From c04441a0c88478c89d616390a34397c74c2c8e8c Mon Sep 17 00:00:00 2001 From: bigboss248 Date: Wed, 30 Oct 2024 11:04:43 +0330 Subject: [PATCH] added windows configuration designer config --- .gitignore | 2 + windows configuration/ICD.log | 73 + windows configuration/ICDCommon.log | 14 + windows configuration/SettingsMetadata.xml | 12562 +++++++++++++++++++ windows configuration/customizations.xml | 44 + windows configuration/main.icdproj.xml | 19 + 6 files changed, 12714 insertions(+) create mode 100644 windows configuration/ICD.log create mode 100644 windows configuration/ICDCommon.log create mode 100644 windows configuration/SettingsMetadata.xml create mode 100644 windows configuration/customizations.xml create mode 100644 windows configuration/main.icdproj.xml diff --git a/.gitignore b/.gitignore index 294fba2..3b7e5f1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ Install_configure_chcolatey_winget.exe installed packages megalinter-reports +windows configuration/main.ppkg +windows configuration/main.cat diff --git a/windows configuration/ICD.log b/windows configuration/ICD.log new file mode 100644 index 0000000..fcbdf33 --- /dev/null +++ b/windows configuration/ICD.log @@ -0,0 +1,73 @@ +10/30/2024 10:16:13 AM Info Project 'main' created successfully and added to workspace +10/30/2024 10:34:55 AM Info Navigating to URI https://docs.microsoft.com/windows/configuration/wcd/wcd-provisioningcommands +10/30/2024 10:34:56 AM Info Navigating to URI https://docs.microsoft.com/windows/configuration/wcd/wcd-provisioningcommands#devicecontext +10/30/2024 10:35:32 AM Info Navigating to URI https://docs.microsoft.com/windows/configuration/wcd/wcd-provisioningcommands#devicecontext +10/30/2024 10:37:14 AM Info Navigating to URI https://docs.microsoft.com/windows/configuration/wcd/wcd-provisioningcommands#devicecontext +10/30/2024 10:38:28 AM Info Start Provisioning package Build for Project: main +10/30/2024 10:38:46 AM Info Exporting customizations as a Provisioning Package to 'C:\Users\aminj\AppData\Local\Temp\ICD_20241030-103846-132_2348.14_395589053.1' +10/30/2024 10:38:46 AM Info Adding runtime settings to Provisioning Package +10/30/2024 10:38:46 AM Info CreateTempDirectory: Create directory: C:\Users\aminj\AppData\Local\Temp\ICD_20241030-103846-172_2348.14_1170467612.2 +10/30/2024 10:38:46 AM Info provxml writer, path = C:\Users\aminj\AppData\Local\Temp\ICD_20241030-103846-172_2348.14_1170467612.2\Prov\RunTime\0__ProvisioningCommands_DeviceContext_CommandFiles_0.provxml +10/30/2024 10:38:46 AM Info provxml writer, path = C:\Users\aminj\AppData\Local\Temp\ICD_20241030-103846-172_2348.14_1170467612.2\Prov\RunTime\1__ProvisioningCommands_DeviceContext_CommandFiles_1.provxml +10/30/2024 10:38:46 AM Info provxml writer, path = C:\Users\aminj\AppData\Local\Temp\ICD_20241030-103846-172_2348.14_1170467612.2\Prov\RunTime\2__ProvisioningCommands_DeviceContext_CommandFiles_2.provxml +10/30/2024 10:38:46 AM Info provxml writer, path = C:\Users\aminj\AppData\Local\Temp\ICD_20241030-103846-172_2348.14_1170467612.2\Prov\RunTime\3__ProvisioningCommands_DeviceContext_CommandFiles_3.provxml +10/30/2024 10:38:46 AM Info provxml writer, path = C:\Users\aminj\AppData\Local\Temp\ICD_20241030-103846-172_2348.14_1170467612.2\Prov\RunTime\4__ProvisioningCommands_DeviceContext_CommandFiles_4.provxml +10/30/2024 10:38:46 AM Info provxml writer, path = C:\Users\aminj\AppData\Local\Temp\ICD_20241030-103846-172_2348.14_1170467612.2\Prov\RunTime\5__ProvisioningCommands_DeviceContext_CommandLine.provxml +10/30/2024 10:38:46 AM Info Adding deployment settings to Provisioning Package +10/30/2024 10:38:46 AM Info Adding file assets to Provisioning Package +10/30/2024 10:38:46 AM Info Packaging file asset D:\Downloads\provisioning.ps1 +10/30/2024 10:38:46 AM Info Packaging file asset D:\Downloads\setup.ps1 +10/30/2024 10:38:46 AM Info Packaging file asset D:\Downloads\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe.msixbundle +10/30/2024 10:38:50 AM Info Packaging file asset D:\Downloads\Microsoft.UI.Xaml.2.8.x64.appx +10/30/2024 10:38:50 AM Info Packaging file asset D:\Downloads\Microsoft.VCLibs.x64.14.00.Desktop.appx +10/30/2024 10:38:54 AM Info CopyFile: Source path: C:\Users\aminj\AppData\Local\Temp\ICD_20241030-103851-875_2348.14_1706461133.cat, Target path: D:\OneDrive\My Software\Choclatey-Starship-Fonts\windows configuration\main.cat +10/30/2024 10:38:54 AM Info CopyFile: Source path: C:\Users\aminj\AppData\Local\Temp\ICD_20241030-103846-132_2348.14_395589053.1, Target path: D:\OneDrive\My Software\Choclatey-Starship-Fonts\windows configuration\main.ppkg +10/30/2024 10:38:55 AM Info DeleteFile: File '' does not exist +10/30/2024 10:38:55 AM Info DeleteFile: File 'C:\Users\aminj\AppData\Local\Temp\ICD_20241030-103846-132_2348.14_395589053.1' does not exist +10/30/2024 10:38:55 AM Info Media Creation Build Success page +10/30/2024 10:38:56 AM Info Build workflow finished. +10/30/2024 10:39:50 AM Info Loaded Knobs schema hive at C:\Program Files\WindowsApps\Microsoft.WindowsConfigurationDesigner_2024.613.0.0_x86__8wekyb3d8bbwe\icd\Microsoft-Desktop-Provisioning.dat +10/30/2024 10:39:50 AM Error WpxGetFileEdition (onecore\base\ntsetup\wpx\core\store.cpp:103) - 0x80070002: +10/30/2024 10:39:50 AM Error No SKU information file C:\Program Files\WindowsApps\Microsoft.WindowsConfigurationDesigner_2024.613.0.0_x86__8wekyb3d8bbwe\icd\Microsoft-Desktop-Provisioning.sku.xml available for store file C:\Program Files\WindowsApps\Microsoft.WindowsConfigurationDesigner_2024.613.0.0_x86__8wekyb3d8bbwe\icd\Microsoft-Desktop-Provisioning.dat +10/30/2024 10:39:50 AM Info Loaded settings from Windows Unknown Unknown +10/30/2024 10:52:02 AM Info Navigating to URI https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe +10/30/2024 10:52:08 AM Info Navigating to URI https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#desktop +10/30/2024 10:52:11 AM Info Navigating to URI https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#desktop +10/30/2024 10:52:11 AM Info Navigating to URI https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#desktop +10/30/2024 10:52:11 AM Info Navigating to URI https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#desktop +10/30/2024 10:52:11 AM Info Navigating to URI https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#desktop +10/30/2024 10:52:11 AM Info Navigating to URI https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#desktop +10/30/2024 10:53:42 AM Info Navigating to URI https://docs.microsoft.com/windows/configuration/wcd/wcd-provisioningcommands#primarycontext +10/30/2024 10:53:43 AM Info Navigating to URI https://docs.microsoft.com/windows/configuration/wcd/wcd-provisioningcommands#primarycontext +10/30/2024 10:53:46 AM Info Navigating to URI https://docs.microsoft.com/windows/configuration/wcd/wcd-provisioningcommands#primarycontext +10/30/2024 10:54:09 AM Info Navigating to URI https://docs.microsoft.com/windows/configuration/wcd/wcd-provisioningcommands#primarycontext +10/30/2024 10:54:11 AM Info Navigating to URI https://docs.microsoft.com/windows/configuration/wcd/wcd-provisioningcommands#primarycontext +10/30/2024 10:54:19 AM Info Navigating to URI https://docs.microsoft.com/windows/configuration/wcd/wcd-provisioningcommands#primarycontext +10/30/2024 11:02:00 AM Info Start Provisioning package Build for Project: main +10/30/2024 11:02:08 AM Info Exporting customizations as a Provisioning Package to 'C:\Users\aminj\AppData\Local\Temp\ICD_20241030-110208-219_2348.14_1931996259.5' +10/30/2024 11:02:08 AM Info Adding runtime settings to Provisioning Package +10/30/2024 11:02:08 AM Info CreateTempDirectory: Create directory: C:\Users\aminj\AppData\Local\Temp\ICD_20241030-110208-254_2348.14_425077397.6 +10/30/2024 11:02:08 AM Info provxml writer, path = C:\Users\aminj\AppData\Local\Temp\ICD_20241030-110208-254_2348.14_425077397.6\Prov\RunTime\0__OOBE_Desktop_HideOobe.provxml +10/30/2024 11:02:08 AM Info provxml writer, path = C:\Users\aminj\AppData\Local\Temp\ICD_20241030-110208-254_2348.14_425077397.6\Prov\RunTime\1__ProvisioningCommands_DeviceContext_CommandFiles_0.provxml +10/30/2024 11:02:08 AM Info provxml writer, path = C:\Users\aminj\AppData\Local\Temp\ICD_20241030-110208-254_2348.14_425077397.6\Prov\RunTime\2__ProvisioningCommands_DeviceContext_CommandFiles_1.provxml +10/30/2024 11:02:08 AM Info provxml writer, path = C:\Users\aminj\AppData\Local\Temp\ICD_20241030-110208-254_2348.14_425077397.6\Prov\RunTime\3__ProvisioningCommands_DeviceContext_CommandFiles_2.provxml +10/30/2024 11:02:08 AM Info provxml writer, path = C:\Users\aminj\AppData\Local\Temp\ICD_20241030-110208-254_2348.14_425077397.6\Prov\RunTime\4__ProvisioningCommands_DeviceContext_CommandFiles_3.provxml +10/30/2024 11:02:08 AM Info provxml writer, path = C:\Users\aminj\AppData\Local\Temp\ICD_20241030-110208-254_2348.14_425077397.6\Prov\RunTime\5__ProvisioningCommands_DeviceContext_CommandFiles_4.provxml +10/30/2024 11:02:08 AM Info provxml writer, path = C:\Users\aminj\AppData\Local\Temp\ICD_20241030-110208-254_2348.14_425077397.6\Prov\RunTime\6__ProvisioningCommands_DeviceContext_CommandLine.provxml +10/30/2024 11:02:08 AM Info provxml writer, path = C:\Users\aminj\AppData\Local\Temp\ICD_20241030-110208-254_2348.14_425077397.6\Prov\RunTime\7__ProvisioningCommands_PrimaryContext_Command_0_CommandLine.provxml +10/30/2024 11:02:08 AM Info provxml writer, path = C:\Users\aminj\AppData\Local\Temp\ICD_20241030-110208-254_2348.14_425077397.6\Prov\RunTime\8__ProvisioningCommands_PrimaryContext_Command_1_CommandLine.provxml +10/30/2024 11:02:08 AM Info Adding deployment settings to Provisioning Package +10/30/2024 11:02:08 AM Info Adding file assets to Provisioning Package +10/30/2024 11:02:08 AM Info Packaging file asset D:\Downloads\provisioning.ps1 +10/30/2024 11:02:08 AM Info Packaging file asset D:\Downloads\setup.ps1 +10/30/2024 11:02:08 AM Info Packaging file asset D:\Downloads\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe.msixbundle +10/30/2024 11:02:12 AM Info Packaging file asset D:\Downloads\Microsoft.UI.Xaml.2.8.x64.appx +10/30/2024 11:02:13 AM Info Packaging file asset D:\Downloads\Microsoft.VCLibs.x64.14.00.Desktop.appx +10/30/2024 11:02:19 AM Info CopyFile: File 'D:\OneDrive\My Software\Choclatey-Starship-Fonts\windows configuration\main.cat' exist and called with overwrite +10/30/2024 11:02:19 AM Info CopyFile: Source path: C:\Users\aminj\AppData\Local\Temp\ICD_20241030-110215-311_2348.14_1105255695.cat, Target path: D:\OneDrive\My Software\Choclatey-Starship-Fonts\windows configuration\main.cat +10/30/2024 11:02:19 AM Info CopyFile: File 'D:\OneDrive\My Software\Choclatey-Starship-Fonts\windows configuration\main.ppkg' exist and called with overwrite +10/30/2024 11:02:19 AM Info CopyFile: Source path: C:\Users\aminj\AppData\Local\Temp\ICD_20241030-110208-219_2348.14_1931996259.5, Target path: D:\OneDrive\My Software\Choclatey-Starship-Fonts\windows configuration\main.ppkg +10/30/2024 11:02:19 AM Info DeleteFile: File '' does not exist +10/30/2024 11:02:19 AM Info DeleteFile: File 'C:\Users\aminj\AppData\Local\Temp\ICD_20241030-110208-219_2348.14_1931996259.5' does not exist +10/30/2024 11:02:19 AM Info Media Creation Build Success page +10/30/2024 11:02:28 AM Info Build workflow finished. diff --git a/windows configuration/ICDCommon.log b/windows configuration/ICDCommon.log new file mode 100644 index 0000000..51498db --- /dev/null +++ b/windows configuration/ICDCommon.log @@ -0,0 +1,14 @@ +10/30/2024 10:12:26 AM Info ICD Started +10/30/2024 10:12:39 AM Warning Image customization functionality is disabled because imaging tools are not installed. +10/30/2024 10:12:39 AM Warning Exception on reading AutoLaunchConfigScenarioId. The key 'AutoLaunchConfigScenarioId' does not exist in the appSettings configuration section. +10/30/2024 10:12:39 AM Warning Exception on reading SUSPCAriaIngestionKey. The key 'SUSPCAriaIngestionKey' does not exist in the appSettings configuration section. +10/30/2024 10:12:39 AM Warning Exception on reading ICDWindowTitle. The key 'ICDWindowTitle' does not exist in the appSettings configuration section. +10/30/2024 10:12:39 AM Warning Exception on reading ICDWindowHeight. The key 'ICDWindowHeight' does not exist in the appSettings configuration section. +10/30/2024 10:12:39 AM Warning Exception on reading ICDWindowWidth. The key 'ICDWindowWidth' does not exist in the appSettings configuration section. +10/30/2024 10:12:39 AM Warning Exception on reading ICDWindowMinHeight. The key 'ICDWindowMinHeight' does not exist in the appSettings configuration section. +10/30/2024 10:12:39 AM Warning Exception on reading ICDWindowMinWidth. The key 'ICDWindowMinWidth' does not exist in the appSettings configuration section. +10/30/2024 10:12:39 AM Warning Exception on reading ICDWindowState. The key 'ICDWindowState' does not exist in the appSettings configuration section. +10/30/2024 10:16:13 AM Info Loaded Knobs schema hive at C:\Program Files\WindowsApps\Microsoft.WindowsConfigurationDesigner_2024.613.0.0_x86__8wekyb3d8bbwe\icd\Microsoft-Desktop-Provisioning.dat +10/30/2024 10:16:13 AM Error WpxGetFileEdition (onecore\base\ntsetup\wpx\core\store.cpp:103) - 0x80070002: +10/30/2024 10:16:13 AM Error No SKU information file C:\Program Files\WindowsApps\Microsoft.WindowsConfigurationDesigner_2024.613.0.0_x86__8wekyb3d8bbwe\icd\Microsoft-Desktop-Provisioning.sku.xml available for store file C:\Program Files\WindowsApps\Microsoft.WindowsConfigurationDesigner_2024.613.0.0_x86__8wekyb3d8bbwe\icd\Microsoft-Desktop-Provisioning.dat +10/30/2024 10:16:13 AM Info Loaded settings from Windows Unknown Unknown diff --git a/windows configuration/SettingsMetadata.xml b/windows configuration/SettingsMetadata.xml new file mode 100644 index 0000000..7503b85 --- /dev/null +++ b/windows configuration/SettingsMetadata.xml @@ -0,0 +1,12562 @@ + + + + + Tree + HKKS + + {63218c37-6d00-5d23-8129-e84b2e74d04a} + False + + + + + + Tree + AccountManagement + Configure a Windows Core OS device for account management scenarios. + {885fba34-bc7c-513d-b139-8395d92e19b1} + False + + + + + + Tree + UserProfilePolicies + Set options for profile lifetime mangement for shared or communal device scenarios. + {64cbb44f-3fee-55a4-a874-d205e2abf457} + False + + + + + + Int + DeletionPolicy + Configures when profiles will be deleted. + {9cfe3ee2-90e5-5606-8caa-3fbfc720b7ae} + True + 1 + + 0 + 2 + + + + + + + Bool + EnableProfileManager + Enable profile lifetime mangement for shared or communal device scenarios. + {79c00b1d-1641-5469-ac70-8ce5b94332e6} + True + False + + + + + + + Int + ProfileInactivityThreshold + Start deleting profiles when they have not been logged on during the specified period, given as number of days. + {0dedc9c0-c225-53df-b26c-4acf6a065e99} + True + 30 + + 0 + + + + + + + Int + StorageCapacityStartDeletion + Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first. + {16c183ff-4ba5-598f-975e-2d844020c99c} + True + 25 + + 0 + 100 + + + + + + + Int + StorageCapacityStopDeletion + Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles. + {3f39e3a1-2888-58c6-998d-e39e867eadaa} + True + 50 + + 0 + 100 + + + + + + + Tree + Accounts + + {fbf487f3-cf8c-54e1-a070-45ddeb001ec4} + False + + + + + + Tree + Azure + Bulk Enroll devices in Azure Active Directory + {cf4aa606-2615-5450-a1a1-d461bb286f56} + False + + + + + + Text + Authority + The authority for the BPRT + {02edf3f1-9ffd-5ee7-9baf-01064e68ce56} + True + + + + + + + Text + BPRT + The bulk token for the linked account. + {75bb65a7-15bd-579d-986a-b3eafec0f742} + True + + + + + + + Tree + ComputerAccount + Configure computer name and a domain account. + {456bc278-a25f-5c92-b6c4-9d648c704864} + False + + + + + + Text + Account + User account authorized to join the computer to the domain. Should be in the domain\account format. + {c8c18698-852b-51f9-8eb7-6b1542a9f0c3} + True + + + + + + + Text + AccountOU + The name of the organization unit for the computer account. + {d8e63a40-c306-56f3-b640-af22b96db623} + True + + + + + + + Text + ComputerName + Specifies the name of the Windows device. On desktop PCs this sets the computer name. The unique name for domain joined computers must use %RAND:x%, where x is an integer less than 15 digits long, or use %SERIAL% characters. + {049b84df-af71-583a-b91e-18dcb05b1a5d} + True + + + + + + + Text + DomainName + The name of the domain to join. + {adda0803-15ed-52df-b9b7-57769b3ff5f8} + True + + + + + + + Text + Password + Password for the account authorized to join the computer to the domain. + {ee111d5e-666a-5601-ba12-cf99157c7c26} + True + + + + + + + Map + Users + Add local users to the computer. + {e309994b-3045-5394-98fd-b2b23071530d} + True + + + + + + + + + Tree + ADMXIngestion + + {83750f52-e878-58ef-a302-f0cbcc5c1db1} + False + + + + + + Tree + ConfigADMXInstalledPolicy + + {dd27c805-6626-5597-9e12-1024c246da36} + False + + + + + + Map + AreaName + Enter the area name of the policy that needs to be set. For more details refer MSDN documentation on ADMX Ingested MDM policies. + {299ebfad-99a5-5bda-b7ce-e857e3e598d9} + True + + + + + + + + + Tree + ConfigOperations + + {4493d4b7-c1c8-503d-aeb5-bac54e659ae1} + False + + + + + + Tree + ADMXInstall + + {6aedbd09-73ab-55b3-99bd-9037e7d79849} + False + + + + + + Map + AppName + Enter name of the Win32 App. + {e09f5e88-8f3d-5eb8-8fc9-95038623e606} + True + + + + + + + + + Tree + AssignedAccess + Configure Assigned Access + {3b8e38f4-ee07-580e-b847-ec0aac5b96bf} + False + + + + + + Text + AssignedAccessSettings + Set account and app (by AUMID). Example: {"Account":"domain\\user", "AUMID":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"}. + {0c74ad84-33f9-5c93-867a-50a830ddf399} + True + + + + + + + Asset + MultiAppAssignedAccessSettings + Deploy Multi App Assigned Access configuration xml file to the device + {fb0ecc16-e63b-50f7-9f76-22c078eb6414} + True + + + + + + + Tree + Browser + + {f62658b7-d2d6-5836-8575-2886fcd53076} + False + + + + + + Map + FavoriteBarItems + Enter at most three favorites that will appear in the favorites bar. All fields are required. + {69ce594b-94a0-5522-bb9c-923b69945eb9} + True + + + + + + + + + Text + PartnerSearchCode + Character string that specifies an OEM Partner Search Code + {5cfadbf1-7963-5449-ab23-e22e2d0f847e} + True + + + + + + + Tree + CellCore + + {388e445d-f496-5908-a04b-dec129d191c6} + False + + + + + + Tree + PerDevice + + {5902aa31-c0a8-5090-b926-ca466a9e8de5} + False + + + + + + Tree + CellData + + {877ff619-cae8-5898-b5e9-c6ec657bf354} + False + + + + + + Int + CellularFailover + Allow or disallow cellular data failover when in limited Wi-Fi connectivity + {003b3317-371c-5c98-bc6a-f9f380cdd026} + True + + + + + + + Tree + CellUX + + {e23271c2-daca-52ae-85d3-fd8590433a9a} + False + + + + + + Int + EmbeddedUiccSlotId + Embedded UICC (eUICC) slot ID + {821b3983-f620-5954-9724-f7d4514fb6c1} + True + 1 + + 0 + + + + + + + Int + EnableAutoSlotSwitch + Enable automatically switching SIM slot on SIM insert + {e775af5b-560c-5da2-a3da-c24a9090f576} + True + 0 + + 0 + + + + + + + Text + SlotSelectionSim1Name + Name of SIM 1 in slot selection UI + {40d08b78-4bab-5dfd-a573-ed3f3de714fa} + True + SIM 1 + + 0 + 32 + + + + + + + Text + SlotSelectionSim2Name + Name of SIM 2 in slot selection UI + {1f74191c-4f53-5009-b96c-0e2c42f7b99b} + True + SIM 2 + + 0 + 32 + + + + + + + Tree + eSIM + + {59ce2ea0-5d05-5700-9945-58c83e71a05b} + False + + + + + + Tree + FwUpdate + + {f5ecb5dc-622f-5f3e-b4b9-5e29ea2ac74c} + False + + + + + + Text + AllowedAppIdList + List of application IDs that are allowed access + {40654131-41e3-5272-8d88-622f3148656f} + True + + + + + + + Tree + Support3gppVersion + + {261b69ac-93b8-5173-a6e4-92358500192a} + False + + + + + + Int + Support3gppRevision + Support 3gpp revision + {7b4672e5-fd9e-57bc-85b8-1f4363a37296} + True + + + + + + + Int + Support3gppVersion + Support 3gpp version + {0ff7cd06-d39b-5abb-82fa-cac45bc29a8d} + True + + + + + + + Tree + SMS + + {2229a8d4-561f-59e8-826c-747e31eff765} + False + + + + + + Int + AckExpirySeconds + Set how long we wait for a client ACK before trying to delivery + {1f899b0d-8527-5b0e-91e9-6cf78eaedc66} + True + + 1 + + + + + + + Int + DefaultMCC + Set the default mobile country code (MCC) + {98ce8ea2-6ed6-5019-beda-e6f06cff3b6d} + True + + + + + + + Tree + Encodings + + {c75e5fd2-3170-54e6-aa81-5039b7992637} + False + + + + + + Int + GSM7BitEncodingPage + Set the 7 bit GSM default alphabet encoding + {5017400f-db02-58a2-a855-934d94e6ba78} + True + + + + + + + Int + GSM8BitEncodingPage + Set an 8 bit GSM encoding (OEM set) + {d7df3117-7f8b-56d3-b3e9-0833ab7b34be} + True + + + + + + + Int + OctetEncodingPage + Set the octet (binary) encoding + {76585ffc-1998-541a-8af9-43b04dc1772f} + True + + + + + + + Int + SendUDHNLSS + Set the 7 bit GSM shift table encoding + {caf6fb0d-4605-5f92-861e-1575534d006a} + True + + + + + + + Int + UseASCII + Set the 7 bit ASCII encoding + {bcf2f839-0c24-5310-8481-dd01d7ebb401} + True + + + + + + + Int + UseKeyboardLanguage + Set if we use keyboard language (Portuguese/Spanish/Turkish) based encoding (set shift table based on keyboard language) + {49e20d6a-e568-5056-9039-608855bece50} + True + + + + + + + Int + IncompleteMsgDeliverySeconds + How long we wait for all parts of multisegement Sprint messages for concatenation + {93f11c50-56f1-5ca6-8bb3-679ea4f7baed} + True + + 1 + + + + + + + Int + MessageExpirySeconds + Set how long we store undelivered messages (e.g. holding parts of a multisegment message waiting for undelivered part(s)) + {80d0dfe8-6311-570b-9dd4-f6eeb08f0f9f} + True + + 1 + + + + + + + Int + SmsFragmentLimit + Set the number of octets (byte) in a single fragment (segment) + {a5c7b5dc-7b35-5816-b61a-2c23ff8e26e8} + True + + 16 + 140 + + + + + + + Int + SmsPageLimit + Set the number of total pages (segments) possible for a message + {e51bf51d-6cb9-5324-b328-2c498a1600bc} + True + + 1 + 255 + + + + + + + Int + SmsStoreDeleteSize + Set the number messages that can be deleted when message full indication is received from modem + {13be8c99-bffb-5f10-8b60-b3be91918634} + True + + 1 + + + + + + + Int + SprintFragmentInfoInBody + Use Sprint's specific segmentation method + {8e39e226-7fa6-52ab-b292-f9e41b030d44} + True + + + + + + + Tree + Type3GPP + + {c76956a6-d9be-5652-a0b7-991f5934eb69} + False + + + + + + Tree + ErrorHandling + + {c09ce4c7-6fe0-5034-9b30-91bbbaf84e23} + False + + + + + + Map + ErrorType + + {63f93941-fdf2-543e-ae6d-cd3a096fad48} + True + + + + + + + + + Map + FriendlyErrorClass + + {d58450e5-1554-543a-b752-7eac0d973cdb} + True + + + + + + + + + Tree + IMS + + {0aadf434-9495-5b2b-aa98-42858aa7a6b0} + False + + + + + + Int + AttemptThresholdForIMS + Set the maximum number of tries to send SMS on IMS. After maximum number of attempts are reached the retry will only be on 1xRTT/GSM. + {6224dcec-d212-5fa8-90ac-381ca16da4e5} + True + + + + + + + Int + RetryEnabled + Set to enable one automatic retry on 1xRTT/GSM for sending a SMS message after failure to send over IMS. + {24af3ed3-1c0e-5e49-8f07-123e8cf11eca} + True + + + + + + + Int + SmsUse16BitReferenceNumbers + Set if we use an 8 bit or 16 bit message ID (reference number) in the UDH + {abd7270d-6c5c-5e20-8a03-36b6011e98a8} + True + + + + + + + Tree + Type3GPP2 + + {a9f7c46b-5dd3-5778-94f4-25e48b9c2e28} + False + + + + + + Tree + ErrorHandling + + {8d17052d-865d-588b-8eae-35339f87c3e5} + False + + + + + + Map + FriendlyErrorClass + + {8d47423e-3d02-57e8-bde5-a0c835997af2} + True + + + + + + + + + Int + UseReservedAsPermanent + Set the 3GPP2 permanent error type + {4df36109-40f5-5832-9d44-d66580956487} + True + + + + + + + Map + PerIMSI + + {2a85e161-a3db-5c85-8838-ab494605b60a} + True + + + + + + + + + Tree + Cellular + + {a23bb487-8829-5520-9922-d047757dc465} + False + + + + + + Tree + PerDevice + + {12af9873-d05c-5c0a-a7cc-57f67b2381a2} + False + + + + + + Tree + SignalBarMappingTable + Customize the global mapping between the cellular connection signal strength and the number of bars shown. + {523e9ef3-e317-5f57-9624-3a5207a3f949} + False + + + + + + Int + EnableLTEReportingOnNSA + To check how to calculate Signal Quality for Dual Connectivity. + {2e326fe8-1ae7-53bc-adfb-2ad8b6279f6c} + True + 4 + + 0 + 4 + + + + + + + Int + EnableLTESnrReporting + To check if SNR needs to be used for LTE Signal Quality calculations. + {842e115b-9ee0-5e04-9b6f-559c0e4c416e} + True + 1 + + 0 + 1 + + + + + + + Int + EnableNRSnrReporting + To check if SNR needs to be used for 5G Signal Quality calculations. + {0ff769ef-cd7f-5f26-a56b-3c24f80ba42a} + True + 1 + + 0 + 1 + + + + + + + Map + GERAN + + {6f04d4e9-7fa5-5b9b-b9fe-62f7e3e4c435} + True + + + + + + + + + Map + LTE + + {f256bc63-5c2b-5f59-a3ba-e3fd778a630b} + True + + + + + + + + + Map + LTERSRP + + {ece3d068-d795-549b-ae52-88421c473d6b} + True + + + + + + + + + Map + LTERSSNR + + {0399c84a-adaf-5b23-9d21-c4a96c0690f1} + True + + + + + + + + + Map + NRRSRP + + {c823bb5e-bfa9-5d98-96bb-b5f3e5140f1f} + True + + + + + + + + + Map + NRRSSNR + + {afecee36-792f-50f2-b4e6-7651010d693e} + True + + + + + + + + + Map + SignalForBars + + {6936ec89-c018-5cef-a6dd-587eb90668ac} + True + + + + + + + + + Map + WCDMA + + {3817c57d-8d37-5029-b263-967fa2aaac6f} + True + + + + + + + + + Map + PerSimSettings + + {e6140f81-609b-5f23-b9c2-fd4433813f38} + True + + + + + + + + + Tree + Certificates + + {0366b9c6-8fee-54ac-97ba-056e6c3e806c} + False + + + + + + Map + CACertificates + Configure intermediate CA certificates on target device + {8401557c-cad8-515c-bddf-4d3a66a387e3} + True + + + + + + + + + Map + ClientCertificates + Configure client certificates on target device + {7aefb76e-dc33-58c7-9342-5cea2bda7d43} + True + + + + + + + + + Map + OemEsimCertificates + Configure certificates into OEM eSIM store on target device + {357c5432-01e7-5656-b905-2298c7f5d1bf} + True + + + + + + + + + Map + RootCertificates + Configure root certificates on target device + {c3ce0e10-cf9e-5663-875a-aa4fc45723fe} + True + + + + + + + + + Map + TrustedPeopleCertificates + Configure certificates into trusted people store on target device + {24fbc7cf-0575-52f3-afeb-eb4483f64121} + True + + + + + + + + + Map + TrustedProvisioners + CA certificates used for provisioning package trust. + {e3d139ac-572c-5463-8d8f-a0ac096bc293} + True + + + + + + + + + Tree + CleanPC + + {50c11ae4-9a1e-54ed-937c-c402f1f69d39} + False + + + + + + Int + CleanPCRetainingUserData + Use to remove pre-installed software and keep user data. + {1ea54e55-0d99-598e-8f45-9d2236046a69} + True + 1 + + 0 + 1 + + + + + + + Int + CleanPCWithoutRetainingUserData + Use to remove pre-installed software without keeping any user data. + {ec488c17-ee1e-5ebd-86e8-9b8c76270de0} + True + 1 + + 0 + 1 + + + + + + + Tree + Connections + + {b48f444a-1ed4-59aa-a822-57964912d1b5} + False + + + + + + Map + Cellular + + {c44f1987-7cdb-5063-a96c-d9a4074a5f1c} + True + + + + + + + + + Map + EnterpriseAPN + + {ca396fa2-f1ca-559d-9fc4-8aba9feb9313} + True + + + + + + + + + Map + eUICCs + eUICCs + {2f2ff03c-2973-57f9-9156-8c605822b293} + True + + + + + + + + + Tree + General + + {63052fa2-627f-58e0-b9b7-a855fb16b23b} + False + + + + + + Int + DataRoam + Specifies the data roaming option. + {8954e6e9-3f86-5ba5-9599-b8f907a1c591} + True + + + + + + + Map + MultiSIM + MultiSIM + {1609f0db-5d00-5c28-ba0f-60d28fb397bf} + True + + + + + + + + + Map + Policies + + {3084c383-06d8-5296-8719-1ce23c7da8a7} + True + + + + + + + + + Map + Proxies + + {a3483d86-29f6-5deb-b346-14d430b8d4fc} + True + + + + + + + + + Tree + ConnectivityProfiles + + {636c026c-4982-58ee-ab85-898af0e02853} + False + + + + + + Tree + Cellular5GSASettings + + {c1c13e48-da80-5af8-8ef6-a8f149e7463e} + False + + + + + + Tree + FirstBoot + + {64804224-deef-5ae0-b9ab-b44273e9767c} + False + + + + + + Int + COSAInitialRegParamUsed + If used, COSA configuration for 5G SA registration parameters is taken into account for initial 5G SA registration. + {a14860d5-7960-5a58-8646-8a1e974d0683} + True + + + + + + + Int + DefaultNetworkSliceDifferentiator + The default network slice differentiator used in initial 5G SA registration request if there is none configured in modem. + {54204240-7d3a-562c-83a5-15b39af202c7} + True + + 0 + 255 + + + + + + + Int + DefaultNetworkSliceServiceType + The default network slice type used in initial 5G SA registration request if there is none configured in modem. 1 -- eMBB; 2 -- URLLC; 3 -- MassiveIOT + {529416b6-047b-50d8-9521-aaaa9ae59185} + True + + 0 + 255 + + + + + + + Tree + Email + + {b444d8cf-9efb-5edd-a0d7-68922a0f9fd4} + False + + + + + + Map + Accounts + Specify an email account to be automatically set up on the device being provisioned. + {4cd060be-d2f7-5710-8df1-d3abd7dfa820} + True + + + + + + + + + Tree + Exchange + + {51bb0c26-188b-53cb-849e-810ee601a028} + False + + + + + + Map + Accounts + Specify an email account to be automatically set up on the device being provisioned. + {8902f20e-23d4-5a09-930f-cb72032b09cb} + True + + + + + + + + + Tree + KnownAccounts + + {2eec9a66-9886-5ffa-b9f3-bf4f6f34b5bf} + False + + + + + + Asset + KnownAccountsOEM + Deploy KnownAccountsOEM.xml file to the device (Ensure file name is KnownAccountsOEM.xml) + {8b6c6a30-b4a3-539d-aed6-fcb3aaeef459} + True + + + + + + + Text + OemFilePath + Specify alternate KnownAccountsOEM.xml file path + {0dd59ef4-cce5-5407-ac04-5232f859208e} + True + + + + + + + Tree + VPN + + {08b70b8f-88a3-5cac-804f-8ee16d6cbb76} + False + + + + + + Tree + MTU + + {c7ab72ac-789d-5e36-9eb4-2984add47085} + False + + + + + + Int + PPPProtocolType + Alwasys set VPN PPPProtocolType to 0x21 (33) + {4c986fc9-afbd-56c5-896d-8562554b021c} + True + 33 + + + + + + + Int + ProtocolType + Always set VPN ProtocolType to 0x800 (2048) + {4f20e746-f245-526a-afdc-90cd796f2871} + True + 2048 + + + + + + + Int + TunnelMTU + Default value of TunnelMTU is 1400, the allowed range is 1 to 1500. + {27bb9f54-58a9-5ce1-b53e-bc1ef39f0d36} + True + 1400 + + 1 + 1500 + + + + + + + Map + VPNSetting + + {723cfe6b-4d7c-5ad0-b553-325983769e50} + True + + + + + + + + + Tree + WiFiSense + + {2f110813-eff2-533c-bd89-374a7f748376} + False + + + + + + Tree + Config + + {59f6f77d-6806-58dd-8abc-c45db0f27493} + False + + + + + + Int + WiFiSharingFacebookInitial + UNSUPPORTED - DO NOT USE + {b5802875-919e-5dc6-aeea-915b10068eec} + True + + + + + + + Int + WiFiSharingOutlookInitial + UNSUPPORTED - DO NOT USE + {9867d7d4-a264-5cc3-bb7f-412b39210faf} + True + + + + + + + Int + WiFiSharingSkypeInitial + UNSUPPORTED - DO NOT USE + {b7ead329-2520-5dff-be79-a757766324f5} + True + + + + + + + Tree + FirstBoot + + {79e97372-5741-5e81-989c-1410bdeee8c9} + False + + + + + + Int + DefaultAutoConnectOpenState + If enabled the OOBE Wi-Fi Sense checkbox to automatically connect to open networks will be checked. + {bb77c873-6456-52ff-80d0-fc962b764294} + True + + + + + + + Int + DefaultAutoConnectSharedState + UNSUPPORTED - DO NOT USE + {5332dc30-0745-57ba-88e7-1332ecacac2c} + True + + + + + + + Int + WiFiSenseAllowed + If enabled the user will be able to opt-in to the autoconnect feature of Wi-FiSense. + {f22c7fe7-3e30-58c9-9e57-d226413d71dc} + True + + + + + + + Tree + SystemCapabilities + + {2207cca1-2cb0-5ed6-89f7-031a2bbd6111} + False + + + + + + Int + CoexistenceSupport + Specifies the type of co-existence supported on the device. +Options: + +Both: Wi-Fi and Bluetooth both work at the same performance level during co-existence +Wi-Fi Reduced: On a 2X2 system, Wi-Fi performance is reduced to 1X1 level +Bluetooth centered: When co-existing, Bluetooth has priority and restricts Wi-Fi performance +One: Either Wi-Fi or Bluetooth will stop working + {b2ef5c00-42bd-5b9a-8df8-433d4c816775} + True + + + + + + + Int + NumAntennaConnected + Specifies the number of antennas that are connected to the Wi-Fi radio. + {7e7bf213-05c5-566b-a27d-eb7a26df46e3} + True + + 1 + 255 + + + + + + + Int + SimultaneousMultiChannelSupported + Specifies the maximum number of channels that the Wi-Fi device can simultaneously operate on. + {625a8154-96b1-5fb8-a18b-7003b395a883} + True + + 1 + 255 + + + + + + + Int + WLANFunctionLevelDeviceResetSupported + UNSUPPORTED - DO NOT USE + {3b34b1eb-8ba8-5e98-9172-5d40e87e63bc} + True + + + + + + + Int + WLANPlatformLevelDeviceResetSupported + UNSUPPORTED - DO NOT USE + {4637ac83-829b-5936-9355-9e2e92a4af5c} + True + + + + + + + Tree + WLAN + + {93f59a06-d9ea-5fe9-be19-ef9cb17eaff4} + False + + + + + + AssetList + Profiles + Add WLAN profiles to configure wireless connectivity on the target device. + {2351472c-1e8e-5cd6-962e-3ed62c058bfc} + True + + + + + + Map + WLANSetting + + {c4cb3553-4bc5-5f00-9c4a-e8b41588f023} + True + + + + + + + + + Tree + CountryAndRegion + + {e6ca3fe9-51c3-57ea-a943-1e125701a51d} + False + + + + + + Text + CountryCodeForExtendedCapabilityPrompts + Specify a country code for additional capability prompts when apps use privacy-sensitive features (such as Contacts or Microphone). For China, use 'zh'. + {bd604e80-cecc-5328-91bc-9eb5efda20f6} + True + + + + + + + Tree + DataMarketplace + + {d0564155-9fd5-53b4-84c7-1987caaa009e} + False + + + + + + Map + PerSimSettings + + {95275d16-05ee-5578-8b12-4bae0dbdc33a} + True + + + + + + + + + Tree + DesktopBackgroundAndColors + + {e63cc02b-ec9a-5dad-ba74-288ced1fb7aa} + False + + + + + + Asset + DeployDesktopBackgroundFile + Deploy Desktop Background file to the device + {5e5ed165-b604-5c81-84af-7813a949eeb9} + True + + + + + + + Text + RegisterDesktopBackgroundFile + + {bc5af459-509c-5fe5-bcff-0901033ea610} + True + + + + + + + Map + SetColors + + {cfaf7b98-3cdb-57c4-b7ed-d09808f4cb72} + True + + + + + + + + + Tree + DevDetail + + {38b7031d-de8b-58df-a8b6-97f94af12cea} + False + + + + + + Text + DNSComputerName + On desktop PCs sets the DNS hostname of the computer (Computer Name) up to 63 characters. Use %RAND:x% to generate x number of random digits in the name, x must be a number less than 63. For domain joined computers, the unique name must use %RAND:x%. Use %SERIAL% to generate the name with the computer"s serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit does not count the length of the macros %RAND:x% and %SERIAL%. This setting is only supported in Windows 10 version 2004 and later releases. To change this setting on earlier releases use the ComputerName setting under Accounts -> ComputerAccount + {6dabf38e-e86d-51e4-a441-256432f2c691} + True + + + + + + + Tree + DeviceFormFactor + DeviceForm specifies a enumeration value that dictates the form factor of the device as reported through telemetry + {bc4f1892-fdc2-58bf-9fb2-14f4bbabe789} + False + + + + + + Int + DeviceForm + + {3c68a66d-77eb-5820-b896-64dca8f4e2d9} + True + + + + + + + Tree + DeviceManagement + + {5c1e09a4-db22-5ae1-9293-5dbfb48689a1} + False + + + + + + Map + Accounts + + {2a4aa252-6c03-58a5-98f4-d0a0b89afc72} + True + + + + + + + + + Tree + MemoryDump + + {08702aed-8375-557a-af66-9c34b0b32aec} + False + + + + + + Int + AllowCrashDump + This policy setting decides if crash dump collection on the machine is allowed or not. Supported values: 0 - Disable crash dump collection. 1 (default) - Allow crash dump collection. + {ce7e136d-8c99-5146-aca2-a1deab761e97} + True + 1 + + 0 + 1 + + + + + + + Int + AllowLiveDump + This policy setting decides if live dump collection on the machine is allowed or not. Supported values: 0 - Disable live dump collection. 1 (default) - Allow live dump collection. + {e59831ec-7e2c-5592-a1f0-780083015002} + True + 1 + + 0 + 1 + + + + + + + Map + PGList + + {b01dce22-fb07-5764-9649-7b8624605ec5} + True + + + + + + + + + Tree + Policies + + {2e0d2a83-480f-5d8b-b7a9-7f96e278bd06} + False + + + + + + Tree + MMS + + {267a5fbc-15cb-5825-b25c-d214c862957e} + False + + + + + + Int + MMSMessageRoles + Message Encryption Negotiation Policy + {3e675efd-4b7c-5787-b0c3-b72772942bb8} + True + + + + + + + Tree + SISL + + {b1c2709a-c5aa-5488-b72e-bc01800bfa4e} + False + + + + + + Int + ServiceIndicationRoles + Service Indication (SI) Message Policy + {8b96fc01-9e94-5e99-a08a-7f27390103cf} + True + + + + + + + Int + ServiceLoadingRoles + Service Loading (SL) Message Policy + {70c99bec-abf3-5457-abf3-f1b32917d1ce} + True + + + + + + + Tree + WSP + + {f42ddc5d-2b19-5832-8b65-8acc1d2de58d} + False + + + + + + Int + WSPPushAllowed + WSP Push Policy + {284b91df-9374-5a6c-ac42-65776f03ca35} + True + + + + + + + Tree + TrustedProvisioningSource + + {6ee50928-b2b1-58e7-bf1c-f6b9d483e3a6} + False + + + + + + Text + PROVURL + + {79fc18a2-ab53-55dc-b384-d07b7a4658c9} + True + + + + + + + Tree + DeviceUpdateCenter + Configure device with DUC attributes obtained during Registration through DUC Portal + {a161ff4b-9b4e-5c42-a1cf-3fbbd12dbbe1} + False + + + + + + Text + CustomPackageId + Package ID for custom content published by OEM. + {5763a368-376c-5c0e-ab69-8838c5cba904} + True + + + + + + + Text + DesiredOcpVersion + Target version of the OCP product + {fe411de4-3330-5f91-b87e-eb1ea3d94d91} + True + + + + + + + Text + DesiredOsVersion + Target version of the OS product + {d143e69a-8995-5e57-b5dd-0730ffdde23d} + True + + + + + + + Text + DesiredSystemManifestVersion + Target version of the SystemManifest product + {43f2feeb-b6b3-5280-bfa6-769e73903149} + True + + + + + + + Text + DeviceModelId + Identifies a specific category of OEM device. OEMs can categorize their devices and specify them in the DUC portal. + {f9307ac8-c5f5-56c4-bd3f-d78bd21f0899} + True + + + + + + + Text + DucManifestId + Mainfest carrying the desired versions payload. + {a8531b8e-9da2-571d-93ca-68365c647c40} + True + + + + + + + Text + OemPartnerRing + OEMs can choose between 3 (deployment) rings for their device - Preview, EarlyAdopter, GeneralAvailability. + {f4ebeb72-707b-5828-ab16-e1d28bc8e845} + True + + + + + + + Text + PublisherId + Unique ID (string) per OEM that is generated during the registration process in DUC portal. + {fcc12375-633d-5109-a1f8-e1908680abad} + True + + + + + + + Tree + DMClient + + {22aeb044-4169-5c08-b4b9-ad0f84cc25b7} + False + + + + + + Text + UpdateManagementServiceAddress + Update Management Service Addresses by re-ordering and/or removing existing ones + {654548f4-fa79-5760-bbee-c53715702762} + True + + + + + + + Tree + EditionUpgrade + + {adde2fab-c19c-5556-bf65-49010eb3fa41} + False + + + + + + Text + ChangeProductKey + Installs a product key, which will be used to update the existing product key on the device. Does not require a reboot. + {d2d203e5-c8c1-5434-b05d-d87f057a48a2} + True + + + + + + + Asset + UpgradeEditionWithLicense + Enable an edition upgrade of Windows 10 mobile devices. Does not require reboot. + {58e117ff-32d0-56fc-82fa-32bc6b363e4a} + True + + + + + + + Text + UpgradeEditionWithProductKey + Enable an edition upgrade of Windows 10 desktop devices. Requires reboot. + {2c446769-c3a3-5f71-86e7-3200f42c21ce} + True + + + + + + + Tree + Education + + {262ebe5b-94d6-5bec-970c-8cf3405d6d30} + False + + + + + + Bool + AllowStickers + Select whether Stickers should be set on desktop backgrounds + {420b1f42-6000-560c-8cc6-242e7ec847c4} + True + False + + + + + + + Bool + EnableEduThemes + This policy decides whether the tenant wants EDU Themes enabled on their device or not + {11924302-116e-5187-85c9-64a00a5d4e4e} + True + False + + + + + + + Int + IsEducationEnvironment + This policy setting allows tenant to control whether to declare this OS as an education environment + {6c203e41-9002-5949-a6cf-f793360677f9} + True + 0 + + 0 + 1 + + + + + + + Tree + FederatedAuthentication + + {b4f57363-0a14-5836-956c-f70803a7cad5} + False + + + + + + Int + EnableWebSignInForPrimaryUser + Specifies whether web-based sign-in is enabled with the Primary User experience + {5882b319-a811-5fff-ba39-df69736355b6} + True + 0 + + + + + + + Tree + Folders + + {cce6c2f4-ef08-5008-8f10-6f403311a417} + False + + + + + + AssetList + PublicDocuments + Add documents to the public profile documents folder on the target device. + {c57724f2-25bf-563c-907d-dd8bb3b33a11} + True + + + + + + Tree + GraphicsDrivers + + {d419adbc-e275-57a1-aa09-f101cf591493} + False + + + + + + Tree + MemoryManager + + {dd2eedb2-d980-571c-9f24-a2236870de69} + False + + + + + + Int + SelfRefreshVramForceEvictionThreshold + Specifies Self Refresh VRAM force eviction threshold value in MB. This configures the amount of self-refresh VRAM memory necessary to evict the VRAM when the SelfRefreshVramForceEvictionTimer expires. If current VRAM usage is less than the threshold, the contents will always be evicted immediately. + {9decd8e3-ee37-5e27-abe3-ce83395a9a02} + True + + + + + + + Int + SelfRefreshVramForceEvictionTimer + Specifies Self Refresh VRAM force eviction timer value in seconds. This configures the timer length after entering Modern Standby before the contents of VRAM are evicted to disk. + {a43a388c-4c7e-5460-8bcf-cb4d2002ae6c} + True + + + + + + + Tree + HotSpot + + {e254b784-46f0-5a5e-a5ac-fc3a316f5c74} + False + + + + + + Text + DedicatedConnections + Specifies the semicolon separated list of Connection Manager cellular connections that Internet sharing will use as the public connections. + {6f79b479-3c5c-52c1-89fe-52e85c559095} + True + + + + + + + Bool + Enabled + Specifies whether to enable Internet sharing on the device. + {be6823f0-cde8-5661-8956-70d0cbfd56da} + True + + + + + + + Text + EntitlementDll + The path to the entitlement DLL used to make entitlement checks that verify that the device is entitled to use the Internet sharing service on a mobile operator's network. + {c8700dfa-f262-5866-9e0b-b2a61a24cc52} + True + + + + + + + Int + EntitlementInterval + The time interval, in seconds, between entitlement checks. + {c51a3ac7-aa28-58d0-ac6c-c9ed7e83775e} + True + + 0 + 604800 + + + + + + + Bool + EntitlementRequired + Specifies whether the device requires an entitlement check to determine if Internet sharing should be enabled. + {58ce3129-e928-5143-aa6d-6abaa0cfb464} + True + + + + + + + Int + MaxBluetoothUsers + Specifies the maximum number of simultaneous Bluetooth users that can be connected to a device while sharing over Bluetooth. + {758c32a9-44ef-5819-85a5-bea0405e4ace} + True + + 1 + 7 + + + + + + + Int + MaxUsers + Specifies the maximum number of simultaneous users that can be connected to a device while in a sharing state. + {1f94ebf8-e9fa-5a07-8a7c-77ae74aeb70f} + True + + 0 + 10 + + + + + + + Text + MOAppLink + An application link that points to a pre-installed application, provided by the mobile operator, that will help a user to subscribe to the mobile operator's Internet sharing service when Internet sharing is not provisioned or entitlement fails. + {4a4c45b3-10d5-58bb-b062-5a17f2dc38e3} + True + + + + + + + Text + MOHelpMessage + Reference to a localized string, provided by the mobile operator, that is displayed when Internet sharing is not enabled due to entitlement failure. + {96807eef-8bb7-563e-91cf-0652c52de06f} + True + + + + + + + Text + MOHelpNumber + A mobile operator-specified phone number that is displayed to the user when the Internet sharing service fails to start. + {696dc296-34a8-5abc-83fa-f29bdffa3408} + True + + + + + + + Text + MOInfoLink + A mobile operator-specified HTTP link that is displayed to the user when Internet sharing is disabled or the device is not entitled. + {31ace42d-d61a-5ee1-b371-390c201b80e6} + True + + + + + + + Int + PeerlessTimeout + The time-out period, in minutes, after which Internet sharing should automatically turn off if there are no longer any active clients. + {7242031c-9a96-5eb9-83e6-efeecfad0522} + True + + 1 + 120 + + + + + + + Int + PublicConnectionTimeout + The time-out value, in minutes, after which Internet sharing is automatically turned off if a cellular connection is not available. + {ec39cf41-ec93-56b6-af47-56b516959f92} + True + + 1 + 60 + + + + + + + Text + TetheringNAIConnection + Specifies the CDMA TetheringNAI Connection Manager cellular connection that Internet sharing will use as a public connection. + {ea357407-19ba-5e14-9a93-643397244548} + True + + + + + + + Tree + LanguagePackManagement + Manage device language settings, including Language Pack Installation and System Preferred UI Language + {36b4f8ad-d716-59c2-9db0-bb0374590996} + False + + + + + + Map + LanguagePackInstall + + {0bb94177-770a-5e1b-a09c-15351859d6f9} + True + + + + + + + + + Text + SystemPreferredUILanguage + BCP47 tag (ie en-US, de-DE, etc.) of the language to be set as the system preferred UI Language. Language must be already installed on device. System Preferred UI Language determines the language used to display UI resources such as menus and dialogs. + {2f011ba9-8449-5dd2-a8ce-e3e270b42548} + True + + + + + + + Tree + Licensing + + {0bb0d379-c2be-5618-83a0-2879d1947d04} + False + + + + + + Bool + AllowWindowsEntitlementReactivation + This policy setting controls whether OS Reactivation is blocked on a device + {e3391aa7-b07a-5c16-adad-548dc64c5c3b} + True + True + + + + + + + Bool + DisallowKMSClientOnlineAVSValidation + This policy setting controls whether AVS validation is blocked on a device + {349a9e46-75b0-50ab-a33b-3380160a4079} + True + False + + + + + + + Tree + Location + + {375f06e6-f764-56ca-9fe2-29f876c98e09} + False + + + + + + Tree + SUPL1 + + {f631076c-c8b9-5e0f-abdb-566a61c26d52} + False + + + + + + Text + Address + Home SUPL Server address and port number, or the URL. + {6b4d194d-4b12-59d6-82fa-c8de8a9bd144} + True + + + + + + + Text + FullVersion + Determines which full version, X.Y.Z that the GPS driver should use. X, Y, and Z are major, minor, and service indicator version, respectively. If FullVersion field is defined, Version field that defines only major version is ignored. + {2c07368b-6023-54bd-9337-e733bde56843} + True + + + + + + + Text + MccMncPairs + MCC/MNC pairs owned by the carrier, listed in the format: (MCC1,MNC1)(MCC2,MNC2)...(MCCn,MNCn) + {8cb1b9eb-e91e-5d90-bfa9-743068d3f832} + True + + + + + + + Int + NIDefaultTimeout + Time that the NI displayed to the user waits to get a response from the user before the default action happens. + {524ac8e0-b2c3-5aa0-bc36-43e677959a11} + True + + + + + + + Int + NIDependencyOnLocationMasterSwitch + Indicates whether the NI request for location is managed by the Location master switch. + {18480838-ec59-56c2-bed2-a54fe2ad96df} + True + + + + + + + Int + PositioningMethod + The mobile station positioning method for mobile originated requests. + {863cfd3d-5cf6-5021-8b14-0a37104af98d} + True + + + + + + + Tree + RootCertificate + + {54ed5d29-330c-5bdd-bd8c-59afcf745959} + False + + + + + + Binary + Data + The First Server Certificate Data. + {799ecfba-9512-516c-8fab-5a6365eb6bef} + True + + + + + + + Text + Name + The First Server Certificate Name. + {f2489f84-7280-507c-b626-37d472b50f51} + True + + + + + + + Tree + RootCertificate2 + + {a72a3888-d954-5da4-8e5b-32d72444b1f0} + False + + + + + + Binary + Data + The Second Server Certificate Data. + {be0eab01-0f85-5144-bc01-cf108a2be60f} + True + + + + + + + Text + Name + The Second Server Certificate Name. + {60616e1c-2af4-587a-b642-61f019dcc0de} + True + + + + + + + Tree + RootCertificate3 + + {f51c9518-25f3-5184-9925-87b65dfc747e} + False + + + + + + Binary + Data + The Third Server Certificate Data. + {cf591d14-9d99-5761-b789-6b7a21846d9c} + True + + + + + + + Text + Name + The Third Server Certificate Name. + {e3e0bbee-5f7b-5231-a1f0-31d46970f197} + True + + + + + + + Tree + RootCertificate4 + + {a2e80aa4-f426-5531-a2e9-76d35e7c6c6d} + False + + + + + + Binary + Data + The Forth Server Certificate Data. + {1057929d-214b-54c6-b71e-2c1d92cf8c52} + True + + + + + + + Text + Name + The Forth Server Certificate Name. + {74884bfe-b3b8-5cac-a671-58779eb43784} + True + + + + + + + Tree + RootCertificate5 + + {02ad806f-92af-5849-a8a3-3282010912f5} + False + + + + + + Binary + Data + The Fifth Server Certificate Data. + {0a0a581d-07eb-5753-ac1e-d981f8112565} + True + + + + + + + Text + Name + The Fifth Server Certificate Name. + {ae6c1fc0-4e56-51cc-a0aa-4d7e70650eb6} + True + + + + + + + Tree + RootCertificate6 + + {fda8d9e9-cbb2-591e-85af-d450a4e2d79f} + False + + + + + + Binary + Data + The Sixth Server Certificate Data. + {3ad353da-ba2e-5d25-b30e-83009248b1ae} + True + + + + + + + Text + Name + The Sixth Server Certificate Name. + {dd4f9b84-fa45-5d8f-9c91-6db382c010ac} + True + + + + + + + Int + ServerAccessInterval + Defines the minimum interval of time between mobile originated requests sent to the server to prevent overloading the Mobile Operator's network. + {8539cd78-97dd-5e47-832b-27b78a67cc76} + True + + + + + + + Int + Version + Determines which SUPL major version the GPS driver should use. Refer to FullVersion field for extended usage + {cfdf014e-f72a-59a9-bac9-1e6677869215} + True + + + + + + + Tree + V2UPL1 + + {e90c9fa2-7aea-5af5-93e0-b268fc3a8755} + False + + + + + + Text + MPC + Mobile Positioning Center + {176e20d5-b2c5-524e-a9b4-ca8727b2dfec} + True + + + + + + + Int + NIDefaultTimeout + Time that the NI displayed to the user waits to get a response from the user before the default action happens. + {db11cf38-1c07-57ac-ac4a-8475412ec081} + True + + + + + + + Int + NIDependencyOnLocationMasterSwitch + Indicates whether the NI request for location is managed by the Location master switch. + {6fbf22c6-3aae-515b-b543-865ec3aa32fe} + True + + + + + + + Text + PDE + Position Determination Entity + {b726841f-8419-5126-bb48-170632a31d49} + True + + + + + + + Int + PositioningMethod + The mobile station positioning method that the gpsOne engine shall expose to the MPC, for mobile originated requests. + {0e6f79a1-6ac3-5579-89df-8e143a17b157} + True + + + + + + + Int + ServerAccessInterval + Defines the minimum interval of time between mobile originated requests sent to the server to prevent overloading the Mobile Operator's network. + {7f7dbf05-0d08-58d3-904d-98c9784241a7} + True + + + + + + + Tree + Maps + + {a1c8bcd2-0fe4-5690-a60c-03e5d041c819} + False + + + + + + Bool + ChinaVariantWin10 + When set to TRUE, only maps approved for China will be used on the device. This key should be set to TRUE on devices intended to be sold in China. + {bef8dbcb-be4d-5c5f-b8e5-d13868d98170} + True + False + + + + + + + Bool + UseExternalStorage + When set to TRUE, offline maps will always be downloaded to the device's MicroSD card. + {5cd6e956-16ba-5734-97e0-029c5ed72eba} + True + False + + + + + + + Bool + UseSmallerCache + When set to TRUE, the map data cache will be limited to 80MB. This key should be set to TRUE on lower end devices with storage limitations. + {5e508f7c-9da5-568e-aa6f-4ce7611990c3} + True + False + + + + + + + Tree + NetworkListManager + + {05f0f4a4-33dd-5fe9-9ed6-d74cc7cb164b} + False + + + + + + Text + AllowedTlsAuthenticationEndpoints + List of URLs (seperated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated. + {b232dc6b-6345-5b84-bedc-b8d2e5b04e8f} + True + + + + + + + Text + TlsAuthenticationNetworkName + The string will be used to name the network authenticated against one of the endpoints listed in AllowedTlsAuthenticationEndpoints policy + {eb3e7787-1145-5068-9093-63c7bcf3f6a2} + True + + + + + + + Tree + OOBE + + {ddb01dbd-8334-5918-bf7c-3d592e6cba4a} + False + + + + + + Tree + Desktop + + {ee851a68-b80f-5672-8995-c739d3ef97da} + False + + + + + + Bool + EnableCortanaVoice + Enables Cortana voiceover in OOBE for Pro and above SKUs. + {549f1291-13b7-58a3-83fe-eeb101b24ae0} + True + False + + + + + + + Bool + HideOobe + When set to TRUE hides the interactive OOBE flow for desktop. + {80f44799-7c35-5cfd-9aff-10764bdd66c9} + True + True + + + + + + + Tree + Personalization + Configure a PC"s personalization settings such as Desktop Image and Lock Screen Image. + {35d6833d-80f5-532e-abf7-a40a7fc054cf} + False + + + + + + Asset + DeployDesktopImage + Deploy a jpg, jpeg or png image to the device to be used as desktop image. + {c19bd0a2-89fb-51f0-894d-c8258b5d3e44} + True + + + + + + + Asset + DeployLockScreenImage + Deploy a jpg, jpeg or png image to the device to be used as lock screen image. + {4a3014ee-2f6e-5b16-8bb3-68f96a6a2500} + True + + + + + + + Text + DesktopImageUrl + Specify a jpg, jpeg or png image to be used as Desktop Image. This setting can take a http or https Url to a remote image to be downloaded or a file Url to an existing local image. This setting can also use the image as supplied in