad) | \System\App-V\Streaming |
Shared Content Store (SCS) mode | \System\App-V\Streaming |
Verify certificate revocation list | \System\App-V\Streaming |
Certificate Filter For Client SSL | \System\App-V\Streaming |
Package Installation Root | \System\App-V\Streaming |
Reestablishment Interval | \System\App-V\Streaming |
Reestablishment Retries | \System\App-V\Streaming |
Location Provider | \System\App-V\Streaming |
Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection | \System\App-V\Streaming |
Package Source Root | \System\App-V\Streaming |
Enable Support for BranchCache | \System\App-V\Streaming |
Enable Dynamic Virtualization | \System\App-V\Virtualization |
Virtual Component Process Allow List | \System\App-V\Virtualization |
Device-specific ADMX for BitLocker
Name | Policy Pfad |
---|---|
Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) | \Windows Components\BitLocker Drive Encryption |
Deny write access to fixed drives not protected by BitLocker | \Windows Components\BitLocker Drive Encryption\Fixed Data Drives |
Choose how BitLocker-protected fixed drives can be recovered | \Windows Components\BitLocker Drive Encryption\Fixed Data Drives |
Require additional authentication at startup | \Windows Components\BitLocker Drive Encryption\Operating System Drives |
Configure pre-boot recovery message and URL | \Windows Components\BitLocker Drive Encryption\Operating System Drives |
Choose how BitLocker-protected operating system drives can be recovered | \Windows Components\BitLocker Drive Encryption\Operating System Drives |
Configure minimum PIN length for startup | \Windows Components\BitLocker Drive Encryption\Operating System Drives |
Deny write access to removable drives not protected by BitLocker | \Windows Components\BitLocker Drive Encryption\Removable Data Drives |
Device-specific ADMX for Edge
Name | Policy Pfad |
---|---|
Enable Translate | \Microsoft Edge |
Force synchronization of browser data and do not show the sync consent prompt | \Microsoft Edge |
Suppress the unsupported OS warning | \Microsoft Edge |
Allow importing of open tabs | \Microsoft Edge |
Disable synchronization of data using Microsoft sync services | \Microsoft Edge |
Configure whether Microsoft Edge should automatically select a certificate when there are multiple certificate matches for a site configured with “AutoSelectCertificateForUrls” | \Microsoft Edge |
Block tracking of users’ web-browsing activity | \Microsoft Edge |
Enable a TLS 1.3 security feature for local trust anchors. | \Microsoft Edge |
Disable saving browser history | \Microsoft Edge |
Allow access to sensors on specific sites | \Microsoft Edge |
Configure the default paste format of URLs copied from Microsoft Edge, and determine if additional formats will be available to users | \Microsoft Edge |
Block access to a specified list of services and export targets in Collections | \Microsoft Edge |
Allow pages to send synchronous XHR requests during page dismissal | \Microsoft Edge |
Show an “Always open” checkbox in external protocol dialog | \Microsoft Edge |
Set the user data directory | \Microsoft Edge |
Force networking code to run in the browser process | \Microsoft Edge |
Allow importing of autofill form data | \Microsoft Edge |
Configure automatic sign in with an Active Directory domain account when there is no Azure AD domain account | \Microsoft Edge |
Show context menu to open a link in Internet Explorer mode | \Microsoft Edge |
Set the roaming profile directory | \Microsoft Edge |
Configure tab lifecycles | \Microsoft Edge |
Configure the list of names that will bypass the HSTS policy check | \Microsoft Edge |
Restrict exposure of local IP address by WebRTC | \Microsoft Edge |
Allow Pin to taskbar wizard | \Microsoft Edge |
Enable Hiding of Native Windows | \Microsoft Edge |
Configure tracking prevention exceptions for specific sites | \Microsoft Edge |
Show Microsoft Rewards experiences | \Microsoft Edge |
Allow importing of favorites | \Microsoft Edge |
Allow launching of local files in Internet Explorer mode | \Microsoft Edge |
Enable spellcheck | \Microsoft Edge |
Allow surf game | \Microsoft Edge |
Allow or block audio capture | \Microsoft Edge |
Allow file selection dialogs | \Microsoft Edge |
Configure favorites | \Microsoft Edge |
Disable support for 3D graphics APIs | \Microsoft Edge |
Define a list of allowed URLs | \Microsoft Edge |
Allow managed extensions to use the Enterprise Hardware Platform API | \Microsoft Edge |
Allow importing of shortcuts | \Microsoft Edge |
Suggest similar pages when a webpage can?t be found | \Microsoft Edge |
Use a default referrer policy of no-referrer-when-downgrade. (deprecated) | \Microsoft Edge |
Enable renderer code integrity | \Microsoft Edge |
Enable specific spellcheck languages | \Microsoft Edge |
Enable search suggestions | \Microsoft Edge |
Enable Signed HTTP Exchange (SXG) support | \Microsoft Edge |
Hide the one-time redirection dialog and the banner on Microsoft Edge | \Microsoft Edge |
Block the Serial API on specific sites | \Microsoft Edge |
Enable security warnings for command-line flags | \Microsoft Edge |
Send required and optional diagnostic data about browser usage | \Microsoft Edge |
Block all ads on Bing search results | \Microsoft Edge |
Sites that can access video capture devices without requesting permission | \Microsoft Edge |
Enable guest mode | \Microsoft Edge |
Disable Certificate Transparency enforcement for a list of legacy certificate authorities | \Microsoft Edge |
Control the mode of DNS-over-HTTPS | \Microsoft Edge |
Control communication with the Experimentation and Configuration Service | \Microsoft Edge |
Enforce Google SafeSearch | \Microsoft Edge |
Allow Google Cast to connect to Cast devices on all IP addresses | \Microsoft Edge |
Enable using roaming copies for Microsoft Edge profile data | \Microsoft Edge |
Enable globally scoped HTTP auth cache | \Microsoft Edge |
Manage exposure of local IP addressess by WebRTC | \Microsoft Edge |
Ads setting for sites with intrusive ads | \Microsoft Edge |
Copied at InfrastrukturHelden.de | \Microsoft Edge |
Enable warnings for insecure forms | \Microsoft Edge |
Default sensors setting | \Microsoft Edge |
Configure Internet Explorer integration | \Microsoft Edge |
Extend Adobe Flash content setting to all content | \Microsoft Edge |
Enable AutoFill for credit cards | \Microsoft Edge |
Allow importing of browser settings | \Microsoft Edge |
Allow WebDriver to Override Incompatible Policies (deprecated) | \Microsoft Edge |
Intranet Redirection Behavior | \Microsoft Edge |
Allow importing of Cookies | \Microsoft Edge |
Websites or domains that don’t need permission to use direct Security Key attestation | \Microsoft Edge |
Allow users to proceed from the HTTPS warning page | \Microsoft Edge |
Enable profile creation from the Identity flyout menu or the Settings page | \Microsoft Edge |
Set download directory | \Microsoft Edge |
Notify a user that a browser restart is recommended or required for pending updates | \Microsoft Edge |
Enable ending processes in the Browser task manager | \Microsoft Edge |
Enable site isolation for every site | \Microsoft Edge |
Configure the Enterprise Mode Site List | \Microsoft Edge |
Allow default search provider context menu search access | \Microsoft Edge |
Allow the Web widget at Windows startup | \Microsoft Edge |
Set the time period for update notifications | \Microsoft Edge |
Do not set window.opener for links targeting _blank | \Microsoft Edge |
Disable download file type extension-based warnings for specified file types on domains | \Microsoft Edge |
Use hardware acceleration when available | \Microsoft Edge |
Allow user feedback | \Microsoft Edge |
Enable AutoFill for addresses | \Microsoft Edge |
Configure Speech Recognition | \Microsoft Edge |
Restrict the range of local UDP ports used by WebRTC | \Microsoft Edge |
Configure whether a user always has a default profile automatically signed in with their work or school account | \Microsoft Edge |
Allow the Serial API on specific sites | \Microsoft Edge |
Set a timeout for delay of tab navigation for the Enterprise Mode Site List | \Microsoft Edge |
Manage Search Engines | \Microsoft Edge |
Open local files in Internet Explorer mode file extension allow list | \Microsoft Edge |
Enable use of ephemeral profiles | \Microsoft Edge |
Enable resolution of navigation errors using a web service | \Microsoft Edge |
Configure Do Not Track | \Microsoft Edge |
Allow the audio sandbox to run | \Microsoft Edge |
Enable scrolling to text specified in URL fragments | \Microsoft Edge |
Allow importing of search engine settings | \Microsoft Edge |
Enable the Collections feature | \Microsoft Edge |
Allow or deny screen capture | \Microsoft Edge |
Define an ordered list of preferred languages that websites should display in if the site supports the language | \Microsoft Edge |
Allow personalization of ads, search and news by sending browsing history to Microsoft | \Microsoft Edge |
Send all intranet sites to Internet Explorer | \Microsoft Edge |
Prevent install of the BHO to redirect incompatible sites from Internet Explorer to Microsoft Edge | \Microsoft Edge |
Control where security restrictions on insecure origins apply | \Microsoft Edge |
Browsing Data Lifetime Settings | \Microsoft Edge |
Allow media autoplay for websites | \Microsoft Edge |
Enable site isolation for specific origins | \Microsoft Edge |
