├── .gitattributes
├── .gitignore
├── LGPO
├── LGPO.exe
├── LGPO.pdf
└── Microsoft Security Compliance Toolkit - Standalone Use Terms.pdf
├── PolicyAnalyzer
├── GPO2PolicyRules.exe
├── Microsoft Security Compliance Toolkit - Standalone Use Terms.pdf
└── Policy Analyzer.pdf
├── PolicyDefinitions
├── AVSValidationGP.admx
├── AccountNotifications.admx
├── ActiveXInstallService.admx
├── AddRemovePrograms.admx
├── AllowBuildPreview.admx
├── AppCompat.admx
├── AppHVSI.admx
├── AppPrivacy.admx
├── AppXRuntime.admx
├── AppxPackageManager.admx
├── AttachmentManager.admx
├── AuditSettings.admx
├── AutoPlay.admx
├── Biometrics.admx
├── Bits.admx
├── CEIPEnable.admx
├── COM.admx
├── Camera.admx
├── CipherSuiteOrder.admx
├── CloudContent.admx
├── Conf.admx
├── ControlPanel.admx
├── ControlPanelDisplay.admx
├── Cpls.admx
├── CredSsp.admx
├── CredUI.admx
├── CredentialProviders.admx
├── CtrlAltDel.admx
├── DCOM.admx
├── DFS.admx
├── DWM.admx
├── DataCollection.admx
├── DeliveryOptimization.admx
├── Desktop.admx
├── DesktopAppInstaller.admx
├── DeviceCompat.admx
├── DeviceCredential.admx
├── DeviceGuard.admx
├── DeviceInstallation.admx
├── DeviceSetup.admx
├── DigitalLocker.admx
├── DiskDiagnostic.admx
├── DiskNVCache.admx
├── DiskQuota.admx
├── Display.admx
├── DistributedLinkTracking.admx
├── DmaGuard.admx
├── DnsClient.admx
├── EAIME.admx
├── EarlyLaunchAM.admx
├── EdgeUI.admx
├── EncryptFilesonMove.admx
├── EnhancedStorage.admx
├── ErrorReporting.admx
├── EventForwarding.admx
├── EventLog.admx
├── EventLogging.admx
├── EventViewer.admx
├── ExploitGuard.admx
├── Explorer.admx
├── ExternalBoot.admx
├── FeedbackNotifications.admx
├── FileHistory.admx
├── FileRecovery.admx
├── FileRevocation.admx
├── FileServerVSSProvider.admx
├── FileSys.admx
├── FindMy.admx
├── FolderRedirection.admx
├── FramePanes.admx
├── GameDVR.admx
├── Globalization.admx
├── GroupPolicy.admx
├── Handwriting.admx
├── Help.admx
├── HelpAndSupport.admx
├── ICM.admx
├── IIS.admx
├── Kerberos.admx
├── LAPS.admx
├── LanmanServer.admx
├── LanmanWorkstation.admx
├── LeakDiagnostic.admx
├── LinkLayerTopologyDiscovery.admx
├── LocalSecurityAuthority.admx
├── LocationProviderAdm.admx
├── Logon.admx
├── MDM.admx
├── MMC.admx
├── MMCSnapins.admx
├── MSAPolicy.admx
├── MSDT.admx
├── MSI.admx
├── MSS-legacy.admx
├── MicrosoftEdge.admx
├── MobilePCMobilityCenter.admx
├── MobilePCPresentationSettings.admx
├── Msi-FileRecovery.admx
├── Multitasking.admx
├── NCSI.admx
├── Netlogon.admx
├── NetworkConnections.admx
├── NetworkIsolation.admx
├── NetworkProvider.admx
├── NewsAndInterests.admx
├── OOBE.admx
├── OSPolicy.admx
├── OfflineFiles.admx
├── P2P-pnrp.admx
├── Passport.admx
├── PeerToPeerCaching.admx
├── PenTraining.admx
├── PerformanceDiagnostics.admx
├── Power.admx
├── PowerShellExecutionPolicy.admx
├── PreviousVersions.admx
├── Printing.admx
├── Printing2.admx
├── Programs.admx
├── PushToInstall.admx
├── QOS.admx
├── RPC.admx
├── RacWmiProv.admx
├── Radar.admx
├── ReAgent.admx
├── Reliability.admx
├── RemoteAssistance.admx
├── RemovableStorage.admx
├── RestrictedTrafficCustomPolicy.admx
├── Scripts.admx
├── Search.admx
├── SecGuide.admx
├── Securitycenter.admx
├── Sensors.admx
├── ServerManager.admx
├── ServiceControlManager.admx
├── Servicing.admx
├── SettingSync.admx
├── Setup.admx
├── SharedFolders.admx
├── Sharing.admx
├── Shell-CommandPrompt-RegEditTools.admx
├── ShellWelcomeCenter.admx
├── Sidebar.admx
├── SkyDrive.admx
├── SmartScreen.admx
├── Smartcard.admx
├── Snmp.admx
├── SoundRec.admx
├── Speech.admx
├── StartMenu.admx
├── StorageHealth.admx
├── StorageSense.admx
├── SystemRestore.admx
├── TPM.admx
├── TabletPCInputPanel.admx
├── TabletShell.admx
├── TaskScheduler.admx
├── Taskbar.admx
├── TenantRestrictions.admx
├── TerminalServer.admx
├── TextInput.admx
├── Thumbnails.admx
├── TouchInput.admx
├── UserExperienceVirtualization.admx
├── UserProfiles.admx
├── VolumeEncryption.admx
├── W32Time.admx
├── WCM.admx
├── WDI.admx
├── WPN.admx
├── WebThreatDefense.admx
├── WinCal.admx
├── WinInit.admx
├── WinLogon.admx
├── WinMaps.admx
├── Windows.admx
├── WindowsAnytimeUpgrade.admx
├── WindowsBackup.admx
├── WindowsColorSystem.admx
├── WindowsConnectNow.admx
├── WindowsCopilot.admx
├── WindowsDefender.admx
├── WindowsDefenderSecurityCenter.admx
├── WindowsExplorer.admx
├── WindowsFileProtection.admx
├── WindowsFirewall.admx
├── WindowsInkWorkspace.admx
├── WindowsMediaDRM.admx
├── WindowsMediaPlayer.admx
├── WindowsMessenger.admx
├── WindowsProducts.admx
├── WindowsRemoteManagement.admx
├── WindowsRemoteShell.admx
├── WindowsSandbox.admx
├── WindowsStore.admx
├── WindowsUpdate.admx
├── Winsrv.admx
├── WirelessDisplay.admx
├── WordWheel.admx
├── WorkFolders-Client.admx
├── WorkplaceJoin.admx
├── appv.admx
├── en-US
│ ├── AVSValidationGP.adml
│ ├── AccountNotifications.adml
│ ├── ActiveXInstallService.adml
│ ├── AddRemovePrograms.adml
│ ├── AllowBuildPreview.adml
│ ├── AppCompat.adml
│ ├── AppHVSI.adml
│ ├── AppPrivacy.adml
│ ├── AppXRuntime.adml
│ ├── AppxPackageManager.adml
│ ├── AttachmentManager.adml
│ ├── AuditSettings.adml
│ ├── AutoPlay.adml
│ ├── Biometrics.adml
│ ├── Bits.adml
│ ├── CEIPEnable.adml
│ ├── COM.adml
│ ├── Camera.adml
│ ├── CipherSuiteOrder.adml
│ ├── CloudContent.adml
│ ├── Conf.adml
│ ├── ControlPanel.adml
│ ├── ControlPanelDisplay.adml
│ ├── Cpls.adml
│ ├── CredSsp.adml
│ ├── CredUI.adml
│ ├── CredentialProviders.adml
│ ├── CtrlAltDel.adml
│ ├── DCOM.adml
│ ├── DFS.adml
│ ├── DWM.adml
│ ├── DataCollection.adml
│ ├── DeliveryOptimization.adml
│ ├── Desktop.adml
│ ├── DesktopAppInstaller.adml
│ ├── DeviceCompat.adml
│ ├── DeviceCredential.adml
│ ├── DeviceGuard.adml
│ ├── DeviceInstallation.adml
│ ├── DeviceSetup.adml
│ ├── DigitalLocker.adml
│ ├── DiskDiagnostic.adml
│ ├── DiskNVCache.adml
│ ├── DiskQuota.adml
│ ├── Display.adml
│ ├── DistributedLinkTracking.adml
│ ├── DmaGuard.adml
│ ├── DnsClient.adml
│ ├── EAIME.adml
│ ├── EarlyLaunchAM.adml
│ ├── EdgeUI.adml
│ ├── EncryptFilesonMove.adml
│ ├── EnhancedStorage.adml
│ ├── ErrorReporting.adml
│ ├── EventForwarding.adml
│ ├── EventLog.adml
│ ├── EventLogging.adml
│ ├── EventViewer.adml
│ ├── ExploitGuard.adml
│ ├── Explorer.adml
│ ├── ExternalBoot.adml
│ ├── FeedbackNotifications.adml
│ ├── FileHistory.adml
│ ├── FileRecovery.adml
│ ├── FileRevocation.adml
│ ├── FileServerVSSProvider.adml
│ ├── FileSys.adml
│ ├── FindMy.adml
│ ├── FolderRedirection.adml
│ ├── FramePanes.adml
│ ├── GameDVR.adml
│ ├── Globalization.adml
│ ├── GroupPolicy.adml
│ ├── Handwriting.adml
│ ├── Help.adml
│ ├── HelpAndSupport.adml
│ ├── ICM.adml
│ ├── IIS.adml
│ ├── InetRes.adml
│ ├── KDC.adml
│ ├── Kerberos.adml
│ ├── LAPS.adml
│ ├── LanmanServer.adml
│ ├── LanmanWorkstation.adml
│ ├── LeakDiagnostic.adml
│ ├── LinkLayerTopologyDiscovery.adml
│ ├── LocalSecurityAuthority.adml
│ ├── LocationProviderAdm.adml
│ ├── Logon.adml
│ ├── MDM.adml
│ ├── MMC.adml
│ ├── MMCSnapins.adml
│ ├── MSAPolicy.adml
│ ├── MSDT.adml
│ ├── MSI.adml
│ ├── MSS-legacy.adml
│ ├── Messaging.adml
│ ├── MicrosoftEdge.adml
│ ├── MobilePCMobilityCenter.adml
│ ├── MobilePCPresentationSettings.adml
│ ├── Msi-FileRecovery.adml
│ ├── Multitasking.adml
│ ├── NCSI.adml
│ ├── Netlogon.adml
│ ├── NetworkConnections.adml
│ ├── NetworkIsolation.adml
│ ├── NetworkProvider.adml
│ ├── NewsAndInterests.adml
│ ├── OOBE.adml
│ ├── OSPolicy.adml
│ ├── OfflineFiles.adml
│ ├── P2P-pnrp.adml
│ ├── Passport.adml
│ ├── PeerToPeerCaching.adml
│ ├── PenTraining.adml
│ ├── PerformanceDiagnostics.adml
│ ├── Power.adml
│ ├── PowerShellExecutionPolicy.adml
│ ├── PreviousVersions.adml
│ ├── Printing.adml
│ ├── Printing2.adml
│ ├── Programs.adml