Control where developer tools can be used | \Microsoft Edge |
Configure InPrivate mode availability | \Microsoft Edge |
Enable the User-Agent Client Hints feature (deprecated) | \Microsoft Edge |
Clear browsing data when Microsoft Edge closes | \Microsoft Edge |
Specify if online OCSP/CRL checks are required for local trust anchors | \Microsoft Edge |
Allow download restrictions | \Microsoft Edge |
Define a list of protocols that can launch an external application from listed origins without prompting the user | \Microsoft Edge |
Configure the list of sites for which Microsoft Edge will attempt to establish a Token Binding with. | \Microsoft Edge |
Allow users to configure Family safety | \Microsoft Edge |
Save cookies when Microsoft Edge closes | \Microsoft Edge |
Maximum number of concurrent connections to the proxy server | \Microsoft Edge |
Delete old browser data on migration | \Microsoft Edge |
Force direct intranet site navigation instead of searching on single word entries in the Address Bar | \Microsoft Edge |
Set limit on megabytes of memory a single Microsoft Edge instance can use. | \Microsoft Edge |
Set disk cache directory | \Microsoft Edge |
Shopping in Microsoft Edge Enabled | \Microsoft Edge |
Allow legacy TLS/DTLS downgrade in WebRTC (deprecated) | \Microsoft Edge |
Automatically import another browser’s data and settings at first run | \Microsoft Edge |
Allow users to open files using the ClickOnce protocol | \Microsoft Edge |
Sites that can access audio capture devices without requesting permission | \Microsoft Edge |
Configure list of force-installed Web Apps | \Microsoft Edge |
Set application locale | \Microsoft Edge |
Enable deleting browser and download history | \Microsoft Edge |
Block smart actions for a list of services | \Microsoft Edge |
Enable the Web widget | \Microsoft Edge |
Enforce Bing SafeSearch | \Microsoft Edge |
Specify how “in-page” navigations to unconfigured sites behave when started from Internet Explorer mode pages | \Microsoft Edge |
Configures availability of a vertical layout for tabs on the side of the browser | \Microsoft Edge |
Allow importing of extensions | \Microsoft Edge |
Allows the AppCache feature to be re-enabled, even if it’s turned off by default | \Microsoft Edge |
DNS interception checks enabled | \Microsoft Edge |
Allow websites to query for available payment methods | \Microsoft Edge |
Enables background updates to the list of available templates for Collections and other features that use templates | \Microsoft Edge |
Browser sign-in settings | \Microsoft Edge |
Allow importing of saved passwords | \Microsoft Edge |
Control the IntensiveWakeUpThrottling feature | \Microsoft Edge |
Specify custom help link | \Microsoft Edge |
Allow QUIC protocol | \Microsoft Edge |
Disable taking screenshots | \Microsoft Edge |
Enable Domain Actions Download from Microsoft (deprecated) | \Microsoft Edge |
Allows users to edit favorites | \Microsoft Edge |
Show Microsoft Office shortcut in favorites bar | \Microsoft Edge |
Enable Microsoft Search in Bing suggestions in the address bar | \Microsoft Edge |
Allow full screen mode | \Microsoft Edge |
Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes | \Microsoft Edge |
Specify the TLS cipher suites to disable | \Microsoft Edge |
Use Windows proxy resolver (deprecated) | \Microsoft Edge |
Allow importing of browsing history | \Microsoft Edge |
Allow or block video capture | \Microsoft Edge |
Send site information to improve Microsoft services | \Microsoft Edge |
Enable component updates in Microsoft Edge | \Microsoft Edge |
Minimum TLS version enabled | \Microsoft Edge |
Re-enable deprecated web platform features for a limited time | \Microsoft Edge |
Enable network prediction | \Microsoft Edge |
Allow certificates signed using SHA-1 when issued by local trust anchors (deprecated) | \Microsoft Edge |
Block access to a list of URLs | \Microsoft Edge |
Block access to sensors on specific sites | \Microsoft Edge |
Enable web capture feature in Microsoft Edge | \Microsoft Edge |
Block third party cookies | \Microsoft Edge |
Configure the Share experience | \Microsoft Edge |
Enable stricter treatment for mixed content | \Microsoft Edge |
Enable Proactive Authentication | \Microsoft Edge |
Allow Internet Explorer mode testing | \Microsoft Edge |
Allow suggestions from local providers | \Microsoft Edge |
Require that the Enterprise Mode Site List is available before tab navigation | \Microsoft Edge |
Clear cached images and files when Microsoft Edge closes | \Microsoft Edge |
Allow importing of payment info | \Microsoft Edge |
Always open PDF files externally | \Microsoft Edge |
URLs where AutoOpenFileTypes can apply | \Microsoft Edge |
Restrict which accounts can be used as Microsoft Edge primary accounts | \Microsoft Edge |
Hide the First-run experience and splash screen | \Microsoft Edge |
List of file types that should be automatically opened on download | \Microsoft Edge |
Allow users to open files using the DirectInvoke protocol | \Microsoft Edge |
Enable Ambient Authentication for InPrivate and Guest profiles | \Microsoft Edge |
Allow freezing of background tabs | \Microsoft Edge |
Specify URI template of desired DNS-over-HTTPS resolver | \Microsoft Edge |
Continue running background apps after Microsoft Edge closes | \Microsoft Edge |
Enable favorites bar | \Microsoft Edge |
Control use of the Serial API | \Microsoft Edge |
Allow queries to a Browser Network Time service | \Microsoft Edge |
Redirect incompatible sites from Internet Explorer to Microsoft Edge | \Microsoft Edge |
Allow access to the Enterprise Mode Site List Manager tool | \Microsoft Edge |
Configure Online Text To Speech | \Microsoft Edge |
Force disable spellcheck languages | \Microsoft Edge |
Use built-in DNS client | \Microsoft Edge |
Allows a page to show popups during its unloading | \Microsoft Edge |
Set WPAD optimization | \Microsoft Edge |
Disable Certificate Transparency enforcement for specific URLs | \Microsoft Edge |
Limits the number of user data snapshots retained for use in case of emergency rollback | \Microsoft Edge |
Allow importing of home page settings | \Microsoft Edge |
Enable usage and crash-related data reporting | \Microsoft Edge |
Configure enhanced hang detection for Internet Explorer mode | \Microsoft Edge |
Allow recommendations and promotional notifications from Edge | \Microsoft Edge |
Ask where to save downloaded files | \Microsoft Edge |
Enable online OCSP/CRL checks | \Microsoft Edge |
Re-enable Web Components v0 API until M84. (deprecated) | \Microsoft Edge |
Force minimum YouTube Restricted Mode | \Microsoft Edge |
Enable full-tab promotional content | \Microsoft Edge |
Configure the list of types that are excluded from synchronization | \Microsoft Edge |
Set disk cache size, in bytes | \Microsoft Edge |
Allow importing of Cookies | \Microsoft Edge – Default Settings (users can override) |
Redirect incompatible sites from Internet Explorer to Microsoft Edge | \Microsoft Edge – Default Settings (users can override) |
Enable favorites bar | \Microsoft Edge – Default Settings (users can override) |
Allow importing of browser settings | \Microsoft Edge – Default Settings (users can override) |
Allow importing of shortcuts | \Microsoft Edge – Default Settings (users can override) |
Clear cached images and files when Microsoft Edge closes | \Microsoft Edge – Default Settings (users can override) |
Enable AutoFill for credit cards | \Microsoft Edge – Default Settings (users can override) |
Enable AutoFill for addresses | \Microsoft Edge – Default Settings (users can override) |
Allow importing of saved passwords | \Microsoft Edge – Default Settings (users can override) |
Continue running background apps after Microsoft Edge closes | \Microsoft Edge – Default Settings (users can override) |
Shopping in Microsoft Edge Enabled | \Microsoft Edge – Default Settings (users can override) |
Allow suggestions from local providers | \Microsoft Edge – Default Settings (users can override) |
Show Microsoft Rewards experiences | \Microsoft Edge – Default Settings (users can override) |
Disable synchronization of data using Microsoft sync services | \Microsoft Edge – Default Settings (users can override) |
Enable Translate | \Microsoft Edge – Default Settings (users can override) |
Enable network prediction | \Microsoft Edge – Default Settings (users can override) |
Allow importing of payment info | \Microsoft Edge – Default Settings (users can override) |
Allow importing of browsing history | \Microsoft Edge – Default Settings (users can override) |
Manage Search Engines | \Microsoft Edge – Default Settings (users can override) |
Allow download restrictions | \Microsoft Edge – Default Settings (users can override) |
Set application locale | \Microsoft Edge – Default Settings (users can override) |
Enable resolution of navigation errors using a web service | \Microsoft Edge – Default Settings (users can override) |
Allow importing of search engine settings | \Microsoft Edge – Default Settings (users can override) |
Block smart actions for a list of services | \Microsoft Edge – Default Settings (users can override) |
Clear browsing data when Microsoft Edge closes | \Microsoft Edge – Default Settings (users can override) |
Allow importing of open tabs | \Microsoft Edge – Default Settings (users can override) |
Set download directory | \Microsoft Edge – Default Settings (users can override) |
Allow importing of favorites | \Microsoft Edge – Default Settings (users can override) |
Suggest similar pages when a webpage can?t be found | \Microsoft Edge – Default Settings (users can override) |
Allow importing of autofill form data | \Microsoft Edge – Default Settings (users can override) |
Allow importing of extensions | \Microsoft Edge – Default Settings (users can override) |
Block third party cookies | \Microsoft Edge – Default Settings (users can override) |
Enable search suggestions | \Microsoft Edge – Default Settings (users can override) |
Register protocol handlers | \Microsoft Edge – Default Settings (users can override)\Content settings |
Default search provider keyword | \Microsoft Edge – Default Settings (users can override)\Default search provider |
Configure the new tab page search box experience | \Microsoft Edge – Default Settings (users can override)\Default search provider |
Specifies the search-by-image feature for the default search provider | \Microsoft Edge – Default Settings (users can override)\Default search provider |
Default search provider encodings | \Microsoft Edge – Default Settings (users can override)\Default search provider |
Enable the default search provider | \Microsoft Edge – Default Settings (users can override)\Default search provider |
Default search provider URL for suggestions | \Microsoft Edge – Default Settings (users can override)\Default search provider |
Parameters for an image URL that uses POST | \Microsoft Edge – Default Settings (users can override)\Default search provider |
Default search provider search URL | \Microsoft Edge – Default Settings (users can override)\Default search provider |
Default search provider name | \Microsoft Edge – Default Settings (users can override)\Default search provider |
Enable Password reveal button | \Microsoft Edge – Default Settings (users can override)\Password manager and protection |
Enable saving passwords to the password manager | \Microsoft Edge – Default Settings (users can override)\Password manager and protection |
Allow users to be alerted if their passwords are found to be unsafe | \Microsoft Edge – Default Settings (users can override)\Password manager and protection |
Enable startup boost | \Microsoft Edge – Default Settings (users can override)\Performance |
Set the system default printer as the default printer | \Microsoft Edge – Default Settings (users can override)\Printing |
Print headers and footers | \Microsoft Edge – Default Settings (users can override)\Printing |
Set the background tab inactivity timeout for Sleeping Tabs | \Microsoft Edge – Default Settings (users can override)\Sleeping Tabs settings |
Configure Sleeping Tabs | \Microsoft Edge – Default Settings (users can override)\Sleeping Tabs settings |
Block Sleeping Tabs on specific sites | \Microsoft Edge – Default Settings (users can override)\Sleeping Tabs settings |
Force Microsoft Defender SmartScreen checks on downloads from trusted sources | \Microsoft Edge – Default Settings (users can override)\SmartScreen settings |
Configure Microsoft Defender SmartScreen | \Microsoft Edge – Default Settings (users can override)\SmartScreen settings |
Configure Microsoft Defender SmartScreen to block potentially unwanted apps | \Microsoft Edge – Default Settings (users can override)\SmartScreen settings |
Configure the Microsoft Edge new tab page experience | \Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page |
Action to take on startup | \Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page |
Show Home button on toolbar | \Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page |
Configure the new tab page URL | \Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page |
Enable preload of the new tab page for faster rendering | \Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page |
Set the new tab page as the home page | \Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page |
Configure the home page URL | \Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page |
Set new tab page quick links | \Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page |
Sites to open when the browser starts | \Microsoft Edge – Default Settings (users can override)\Startup, home page and new tab page |
Prevent Desktop Shortcut creation upon install default | \Microsoft Edge Update\Applications |
Allow installation default | \Microsoft Edge Update\Applications |
Allow Microsoft Edge Side by Side browser experience | \Microsoft Edge Update\Applications |
Update policy override default | \Microsoft Edge Update\Applications |
Prevent Desktop Shortcut creation upon install | \Microsoft Edge Update\Applications\Microsoft Edge |
Update policy override | \Microsoft Edge Update\Applications\Microsoft Edge |
Target version override | \Microsoft Edge Update\Applications\Microsoft Edge |
Rollback to Target version | \Microsoft Edge Update\Applications\Microsoft Edge |
Allow installation | \Microsoft Edge Update\Applications\Microsoft Edge |
Allow installation | \Microsoft Edge Update\Applications\Microsoft Edge Beta |
Prevent Desktop Shortcut creation upon install | \Microsoft Edge Update\Applications\Microsoft Edge Beta |
Target version override | \Microsoft Edge Update\Applications\Microsoft Edge Beta |
Rollback to Target version | \Microsoft Edge Update\Applications\Microsoft Edge Beta |
Update policy override | \Microsoft Edge Update\Applications\Microsoft Edge Beta |
Allow installation | \Microsoft Edge Update\Applications\Microsoft Edge Canary |
Prevent Desktop Shortcut creation upon install | \Microsoft Edge Update\Applications\Microsoft Edge Canary |
Update policy override | \Microsoft Edge Update\Applications\Microsoft Edge Canary |
Rollback to Target version | \Microsoft Edge Update\Applications\Microsoft Edge Canary |
Target version override | \Microsoft Edge Update\Applications\Microsoft Edge Canary |
Rollback to Target version | \Microsoft Edge Update\Applications\Microsoft Edge Dev |
Target version override | \Microsoft Edge Update\Applications\Microsoft Edge Dev |
Allow installation | \Microsoft Edge Update\Applications\Microsoft Edge Dev |
Prevent Desktop Shortcut creation upon install | \Microsoft Edge Update\Applications\Microsoft Edge Dev |
Update policy override | \Microsoft Edge Update\Applications\Microsoft Edge Dev |
Allow installation | \Microsoft Edge Update\Microsoft Edge WebView |
Update policy override | \Microsoft Edge Update\Microsoft Edge WebView |
Auto-update check period override | \Microsoft Edge Update\Preferences |
Time period in each day to suppress auto-update check | \Microsoft Edge Update\Preferences |
URL to a proxy .pac file | \Microsoft Edge Update\Proxy Server |
Choose how to specify proxy server settings | \Microsoft Edge Update\Proxy Server |
Address or URL of proxy server | \Microsoft Edge Update\Proxy Server |
Application Guard Container Proxy | \Microsoft Edge\Application Guard settings |
Enable Google Cast | \Microsoft Edge\Cast |
Show the cast icon in the toolbar | \Microsoft Edge\Cast |
Default geolocation setting | \Microsoft Edge\Content settings |
Allow insecure content on specified sites | \Microsoft Edge\Content settings |
Allow the Adobe Flash plug-in on specific sites | \Microsoft Edge\Content settings |
Allow cookies on specific sites | \Microsoft Edge\Content settings |
Grant access to specific sites to connect to specific USB devices | \Microsoft Edge\Content settings |
Allow images on these sites | \Microsoft Edge\Content settings |
Block images on specific sites | \Microsoft Edge\Content settings |
Block read access via the File System API on these sites | \Microsoft Edge\Content settings |
Control use of the WebUSB API | \Microsoft Edge\Content settings |
Automatically select client certificates for these sites | \Microsoft Edge\Content settings |
Allow JavaScript on specific sites | \Microsoft Edge\Content settings |
Control use of the File System API for reading | \Microsoft Edge\Content settings |
Choose whether users can receive customized background images and text, suggestions, notifications,and tips for Microsoft services | \Microsoft Edge\Content settings |
Allow pop-up windows on specific sites | \Microsoft Edge\Content settings |
Block the Adobe Flash plug-in on specific sites | \Microsoft Edge\Content settings |
Default notification setting | \Microsoft Edge\Content settings |
Block JavaScript on specific sites | \Microsoft Edge\Content settings |
Block notifications on specific sites | \Microsoft Edge\Content settings |
Default JavaScript setting | \Microsoft Edge\Content settings |
Default images setting | \Microsoft Edge\Content settings |
Default pop-up window setting | \Microsoft Edge\Content settings |
Configure cookies | \Microsoft Edge\Content settings |
Control use of insecure content exceptions | \Microsoft Edge\Content settings |
Allow read access via the File System API on these sites | \Microsoft Edge\Content settings |
Allow WebUSB on specific sites | \Microsoft Edge\Content settings |
Block WebUSB on specific sites | \Microsoft Edge\Content settings |
Revert to legacy SameSite behavior for cookies on specified sites | \Microsoft Edge\Content settings |
Allow write access to files and directories on these sites | \Microsoft Edge\Content settings |
Control use of the Web Bluetooth API | \Microsoft Edge\Content settings |
Control use of the File System API for writing | \Microsoft Edge\Content settings |