│ ├── PushToInstall.adml
│ ├── QOS.adml
│ ├── RPC.adml
│ ├── RacWmiProv.adml
│ ├── Radar.adml
│ ├── ReAgent.adml
│ ├── Reliability.adml
│ ├── RemoteAssistance.adml
│ ├── RemovableStorage.adml
│ ├── RestrictedTrafficCustomPolicy.adml
│ ├── Scripts.adml
│ ├── Search.adml
│ ├── SearchOCR.adml
│ ├── SecGuide.adml
│ ├── Securitycenter.adml
│ ├── Sensors.adml
│ ├── ServerManager.adml
│ ├── ServiceControlManager.adml
│ ├── Servicing.adml
│ ├── SettingSync.adml
│ ├── Setup.adml
│ ├── SharedFolders.adml
│ ├── Sharing.adml
│ ├── Shell-CommandPrompt-RegEditTools.adml
│ ├── ShellWelcomeCenter.adml
│ ├── Sidebar.adml
│ ├── SkyDrive.adml
│ ├── SmartScreen.adml
│ ├── Smartcard.adml
│ ├── Snmp.adml
│ ├── SoundRec.adml
│ ├── Speech.adml
│ ├── StartMenu.adml
│ ├── StorageHealth.adml
│ ├── StorageSense.adml
│ ├── SystemRestore.adml
│ ├── TPM.adml
│ ├── TabletPCInputPanel.adml
│ ├── TabletShell.adml
│ ├── TaskScheduler.adml
│ ├── Taskbar.adml
│ ├── TenantRestrictions.adml
│ ├── TerminalServer.adml
│ ├── TextInput.adml
│ ├── Thumbnails.adml
│ ├── TouchInput.adml
│ ├── UserExperienceVirtualization.adml
│ ├── UserProfiles.adml
│ ├── VolumeEncryption.adml
│ ├── W32Time.adml
│ ├── WCM.adml
│ ├── WDI.adml
│ ├── WPN.adml
│ ├── WebThreatDefense.adml
│ ├── WinCal.adml
│ ├── WinInit.adml
│ ├── WinLogon.adml
│ ├── WinMaps.adml
│ ├── Windows.adml
│ ├── WindowsAnytimeUpgrade.adml
│ ├── WindowsBackup.adml
│ ├── WindowsColorSystem.adml
│ ├── WindowsConnectNow.adml
│ ├── WindowsCopilot.adml
│ ├── WindowsDefender.adml
│ ├── WindowsDefenderSecurityCenter.adml
│ ├── WindowsExplorer.adml
│ ├── WindowsFileProtection.adml
│ ├── WindowsFirewall.adml
│ ├── WindowsInkWorkspace.adml
│ ├── WindowsMediaDRM.adml
│ ├── WindowsMediaPlayer.adml
│ ├── WindowsMessenger.adml
│ ├── WindowsProducts.adml
│ ├── WindowsRemoteManagement.adml
│ ├── WindowsRemoteShell.adml
│ ├── WindowsSandbox.adml
│ ├── WindowsStore.adml
│ ├── WindowsUpdate.adml
│ ├── Winsrv.adml
│ ├── WirelessDisplay.adml
│ ├── WordWheel.adml
│ ├── WorkFolders-Client.adml
│ ├── WorkplaceJoin.adml
│ ├── appv.adml
│ ├── filtermanager.adml
│ ├── firefox.adml
│ ├── fthsvc.adml
│ ├── hotspotauth.adml
│ ├── iSCSI.adml
│ ├── mozilla.adml
│ ├── msched.adml
│ ├── msedge.adml
│ ├── msedgeupdate.adml
│ ├── msedgewebview2.adml
│ ├── nca.adml
│ ├── pca.adml
│ ├── refs.adml
│ ├── sam.adml
│ ├── sdiageng.adml
│ ├── sdiagschd.adml
│ ├── srm-fci.adml
│ ├── tcpip.adml
│ ├── wlansvc.adml
│ └── wwansvc.adml
├── filtermanager.admx
├── firefox.admx
├── fthsvc.admx
├── hotspotauth.admx
├── iSCSI.admx
├── inetres.admx
├── kdc.admx
├── messaging.admx
├── mozilla.admx
├── msched.admx
├── msedge.admx
├── msedgeupdate.admx
├── msedgewebview2.admx
├── nca.admx
├── pca.admx
├── refs.admx
├── sam.admx
├── sdiageng.admx
├── sdiagschd.admx
├── srm-fci.admx
├── tcpip.admx
├── wlansvc.admx
└── wwansvc.admx
├── PolicyRules
├── MSFT-Edge.PolicyRules
├── MSFT-RTLFB.PolicyRules
├── MSFT-Win11.PolicyRules
├── Win11-CleanInstall.PolicyRules
└── Win11.PolicyRules
├── README.md
├── install.cmd
├── savelocal.cmd
└── savewin11.cmd
/.gitattributes:
--------------------------------------------------------------------------------
1 | Camera.adm[xl] -text working-tree-encoding=UTF-16
2 | msedge*.adm[xl] -text working-tree-encoding=UTF-16
3 | Search.admx -text working-tree-encoding=UTF-16
4 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | /PolicyAnalyzer*/*
2 | !/PolicyAnalyzer*/GPO2PolicyRules.exe
3 | !/PolicyAnalyzer*/*.pdf
4 | /PolicyRules/*-Local.PolicyRules
5 | /Temp/
6 | /*.zip
7 | /map.cmd
8 |
--------------------------------------------------------------------------------
/LGPO/LGPO.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mxk/windows-secure-group-policy/a5190344cea4924741f729c8a43fa7f5baba247b/LGPO/LGPO.exe
--------------------------------------------------------------------------------
/LGPO/LGPO.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mxk/windows-secure-group-policy/a5190344cea4924741f729c8a43fa7f5baba247b/LGPO/LGPO.pdf
--------------------------------------------------------------------------------
/LGPO/Microsoft Security Compliance Toolkit - Standalone Use Terms.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mxk/windows-secure-group-policy/a5190344cea4924741f729c8a43fa7f5baba247b/LGPO/Microsoft Security Compliance Toolkit - Standalone Use Terms.pdf
--------------------------------------------------------------------------------
/PolicyAnalyzer/GPO2PolicyRules.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mxk/windows-secure-group-policy/a5190344cea4924741f729c8a43fa7f5baba247b/PolicyAnalyzer/GPO2PolicyRules.exe
--------------------------------------------------------------------------------
/PolicyAnalyzer/Microsoft Security Compliance Toolkit - Standalone Use Terms.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mxk/windows-secure-group-policy/a5190344cea4924741f729c8a43fa7f5baba247b/PolicyAnalyzer/Microsoft Security Compliance Toolkit - Standalone Use Terms.pdf
--------------------------------------------------------------------------------
/PolicyAnalyzer/Policy Analyzer.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mxk/windows-secure-group-policy/a5190344cea4924741f729c8a43fa7f5baba247b/PolicyAnalyzer/Policy Analyzer.pdf
--------------------------------------------------------------------------------
/PolicyDefinitions/AccountNotifications.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/PolicyDefinitions/AllowBuildPreview.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
--------------------------------------------------------------------------------
/PolicyDefinitions/AuditSettings.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/PolicyDefinitions/CEIPEnable.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
--------------------------------------------------------------------------------
/PolicyDefinitions/COM.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/PolicyDefinitions/Camera.admx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mxk/windows-secure-group-policy/a5190344cea4924741f729c8a43fa7f5baba247b/PolicyDefinitions/Camera.admx
--------------------------------------------------------------------------------
/PolicyDefinitions/CipherSuiteOrder.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
--------------------------------------------------------------------------------
/PolicyDefinitions/Cpls.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/PolicyDefinitions/CtrlAltDel.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
--------------------------------------------------------------------------------
/PolicyDefinitions/DFS.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/PolicyDefinitions/DeviceCompat.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
--------------------------------------------------------------------------------
/PolicyDefinitions/DeviceCredential.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
--------------------------------------------------------------------------------
/PolicyDefinitions/DigitalLocker.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
--------------------------------------------------------------------------------
/PolicyDefinitions/DistributedLinkTracking.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/PolicyDefinitions/EarlyLaunchAM.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
--------------------------------------------------------------------------------
/PolicyDefinitions/EncryptFilesonMove.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/PolicyDefinitions/EventForwarding.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