Limit cookies from specific websites to the current session | \Microsoft Edge\Content settings |
Enable default legacy SameSite cookie behavior setting | \Microsoft Edge\Content settings |
Block pop-up windows on specific sites | \Microsoft Edge\Content settings |
Block write access to files and directories on these sites | \Microsoft Edge\Content settings |
Allow notifications on specific sites | \Microsoft Edge\Content settings |
Block insecure content on specified sites | \Microsoft Edge\Content settings |
Default Adobe Flash setting | \Microsoft Edge\Content settings |
Block cookies on specific sites | \Microsoft Edge\Content settings |
Configure the new tab page search box experience | \Microsoft Edge\Default search provider |
Default search provider name | \Microsoft Edge\Default search provider |
Default search provider encodings | \Microsoft Edge\Default search provider |
Default search provider search URL | \Microsoft Edge\Default search provider |
Specifies the search-by-image feature for the default search provider | \Microsoft Edge\Default search provider |
Default search provider keyword | \Microsoft Edge\Default search provider |
Enable the default search provider | \Microsoft Edge\Default search provider |
Parameters for an image URL that uses POST | \Microsoft Edge\Default search provider |
Default search provider URL for suggestions | \Microsoft Edge\Default search provider |
Configure allowed extension types | \Microsoft Edge\Extensions |
Control which extensions cannot be installed | \Microsoft Edge\Extensions |
Blocks external extensions from being installed | \Microsoft Edge\Extensions |
Allow specific extensions to be installed | \Microsoft Edge\Extensions |
Configure extension management settings | \Microsoft Edge\Extensions |
Configure extension and user script install sources | \Microsoft Edge\Extensions |
Control which extensions are installed silently | \Microsoft Edge\Extensions |
Configure list of allowed authentication servers | \Microsoft Edge\HTTP authentication |
Allow Basic authentication for HTTP | \Microsoft Edge\HTTP authentication |
Disable CNAME lookup when negotiating Kerberos authentication | \Microsoft Edge\HTTP authentication |
Supported authentication schemes | \Microsoft Edge\HTTP authentication |
Allow cross-origin HTTP Basic Auth prompts | \Microsoft Edge\HTTP authentication |
Include non-standard port in Kerberos SPN | \Microsoft Edge\HTTP authentication |
Specifies a list of servers that Microsoft Edge can delegate user credentials to | \Microsoft Edge\HTTP authentication |
Configure address bar editing for kiosk mode public browsing experience | \Microsoft Edge\Kiosk Mode settings |
Delete files downloaded as part of kiosk session when Microsoft Edge closes | \Microsoft Edge\Kiosk Mode settings |
Mobile App Management Enabled | \Microsoft Edge\Manageability |
Allow user-level native messaging hosts (installed without admin permissions) | \Microsoft Edge\Native Messaging |
Configure native messaging block list | \Microsoft Edge\Native Messaging |
Control which native messaging hosts users can use | \Microsoft Edge\Native Messaging |
Enable saving passwords to the password manager | \Microsoft Edge\Password manager and protection |
Allow users to be alerted if their passwords are found to be unsafe | \Microsoft Edge\Password manager and protection |
Configure the change password URL | \Microsoft Edge\Password manager and protection |
Configure password protection warning trigger | \Microsoft Edge\Password manager and protection |
Configure the list of enterprise login URLs where password protection service should capture fingerprint of password | \Microsoft Edge\Password manager and protection |
Enable startup boost | \Microsoft Edge\Performance |
Set the system default printer as the default printer | \Microsoft Edge\Printing |
Default printing page size | \Microsoft Edge\Printing |
Restrict background graphics printing mode | \Microsoft Edge\Printing |
Print using system print dialog | \Microsoft Edge\Printing |
Print headers and footers | \Microsoft Edge\Printing |
Disable printer types on the deny list | \Microsoft Edge\Printing |
Default background graphics printing mode | \Microsoft Edge\Printing |
Default printer selection rules | \Microsoft Edge\Printing |
Enable printing | \Microsoft Edge\Printing |
Configure address or URL of proxy server | \Microsoft Edge\Proxy server |
Proxy settings | \Microsoft Edge\Proxy server |
Configure proxy server settings | \Microsoft Edge\Proxy server |
Set the proxy .pac file URL | \Microsoft Edge\Proxy server |
Configure proxy bypass rules | \Microsoft Edge\Proxy server |
Block Sleeping Tabs on specific sites | \Microsoft Edge\Sleeping Tabs settings |
Configure Sleeping Tabs | \Microsoft Edge\Sleeping Tabs settings |
Set the background tab inactivity timeout for Sleeping Tabs | \Microsoft Edge\Sleeping Tabs settings |
Configure Microsoft Defender SmartScreen to block potentially unwanted apps | \Microsoft Edge\SmartScreen settings |
Force Microsoft Defender SmartScreen checks on downloads from trusted sources | \Microsoft Edge\SmartScreen settings |
Configure the list of domains for which Microsoft Defender SmartScreen won’t trigger warnings | \Microsoft Edge\SmartScreen settings |
Prevent bypassing Microsoft Defender SmartScreen prompts for sites | \Microsoft Edge\SmartScreen settings |
Configure Microsoft Defender SmartScreen | \Microsoft Edge\SmartScreen settings |
Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads | \Microsoft Edge\SmartScreen settings |
Action to take on startup | \Microsoft Edge\Startup, home page and new tab page |
Set new tab page quick links | \Microsoft Edge\Startup, home page and new tab page |
Show Home button on toolbar | \Microsoft Edge\Startup, home page and new tab page |
Configure the background types allowed for the new tab page layout | \Microsoft Edge\Startup, home page and new tab page |
Set the new tab page as the home page | \Microsoft Edge\Startup, home page and new tab page |
Hide the default top sites from the new tab page | \Microsoft Edge\Startup, home page and new tab page |
Sites to open when the browser starts | \Microsoft Edge\Startup, home page and new tab page |
Set new tab page company logo (deprecated) | \Microsoft Edge\Startup, home page and new tab page |
Configure the Microsoft Edge new tab page experience | \Microsoft Edge\Startup, home page and new tab page |
Configure the home page URL | \Microsoft Edge\Startup, home page and new tab page |
Enable preload of the new tab page for faster rendering | \Microsoft Edge\Startup, home page and new tab page |
Configure the new tab page URL | \Microsoft Edge\Startup, home page and new tab page |
Device-specific ADMX for error reporting
Name | Policy Pfad |
---|---|
Display Error Notification | \Windows Components\Windows Error Reporting |
Do not send additional data | \Windows Components\Windows Error Reporting |
Disable Windows Error Reporting | \Windows Components\Windows Error Reporting |
Prevent display of the user interface for critical errors | \Windows Components\Windows Error Reporting |
Customize consent settings | \Windows Components\Windows Error Reporting\Consent |
Device-specific ADMX for Internet Explorer
Name | Policy Pfad |
---|---|
Turn off the auto-complete feature for web addresses | \Windows Components\Internet Explorer |
Specify default behavior for a new tab | \Windows Components\Internet Explorer |
Add a specific list of search providers to the user’s list of search providers | \Windows Components\Internet Explorer |
Security Zones: Use only machine settings | \Windows Components\Internet Explorer |
Turn on Suggested Sites | \Windows Components\Internet Explorer |
Prevent running First Run wizard | \Windows Components\Internet Explorer |
Restrict search providers to a specific list | \Windows Components\Internet Explorer |
Prevent changing proxy settings | \Windows Components\Internet Explorer |
Disable Periodic Check for Internet Explorer software updates | \Windows Components\Internet Explorer |
Turn on ActiveX Filtering | \Windows Components\Internet Explorer |
Turn off browser geolocation | \Windows Components\Internet Explorer |
Prevent managing SmartScreen Filter | \Windows Components\Internet Explorer |
Turn off Crash Detection | \Windows Components\Internet Explorer |
Security Zones: Do not allow users to change policies | \Windows Components\Internet Explorer |
Use the Enterprise Mode IE website list | \Windows Components\Internet Explorer |
Prevent bypassing SmartScreen Filter warnings | \Windows Components\Internet Explorer |
Disable changing secondary home page settings | \Windows Components\Internet Explorer |
Prevent per-user installation of ActiveX controls | \Windows Components\Internet Explorer |
Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar | \Windows Components\Internet Explorer |
Turn off the Security Settings Check feature | \Windows Components\Internet Explorer |
Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet | \Windows Components\Internet Explorer |
Let users turn on and use Enterprise Mode from the Tools menu | \Windows Components\Internet Explorer |
Specify use of ActiveX Installer Service for installation of ActiveX controls | \Windows Components\Internet Explorer |
Prevent changing the default search provider | \Windows Components\Internet Explorer |
Prevent participation in the Customer Experience Improvement Program | \Windows Components\Internet Explorer |
Security Zones: Do not allow users to add/delete sites | \Windows Components\Internet Explorer |
Turn off Compatibility View | \Windows Components\Internet Explorer\Compatibility View |
Turn on Internet Explorer Standards Mode for local intranet | \Windows Components\Internet Explorer\Compatibility View |
Use Policy List of Internet Explorer 7 sites | \Windows Components\Internet Explorer\Compatibility View |
Prevent deleting websites that the user has visited | \Windows Components\Internet Explorer\Delete Browsing History |
Disable “Configuring History” | \Windows Components\Internet Explorer\Delete Browsing History |
Allow deleting browsing history on exit | \Windows Components\Internet Explorer\Delete Browsing History |
Prevent ignoring certificate errors | \Windows Components\Internet Explorer\Internet Control Panel |
Turn off encryption support | \Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
Check for signatures on downloaded programs | \Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
Turn on Enhanced Protected Mode | \Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
Turn off the flip ahead with page prediction feature | \Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
Allow software to run or install even if the signature is invalid | \Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows | \Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled | \Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
Check for server certificate revocation | \Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |
Locked-Down Internet Zone Template | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
Internet Zone Template | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
Intranet Zone Template | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
Locked-Down Intranet Zone Template | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
Locked-Down Restricted Sites Zone Template | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
Locked-Down Local Machine Zone Template | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
Intranet Sites: Include all network paths (UNCs) | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
Local Machine Zone Template | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
Restricted Sites Zone Template | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
Turn on certificate address mismatch warning | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
Locked-Down Trusted Sites Zone Template | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
Trusted Sites Zone Template | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
Intranet Sites: Include all local (intranet) sites not listed in other zones | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
Site to Zone Assignment List | \Windows Components\Internet Explorer\Internet Control Panel\Security Page |
Enable dragging of content from different domains across windows | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Turn on Cross-Site Scripting Filter | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow loading of XAML files | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Use Pop-up Blocker | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Turn on Protected Mode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow VBScript to run in Internet Explorer | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow script-initiated windows without size or position constraints | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow only approved domains to use ActiveX controls without prompt | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Web sites in less privileged Web content zones can navigate into this zone | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Launching applications and files in an IFRAME | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Run .NET Framework-reliant components not signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow only approved domains to use the TDC ActiveX control | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Download unsigned ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Access data sources across domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Navigate windows and frames across different domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Enable MIME Sniffing | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Include local path when user is uploading files to a server | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Enable dragging of content from different domains within a window | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Turn on SmartScreen Filter scan | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Run .NET Framework-reliant components signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow updates to status bar via script | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Automatic prompting for ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow scripting of Internet Explorer WebBrowser controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Userdata persistence | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Don’t run antimalware programs against ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Automatic prompting for file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Show security warning for potentially unsafe files | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Logon options | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow cut, copy or paste operations from the clipboard via script | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow font downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Java permissions | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow drag and drop or copy and paste files | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Initialize and script ActiveX controls not marked as safe | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Download signed ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone |
Userdata persistence | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
Java permissions | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
Web sites in less privileged Web content zones can navigate into this zone | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
Automatic prompting for file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
Don’t run antimalware programs against ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow font downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
Access data sources across domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
Navigate windows and frames across different domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
Run .NET Framework-reliant components not signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
Automatic prompting for ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
Turn on SmartScreen Filter scan | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
Initialize and script ActiveX controls not marked as safe | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone |
Userdata persistence | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Don’t run antimalware programs against ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Java permissions | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Automatic prompting for file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Access data sources across domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Automatic prompting for ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Run .NET Framework-reliant components not signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow font downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Web sites in less privileged Web content zones can navigate into this zone | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Initialize and script ActiveX controls not marked as safe | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Turn on SmartScreen Filter scan | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Navigate windows and frames across different domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Run .NET Framework-reliant components not signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Navigate windows and frames across different domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Turn on SmartScreen Filter scan | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Java permissions | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Access data sources across domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Automatic prompting for file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Automatic prompting for ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Initialize and script ActiveX controls not marked as safe | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Allow font downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Web sites in less privileged Web content zones can navigate into this zone | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Userdata persistence | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Automatic prompting for file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Userdata persistence | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Run .NET Framework-reliant