--------------------------------------------------------------------------------
/PolicyDefinitions/EventLogging.admx:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
--------------------------------------------------------------------------------
/PolicyDefinitions/ExploitGuard.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/PolicyDefinitions/FeedbackNotifications.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
--------------------------------------------------------------------------------
/PolicyDefinitions/FileHistory.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/PolicyDefinitions/FileRecovery.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
--------------------------------------------------------------------------------
/PolicyDefinitions/FileRevocation.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
10 |
11 |
12 |
16 |
20 |
21 |
22 |
23 |
24 |
25 |
29 |
30 |
31 |
32 |
33 |
34 |
42 |
43 |
44 |
45 |
49 |
50 |
51 |
52 |
--------------------------------------------------------------------------------
/PolicyDefinitions/FileServerVSSProvider.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/PolicyDefinitions/FindMy.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
--------------------------------------------------------------------------------
/PolicyDefinitions/FramePanes.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
--------------------------------------------------------------------------------
/PolicyDefinitions/GameDVR.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
--------------------------------------------------------------------------------
/PolicyDefinitions/Handwriting.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/PolicyDefinitions/IIS.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/PolicyDefinitions/LocationProviderAdm.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
--------------------------------------------------------------------------------
/PolicyDefinitions/MSAPolicy.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
--------------------------------------------------------------------------------
/PolicyDefinitions/MobilePCMobilityCenter.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
--------------------------------------------------------------------------------
/PolicyDefinitions/MobilePCPresentationSettings.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
--------------------------------------------------------------------------------
/PolicyDefinitions/Msi-FileRecovery.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
--------------------------------------------------------------------------------
/PolicyDefinitions/Multitasking.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
--------------------------------------------------------------------------------
/PolicyDefinitions/NetworkProvider.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/PolicyDefinitions/NewsAndInterests.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/PolicyDefinitions/OOBE.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
--------------------------------------------------------------------------------
/PolicyDefinitions/PenTraining.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
--------------------------------------------------------------------------------
/PolicyDefinitions/PushToInstall.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
--------------------------------------------------------------------------------
/PolicyDefinitions/RacWmiProv.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/PolicyDefinitions/Radar.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
--------------------------------------------------------------------------------
/PolicyDefinitions/ReAgent.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/PolicyDefinitions/Search.admx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mxk/windows-secure-group-policy/a5190344cea4924741f729c8a43fa7f5baba247b/PolicyDefinitions/Search.admx
--------------------------------------------------------------------------------
/PolicyDefinitions/Securitycenter.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/PolicyDefinitions/ServiceControlManager.admx:
--------------------------------------------------------------------------------
1 |
2 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
--------------------------------------------------------------------------------
/PolicyDefinitions/Servicing.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
--------------------------------------------------------------------------------
/PolicyDefinitions/Setup.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/PolicyDefinitions/SharedFolders.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
--------------------------------------------------------------------------------
/PolicyDefinitions/Sharing.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
--------------------------------------------------------------------------------
/PolicyDefinitions/ShellWelcomeCenter.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
--------------------------------------------------------------------------------
/PolicyDefinitions/SoundRec.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
--------------------------------------------------------------------------------
/PolicyDefinitions/Speech.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
--------------------------------------------------------------------------------
/PolicyDefinitions/StorageHealth.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
--------------------------------------------------------------------------------
/PolicyDefinitions/SystemRestore.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
--------------------------------------------------------------------------------
/PolicyDefinitions/TenantRestrictions.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
--------------------------------------------------------------------------------
/PolicyDefinitions/TextInput.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
--------------------------------------------------------------------------------
/PolicyDefinitions/WinCal.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
--------------------------------------------------------------------------------
/PolicyDefinitions/WinMaps.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
--------------------------------------------------------------------------------
/PolicyDefinitions/WindowsAnytimeUpgrade.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/PolicyDefinitions/WindowsColorSystem.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
--------------------------------------------------------------------------------
/PolicyDefinitions/WindowsCopilot.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/PolicyDefinitions/WindowsMediaDRM.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/PolicyDefinitions/Winsrv.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/PolicyDefinitions/WordWheel.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
--------------------------------------------------------------------------------
/PolicyDefinitions/WorkplaceJoin.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/AVSValidationGP.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 | Licensing Group Policy
4 | Licensing Group Policy
5 |
6 |
7 | Turn off KMS Client Online AVS Validation
8 |
9 | This policy setting lets you opt-out of sending KMS client activation data to Microsoft automatically. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state.