components not signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Web sites in less privileged Web content zones can navigate into this zone | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Automatic prompting for ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Java permissions | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Initialize and script ActiveX controls not marked as safe | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Allow font downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Navigate windows and frames across different domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Turn on SmartScreen Filter scan | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Access data sources across domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Automatic prompting for file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Userdata persistence | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Java permissions | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Access data sources across domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Navigate windows and frames across different domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Turn on SmartScreen Filter scan | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Run .NET Framework-reliant components not signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Automatic prompting for ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Initialize and script ActiveX controls not marked as safe | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Allow font downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Web sites in less privileged Web content zones can navigate into this zone | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Access data sources across domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
Allow font downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
Navigate windows and frames across different domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
Web sites in less privileged Web content zones can navigate into this zone | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
Java permissions | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
Automatic prompting for ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
Initialize and script ActiveX controls not marked as safe | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
Turn on SmartScreen Filter scan | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
Userdata persistence | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
Automatic prompting for file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
Run .NET Framework-reliant components not signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone |
Userdata persistence | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Run .NET Framework-reliant components not signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Automatic prompting for file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Initialize and script ActiveX controls not marked as safe | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Automatic prompting for ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Java permissions | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Allow font downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Turn on SmartScreen Filter scan | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Web sites in less privileged Web content zones can navigate into this zone | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Navigate windows and frames across different domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Access data sources across domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Navigate windows and frames across different domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow only approved domains to use ActiveX controls without prompt | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow loading of XAML files | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Run ActiveX controls and plugins | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Turn on Protected Mode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Initialize and script ActiveX controls not marked as safe | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Don’t run antimalware programs against ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Web sites in less privileged Web content zones can navigate into this zone | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Automatic prompting for ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow script-initiated windows without size or position constraints | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Run .NET Framework-reliant components not signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow active scripting | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow cut, copy or paste operations from the clipboard via script | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Userdata persistence | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow META REFRESH | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Show security warning for potentially unsafe files | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Launching applications and files in an IFRAME | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow drag and drop or copy and paste files | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow font downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Script ActiveX controls marked safe for scripting | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Java permissions | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Turn on SmartScreen Filter scan | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Enable dragging of content from different domains across windows | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Enable dragging of content from different domains within a window | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow VBScript to run in Internet Explorer | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Run .NET Framework-reliant components signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow binary and script behaviors | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Include local path when user is uploading files to a server | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Automatic prompting for file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Download signed ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow scripting of Internet Explorer WebBrowser controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Turn on Cross-Site Scripting Filter | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Access data sources across domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Download unsigned ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Enable MIME Sniffing | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Use Pop-up Blocker | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow updates to status bar via script | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow only approved domains to use the TDC ActiveX control | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Logon options | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Scripting of Java applets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Web sites in less privileged Web content zones can navigate into this zone | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow font downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Java permissions | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Initialize and script ActiveX controls not marked as safe | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Userdata persistence | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Navigate windows and frames across different domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Turn on SmartScreen Filter scan | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Access data sources across domains | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow scriptlets | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Automatic prompting for ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Run .NET Framework-reliant components not signed with Authenticode | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Automatic prompting for file downloads | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Don’t run antimalware programs against ActiveX controls | \Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Go to an intranet site for a one-word entry in the Address bar | \Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing |
Turn off InPrivate Browsing | \Windows Components\Internet Explorer\Privacy |
Allow fallback to SSL 3.0 (Internet Explorer) | \Windows Components\Internet Explorer\Security Features |
Remove “Run this time” button for outdated ActiveX controls in Internet Explorer | \Windows Components\Internet Explorer\Security Features\Add-on Management |
Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects | \Windows Components\Internet Explorer\Security Features\Add-on Management |
Turn off blocking of outdated ActiveX controls for Internet Explorer | \Windows Components\Internet Explorer\Security Features\Add-on Management |