10 | If you disable or do not configure this policy setting, KMS client activation data will be sent to Microsoft services when this device activates.
11 | Policy Options:
12 | - Not Configured (default -- data will be automatically sent to Microsoft)
13 | - Disabled (data will be automatically sent to Microsoft)
14 | - Enabled (data will not be sent to Microsoft)
15 |
16 | Control Device Reactivation for Retail devices
17 |
18 | This policy setting controls whether OS Reactivation is blocked on a device.
19 | Policy Options:
20 | - Not Configured (default -- Windows registration and reactivation is allowed)
21 | - Disabled (Windows registration and reactivation is not allowed)
22 | - Enabled (Windows registration is allowed)
23 |
24 | Software Protection Platform
25 |
26 |
27 |
28 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/AccountNotifications.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Account Notifications
9 | Turn off account notifications in Start
10 |
11 | This policy allows you to prevent Windows from displaying notifications to Microsoft account (MSA) and local users in Start (user tile).
12 |
13 | Notifications include getting users to: reauthenticate; backup their device; manage cloud storage quotas as well as manage their Microsoft 365 or XBOX subscription.
14 |
15 | If you enable this policy setting, Windows will not send account related notifications for local and MSA users to the user tile in Start.
16 |
17 | If you disable or do not configure this policy setting, Windows will send account related notifications for local and MSA users to the user tile in Start.
18 |
19 | No reboots or service restarts are required for this policy setting to take effect.
20 |
21 |
22 |
23 |
24 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/AllowBuildPreview.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Toggle user control over Insider builds
9 | This policy setting determines whether users can get preview builds of Windows, by configuring controls in Settings > Update and security > Windows Insider Program.
10 |
11 | If you enable or do not configure this policy setting, users can download and install preview builds of Windows by configuring Windows Insider Program settings.
12 |
13 | If you disable this policy setting, Windows Insider Program settings will be unavailable to users through the Settings app.
14 |
15 | This policy is only supported up to Windows 10, Version 1703. Please use 'Manage preview builds' under 'Windows Update for Business' for newer Windows 10 versions.
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/AuditSettings.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Audit Process Creation
5 | Configuration settings for auditing process creation.
6 |
7 |
8 | Audit Process Creation
9 | Include command line in process creation events
10 | This policy setting determines what information is logged in security audit events when a new process has been created.
11 |
12 | This setting only applies when the Audit Process Creation policy is enabled. If you enable this policy setting the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied.
13 |
14 | If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events.
15 |
16 | Default: Not configured
17 |
18 | Note: When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information such as passwords or user data.
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/CEIPEnable.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Windows Customer Experience Improvement Program
9 | Allow Corporate redirection of Customer Experience Improvement uploads
10 | If you enable this setting all Customer Experience Improvement Program uploads are redirected to Microsoft Operations Manager server.
11 |
12 | If you disable this setting uploads are not redirected to a Microsoft Operations Manager server.
13 |
14 | If you do not configure this setting uploads are not redirected to a Microsoft Operations Manager server.
15 | Tag Windows Customer Experience Improvement data with Study Identifier
16 | This policy setting will enable tagging of Windows Customer Experience Improvement data when a study is being conducted.
17 |
18 | If you enable this setting then Windows CEIP data uploaded will be tagged.
19 |
20 | If you do not configure this setting or disable it, then CEIP data will not be tagged with the Study Identifier.
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 | Study Identifier:
31 |
32 |
33 |
34 |
35 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/COM.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Download missing COM components
9 | This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.
10 |
11 | Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM components. These programs cannot perform all their functions unless Windows has internally registered the required components.
12 |
13 | If you enable this policy setting and a component registration is missing, the system searches for it in Active Directory and, if it is found, downloads it. The resulting searches might make some programs start or run slowly.
14 |
15 | If you disable or do not configure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it might stop.
16 |
17 | This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
18 |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/Camera.adml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mxk/windows-secure-group-policy/a5190344cea4924741f729c8a43fa7f5baba247b/PolicyDefinitions/en-US/Camera.adml
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/Cpls.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | User Accounts
9 | Contains settings to control the behavior of User Accounts
10 | Apply the default account picture to all users
11 | This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.
12 |
13 | Note: The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist, an empty frame is displayed.
14 |
15 | If you enable this policy setting, the default user account picture will display for all users on the system with no customization allowed.
16 |
17 | If you disable or do not configure this policy setting, users will be able to customize their account pictures.
18 |
19 |
20 |
21 |
22 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/DFS.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Configure how often a DFS client discovers domain controllers
9 | This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network. By default, a DFS client attempts to discover domain controllers every 15 minutes.
10 |
11 | If you enable this policy setting, you can configure how often a DFS client attempts to discover domain controllers. This value is specified in minutes.
12 |
13 | If you disable or do not configure this policy setting, the default value of 15 minutes applies.
14 |
15 | Note: The minimum value you can select is 15 minutes. If you try to set this setting to a value less than 15 minutes, the default value of 15 minutes is applied.
16 |
17 |
18 |
19 | Time in minutes:
20 |
21 |
22 |
23 |
24 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/DeviceCompat.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Device and Driver Compatibility
9 | Device compatibility settings
10 | Driver compatibility settings
11 | Changes behavior of Microsoft bus drivers to work with specific devices.
12 | Changes behavior of 3rd-party drivers to work around incompatibilities introduced between OS versions.
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/DeviceCredential.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Microsoft Secondary Authentication Factor
5 | Configuration for Microsoft Microsoft Secondary Authentication Factor
6 |
7 |
8 | Microsoft Secondary Authentication Factor
9 | Allow companion device for secondary authentication
10 | This policy allows users to use a companion device, such as a phone, fitness band, or IoT device, to sign on to a desktop computer running Windows 10. The companion device provides a second factor of authentication with Windows Hello.
11 |
12 | If you enable or do not configure this policy setting, users can authenticate to Windows Hello using a companion device.
13 |
14 | If you disable this policy, users cannot use a companion device to authenticate with Windows Hello.
15 |
16 |
17 |
18 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/DigitalLocker.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Do not allow Digital Locker to run
9 | Specifies whether Digital Locker can run.
10 |
11 | Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.
12 |
13 | If you enable this setting, Digital Locker will not run.
14 |
15 | If you disable or do not configure this setting, Digital Locker can be run.
16 | Digital Locker
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/DistributedLinkTracking.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Allow Distributed Link Tracking clients to use domain resources
9 | Specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on domain controllers. The DLT client enables programs to track linked files that are moved within an NTFS volume, to another NTFS volume on the same computer, or to an NTFS volume on another computer. The DLT client can more reliably track links when allowed to use the DLT server. This policy should not be set unless the DLT server is running on all domain controllers in the domain.
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/DmaGuard.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Kernel DMA Protection
5 | This file contains the configuration options for Kernel DMA Protection
6 |
7 |
8 |
9 | Kernel DMA Protection
10 | Policies for configuring Kernel DMA Protection
11 | Enumeration policy for external devices incompatible with Kernel DMA Protection
12 | Enumeration policy for external DMA-capable devices incompatible with DMA remapping. This policy only takes effect when Kernel DMA Protection is enabled and supported by the system. Note: this policy does not apply to 1394, PCMCIA or ExpressCard devices.
13 | Allow all
14 | Only while logged in (default)
15 | Block all
16 |
17 |
18 |
19 |
20 | Enumeration policy
21 |
22 |
23 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/EncryptFilesonMove.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Do not automatically encrypt files moved to encrypted folders
9 | This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder.