Turn off automatic download of the ActiveX VersionList | \Windows Components\Internet Explorer\Security Features\Add-on Management |
Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains | \Windows Components\Internet Explorer\Security Features\Add-on Management |
Add-on List | \Windows Components\Internet Explorer\Security Features\Add-on Management |
Internet Explorer Processes | \Windows Components\Internet Explorer\Security Features\Consistent Mime Handling |
Internet Explorer Processes | \Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature |
Internet Explorer Processes | \Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction |
Internet Explorer Processes | \Windows Components\Internet Explorer\Security Features\Notification bar |
Internet Explorer Processes | \Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation |
Internet Explorer Processes | \Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install |
Internet Explorer Processes | \Windows Components\Internet Explorer\Security Features\Restrict File Download |
Internet Explorer Processes | \Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions |
Device-specific ADMX for Network
Name | Policy Pfad |
---|---|
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) | \MSS (Legacy) |
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | \MSS (Legacy) |
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | \MSS (Legacy) |
MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | \MSS (Legacy) |
Prohibit installation and configuration of Network Bridge on your DNS domain network | \Network\Network Connections |
Hardened UNC Paths | \Network\Network Provider |
Prohibit connection to non-domain networks when connected to domain authenticated network | \Network\Windows Connection Manager |
Set 3G Cost | \Network\WWAN Service\WWAN Media Cost |
Set 4G Cost | \Network\WWAN Service\WWAN Media Cost |
Set Per-App Cellular Access UI Visibility | \Network\WWAN Service\WWAN UI Settings |
Device-specific ADMX for Microsoft Office
Name | Policy Pfad |
---|---|
Default Office theme | \Microsoft Office 2016 (Machine)\Global Options\Customize |
Use shared computer activation | \Microsoft Office 2016 (Machine)\Licensing Settings |
Use a device-based license for Office 365 ProPlus | \Microsoft Office 2016 (Machine)\Licensing Settings |
Enable EDU Org ID Sign In in Office from Windows Store | \Microsoft Office 2016 (Machine)\Licensing Settings |
Allow extended offline use for Office 365 ProPlus | \Microsoft Office 2016 (Machine)\Licensing Settings |
Specify the location to save the licensing token used by shared computer activation | \Microsoft Office 2016 (Machine)\Licensing Settings |
Use Viewer Mode | \Microsoft Office 2016 (Machine)\Licensing Settings |
Age out documents older than n days | \Microsoft Office 2016 (Machine)\Miscellaneous |
Open Directly in Office Client Application | \Microsoft Office 2016 (Machine)\Miscellaneous |
Age out the locally cached copies of server document versions that are more than n days old. | \Microsoft Office 2016 (Machine)\Miscellaneous |
File Previewing | \Microsoft Office 2016 (Machine)\Miscellaneous |
Prevent document inspectors from running | \Microsoft Office 2016 (Machine)\Miscellaneous |
Set the max size of the Office Document Cache | \Microsoft Office 2016 (Machine)\Miscellaneous |
Graphics filter import | \Microsoft Office 2016 (Machine)\Security Settings |
Disable Password Caching | \Microsoft Office 2016 (Machine)\Security Settings |
Disable VBA for Office applications | \Microsoft Office 2016 (Machine)\Security Settings |
Disable Package Repair | \Microsoft Office 2016 (Machine)\Security Settings |
Disable user name and password | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
Object Caching Protection | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
Scripted Window Security Restrictions | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
Restrict File Download | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
Consistent Mime Handling | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
Restrict ActiveX Install | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
Information Bar | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
Saved from URL | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
Mime Sniffing Safety Feature | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
Add-on Management | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
Local Machine Zone Lockdown Security | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
Navigate URL | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
Block popups | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
Protection From Zone Elevation | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
Bind to object | \Microsoft Office 2016 (Machine)\Security Settings\IE Security |
Don?t install Microsoft Teams with new installations or updates of Office | \Microsoft Office 2016 (Machine)\Updates |
Update Channel | \Microsoft Office 2016 (Machine)\Updates |
Upgrade Office 2019 to Office 365 ProPlus | \Microsoft Office 2016 (Machine)\Updates |
Enable Automatic Updates | \Microsoft Office 2016 (Machine)\Updates |
Don?t install extension for Microsoft Search in Bing that makes Bing the default search engine | \Microsoft Office 2016 (Machine)\Updates |
Target Version | \Microsoft Office 2016 (Machine)\Updates |
Prioritize BITS | \Microsoft Office 2016 (Machine)\Updates |
Hide Update Notifications | \Microsoft Office 2016 (Machine)\Updates |
Delay downloading and installing updates for Office | \Microsoft Office 2016 (Machine)\Updates |
Prevent Office from being updated to a specific version | \Microsoft Office 2016 (Machine)\Updates |
Update Path | \Microsoft Office 2016 (Machine)\Updates |
Hide option to enable or disable updates | \Microsoft Office 2016 (Machine)\Updates |
Online Repair | \Microsoft Office 2016 (Machine)\Updates |
Update Deadline | \Microsoft Office 2016 (Machine)\Updates |
Office 365 Client Management | \Microsoft Office 2016 (Machine)\Updates |
Use only Token Activation | \Microsoft Office 2016 (Machine)\Volume Activation |
Prevent Token Activation dialog from closing | \Microsoft Office 2016 (Machine)\Volume Activation |
Turn on an external converter as the default for a file extension | \Microsoft PowerPoint 2016 (Machine)\Converters |
Require logon credentials | \Skype for Business 2016\Microsoft Lync Feature Policies |
Trusted Domain List | \Skype for Business 2016\Microsoft Lync Feature Policies |
Prevent users from running Microsoft Lync | \Skype for Business 2016\Microsoft Lync Feature Policies |
Configure SIP security mode | \Skype for Business 2016\Microsoft Lync Feature Policies |
Disable HTTP fallback for SIP connection | \Skype for Business 2016\Microsoft Lync Feature Policies |
Global Address Book Download Initial Delay | \Skype for Business 2016\Microsoft Lync Feature Policies |
Enable using BITS to download Address Book Service files | \Skype for Business 2016\Microsoft Lync Feature Policies |
Configure SIP compression mode | \Skype for Business 2016\Microsoft Lync Feature Policies |
Disable automatic upload of sign-in failure logs | \Skype for Business 2016\Microsoft Lync Feature Policies |
Allow storage of user passwords | \Skype for Business 2016\Microsoft Lync Feature Policies |
Specify server | \Skype for Business 2016\Microsoft Lync Feature Policies |
Additional server versions supported | \Skype for Business 2016\Microsoft Lync Feature Policies |
Disable server version check | \Skype for Business 2016\Microsoft Lync Feature Policies |
Device-specific ADMX for OneDrive
Name | Policy Pfad |
---|---|
Set the maximum size of a user’s OneDrive that can download automatically | \OneDrive |
Prevent users from redirecting their Windows known folders to their PC | \OneDrive |
Silently move Windows known folders to OneDrive | \OneDrive |
Use OneDrive Files On-Demand | \OneDrive |
Configure team site libraries to sync automatically | \OneDrive |
Silently sign in users to the OneDrive sync app with their Windows credentials | \OneDrive |
Require users to confirm large delete operations | \OneDrive |
Convert synced team site files to online-only files | \OneDrive |
Prevent users from moving their Windows known folders to OneDrive | \OneDrive |
Prevent users from syncing libraries and folders shared from other organizations | \OneDrive |
Block syncing OneDrive accounts for specific organizations | \OneDrive |
Prevent the sync app from generating network traffic until users sign in | \OneDrive |
Enable automatic upload bandwidth management for OneDrive | \OneDrive |
Block file downloads when users are low on disk space | \OneDrive |
Prompt users when they delete multiple OneDrive files on their local computer | \OneDrive |
Limit the sync app upload rate to a percentage of throughput | \OneDrive |
Specify the OneDrive location in a hybrid environment | \OneDrive |
Specify SharePoint Server URL and organization name | \OneDrive |
Allow OneDrive to disable Windows permission inheritance in folders synced read-only | \OneDrive |
Set the sync app update ring | \OneDrive |
Prompt users to move Windows known folders to OneDrive | \OneDrive |
Warn users who are low on disk space | \OneDrive |
Allow syncing OneDrive accounts for only specific organizations | \OneDrive |
Device-specific ADMX for power management
Name | Policy Pfad |
---|---|
Allow standby states (S1-S3) when sleeping (plugged in) | \System\Power Management\Sleep Settings |