10 |
11 | If you enable this policy setting, File Explorer will not automatically encrypt files that are moved to an encrypted folder.
12 |
13 | If you disable or do not configure this policy setting, File Explorer automatically encrypts files that are moved to an encrypted folder.
14 |
15 | This setting applies only to files moved within a volume. When files are moved to other volumes, or if you create a new file in an encrypted folder, File Explorer encrypts those files automatically.
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/FeedbackNotifications.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Do not show feedback notifications
9 | This policy setting allows an organization to prevent its devices from showing feedback questions from Microsoft.
10 |
11 | If you enable this policy setting, users will no longer see feedback notifications through the Windows Feedback app.
12 |
13 | If you disable or do not configure this policy setting, users may see notifications through the Windows Feedback app asking users for feedback.
14 |
15 | Note: If you disable or do not configure this policy setting, users can control how often they receive feedback questions.
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/FileHistory.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | File History
5 | File History
6 |
7 |
8 | File History
9 | Turn off File History
10 | This policy setting allows you to turn off File History.
11 |
12 | If you enable this policy setting, File History cannot be activated to create regular, automatic backups.
13 |
14 | If you disable or do not configure this policy setting, File History can be activated to create regular, automatic backups.
15 |
16 |
17 |
18 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/FileServerVSSProvider.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 |
9 | File Share Shadow Copy Provider
10 |
11 |
12 | Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers.
13 | Determines whether the RPC protocol messagese used by VSS for SMB2 File Shares feature is enabled.
14 |
15 | VSS for SMB2 File Shares feature enables VSS aware backup applications to perform application consistent backup and restore of VSS aware applications storing data on SMB2 File Shares.
16 |
17 | By default, the RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted.
18 |
19 | Note: To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service .
20 |
21 |
22 |
23 |
24 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/FindMy.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Find My Device
5 | Configuration for FindMyDevice
6 |
7 |
8 | Find My Device
9 | Turn On/Off Find My Device
10 | This policy turns on Find My Device.
11 |
12 | When Find My Device is on, the device and its location are registered in the cloud so that the device can be located when the user initiates a Find command from account.microsoft.com. On devices that are compatible with active digitizers, enabling Find My Device will also allow the user to view the last location of use of their active digitizer on their device; this location is stored locally on the user's device after each use of their active digitizer.
13 |
14 | When Find My Device is off, the device and its location are not registered and the Find My Device feature will not work.The user will also not be able to view the location of the last use of their active digitizer on their device.
15 |
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/FramePanes.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Explorer Frame Pane
9 | Turn on or off details pane
10 | Always show
11 | Always hide
12 | This policy setting shows or hides the Details Pane in File Explorer.
13 |
14 | If you enable this policy setting and configure it to hide the pane, the Details Pane in File Explorer is hidden and cannot be turned on by the user.
15 |
16 | If you enable this policy setting and configure it to show the pane, the Details Pane is always visible and cannot be hidden by the user. Note: This has a side effect of not being able to toggle to the Preview Pane since the two cannot be displayed at the same time.
17 |
18 | If you disable, or do not configure this policy setting, the Details Pane is hidden by default and can be displayed by the user. This is the default policy setting.
19 |
20 | Turn off Preview Pane
21 | Hides the Preview Pane in File Explorer.
22 |
23 | If you enable this policy setting, the Preview Pane in File Explorer is hidden and cannot be turned on by the user.
24 |
25 | If you disable, or do not configure this setting, the Preview Pane is hidden by default and can be displayed by the user.
26 |
27 |
28 |
29 |
30 | Configure details pane
31 |
32 |
33 |
34 |
35 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/GameDVR.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 | Windows Game Recording and Broadcasting
4 | Manages the Windows Game Recording and Broadcasting states
5 |
6 |
7 | Windows Game Recording and Broadcasting
8 | Manages the Windows Game Recording and Broadcasting states
9 | Enables or disables Windows Game Recording and Broadcasting
10 | Windows 10
11 |
12 | Windows Game Recording and Broadcasting.
13 |
14 | This setting enables or disables the Windows Game Recording and Broadcasting features. If you disable this setting, Windows Game Recording will not be allowed.
15 | If the setting is enabled or not configured, then Recording and Broadcasting (streaming) will be allowed.
16 |
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/Handwriting.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Windows Ink Workspace
5 | Windows Ink Workspace
6 |
7 |
8 | Handwriting
9 | Handwriting Panel Default Mode Docked
10 | The handwriting panel has 2 modes - floats near the text box, or, attached to the bottom of the screen. Default is floating near text box. If you want the panel to be fixed, use this policy to fix it to the bottom.
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/IIS.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Internet Information Services
9 | Prevent IIS installation
10 | "This policy setting prevents installation of Internet Information Services (IIS) on this computer. If you enable this policy setting, Internet Information Services (IIS) cannot be installed, and you will not be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS cannot be installed because of this Group Policy setting. Enabling this setting will not have any effect on IIS if IIS is already installed on the computer. If you disable or do not configure this policy setting, IIS can be installed, as well as all the programs and applications that require IIS to run."
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/LeakDiagnostic.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Windows Memory Leak Diagnosis
9 | Configure Scenario Execution Level
10 | This policy setting determines whether Diagnostic Policy Service (DPS) diagnoses memory leak problems.
11 |
12 | If you enable or do not configure this policy setting, the DPS enables Windows Memory Leak Diagnosis by default.
13 |
14 | If you disable this policy setting, the DPS is not able to diagnose memory leak problems.
15 |
16 | This policy setting takes effect only under the following conditions:
17 | -- If the diagnostics-wide scenario execution policy is not configured.
18 | -- When the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed.
19 |
20 | Note: The DPS can be configured with the Services snap-in to the Microsoft Management Console.
21 |
22 | No operating system restart or service restart is required for this policy to take effect. Changes take effect immediately.
23 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/LocationProviderAdm.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Turn off Windows Location Provider
9 |
10 | This policy setting turns off the Windows Location Provider feature for this computer.
11 |
12 | If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer will not be able to use the Windows Location Provider feature.
13 |
14 | If you disable or do not configure this policy setting, all programs on this computer can use the Windows Location Provider feature.
15 | Windows Location Provider
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/Messaging.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Messaging Service Group Policy Settings
5 | Messaging Service Group Policy Settings
6 |
7 |
8 | Messaging
9 | Allow Message Service Cloud Sync
10 | This policy setting allows backup and restore of cellular text messages to Microsoft's cloud services.
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/MobilePCMobilityCenter.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Windows Mobility Center
9 | Turn off Windows Mobility Center
10 | This policy setting turns off Windows Mobility Center.
11 |
12 | If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points and the .exe file does not launch it.
13 |
14 | If you disable this policy setting, the user is able to invoke Windows Mobility Center and the .exe file launches it.
15 |
16 | If you do not configure this policy setting, Windows Mobility Center is on by default.
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/MobilePCPresentationSettings.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Presentation Settings
9 | Turn off Windows presentation settings
10 | This policy setting turns off Windows presentation settings.
11 |
12 | If you enable this policy setting, Windows presentation settings cannot be invoked.
13 |
14 | If you disable this policy setting, Windows presentation settings can be invoked. The presentation settings icon will be displayed in the notification area. This will give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking, adjust speaker volume, and apply a custom background image.
15 |
16 | Note: Users will be able to customize their system settings for presentations in Windows Mobility Center.
17 |
18 | If you do not configure this policy setting, Windows presentation settings can be invoked.
19 |
20 |
21 |
22 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/Multitasking.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 | Multitasking
4 | Manages the Windows Multitasking options
5 |
6 |
7 | Multitasking
8 | Manages the Windows Multitasking options
9 | Configure the inclusion of app tabs into Alt-Tab
10 | This setting controls the inclusion of app tabs into Alt+Tab.
11 |
12 | This can be set to show the most recent 3, 5 or 20 tabs, or no tabs from apps.
13 |
14 | If this is set to show "Open windows only", the whole feature will be disabled.
15 |
16 | Open windows and 20 most recent tabs in apps
17 | Open windows and 5 most recent tabs in apps
18 | Open windows and 3 most recent tabs in apps
19 | Open windows only
20 |
21 |
22 |
23 | Pressing Alt + Tab shows
24 |
25 |
26 |
27 |
28 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/NewsAndInterests.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Widgets
9 | Allow widgets
10 | This policy specifies whether the widgets feature is allowed on the device.
11 | Widgets will be turned on by default unless you change this in your settings.
12 | If you turned this feature on before, it will stay on automatically unless you turn it off.
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/OOBE.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | OOBE Group Policies
5 | Policies defined to manage OOBE settings via Group Policy Management services.
6 |
7 |
8 | OOBE
9 | Configure certain OOBE-related settings
10 |
11 | Don't launch privacy settings experience on user logon
12 | When logging into a new user account for the first time or after an upgrade in some scenarios, that user may be presented with a screen or series of screens that prompts the user to choose privacy settings for their account. Enable this policy to prevent this experience from launching.
13 |
14 | If this policy is enabled, the privacy experience will not launch for newly-created user accounts or for accounts that would have been prompted to choose their privacy settings after an upgrade.
15 |
16 | If this policy is disabled or not configured, then the privacy experience may launch for newly-created user accounts or for accounts that should be prompted to choose their privacy settings after an upgrade.
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/PenTraining.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Tablet PC Pen Training
9 | Turn off Tablet PC Pen Training
10 | Turns off Tablet PC Pen Training.
11 |
12 | If you enable this policy setting, users cannot open Tablet PC Pen Training.
13 |
14 | If you disable or do not configure this policy setting, users can open Tablet PC Pen Training.
15 | Turns off Tablet PC Pen Training.
16 |
17 | If you enable this policy setting, users cannot open Tablet PC Pen Training.
18 |
19 | If you disable or do not configure this policy setting, users can open Tablet PC Pen Training.
20 |
21 |
22 |
23 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/PushToInstall.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 | Push To Install Policy
4 | Push To Install Policy
5 |
6 |
7 | Push To Install
8 | Turn off Push To Install service
9 | If you enable this setting, users will not be able to push Apps to this device from the Microsoft Store running on other devices or the web.
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/RacWmiProv.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Reliability Analysis Component
5 | Reliability Analysis Component
6 |
7 |
8 | Windows Reliability Analysis
9 | Configure Reliability WMI Providers
10 | This policy setting allows the Windows Management Instrumentation (WMI) providers Win32_ReliabilityStabilitymetrics and Win32_ReliabilityRecords to provide data to Reliability Monitor in the Security and Maintenance control panel, and to respond to WMI requests.
11 |
12 | If you enable or do not configure this policy setting, the listed providers will respond to WMI queries, and Reliability Monitor will display system reliability information.
13 |
14 | If you disable this policy setting, Reliability Monitor will not display system reliability information, and WMI-capable applications will be unable to access reliability information from the listed providers.
15 |
16 |
17 |
18 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/ReAgent.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Recovery
5 | Recovery
6 |
7 |
8 | Recovery
9 | Allow restore of system to default state
10 | Requirements: Windows 7
11 | Description: This policy setting controls whether users can access the options in Recovery (in Control Panel) to restore the computer to the original state or from a user-created system image.
12 |
13 | If you enable or do not configure this policy setting, the items "Use a system image you created earlier to recover your computer" and "Reinstall Windows" (or "Return your computer to factory condition") appears on the "Advanced recovery methods" page of Recovery (in Control Panel) and will allow the user to restore the computer to the original state or from a user-created system image. This is the default setting.
14 |
15 | If you disable this policy setting, the items "Use a system image you created earlier to recover your computer" and "Reinstall Windows" (or "Return your computer to factory condition") in Recovery (in Control Panel) will be unavailable. However, with this policy setting disabled, users can still restore the computer to the original state or from a user-created system image by restarting the computer and accessing the System Recovery Options menu, if it is available.
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/ServiceControlManager.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Service Control Manager Settings
9 | Security Settings
10 | Enable svchost.exe mitigation options
11 | This policy setting enables process mitigation options on svchost.exe processes.
12 |
13 | If you enable this policy setting, built-in system services hosted in svchost.exe processes will have stricter security policies enabled on them.
14 |
15 | This includes a policy requiring all binaries loaded in these processes to be signed by microsoft, as well as a policy disallowing dynamically-generated code.
16 |
17 | If you disable or do not configure this policy setting, these stricter security settings will not be applied.
18 |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/Setup.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Specify Windows Service Pack installation file location
9 | Specifies an alternate location for Windows Service Pack installation files.
10 |
11 | If you enable this policy setting, enter the fully qualified path to the new location in the "Windows Service Pack Setup file path" box.
12 |
13 | If you disable or do not configure this policy setting, the Windows Service Pack Setup source path will be the location used during the last time Windows Service Pack Setup was run on the system.
14 |
15 |
16 | Specify Windows installation file location
17 | Specifies an alternate location for Windows installation files.
18 |
19 | If you enable this policy setting, enter the fully qualified path to the new location in the "Windows Setup file path" box.
20 |
21 | If you disable or do not configure this policy setting, the Windows Setup source path will be the location used during the last time Windows Setup was run on the system.
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/SharedFolders.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Allow DFS roots to be published
9 | This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS).
10 |
11 | If you enable or do not configure this policy setting, users can use the "Publish in Active Directory" option to publish DFS roots as shared folders in AD DS .
12 |
13 | If you disable this policy setting, users cannot publish DFS roots in AD DS and the "Publish in Active Directory" option is disabled. Note: The default is to allow shared folders to be published when this setting is not configured.
14 | Allow shared folders to be published
15 | This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS).
16 |
17 | If you enable or do not configure this policy setting, users can use the "Publish in Active Directory" option in the Shared Folders snap-in to publish shared folders in AD DS.
18 |
19 | If you disable this policy setting, users cannot publish shared folders in AD DS, and the "Publish in Active Directory" option is disabled. Note: The default is to allow shared folders to be published when this setting is not configured.
20 |
21 |
22 |
23 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/ShellWelcomeCenter.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Do not display the Welcome Center at user logon
9 | This policy setting prevents the display of the Welcome Center at user logon.
10 |
11 | If you enable this policy setting, the Welcome Center is not displayed at user logon. The user can access the Welcome Center using the Control Panel or Start menu.
12 |
13 | If you disable or do not configure this policy setting, the Welcome Center is displayed at user logon.
14 |
15 |
16 |
17 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/Sidebar.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Desktop Gadgets
9 | Turn off desktop gadgets
10 | This policy setting allows you to turn off desktop gadgets. Gadgets are small applets that display information or utilities on the desktop.
11 |
12 | If you enable this setting, desktop gadgets will be turned off.
13 |
14 | If you disable or do not configure this setting, desktop gadgets will be turned on.
15 |
16 | The default is for desktop gadgets to be turned on.
17 | Restrict unpacking and installation of gadgets that are not digitally signed.
18 | This policy setting allows you to restrict the installation of unsigned gadgets. Desktop gadgets can be deployed as compressed files, either digitally signed or unsigned.
19 | If you enable this setting, gadgets that have not been digitally signed will not be extracted.
20 |
21 | If you disable or do not configure this setting, both signed and unsigned gadgets will be extracted.
22 | The default is for Windows to extract both signed and unsigned gadgets.
23 | Turn Off user-installed desktop gadgets
24 | This policy setting allows you to turn off desktop gadgets that have been installed by the user.
25 |
26 | If you enable this setting, Windows will not run any user-installed gadgets.
27 |
28 | If you disable or do not configure this setting, Windows will run user-installed gadgets.
29 |
30 | The default is for Windows to run user installed gadgets.
31 |
32 |
33 |
34 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/SoundRec.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Do not allow Sound Recorder to run
9 | Specifies whether Sound Recorder can run.