Specify the system sleep timeout (plugged in) | \System\Power Management\Sleep Settings |
Specify the system sleep timeout (on battery) | \System\Power Management\Sleep Settings |
Require a password when a computer wakes (plugged in) | \System\Power Management\Sleep Settings |
Specify the system hibernate timeout (on battery) | \System\Power Management\Sleep Settings |
Allow standby states (S1-S3) when sleeping (on battery) | \System\Power Management\Sleep Settings |
Require a password when a computer wakes (on battery) | \System\Power Management\Sleep Settings |
Specify the system hibernate timeout (plugged in) | \System\Power Management\Sleep Settings |
Turn off the display (plugged in) | \System\Power Management\Video and Display Settings |
Turn off the display (on battery) | \System\Power Management\Video and Display Settings |
Device-specific ADMX for Remote Assistance
Name | Policy Pfad |
---|---|
Turn on session logging | \System\Remote Assistance |
Customize warning messages | \System\Remote Assistance |
Configure Offer Remote Assistance | \System\Remote Assistance |
Configure Solicited Remote Assistance | \System\Remote Assistance |
Device-specific ADMX for Remote Desktop Services
Name | Policy Pfad |
---|---|
Do not allow passwords to be saved | \Windows Components\Remote Desktop Services\Remote Desktop Connection Client |
Allow users to connect remotely by using Remote Desktop Services | \Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections |
Do not allow drive redirection | \Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection |
Always prompt for password upon connection | \Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security |
Set client connection encryption level | \Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security |
Require secure RPC communication | \Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security |
Device-specific ADMX for remote management
Name | Policy Pfad |
---|---|
Trusted Hosts | \Windows Components\Windows Remote Management (WinRM)\WinRM Client |
Disallow Negotiate authentication | \Windows Components\Windows Remote Management (WinRM)\WinRM Client |
Disallow Digest authentication | \Windows Components\Windows Remote Management (WinRM)\WinRM Client |
Allow unencrypted traffic | \Windows Components\Windows Remote Management (WinRM)\WinRM Client |
Allow CredSSP authentication | \Windows Components\Windows Remote Management (WinRM)\WinRM Client |
Allow Basic authentication | \Windows Components\Windows Remote Management (WinRM)\WinRM Client |
Specify channel binding token hardening level | \Windows Components\Windows Remote Management (WinRM)\WinRM Service |
Turn On Compatibility HTTP Listener | \Windows Components\Windows Remote Management (WinRM)\WinRM Service |
Allow unencrypted traffic | \Windows Components\Windows Remote Management (WinRM)\WinRM Service |
Disallow Negotiate authentication | \Windows Components\Windows Remote Management (WinRM)\WinRM Service |
Allow CredSSP authentication | \Windows Components\Windows Remote Management (WinRM)\WinRM Service |
Allow remote server management through WinRM | \Windows Components\Windows Remote Management (WinRM)\WinRM Service |
Allow Basic authentication | \Windows Components\Windows Remote Management (WinRM)\WinRM Service |
Turn On Compatibility HTTPS Listener | \Windows Components\Windows Remote Management (WinRM)\WinRM Service |
Disallow WinRM from storing RunAs credentials | \Windows Components\Windows Remote Management (WinRM)\WinRM Service |
Allow Remote Shell Access | \Windows Components\Windows Remote Shell |
MaxConcurrentUsers | \Windows Components\Windows Remote Shell |
Specify idle Timeout | \Windows Components\Windows Remote Shell |
Specify maximum number of remote shells per user | \Windows Components\Windows Remote Shell |
Specify maximum amount of memory in MB per Shell | \Windows Components\Windows Remote Shell |
Specify Shell Timeout | \Windows Components\Windows Remote Shell |
Specify maximum number of processes per Shell | \Windows Components\Windows Remote Shell |
Device-specific ADMX for RSS
Name | Policy Pfad |
---|---|
Prevent downloading of enclosures | \Windows Components\RSS Feeds |
Turn off background synchronization for feeds and Web Slices | \Windows Components\RSS Feeds |
Device-specific ADMX for security
Name | Policy Pfad |
---|---|
Prevent enabling lock screen slide show | \Control Panel\Personalization |
Prevent enabling lock screen camera | \Control Panel\Personalization |
Configure SMB v1 client driver | \MS Security Guide |
WDigest Authentication (disabling may require KB2871997) | \MS Security Guide |
Configure SMB v1 server | \MS Security Guide |
Enable Structured Exception Handling Overwrite Protection (SEHOP) | \MS Security Guide |
Apply UAC restrictions to local accounts on network logons | \MS Security Guide |
Turn on Windows Defender protection against Potentially Unwanted Applications (DEPRECATED) | \MS Security Guide |
Allow printers to be published | \Printers |
Point and Print Restrictions | \Printers |
Remote host allows delegation of non-exportable credentials | \System\Credentials Delegation |
Prevent device metadata retrieval from the Internet | \System\Device Installation |
Prevent installation of devices using drivers that match these device setup classes | \System\Device Installation\Device Installation Restrictions |
Allow installation of devices using drivers that match these device setup classes | \System\Device Installation\Device Installation Restrictions |
Prevent installation of devices not described by other policy settings | \System\Device Installation\Device Installation Restrictions |
Allow installation of devices that match any of these device IDs | \System\Device Installation\Device Installation Restrictions |
Prevent installation of devices that match any of these device IDs | \System\Device Installation\Device Installation Restrictions |
Boot-Start Driver Initialization Policy | \System\Early Launch Antimalware |
Do not allow Windows to activate Enhanced Storage devices | \System\Enhanced Storage Access |
Turn off downloading of print drivers over HTTP | \System\Internet Communication Management\Internet Communication settings |
Turn off Internet download for Web publishing and online ordering wizards | \System\Internet Communication Management\Internet Communication settings |
Turn off printing over HTTP | \System\Internet Communication Management\Internet Communication settings |
Fail authentication requests when Kerberos armoring is not available | \System\Kerberos |
Kerberos client support for claims, compound authentication and Kerberos armoring | \System\Kerberos |
Set maximum Kerberos SSPI context token buffer size | \System\Kerberos |
Require strict KDC validation | \System\Kerberos |
Use forest search order | \System\Kerberos |
Do not display network selection UI | \System\Logon |
Turn off app notifications on the lock screen | \System\Logon |
Turn off picture password sign-in | \System\Logon |
Turn on convenience PIN sign-in | \System\Logon |
Enumerate local users on domain-joined computers | \System\Logon |
Enable RPC Endpoint Mapper Client Authentication | \System\Remote Procedure Call |
Restrict Unauthenticated RPC clients | \System\Remote Procedure Call |
Enable svchost.exe mitigation options | \System\Service Control Manager Settings\Security Settings |
Turn off System Restore | \System\System Restore |
Approved Installation Sites for ActiveX Controls | \Windows Components\ActiveX Installer Service |
Allow Microsoft accounts to be optional | \Windows Components\App runtime |
Disallow Autoplay for non-volume devices | \Windows Components\AutoPlay Policies |
Turn off Autoplay | \Windows Components\AutoPlay Policies |
Set the default behavior for AutoRun | \Windows Components\AutoPlay Policies |
Enumerate administrator accounts on elevation | \Windows Components\Credential User Interface |
Do not display the password reveal button | \Windows Components\Credential User Interface |
Control Event Log behavior when the log file reaches its maximum size | \Windows Components\Event Log Service\Application |
Specify the maximum log file size (KB) | \Windows Components\Event Log Service\Application |
Specify the maximum log file size (KB) | \Windows Components\Event Log Service\Security |
Specify the maximum log file size (KB) | \Windows Components\Event Log Service\System |
Turn off Data Execution Prevention for Explorer | \Windows Components\File Explorer |
Turn off heap termination on corruption | \Windows Components\File Explorer |
Sign-in and lock last interactive user automatically after a restart | \Windows Components\Windows Logon Options |
Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot | \Windows Components\Windows Logon Options |
Turn on PowerShell Script Block Logging | \Windows Components\Windows PowerShell |
Translation notice
This article is a translation of the Infrastrukturhelden.de article “Gerätespezifische Administrativen Vorlagen in Intune (Version 2101)“. Links may refer to other Infrastrukturhelden.de articles, these may also be available in English language.
Also it can be, that I still use screenshots of German systems. However, where it is possible for me with little effort, I insert screenshots of English systems.
2 thoughts on “Device-specific administrative templates in Intune 2101”
Comments are closed.