10 |
11 | Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.
12 |
13 | If you enable this policy setting, Sound Recorder will not run.
14 |
15 | If you disable or do not configure this policy setting, Sound Recorder can be run.
16 | Sound Recorder
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/Speech.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Speech
5 | Speech platform related policies.
6 |
7 |
8 | Speech
9 | Allow Automatic Update of Speech Data
10 | Specifies whether the device will receive updates to the speech recognition and speech synthesis models.
11 |
12 | A speech model contains data used by the speech engine to convert audio to text (or vice-versa). The models are periodically updated to improve accuracy and performance. Models are non-executable data files.
13 |
14 | If enabled (default), the device will periodically check for updated speech models and then download them from a Microsoft service using the Background Internet Transfer Service (BITS).
15 |
16 |
17 |
18 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/StorageHealth.adml:
--------------------------------------------------------------------------------
1 |
2 | Storage Health
3 | ADMX file for Storage Health
4 |
5 |
6 | Storage Health
7 | Allow downloading updates to the Disk Failure Prediction Model
8 |
9 | Allows downloading new updates to ML Model parameters for predicting storage disk failure.
10 |
11 | Enabled:
12 | Updates would be downloaded for the Disk Failure Prediction Failure Model.
13 |
14 | Disabled:
15 | Updates would not be downloaded for the Disk Failure Prediction Failure Model.
16 |
17 | Not configured:
18 | Same as Enabled.
19 |
20 |
21 |
22 |
23 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/TextInput.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 | TextInput policies
4 | TextInput related policies.
5 |
6 |
7 | Text Input
8 | When this policy setting is enabled, some language features (such as handwriting recognizers and spell checking dictionaries) included with a language can be uninstalled from a user’s machine when the language is uninstalled. The language can be reinstalled with a different selection of included language features if needed. When this policy setting is disabled, language features remain on the user’s machine when the language is uninstalled.
9 | Allow uninstallation of language features when a language is uninstalled
10 | This policy setting controls the ability to send inking and typing data to Microsoft to improve the language recognition and suggestion capabilities of apps and services running on Windows.
11 | Improve inking and typing recognition
12 |
13 |
14 |
15 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/TouchInput.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Touch Input
9 | Turn off Tablet PC touch input
10 | Turn off Tablet PC touch input
11 |
12 | Turns off touch input, which allows the user to interact with their computer using their finger.
13 |
14 | If you enable this setting, the user will not be able to produce input with touch. They will not be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.
15 |
16 | If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.
17 |
18 | If you do not configure this setting, touch input is on by default.
19 |
20 | Note: Changes to this setting will not take effect until the user logs off.
21 | Turn off Touch Panning
22 | Turn off Panning
23 | Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.
24 |
25 | If you enable this setting, the user will not be able to pan windows by touch.
26 |
27 | If you disable this setting, the user can pan windows by touch.
28 |
29 | If you do not configure this setting, Touch Panning is on by default.
30 |
31 | Note: Changes to this setting will not take effect until the user logs off.
32 |
33 |
34 |
35 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/WinCal.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Turn off Windows Calendar
9 | Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
10 |
11 | If you enable this setting, Windows Calendar will be turned off.
12 |
13 | If you disable or do not configure this setting, Windows Calendar will be turned on.
14 |
15 | The default is for Windows Calendar to be turned on.
16 | Windows Calendar
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/WinMaps.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Maps
9 | Turn off Automatic Download and Update of Map Data
10 | Enables or disables the automatic download and update of map data.
11 |
12 | If you enable this setting the automatic download and update of map data is turned off.
13 |
14 | If you disable this setting the automatic download and update of map data is turned on.
15 |
16 | If you don't configure this setting the automatic download and update of map data is determined by a registry setting that the user can change using Windows Settings.
17 | Turn off unsolicited network traffic on the Offline Maps settings page
18 | This policy setting allows you to turn on or turn off unsolicited network traffic on the Offline Maps page in Settings > System > Offline Maps.
19 |
20 | If you enable this policy setting, features that generate network traffic on the Offline Maps settings page are turned off. Note: This may turn off the entire settings page.
21 |
22 | If you disable or do not configure this policy setting, the Offline Maps setting page may generate network traffic.
23 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/WindowsAnytimeUpgrade.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Add features to Windows 10
9 | Contains settings to control the behavior of the Add features to Windows 10 wizard.
10 | Prevent the wizard from running.
11 | By default, Add features to Windows 10 is available for all administrators.
12 |
13 | If you enable this policy setting, the wizard will not run.
14 |
15 | If you disable this policy setting or set it to Not Configured, the wizard will run.
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/WindowsColorSystem.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Prohibit installing or uninstalling color profiles
9 | This policy setting affects the ability of users to install or uninstall color profiles.
10 |
11 | If you enable this policy setting, users cannot install new color profiles or uninstall previously installed color profiles.
12 |
13 | If you disable or do not configure this policy setting, all users can install new color profiles. Standard users can uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles.
14 | Windows Color System
15 | Contains settings for managing the list of installed color profiles, and the associations between color profiles and color devices.
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/WindowsCopilot.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Windows Copilot
9 | Turn off Windows Copilot
10 |
11 | This policy setting allows you to turn off Windows Copilot.
12 |
13 | If you enable this policy setting, users will not be able to use Copilot. The Copilot icon will not appear on the taskbar either.
14 |
15 | If you disable or do not configure this policy setting, users will be able to use Copilot when it's available to them.
16 |
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/WindowsInkWorkspace.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Windows Ink Workspace
5 | Windows Ink Workspace
6 |
7 |
8 | At least Windows 10 Redstone
9 | Windows Ink Workspace
10 | Allow Windows Ink Workspace
11 | Allow Windows Ink Workspace
12 | Disabled
13 | On, but disallow access above lock
14 | On
15 | Allow suggested apps in Windows Ink Workspace
16 | Allow suggested apps in Windows Ink Workspace
17 |
18 |
19 |
20 | Choose one of the following actions
21 |
22 |
23 |
24 |
25 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/WindowsMediaDRM.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Prevent Windows Media DRM Internet Access
9 | Prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet).
10 |
11 | When enabled, Windows Media DRM is prevented from accessing the Internet (or intranet) for license acquisition and security upgrades.
12 |
13 | When this policy is enabled, programs are not able to acquire licenses for secure content, upgrade Windows Media DRM security components, or restore backed up content licenses. Secure content that is already licensed to the local computer will continue to play. Users are also able to protect music that they copy from a CD and play this protected content on their computer, since the license is generated locally in this scenario.
14 |
15 | When this policy is either disabled or not configured, Windows Media DRM functions normally and will connect to the Internet (or intranet) to acquire licenses, download security upgrades, and perform license restoration.
16 | Windows Media Digital Rights Management
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/Winsrv.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Turn off automatic termination of applications that block or cancel shutdown
9 | This policy setting specifies whether Windows will allow console applications and GUI applications without visible top-level windows to block or cancel shutdown. By default, such applications are automatically terminated if they attempt to cancel shutdown or block it indefinitely.
10 |
11 | If you enable this setting, console applications or GUI applications without visible top-level windows that block or cancel shutdown will not be automatically terminated during shutdown.
12 |
13 | If you disable or do not configure this setting, these applications will be automatically terminated during shutdown, helping to ensure that Windows can shut down faster and more smoothly.
14 | Shutdown Options
15 |
16 |
17 |
18 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/WirelessDisplay.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 | Connect
4 | Select an item to view its description
5 |
6 |
7 |
8 | Connect
9 |
10 |
11 | Don't allow this PC to be projected to
12 | This policy setting allows you to turn off projection to a PC.
13 |
14 |
15 |
16 | If you turn it on, your PC isn't discoverable and can't be projected to except if the user manually launches the Wireless Display app.
17 |
18 |
19 |
20 | If you turn it off or don't configure it, your PC is discoverable and can be projected to above lock screen only. The user has an option to turn it always on or off except for manual launch, too.
21 |
22 | Require pin for pairing
23 | This policy setting allows you to require a pin for pairing.
24 |
25 | If you set this to 'Never', a pin isn't required for pairing.
26 |
27 | If you set this to 'First Time', the pairing ceremony for new devices will always require a PIN.
28 |
29 | If you set this to 'Always', all pairings will require PIN.
30 | Never
31 | First Time
32 | Always
33 |
34 |
35 |
36 | Choose one of the following actions
37 |
38 |
39 |
40 |
41 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/WorkplaceJoin.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Register domain joined computers as devices
5 | This setting lets you configure how domain joined computers become registered as devices.
6 |
7 |
8 | Device Registration
9 | This setting lets you configure how domain joined computers become registered as devices.
10 |
11 | When you enable this setting, domain joined computers automatically and silently get registered as devices with Azure Active Directory.
12 |
13 | Note: Additional requirements may apply on certain Windows SKUs. Refer to Azure Active Directory Device Registration Overview.
14 |
15 | http://go.microsoft.com/fwlink/?LinkId=307136
16 |
17 | Register domain joined computers as devices
18 |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/filtermanager.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | ReFS group policy
5 | Group policy settings for ReFS
6 |
7 |
8 | Filter Manager
9 | Dev drive filter attach policy
10 | Dev drive is a drive optimized for performance considering developer scenarios and by default no file system filters are attached to it. Filters listed in this setting will be allowed to attach even on a dev drive.
11 |
12 | A reboot is required for this setting to take effect.
13 |
14 |
15 |
16 |
17 | Filter list
18 |
19 |
20 |
21 |
22 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/fthsvc.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | enter display name here
5 | enter description here
6 |
7 |
8 | Fault Tolerant Heap
9 | Configure Scenario Execution Level
10 | This policy setting permits or prohibits the Diagnostic Policy Service (DPS) from automatically resolving any heap corruption problems.
11 |
12 | If you enable this policy setting, the DPS detects, troubleshoots, and attempts to resolve automatically any heap corruption problems.
13 |
14 | If you disable this policy setting, Windows cannot detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS.
15 |
16 | If you do not configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default.
17 |
18 | This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured.
19 |
20 | This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
21 |
22 | No system restart or service restart is required for this policy setting to take effect: changes take effect immediately.
23 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/hotspotauth.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Hotspot Authentication Group Policy Settings
5 | Hotspot Authentication Group Policy Settings
6 |
7 |
8 | Hotspot Authentication
9 | Enable Hotspot Authentication
10 | This policy setting defines whether WLAN hotspots are probed for Wireless Internet Service Provider roaming (WISPr) protocol support.
11 |
12 | If a WLAN hotspot supports the WISPr protocol, users can submit credentials when manually connecting to the network. If authentication is successful, users will be connected automatically on subsequent attempts. Credentials can also be configured by network operators.
13 |
14 | If you enable this policy setting, or if you do not configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol support.
15 |
16 | If you disable this policy setting, WLAN hotspots are not probed for WISPr protocol support, and users can only authenticate with WLAN hotspots using a web browser.
17 |
18 |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/mozilla.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 | Mozilla
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/msedge.adml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mxk/windows-secure-group-policy/a5190344cea4924741f729c8a43fa7f5baba247b/PolicyDefinitions/en-US/msedge.adml
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/msedgeupdate.adml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mxk/windows-secure-group-policy/a5190344cea4924741f729c8a43fa7f5baba247b/PolicyDefinitions/en-US/msedgeupdate.adml
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/msedgewebview2.adml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mxk/windows-secure-group-policy/a5190344cea4924741f729c8a43fa7f5baba247b/PolicyDefinitions/en-US/msedgewebview2.adml
--------------------------------------------------------------------------------
/PolicyDefinitions/en-US/refs.adml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | ReFS group policy
5 | Group policy settings for ReFS
6 |
7 |
8 | ReFS
9 | Enable dev drive
10 | Dev drive or developer volume is a volume optimized for performance of developer scenarios. A developer volume allows an administrator to choose file system filters that are attached on the volume.
11 |
12 | Disabling this setting will disallow creation of new developer volumes, existing developer volumes will mount as regular volumes.
13 |
14 | If this setting is not configured the default policy is to enable developer volumes while allowing antivirus filter to attach on a deveveloper volume. Further, if not configured, a local administrator can choose to not have antivirus filter attached to a developer volume.
15 |
16 | A reboot is required for this setting to take effect.
17 |
18 |
19 |
20 |
21 | Let antivirus filter protect dev drives
22 |
23 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/PolicyDefinitions/filtermanager.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/PolicyDefinitions/hotspotauth.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/PolicyDefinitions/messaging.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/PolicyDefinitions/mozilla.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/PolicyDefinitions/msedge.admx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mxk/windows-secure-group-policy/a5190344cea4924741f729c8a43fa7f5baba247b/PolicyDefinitions/msedge.admx
--------------------------------------------------------------------------------
/PolicyDefinitions/msedgeupdate.admx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mxk/windows-secure-group-policy/a5190344cea4924741f729c8a43fa7f5baba247b/PolicyDefinitions/msedgeupdate.admx
--------------------------------------------------------------------------------
/PolicyDefinitions/msedgewebview2.admx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mxk/windows-secure-group-policy/a5190344cea4924741f729c8a43fa7f5baba247b/PolicyDefinitions/msedgewebview2.admx
--------------------------------------------------------------------------------
/PolicyDefinitions/refs.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
--------------------------------------------------------------------------------
/PolicyDefinitions/sam.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
10 |
11 |
15 |
19 |
20 |
21 |
22 |
26 |
27 |
28 |
29 |
30 |
38 |
39 |
40 |
41 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
--------------------------------------------------------------------------------
/PolicyDefinitions/sdiagschd.admx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
--------------------------------------------------------------------------------
/install.cmd:
--------------------------------------------------------------------------------
1 | @echo off
2 | setlocal
3 |
4 | if /i "%1" == "/y" goto :install
5 | set /p "confirm=Install GPO as Local Computer Policy (y/[n])? "
6 | if /i "%confirm%" neq "y" goto :eof
7 |
8 | :install
9 | pushd %~dp0
10 | .\LGPO\LGPO.exe /p .\PolicyRules\Win11.PolicyRules /v
11 | popd
12 |
13 | echo.
14 | echo Restart computer to apply changes!
15 | echo.
16 |
17 | if /i "%1" neq "/y" pause
18 |
--------------------------------------------------------------------------------
/savelocal.cmd:
--------------------------------------------------------------------------------
1 | @echo off
2 | setlocal
3 |
4 | if "%~1" == "" goto :usage
5 | if "%~2" == "" goto :usage
6 | goto :main
7 |
8 | :usage
9 | echo usage: %0 out-file policy-name
10 | echo.
11 | goto :eof
12 |
13 | :main
14 | pushd %~dp0
15 | rmdir /s /q C:\GPO
16 | mkdir C:\GPO
17 | .\LGPO\LGPO.exe /b C:\GPO /n "%~2" /q
18 | move C:\GPO\{*} C:\GPO\{00000000-0000-0000-0000-000000000000}
19 | copy /y "%SystemRoot%\System32\GroupPolicy\Machine\Microsoft\Windows NT\Audit\audit.csv" "C:\GPO\{00000000-0000-0000-0000-000000000000}\DomainSysvol\GPO\Machine\microsoft\windows nt\Audit\"
20 | .\PolicyAnalyzer\GPO2PolicyRules.exe C:\GPO "%~1"
21 | popd
22 |
--------------------------------------------------------------------------------
/savewin11.cmd:
--------------------------------------------------------------------------------
1 | @echo off
2 | setlocal
3 |
4 | pushd %~dp0
5 | .\savelocal.cmd .\PolicyRules\Win11-Local.PolicyRules "Windows 11 Secure Group Policy"
6 | popd
7 |
--------------------------------------------------------------------------------