the DeployDesktopImage asset node. In this case, DesktopImageUrl should be given just the file name in the DeployDesktopImage value. + {125a439d-de5d-5b22-bd32-a1c6a1604a68} + True + + + + + + + Text + LockScreenImageUrl + Specify a jpg, jpeg or png image to be used as Lock Screen Image. This setting can take a http or https Url to a remote image to be downloaded or a file Url to an existing local image. This setting can also use the image as supplied in the DeployLockScreenImage asset node. In this case, LockScreenImageUrl should be given just the file name in the DeployLockScreenImage value. + {913b29e0-5254-5eb8-b8d3-fb9c87c58d04} + True + + + + + + + Tree + Policies + + {9b74d508-8205-5385-ad0a-bfedee68827e} + False + + + + + + Tree + AboveLock + + {7f7205d7-a92f-57a0-b862-0136822c5e73} + False + + + + + + Int + AllowToasts + + {44840410-3f77-5452-bacd-0788f717c25f} + True + 1 + + 0 + 1 + + + + + + + Tree + Accounts + + {c67ec4f2-1a1c-5b47-8669-0325fe7a5369} + False + + + + + + Int + AllowAddingNonMicrosoftAccountsManually + + {33b908c3-3b7d-5e1d-8419-4c37226da4a2} + True + 1 + + 0 + 1 + + + + + + + Int + AllowMicrosoftAccountConnection + + {e09fa825-fbfc-55fb-87b3-c0a218b04ccb} + True + 1 + + 0 + 1 + + + + + + + Int + AllowMicrosoftAccountSignInAssistant + This setting lets you decide whether to enable the Microsoft Account Sign-In Assistant service. + {01f0a05c-523f-5929-a471-e6f20930abf8} + True + 1 + + 0 + 1 + + + + + + + Text + DomainNamesForEmailSync + + {0d3e56a1-7164-5794-a894-0af0189c4d2f} + True + + + + + + + Tree + ApplicationDefaults + + {91a6f83c-d834-5d46-b5f9-e33959bcd3e8} + False + + + + + + Text + DefaultAssociationsConfiguration + This setting specifies the XML file content (base64 encoded) that contains file type and protocol default application associations. This file can be created using the DISM tool. + {254c1ae1-448b-5ee4-8c28-2643cae2c660} + True + + + + + + + Tree + ApplicationManagement + + {1aa766df-7515-56f1-b28e-aa2f6d50c8ae} + False + + + + + + Int + AllowAllTrustedApps + + {3d546186-e155-5201-baf3-7d83e2c13ba3} + True + 0 + + 0 + 1 + + + + + + + Int + AllowAppStoreAutoUpdate + + {f2f1f4c9-c7f3-51db-a72c-03543df3e901} + True + 2 + + 0 + 2 + + + + + + + Int + AllowDeveloperUnlock + + {a6ca991a-2407-5565-a577-f30f9548d438} + True + 0 + + + + + + + Int + AllowGameDVR + + {4e9d789e-8692-5209-9898-a3ac9b5ca0b9} + True + 1 + + 0 + 1 + + + + + + + Int + AllowSharedUserAppData + + {572a6b4d-b5e1-5b97-baad-97d481131866} + True + 0 + + 0 + 1 + + + + + + + Text + LaunchAppAfterLogOn + List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are to be launched after logon. + {11aff555-a986-5910-bc3f-305f6b7b1789} + True + + + + + + + Int + RestrictAppDataToSystemVolume + + {f1fc82eb-02b0-5087-a7dd-466c9321fa53} + True + 0 + + 0 + 1 + + + + + + + Int + RestrictAppToSystemVolume + + {7d1f97e1-b5f1-5925-8588-00b705f4345b} + True + 0 + + 0 + 1 + + + + + + + Tree + Authentication + + {69186db5-039a-527c-84c1-7574b88fff62} + False + + + + + + Int + AllowFastReconnect + + {2bb2b928-3a43-53d2-b264-e8fa1096516b} + True + 1 + + 0 + 1 + + + + + + + Text + ConfigureWebcamAccessDomainNames + Specifies a list of domains that are allowed to access the webcam in CXH-based authentication scenarios. + {3781e0ee-88eb-58a4-9013-bd6115b2c53c} + True + + + + + + + Text + ConfigureWebSignInAllowedUrls + Specifies a list of URLs that are navigable in Web Sign-in based authentication scenarios. + {e6bc4fb1-bd9b-5b18-8d9f-532e582fa710} + True + + + + + + + Int + EnableFastFirstSignIn + Specifies whether new non-admin AAD accounts should auto-connect to pre-created candidate local accounts + {2f1d6d89-a85e-5d79-b685-cda033c4e408} + True + 0 + + 0 + 2 + + + + + + + Int + EnableWebSignIn + Specifies whether web-based sign in is allowed for logging in to Windows + {4f5e6f3a-7d35-5a0b-9a1b-eb22702cb7e9} + True + 0 + + 0 + 2 + + + + + + + Text + PreferredAadTenantDomainName + Specifies the preferred domain among available domains in the AAD tenant. + {4c2b2886-536d-51e9-8a89-f256400479be} + True + + + + + + + Tree + BitLocker + + {c4253971-0476-5049-a6f3-b729a208d39c} + False + + + + + + Int + EncryptionMethod + + {516e6bf2-0c4f-5924-ad80-a6d48278504b} + True + 6 + + 3 + 7 + + + + + + + Tree + Bluetooth + + {ac23bc48-f963-5bbf-928d-bab2c96f83af} + False + + + + + + Int + AllowAdvertising + + {f176d533-d2a0-5ae1-9903-f0308cbaf5aa} + True + 1 + + 0 + 1 + + + + + + + Int + AllowDiscoverableMode + + {88570079-8630-5f7e-a3dc-9674e013f0f3} + True + 1 + + 0 + 1 + + + + + + + Int + AllowPrepairing + + {e5d30f39-27d1-5c51-8c8d-df0e1d522cfa} + True + 1 + + 0 + 1 + + + + + + + Int + AllowPromptedProximalConnections + This policy lets you decide whether to allow Windows to prompt users when certain Bluetooth devices are connectable and in range of the user's device. + {890bffa7-850e-5697-9b68-179d2fef7994} + True + 1 + + 0 + 1 + + + + + + + Text + LocalDeviceName + + {af836f87-59bf-513c-b1f3-f621a23f18e0} + True + + + + + + + Text + ServicesAllowedList + + {78975ee9-c49e-525e-9eb3-9a828d4ea24c} + True + + + + + + + Tree + Browser + + {a4684666-e5a6-5148-a348-54975eedbafa} + False + + + + + + Int + AllowAddressBarDropdown + Specifies whether to allow the Address bar drop-down functionality in Microsoft Edge. We recommend disabling this functionality if you want to minimize network connections from Microsoft Edge to Microsoft services. Note: Disabling this setting turns off the Address bar drop-down functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the Browser/AllowSearchSuggestionsinAddressBar setting. + {f6bb65fe-326f-5303-a2b1-a45f35d60b10} + True + 1 + + 0 + 1 + + + + + + + Int + AllowAutofill + This setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge. + {600e3e17-d90c-5b4e-8e40-1420caaaa2e1} + True + 0 + + 0 + 1 + + + + + + + Int + AllowConfigurationUpdateForBooksLibrary + This policy setting lets you decide whether Microsoft Edge can automatically update the configuration data for the Books Library. + {820808af-477b-5cfd-912a-a4baba92b61c} + True + 1 + + 0 + 1 + + + + + + + Int + AllowCookies + This setting lets you configure how your company deals with cookies. + {0222607f-aa8a-51ae-a67a-457dbbc99640} + True + 2 + + 0 + 2 + + + + + + + Int + AllowDeveloperTools + This setting lets you decide whether employees can use F12 Developer Tools on Microsoft Edge. + {487ecde7-5a91-5dec-8ed5-cacd4b1f71da} + True + 1 + + 0 + 1 + + + + + + + Int + AllowDoNotTrack + This setting lets you decide whether employees can send Do Not Track headers to websites that request tracking info. + {d4ef0008-9f22-5ae7-ac01-ea9c9b60d4ca} + True + 0 + + 0 + 1 + + + + + + + Int + AllowExtensions + This setting lets you decide whether employees can load extensions in Microsoft Edge. + {746b4872-9f21-51cb-8a3c-833e54575ad3} + True + 1 + + 0 + 1 + + + + + + + Int + AllowFlash + This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge. + {e6974a04-8a72-515e-b4e1-59833d80ca1c} + True + 1 + + 0 + 1 + + + + + + + Int + AllowFlashClickToRun + Configure the Adobe Flash Click-to-Run setting. + {02cc5c18-eee3-522c-991a-516cdab96ca5} + True + 1 + + 0 + 1 + + + + + + + Int + AllowFullScreenMode + With this policy, you can specify whether to allow full-screen mode, which shows only the web content and hides the Microsoft Edge UI. If enabled or not configured, full-screen mode is available for use in Microsoft Edge. Your users and extensions must have the proper permissions. If disabled, full-screen mode is unavailable for use in Microsoft Edge. + {5d551114-1b89-5269-b6b6-6341e4047244} + True + 1 + + 0 + 1 + + + + + + + Int + AllowInPrivate + This setting lets you decide whether employees can browse using InPrivate website browsing. + {e3598c78-97fc-5e72-9951-481ae36bc9a4} + True + 1 + + 0 + 1 + + + + + + + Bool + AllowMicrosoftCompatibilityList + This policy setting lets you decide whether the Microsoft Compatibility List is enabled or disabled in Microsoft Edge. This feature uses a Microsoft-provided list to ensure that any sites with known compatibility issues are displayed correctly when a user navigates to them. By default, the Microsoft Compatibility List is enabled and can be viewed by navigating to about:compat. If you enable or don’t configure this setting, Microsoft Edge will periodically download the latest version of the list from Microsoft and will apply the configurations specified there during browser navigation. If a user visits a site on the Microsoft Compatibility List, he or she will be prompted to open the site in Internet Explorer 11. Once in Internet Explorer, the site will automatically be rendered as if the user is viewing it in the previous version of Internet Explorer it requires to display correctly. If you disable this setting, the Microsoft Compatibility List will not be used during browser navigation. + {1f5702cd-cefe-5ca3-94e5-e117e15d9b5e} + True + True + + + + + + + Int + AllowPasswordManager + This setting lets you decide whether employees can save their passwords locally, using Password Manager. + {e3600771-4bf4-5d58-a94d-5c9fc652484c} + True + 1 + + 0 + 1 + + + + + + + Int + AllowPopups + This setting lets you decide whether to turn on Pop-up Blocker and whether to allow pop-ups to appear in secondary windows. + {1ec2e6ee-ad3b-5e81-8005-c93919b51038} + True + 0 + + 0 + 1 + + + + + + + Int + AllowPrelaunch + Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed. This policy setting lets you decide whether Microsoft Edge can pre-launch during Windows sign in, when the system is idle, and each time Microsoft Edge is closed. The default for this setting allows pre-launch. If you allow pre-launch or don’t configure this policy setting, Microsoft Edge pre-launches during Windows sign in, when the system is idle, and each time Microsoft Edge is closed; minimizing the amount of time required to start up Microsoft Edge. If you prevent pre-launch, Microsoft Edge won’t pre-launch during Windows sign in, when the system is idle, or each time Microsoft Edge is closed. + {3a0a23ab-c615-50c4-a5d8-6e3a4743c4ef} + True + 1 + + 0 + 1 + + + + + + + Int + AllowPrinting + With this policy, you can restrict whether printing web content in Microsoft Edge is allowed. If enabled, printing is allowed. If disabled, printing is not allowed. + {ed0a2be3-4a5b-5fc7-b117-cffea19e864a} + True + 1 + + 0 + 1 + + + + + + + Int + AllowSavingHistory + Microsoft Edge saves your user"s browsing history, which is made up of info about the websites they visit, on their devices. If enabled or not configured, the browsing history is saved and visible in the History pane. If disabled, the browsing history stops saving and is not visible in the History pane. If browsing history exists before this policy was disabled, the previous browsing history remains visible in the History pane. This policy, when disabled, does not stop roaming of existing history or history coming from other roamed devices. + {b83e8959-3270-5d0a-bd8d-83049093f8c1} + True + 1 + + 0 + 1 + + + + + + + Int + AllowSearchEngineCustomization + Allow search engine customization for MDM enrolled devices. Users can change their default search engine. If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge Settings. If this setting is disabled, users will be unable to add search engines or change the default used in the address bar. This policy will only apply on domain joined machines or when the device is MDM enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy). + {4365b54b-6b25-5ed1-b374-cebc6b42ad84} + True + 1 + + 0 + 1 + + + + + + + Int + AllowSearchSuggestionsinAddressBar + This setting lets you decide whether search suggestions should appear in the Address bar of Microsoft Edge. + {8228cde9-2e16-5d39-97eb-f0725b0c3d15} + True + 1 + + 0 + 1 + + + + + + + Int + AllowSideloadingOfExtensions + This setting lets you decide whether employees can sideload extensions in Microsoft Edge. + {bb00b075-6020-593e-a00a-06f516f16d1a} + True + 1 + + 0 + 1 + + + + + + + Int + AllowSmartScreen + This setting lets you decide whether to turn on SmartScreen Filter. + {7f73559b-bbae-5c42-96ab-ba82705dafb7} + True + 1 + + 0 + 1 + + + + + + + Int + AllowTabPreloading + Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed. This policy setting lets you decide whether Microsoft Edge can load the Start and New Tab page during Windows sign in and each time Microsoft Edge is closed. The default for this setting allows preloading. If you allow preloading or don’t configure this policy setting, Microsoft Edge loads the Start and New Tab page during Windows sign in and each time Microsoft Edge is closed; minimizing the amount of time required to start up Microsoft Edge and to start a new tab. If you prevent preloading, Microsoft Edge won’t load the Start or New Tab page during Windows sign in and each time Microsoft Edge is closed. + {054b86b6-dfe3-5dbc-bfc4-5a6562ded43d} + True + 1 + + 0 + 1 + + + + + + + Int + AllowWebContentOnNewTabPage + This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you enable this setting, Microsoft Edge opens a new tab with the New Tab page. If you disable this setting, Microsoft Edge opens a new tab with a blank page. If you use this setting, employees can't change it. If you don't configure this setting, employees can choose how new tabs appears. + {fc185a02-54de-5912-a551-00def478b229} + True + 1 + + 0 + 1 + + + + + + + Int + AlwaysEnableBooksLibrary + Specifies whether the Books Library in Edge will always be visible regardless of the country or region setting for the device. + {e2db9fa3-cbcc-57a3-a7ec-9ed071566d90} + True + 0 + + 0 + 1 + + + + + + + Int + ClearBrowsingDataOnExit + Specifies whether to always clear browsing history on exiting Microsoft Edge. + {bef29e2e-9d34-50d7-bbc5-51257bbefd87} + True + 0 + + 0 + 1 + + + + + + + Text + ConfigureAdditionalSearchEngines + Allows you to add up to 5 additional search engines for MDM-enrolled devices. If this setting is turned on, you can add up to 5 additional search engines for your employee. For each additional search engine you wish to add, you must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. This policy does not affect the default search engine. Employees will not be able to remove these search engines, but they can set any one of these as the default. If this setting is not configured, the search engines are the ones specified in the App settings. If this setting is disabled, the search engines you had added will be deleted from your employee's machine. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. + {b9604199-e114-5668-a0aa-3395068611d8} + True + + + + + + + Int + ConfigureFavoritesBar + The favorites bar shows your user"s links to sites they have added to it. With this policy, you can specify whether to set the favorites bar to always be visible or hidden on any page. If enabled, favorites bar is always visible on any page, and the favorites bar toggle in Settings sets to On, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings. The show bar/hide bar option is hidden from the context menu. If disabled, the favorites bar is hidden, and the favorites bar toggle resets to Off, but disabled preventing your users from making changes. An error message also shows at the top of the Settings pane indicating that your organization manages some settings. If not configured, the favorites bar is hidden but is visible on the Start and New Tab pages, and the favorites bar toggle in Settings sets to Off but is enabled allowing the user to make changes. + {d12b7862-6b22-5ab4-b9aa-576d6907bb5f} + True + + 0 + 1 + + + + + + + Int + ConfigureHomeButton + The Home button loads either the default Start page, the New tab page, or a URL defined in the Set Home Button URL policy. By default, this policy is disabled or not configured and clicking the home button loads the default Start page. When enabled, the home button is locked down preventing your users from making changes in Microsoft Edge"s UI settings. To let your users change the Microsoft Edge UI settings, enable the Unlock Home Button policy. If Enabled AND: - Show home button & set to Start page is selected, clicking the home button loads the Start page. - Show home button & set to New tab page is selected, clicking the home button loads a New tab page. - Show home button & set a specific page is selected, clicking the home button loads the URL specified in the Set Home Button URL policy. - Hide home button is selected, the home button is hidden in Microsoft Edge. Default setting: Disabled or not configured Related policies: - Set Home Button URL - Unlock Home Button + {0179d032-a704-5914-bacb-b50cb0b5208f} + True + 0 + + 0 + 3 + + + + + + + Int + ConfigureKioskMode + Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single app or as one of multiple apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with limited functionality, or normal Microsoft Edge. You need to configure Microsoft Edge in assigned access for this policy to take effect; otherwise, these settings are ignored. To learn more about assigned access and kiosk configuration, see “Configure kiosk and shared devices running Windows desktop editions” (https://aka.ms/E489vw). If set to 0 (Default or not configured): - If it’s a single app, it runs InPrivate full screen for digital signage or interactive displays. - If it’s one of many apps, Microsoft Edge runs as normal. If set to 1: - If it’s a single app, it runs a limited multi-tab version of InPrivate and is the only app available for public browsing. Users can’t minimize, close, or open windows or customize Microsoft Edge, but can clear browsing data and downloads and restart by clicking “End session.” You can configure Microsoft Edge to restart after a period of inactivity by using the “Configure kiosk reset after idle timeout” policy. - If it’s one of many apps, it runs in a limited multi-tab version of InPrivate for public browsing with other apps. Users can minimize, close, and open multiple InPrivate windows, but they can’t customize Microsoft Edge. + {cdb4d25a-5374-559f-beba-61cdca2c91c7} + True + 0 + + 0 + 1 + + + + + + + Int + ConfigureKioskResetAfterIdleTimeout + You can configure Microsoft Edge to reset to the configured start experience after a specified amount of idle time. The reset timer begins after the last user interaction. Resetting to the configured start experience deletes the current user’s browsing data. If enabled, you can set the idle time in minutes (0-1440). You must set the Configure kiosk mode policy to 1 and configure Microsoft Edge in assigned access as a single app for this policy to work. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge resets after 30 seconds. If you set this policy to 0, Microsoft Edge does not use an idle timer. If disabled or not configured, the default value is 5 minutes. If you do not configure Microsoft Edge in assigned access, then this policy does not take effect. + {56af3f1f-6f60-5f2b-ac85-a2d28aaf3aec} + True + 5 + + 0 + 1440 + + + + + + + Int + ConfigureOpenMicrosoftEdgeWith + You can configure Microsoft Edge to lock down the Start page, preventing users from changing or customizing it. If enabled, you can choose one of the following options: - Start page: the Start page loads ignoring the Configure Start Pages policy. - New tab page: the New tab page loads ignoring the Configure Start Pages policy. - Previous pages: all tabs the user had open when Microsoft Edge last closed loads ignoring the Configure Start Pages policy. - A specific page or pages: the URL(s) specified with Configure Start Pages policy load(s). If selected, you must specify at least one URL in Configure Start Pages; otherwise, this policy is ignored. When enabled, and you want to make changes, you must first set the Disable Lockdown of Start Pages to not configured, make the changes to the Configure Open Edge With policy, and then enable the Disable Lockdown of Start Pages policy. If disabled or not configured, and you enable the Disable Lockdown of Start Pages policy, your users can change or customize the Start page. Default setting: A specific page or pages (default) Related policies: -Disable Lockdown of Start Pages -Configure Start Pages + {19558cd2-f4a2-557d-811d-fbed29e9ba40} + True + 3 + + 0 + 3 + + + + + + + Int + ConfigureTelemetryForMicrosoft365Analytics + Configures browsing data sent to Microsoft 365 Analytics for enterprise devices. + {353ace6f-5f0d-5185-9a0a-5651ba0939b0} + True + 0 + + 0 + 3 + + + + + + + Int + DisableLockdownOfStartPages + You can configure Microsoft Edge to disable the lockdown of Start pages allowing users to change or customize their start pages. To do this, you must also enable the Configure Start Pages or Configure Open Microsoft With policy. When enabled, all configured start pages are editable. Any Start page configured using the Configure Start pages policy is not locked down allowing users to edit their Start pages. If disabled or not configured, the Start pages configured in the Configure Start Pages policy cannot be changed and remain locked down. Supported devices: Domain-joined or MDM-enrolled Related policy: - Configure Start Pages - Configure Open Microsoft Edge With + {48eb9ffd-8835-512d-b5a7-d1f9b601c110} + True + 0 + + 0 + 1 + + + + + + + Int + EnableExtendedBooksTelemetry + This setting allows organizations to send extended telemetry on book usage from the Books Library. + {bb2656a9-2a4f-5072-8b1c-a59fa5aefff7} + True + 0 + + 0 + 1 + + + + + + + Text + EnterpriseModeSiteList + This setting lets you configure whether your company uses Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy websites. + {86950b84-104b-5e73-9369-cafebc74f878} + True + + + + + + + Text + EnterpriseSiteListServiceUrl + + {c4183706-92ff-56e9-839e-feb06fe759e5} + True + + + + + + + Text + HomePages + When you enable the Configure Open Microsoft Edge With policy, you can configure one or more Start pages. When you enable this policy, users are not allowed to make changes to their Start pages. If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format: <support.contoso.com><support.microsoft.com> If disabled or not configured, the webpages specified in App settings loads as the default Start pages. Version 1703 or later: If you do not want to send traffic to Microsoft, enable this policy and use the <about:blank> value, which honors domain- and non-domain-joined devices, when it is the only configured URL. Version 1809: If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy. Supported devices: Domain-joined or MDM-enrolled Related policy: - Configure Open Microsoft Edge With - Disable Lockdown of Start Pages + {e59c88f4-c68e-50ee-98bd-39a4da057ace} + True + + + + + + + Int + LockdownFavorites + This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge. If you enable this setting, employees won"t be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off. Important Don"t enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. If you disable or don"t configure this setting (default), employees can add, import and make changes to the Favorites list. + {e912e770-aeae-58e4-ba40-e169d7909d74} + True + 0 + + 0 + 1 + + + + + + + Int + PreventAccessToAboutFlagsInMicrosoftEdge + Prevent access to the about:flags page in Microsoft Edge. + {73aa4fcf-5624-504f-8ae2-6b758e0181c6} + True + 0 + + 0 + 1 + + + + + + + Int + PreventCertErrorOverrides + Web security certificates are used to ensure a site your users go to is legitimate, and in some circumstances encrypts the data. With this policy, you can specify whether to prevent users from bypassing the security warning to sites that have SSL errors. If enabled, overriding certificate errors are not allowed. If disabled or not configured, overriding certificate errors are allowed. + {6b63494d-98e6-5841-9931-7d564479c361} + True + 0 + + 0 + 1 + + + + + + + Int + PreventFirstRunPage + Specifies whether the First Run webpage is prevented from automatically opening on the first launch of Microsoft Edge. This policy is only available for Windows 10 version 1703 or later for desktop. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. + {13a706fe-24a5-5633-acea-91b72e5fa5e9} + True + 0 + + 0 + 1 + + + + + + + Int + PreventLiveTileDataCollection + This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to provide a better experience while pinning a Live Tile to the Start menu. This policy is only available for Windows 10 version 1703 or later, on desktop and mobile. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. + {b7683965-4407-5bca-895c-f2cbc18cd9eb} + True + 0 + + 0 + 1 + + + + + + + Int + PreventSmartScreenPromptOverride + Don't allow SmartScreen Filter warning overrides + {8cf45e2e-8029-562f-9cba-2f6cdd8bb301} + True + 0 + + 0 + 1 + + + + + + + Int + PreventSmartScreenPromptOverrideForFiles + Don't allow SmartScreen Filter warning overrides for unverified files. + {548d7ce2-1202-55d5-8570-fde5fecd0e31} + True + 0 + + 0 + 1 + + + + + + + Text + PreventTurningOffRequiredExtensions + You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension. When enabled, removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension. If disabled or not configured, extensions defined as part of this policy get ignored. Default setting: Disabled or not configured Related policies: Allow Developer Tools Related Documents: - Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn) - How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business) - How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy) - Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business) - How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows) + {f73ebfa2-9e61-5369-9d4d-3b7a2c36e4bc} + True + + + + + + + Int + PreventUsingLocalHostIPAddressForWebRTC + Prevent using localhost IP address for WebRTC + {b6a31f00-6a67-5e94-869e-30f3f07533aa} + True + 0 + + 0 + 1 + + + + + + + Text + ProvisionFavorites + This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites. If you enable this setting, you can set favorite URL"s and favorite folders to appear on top of users" favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites. Important Don"t enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. If you disable or don"t configure this setting, employees will see the favorites they set in the Hub and Favorites Bar. + {3674f639-08fb-55b7-83fe-92b8edfb35a8} + True + + + + + + + Int + SendIntranetTraffictoInternetExplorer + Sends all intranet traffic over to Internet Explorer. + {fc231979-5fcd-5874-b066-cfae48c8e5ec} + True + 0 + + 0 + 1 + + + + + + + Text + SetDefaultSearchEngine + Sets the default search engine for MDM-enrolled devices. Users can still change their default search engine. If this setting is turned on, you are setting the default search engine that you would like your employees to use. Employees can still change the default search engine, unless you apply the AllowSearchEngineCustomization policy which will disable the ability to change it. You must specify a link to the OpenSearch XML file that contains, at minimum, the short name and the URL to the search engine. If you would like for your employees to use the Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; if you would like for your employees to use Bing as the default search engine, set the string EDGEBING. If this setting is not configured, the default search engine is set to the one specified in App settings and can be changed by your employees. If this setting is disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market. Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on domain-joined machines or when the device is MDM-enrolled. + {a4b8ee08-1a0a-57fb-a07c-f98aa82b9bd9} + True + + + + + + + Text + SetHomeButtonURL + The home button can be configured to load a custom URL when your user clicks the home button. If enabled, or configured, and the Configure Home Button policy is enabled, and the Show home button & set a specific page is selected, a custom URL loads when your user clicks the home button. Default setting: Blank or not configured Related policy: Configure Home Button + {4eb1eaf7-a00b-568e-b97e-fbaba7c53651} + True + + + + + + + Text + SetNewTabPageURL + You can set the default New Tab page URL in Microsoft Edge. Enabling this policy prevents your users from changing the New tab page setting. When enabled and the Allow web content on New Tab page policy is disabled, Microsoft Edge ignores the URL specified in this policy and opens about:blank. If enabled, you can set the default New Tab page URL. If disabled or not configured, the default Microsoft Edge new tab page is used. Default setting: Disabled or not configured Related policy: Allow web content on New Tab page + {6b42d452-4012-50ef-8bae-b30108e8594e} + True + + + + + + + Int + ShowMessageWhenOpeningSitesInInternetExplorer + You can configure Microsoft Edge to open a site automatically in Internet Explorer 11 and choose to display a notification before the site opens. If you want to display a notification, you must enable Configure the Enterprise Mode Site List or Send all intranets sites to Internet Explorer 11 or both. If enabled, the notification appears on a new page. If you want users to continue in Microsoft Edge, select the Show Keep going in Microsoft Edge option from the drop-down list under Options. If disabled or not configured, the default app behavior occurs and no additional page displays. Default setting: Disabled or not configured Related policies: -Configure the Enterprise Mode Site List -Send all intranet sites to Internet Explorer 11 + {0ab86a80-9189-5809-a643-a2deda6eabce} + True + 0 + + 0 + 2 + + + + + + + Int + SyncFavoritesBetweenIEAndMicrosoftEdge + Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering. + {9104caed-630e-52e5-a4bb-c40e6fde68c8} + True + 0 + + 0 + 1 + + + + + + + Int + UnlockHomeButton + By default, when enabling Configure Home Button or Set Home Button URL, the home button is locked down to prevent your users from changing what page loads when clicking the home button. Use this policy to let users change the home button even when Configure Home Button or Set Home Button URL are enabled. If enabled, the UI settings for the home button are enabled allowing your users to make changes, including hiding and showing the home button as well as configuring a custom URL. If disabled or not configured, the UI settings for the home button are disabled preventing your users from making changes. Default setting: Disabled or not configured Related policy: -Configure Home Button -Set Home Button URL + {0e49c35c-dd94-5d62-adea-43c2fc430e61} + True + 0 + + 0 + 1 + + + + + + + Int + UseSharedFolderForBooks + This setting specifies whether organizations should use a folder shared across users to store books from the Books Library. + {435cf53e-0c52-5616-881e-16973c47cb90} + True + 0 + + 0 + 1 + + + + + + + Tree + Camera + + {794d7876-b043-538e-80ba-56ecfa44980c} + False + + + + + + Int + AllowCamera + + {eb750756-0849-5734-874a-1346fcdf1448} + True + 1 + + 0 + 1 + + + + + + + Tree + Connectivity + + {773db17b-5373-5b1f-b6b9-c37584dc8d3e} + False + + + + + + Int + AllowBluetooth + + {dcd1e00c-1fbb-517b-aca8-3ed45271d60b} + True + 2 + + + + + + + Int + AllowCellularData + + {8c758c4f-ed17-53cf-9984-8d2d933c3267} + True + 1 + + 0 + 2 + + + + + + + Int + AllowCellularDataRoaming + + {8542901c-b23a-546e-8477-e01b83e33dad} + True + 1 + + 0 + 2 + + + + + + + Int + AllowConnectedDevices + + {55663188-4700-5a6c-9090-667d5c8d17aa} + True + 1 + + 0 + 1 + + + + + + + Int + AllowVPNOverCellular + + {204b591a-4ceb-5dae-9913-823a34999ceb} + True + 1 + + 0 + 1 + + + + + + + Int + AllowVPNRoamingOverCellular + + {bd04dd62-7e61-5fba-978f-2d95e38628cf} + True + 1 + + 0 + 1 + + + + + + + Bool + HideCellularConnectionMode + Option to hide the checkbox that lets the user change their connection mode. Default: checkbox is show + {e2c64062-4d6c-5b3d-b2a4-4baee50ccac9} + True + False + + + + + + + Bool + HideCellularRoamingOption + Option to hide the dropdown menu that lets the user change their roaming preferences. Default: dropdown menu is show + {02812dba-8d46-5ff1-9c64-18574e26d223} + True + False + + + + + + + Tree + CredentialProviders + + {45193df2-e88d-5d28-ab75-d5063645c812} + False + + + + + + Text + AllowPINLogon + This policy setting allows you to control whether a domain user can sign in using a convenience PIN. If you enable this policy setting, a domain user can set up and sign in with a convenience PIN. If you disable or don"t configure this policy setting, a domain user can"t set up and use a convenience PIN. Note: The user"s domain password will be cached in the system vault when using this feature. To configure Windows Hello for Business, use the Administrative Template policies under Windows Hello for Business. + {f81153af-649e-54fd-92ea-67f2f60d9243} + True + + + + + + + Int + DisableAutomaticReDeploymentCredentials + + {61dba093-e338-5a1a-9521-e356ae8d8554} + True + 1 + + 0 + 1 + + + + + + + Tree + Cryptography + + {93bd7472-3ab4-51b9-b32b-8d10f3720018} + False + + + + + + Int + AllowFipsAlgorithmPolicy + + {e118ad26-0165-5337-9bd4-b4e925951093} + True + 0 + + 0 + 1 + + + + + + + Text + TLSCipherSuites + + {84995ce1-db5f-573a-96af-0db66fe64088} + True + + + + + + + Tree + Defender + + {4415716a-bb90-5316-baa8-3acc71972595} + False + + + + + + Int + AllowArchiveScanning + + {3c386586-4a3c-599c-8d05-1cd40150d4b7} + True + 1 + + 0 + 1 + + + + + + + Int + AllowBehaviorMonitoring + + {35a15f19-90a3-5c24-8649-2fb04873ed40} + True + 1 + + 0 + 1 + + + + + + + Int + AllowCloudProtection + + {c5a99bbd-0b0d-5a50-b499-fbb666a11e93} + True + 1 + + 0 + 1 + + + + + + + Int + AllowEmailScanning + + {3476f199-ffec-5252-a8db-addb53e14459} + True + 0 + + 0 + 1 + + + + + + + Int + AllowFullScanOnMappedNetworkDrives + + {476da881-39ae-5370-8ec2-f25f6859782c} + True + 0 + + 0 + 1 + + + + + + + Int + AllowFullScanRemovableDriveScanning + + {f7528e50-9ac5-5370-847e-094b13ba0267} + True + 1 + + 0 + 1 + + + + + + + Int + AllowIntrusionPreventionSystem + + {0b2af375-a757-585c-8998-a7563556319a} + True + 1 + + 0 + 1 + + + + + + + Int + AllowIOAVProtection + + {0f6ff513-3e68-5ba2-ab64-e4db7632afed} + True + 1 + + 0 + 1 + + + + + + + Int + AllowOnAccessProtection + + {4ccc58a3-5851-5b77-82d7-a0537504469b} + True + 1 + + 0 + 1 + + + + + + + Int + AllowRealtimeMonitoring + + {81477dd0-40f6-50f9-a4e3-61b30bbf627b} + True + 1 + + 0 + 1 + + + + + + + Int + AllowScanningNetworkFiles + + {7951a758-5b46-561d-962f-7a4d2928e39e} + True + 0 + + 0 + 1 + + + + + + + Int + AllowScriptScanning + + {9c91fb26-86b3-5813-8bab-fa26eb05a15c} + True + 1 + + 0 + 1 + + + + + + + Int + AllowUserUIAccess + + {2f92d6ab-e47b-5eb1-bebd-96333ad64c01} + True + 1 + + 0 + 1 + + + + + + + Int + AvgCPULoadFactor + + {cf8ca47b-1ff0-547a-b2d0-02730fbdcd95} + True + 50 + + 0 + 100 + + + + + + + Int + DaysToRetainCleanedMalware + + {ac26edc0-a4ed-52b1-85bb-63042af0e69d} + True + 0 + + 0 + 90 + + + + + + + Text + ExcludedExtensions + + {b908657a-9c69-5e73-bc34-c99f1352b6a9} + True + + + + + + + Text + ExcludedPaths + + {7aa9e559-ab7e-5dc2-a237-670eea2f8419} + True + + + + + + + Text + ExcludedProcesses + + {9f25031e-0daa-55a6-918f-3d2deb8d7a85} + True + + + + + + + Int + RealTimeScanDirection + + {fddf371d-d629-51d7-bf85-a30a567cbbf3} + True + 0 + + 0 + 2 + + + + + + + Int + ScanParameter + + {a637c3ef-8cf4-51ad-b486-b2ba386694dc} + True + 1 + + 1 + 2 + + + + + + + Int + ScheduleQuickScanTime + + {2d2b780a-64e6-5be1-acdd-2e9c9890c11c} + True + 120 + + 0 + 1380 + + + + + + + Int + ScheduleScanDay + + {096b371d-4690-5a47-9d29-84d8496a643b} + True + 0 + + 0 + 8 + + + + + + + Int + ScheduleScanTime + + {5a48625d-d774-5132-9198-8e81b8562606} + True + 120 + + 0 + 1380 + + + + + + + Int + SignatureUpdateInterval + + {a7ce7b35-399f-5e59-9757-b7b3d67d912c} + True + 8 + + 0 + 24 + + + + + + + Int + SubmitSamplesConsent + + {a7c5ddb7-b601-5c96-be26-24015c4983d7} + True + 1 + + 0 + 3 + + + + + + + Text + ThreatSeverityDefaultAction + + {e879516a-7b3c-534d-852f-6a6a79103206} + True + + + + + + + Tree + DeliveryOptimization + + {a8897f6c-9a82-5eaf-a527-05bc85541cd7} + False + + + + + + Int + DOAbsoluteMaxCacheSize + + {ef0e3773-d4dd-5760-ad4a-18f8d0228916} + True + 10 + + 0 + + + + + + + Int + DOAllowVPNPeerCaching + + {1870a0fd-7cd9-5bfd-b693-2deabc2923f5} + True + 0 + + 0 + 1 + + + + + + + Text + DOCacheHost + This policy allows you to set one or more Microsoft Connected Cache servers that will be used by your client(s). + {bcd317cb-d1c1-56bb-896e-9100fd552255} + True + + + + + + + Int + DOCacheHostSource + This policy allows you to specify how clients can discover Microsoft Connected Cache servers dynamically. + {ef1c7aa6-f23a-5e24-9a44-aa46dfac0003} + True + 0 + + 0 + 2 + + + + + + + Int + DODelayBackgroundDownloadFromHttp + + {c9329840-f158-5fbf-af18-772baf2a9197} + True + 0 + + 0 + + + + + + + Int + DODelayCacheServerFallbackBackground + Specifies the time in seconds to delay the fallback from Cache Server to the HTTP source for a background content download. Note that the DODelayBackgroundDownloadFromHttp policy takes precedence over this policy to allow downloads from peers first. + {9f63293c-4da8-5b50-a4f8-9260420ba090} + True + 0 + + 0 + + + + + + + Int + DODelayCacheServerFallbackForeground + Specifies the time in seconds to delay the fallback from Cache Server to the HTTP source for foreground content download. Note that the DODelayForegroundDownloadFromHttp policy takes precedence over this policy to allow downloads from peers first. + {5cfe9550-7148-5e0c-8666-ee4762c8d9c0} + True + 0 + + 0 + + + + + + + Int + DODelayForegroundDownloadFromHttp + + {8781f6f4-f8c5-5714-b7b8-7ef3ae16fe33} + True + 0 + + 0 + + + + + + + Int + DODownloadMode + + {6d29f7cf-251e-5030-8120-b48cb170ddbe} + True + 1 + + + + + + + Text + DOGroupId + + {574fdf62-b97e-508b-b65a-267e4d28667d} + True + + + + + + + Int + DOGroupIdSource + + {a49caff9-bfaa-5bf9-89dc-0ea228bc1227} + True + 0 + + 0 + 4 + + + + + + + Int + DOMaxBackgroundDownloadBandwidth + + {c37707b3-0fbd-5b72-afb7-f2e50def83d6} + True + 0 + + 0 + + + + + + + Int + DOMaxCacheAge + + {cd71c0d1-d45e-5569-8755-c86a4ce60f06} + True + 259200 + + 0 + + + + + + + Int + DOMaxCacheSize + + {bf0f5f9f-dd4c-5016-9c1e-75d6966d04cc} + True + 20 + + 0 + 100 + + + + + + + Int + DOMaxForegroundDownloadBandwidth + + {f8110c0d-b097-5577-8b4c-b5240b44ad42} + True + 0 + + 0 + + + + + + + Int + DOMinBackgroundQos + + {2d0423fa-ae4c-5d23-acfa-a50db804b994} + True + 500 + + 1 + + + + + + + Int + DOMinBatteryPercentageAllowedToUpload + + {dd542f38-41a6-58fa-a7c5-a0cc404120aa} + True + 100 + + 0 + 100 + + + + + + + Int + DOMinDiskSizeAllowedToPeer + + {42ad1767-58a9-5118-96db-f76df5ef951b} + True + 32 + + 1 + 100000 + + + + + + + Int + DOMinFileSizeToCache + + {b3368251-1887-5fd8-b65b-140c521c6c57} + True + 100 + + 1 + 100000 + + + + + + + Int + DOMinRAMAllowedToPeer + + {3d313634-31f2-566e-bacd-f6d7b4b2a9d7} + True + 4 + + 1 + 100000 + + + + + + + Text + DOModifyCacheDrive + + {3f6d4795-efa0-51ad-8623-59b48138c8c0} + True + + 2 + 2 + ([a-z]|[A-Z]): + + + + + + + Int + DOMonthlyUploadDataCap + + {ab8bdb14-d2e9-500a-a168-2960cec18e59} + True + 20 + + 0 + + + + + + + Int + DOPercentageMaxBackgroundBandwidth + + {3d6184f6-9394-5aaf-8918-2d34ba968559} + True + 0 + + 0 + 100 + + + + + + + Int + DOPercentageMaxForegroundBandwidth + + {9d9613c8-2201-540a-ba98-6de75b225f71} + True + 0 + + 0 + 100 + + + + + + + Int + DORestrictPeerSelectionBy + + {3710f1ac-25f4-525f-b4ed-058017748436} + True + 0 + + 0 + 2 + + + + + + + Text + DOSetHoursToLimitBackgroundDownloadBandwidth + This setting specifies the XML representation of the maximum background download bandwidth, that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. + {23facb39-7242-51a2-adc8-f90c79f5337c} + True + + + + + + + Text + DOSetHoursToLimitForegroundDownloadBandwidth + This setting specifies the XML representation of the maximum foreground download bandwidth, that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. + {f4d50396-0511-5072-ae6a-697e9662ad60} + True + + + + + + + Tree + DeviceGuard + + {9c77c04c-05d2-5c8b-86ec-1ee8eb701488} + False + + + + + + Int + ConfigureSystemGuardLaunch + + {c998e059-905c-5e2c-89e8-e88bf4902b79} + True + 0 + + + + + + + Int + EnableVirtualizationBasedSecurity + Turns On Virtualization Based Security(VBS) + {c19ad10e-4a7b-5d2a-b8ad-4067d807dad1} + True + 0 + + 0 + 1 + + + + + + + Int + LsaCfgFlags + CredentialGuard Configuration + {d38661eb-9c12-51e6-865b-08dc27a7dae4} + True + 0 + + 0 + 2 + + + + + + + Int + RequirePlatformSecurityFeatures + Select Platform Security Level + {686bd417-0f5c-51ac-9541-77c0a7382d07} + True + 1 + + 1 + 3 + + + + + + + Tree + DeviceLock + + {143cde79-d8bf-5624-a8d4-42850f4665c7} + False + + + + + + Int + AllowSimpleDevicePassword + + {3787931c-40e1-559e-b456-586610ce5683} + True + 1 + + 0 + 1 + + + + + + + Int + AlphanumericDevicePasswordRequired + + {33a9452d-d701-5d83-a418-26e46ede5ccb} + True + 2 + + 0 + 2 + + + + + + + Int + DevicePasswordEnabled + + {8aa3d5ca-4a8b-5d03-ae05-00d6533ffa85} + True + 1 + + 0 + 1 + + + + + + + Int + DevicePasswordExpiration + An integer value specifying the number of days before password expiration. + {87cfbffa-cfc2-54bb-8868-af1e5f1fde0a} + True + 0 + + 0 + 730 + + + + + + + Int + DevicePasswordHistory + An integer value specifying the number of passwords stored in history that can"t be reused. + {95c8b08e-6817-533e-837d-5e1fb8fc5a03} + True + 0 + + 0 + 50 + + + + + + + Int + MaxDevicePasswordFailedAttempts + An integer value that specifies the number of authentication failures allowed before the phone will be wiped. + {1924e40c-b95c-5cae-aa83-fe65ff62494b} + True + 0 + + 0 + 999 + + + + + + + Int + MaxInactivityTimeDeviceLock + An integer value that specifies the amount of time (in minutes) that the phone can remain idle before it is password locked. + {866996c9-008b-5224-b773-3eb24de5b679} + True + 0 + + 0 + 999 + + + + + + + Int + MinDevicePasswordComplexCharacters + An integer value that specifies the number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong password. + {80ae93e1-c1be-558c-a474-886e4f451e88} + True + 1 + + 1 + 4 + + + + + + + Int + MinDevicePasswordLength + An integer value that specifies the minimum number of characters required in the PIN. + {9c544c0a-ae3e-5fd0-8c3e-5047a8349f21} + True + 4 + + 4 + 18 + + + + + + + Text + PreventLockScreenSlideShow + This policy disables the lock screen slide show settings in PC Settings and prevents a slide show from playing on the lock screen. + {5cd0bf45-f396-561c-ad5c-5b7dc18295b5} + True + + + + + + + Tree + DeviceManagement + + {97994663-3a96-55f4-b3fb-a36e48354231} + False + + + + + + Int + DisableMDMEnrollment + + {0d75344b-a672-5b96-8c38-ca99c72b2e52} + True + 0 + + 0 + 1 + + + + + + + Tree + DmaGuard + + {b340a660-5853-50fc-9f33-3bdb21de00ba} + False + + + + + + Int + DeviceEnumerationPolicy + Allows IT admins to provide additional security against external DMA capable devices The following list shows the supported values: 0 - Block all (Most restrictive): Devices with DMA remapping compatible drivers will be allowed to enumerate at any time. Devices with DMA remapping incompatible drivers will never be allowed to start and perform DMA at any time. 1- Only after log in/screen unlock (Default): Devices with DMA remapping compatible drivers will be allowed to enumerate at any time. Devices with DMA remapping incompatible drivers will only be enumerated after the user unlocks the screen 2 - Allow all (Least restrictive): All external DMA capable PCIe devices will be enumerated at any time + {7360337d-90be-57ad-8780-835b1c0e1dee} + True + 1 + + + + + + + Tree + Eap + + {f8e81db1-898f-5115-b128-9cfd152f0bfe} + False + + + + + + Int + AllowTLS1_3 + Added in Windows 10, version 21H1. Allow or disallow use of TLS 1.3 during EAP client authentication. + {0607cec8-baba-5ea8-9e73-fddb787b0687} + True + 1 + + 0 + 1 + + + + + + + Tree + Experience + + {a884c9e4-132f-5a59-ae8c-ed1f64706673} + False + + + + + + Int + AllowCortana + + {a6039d0d-1257-5c1e-a086-b017b4b9cbeb} + True + 1 + + 0 + 1 + + + + + + + Int + AllowDeviceDiscovery + + {b3efd17f-d7e4-5275-9102-b2773ff5a653} + True + 1 + + 0 + 1 + + + + + + + Int + AllowFindMyDevice + + {65dc16e6-9d20-51a5-b61d-ff2f08413a9f} + True + 1 + + 0 + 1 + + + + + + + Int + AllowManualMDMUnenrollment + + {b47d1a26-4b61-5850-aac6-6102d6d8edea} + True + 1 + + 0 + 1 + + + + + + + Int + AllowSyncMySettings + + {3cb6cc41-c293-56e5-a594-fd9aaeb29dac} + True + 1 + + 0 + 1 + + + + + + + Int + AllowTailoredExperiencesWithDiagnosticData + + {a16ec13f-6efa-54f8-96e5-c5b8e0e3b81e} + True + 1 + + 0 + 1 + + + + + + + Int + AllowThirdPartySuggestionsInWindowsSpotlight + + {d94bf573-a9bb-5a97-98c4-a96f63eb9d11} + True + 1 + + 0 + 1 + + + + + + + Int + AllowWindowsConsumerFeatures + + {16aee675-7b00-5e79-946c-1058c82bad0e} + True + 1 + + 0 + 1 + + + + + + + Int + AllowWindowsSpotlight + + {0ff7a66b-ef35-57c2-a249-16af52560375} + True + 1 + + 0 + 1 + + + + + + + Int + AllowWindowsSpotlightOnActionCenter + + {0aee1830-645a-5e59-b3f9-ddccd83aacd9} + True + 1 + + 0 + 1 + + + + + + + Int + AllowWindowsSpotlightWindowsWelcomeExperience + + {067c1b76-4656-51bf-b052-acd841dcb451} + True + 1 + + 0 + 1 + + + + + + + Int + AllowWindowsTips + + {6bd3dcce-1591-5de1-a757-5a54d5bc752c} + True + 1 + + 0 + 1 + + + + + + + Int + ConfigureWindowsSpotlightOnLockScreen + + {241ad486-8562-5697-828d-a7d9dccd75c4} + True + 1 + + 0 + 3 + + + + + + + Int + DoNotShowFeedbackNotifications + This policy setting allows an organization to prevent its devices from showing feedback questions from Microsoft. If you enable this policy setting, users will no longer see feedback notifications through the Windows Feedback app. If you disable or do not configure this policy setting, users may see notifications through the Windows Feedback app asking users for feedback. Note: If you disable or do not configure this policy setting, users can control how often they receive feedback questions. + {03f480c4-36e5-5646-9772-9a57758d2603} + True + 0 + + 0 + 1 + + + + + + + Int + ShowLockOnUserTile + Shows or hides lock from the user tile menu. If you enable this policy setting, the lock option will be shown in the User Tile menu. If you disable this policy setting, the lock option will never be shown in the User Tile menu. If you do not configure this policy setting, users will be able to choose whether they want lock to show through the Power Options Control Panel. + {500429dd-88d5-5ddd-8320-60b32ae5a046} + True + 1 + + 0 + 1 + + + + + + + Tree + ExploitGuard + + {4cf0f2cb-52e1-5088-944a-dab99c4cffb9} + False + + + + + + Text + ExploitProtectionSettings + Specify a common set of Microsoft Defender Exploit Guard system and application mitigation settings that can be applied to all endpoints that have this GP setting configured. There are some prerequisites before you can enable this setting: - Manually configure a device"s system and application mitigation settings using the Set-ProcessMitigation PowerShell cmdlet, the ConvertTo-ProcessMitigationPolicy PowerShell cmdlet, or directly in Windows Security. - Generate an XML file with the settings from the device by running the Get-ProcessMitigation PowerShell cmdlet or using the Export button at the bottom of the Exploit Protection area in Windows Security. - Place the generated XML file in a shared or local path. Note: Endpoints that have this GP setting set to Enabled must be able to access the XML file, otherwise the settings will not be applied. Enabled Specify the location of the XML file in the Options section. You can use a local (or mapped) path, a UNC path, or a URL, such as the following: - C:\MitigationSettings\Config.XML - \\Server\Share\Config.xml - https://localhost:8080/Config.xml The settings in the XML file will be applied to the endpoint. Disabled Common settings will not be applied, and the locally configured settings will be used instead. Not configured Same as Disabled. + {0c7ddd31-72df-52aa-aeaf-5ee62ab1eaab} + True + + + + + + + Tree + FileExplorer + + {a96c2aa1-6199-5ee8-bfb9-933ab85918f3} + False + + + + + + Int + AllowOptionToShowNetwork + When the Network folder is restricted, give the user the option to enumerate and navigate into it. + {71b8286d-cf20-5694-b723-c0ed3e6c1083} + True + 0 + + 0 + 1 + + + + + + + Int + AllowOptionToShowThisPC + When This PC location is restricted, give the user the option to enumerate and navigate into it. + {e5c79afe-b126-5772-9718-bcce1be96957} + True + 0 + + 0 + 1 + + + + + + + Int + SetAllowedFolderLocations + Configure what folder locations are shown in File Explorer. If not specified, the default is access to all folder locations. + {671dfc9d-46a5-5b4e-9e67-58bea9b26ebd} + True + 0 + + 0 + 63 + + + + + + + Int + SetAllowedStorageLocations + Configure what storage locations are shown in File Explorer. If not specified, the default is access to all storage locations. + {4f553029-4569-508e-bebf-c8f1856c3b43} + True + 0 + + 0 + 7 + + + + + + + Tree + Games + + {bf3d1707-5525-5328-b279-906c8906623a} + False + + + + + + Int + AllowAdvancedGamingServices + Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services. + {9403e2a9-6722-53b5-afed-13514f858410} + True + 1 + + 0 + 1 + + + + + + + Tree + KioskBrowser + + {63d669d2-ba84-570a-a16b-b4dd22ca624b} + False + + + + + + Text + BlockedUrlExceptions + List of blocked website URLs exceptions (with wildcard support). This is used to configure allowed URLs kiosk browsers can navigate to. + {0d4d5aa1-0ac6-52ab-ac30-47df36015f51} + True + + + + + + + Text + BlockedUrls + List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers can not navigate to. + {da942afe-5560-5253-9707-54ef48663983} + True + + + + + + + Text + DefaultUrl + Configures the default URL kiosk browsers navigate to on launch. + {98e5d179-5d48-5abb-90ff-62017e86a49a} + True + + + + + + + Int + EnableEndSessionButton + Enable/disable kiosk browser"s end session button. + {6ce27eca-e9c4-5fb4-bc66-faeaa8d97e56} + True + 0 + + 0 + 1 + + + + + + + Int + EnableHomeButton + Enable/disable kiosk browser"s home button. + {17c54c48-b283-56ba-a3c1-a7c0fec2389d} + True + 0 + + 0 + 1 + + + + + + + Int + EnableNavigationButtons + Enable/disable kiosk browser"s navigation buttons (forward/back). + {62bcc996-c497-5ef3-8239-9fd73f3d9e2c} + True + 0 + + 0 + 1 + + + + + + + Int + RestartOnIdleTime + Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. + {1309a68a-9b97-54e1-a5a9-1dcfaf46e7f6} + True + 0 + + 1 + 1440 + + + + + + + Tree + LocalPoliciesSecurityOptions + + {9950979d-3251-5326-95a0-e6202bfd5554} + False + + + + + + Int + InteractiveLogon_DoNotDisplayLastSignedIn + This security setting determines whether the Windows sign-in screen will show the username of the last person who signed in on this PC. If this policy is enabled, the username will not be shown. If this policy is disabled, the username will be shown. Default: Disabled. + {386ceccd-925f-5263-a6e0-bd48a63bc9d8} + True + 0 + + 0 + 1 + + + + + + + Int + Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn + This security setting determines whether a computer can be shut down without having to log on to Windows. When this policy is enabled, the Shut Down command is available on the Windows logon screen. When this policy is disabled, the option to shut down the computer does not appear on the Windows logon screen. In this case, users must be able to log on to the computer successfully and have the Shut down the system user right before they can perform a system shutdown. Default on workstations: Enabled. Default on servers: Disabled. + {48e73d7a-c8a7-55d8-aa7e-0a2433596faa} + True + 1 + + 0 + 1 + + + + + + + Int + UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers + This policy setting controls the behavior of the elevation prompt for standard users. The options are: • Prompt for credentials: (Default) When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. • Automatically deny elevation requests: When an operation requires elevation of privilege, a configurable access denied error message is displayed. An enterprise that is running desktops as standard user may choose this setting to reduce help desk calls. • Prompt for credentials on the secure desktop: When an operation requires elevation of privilege, the user is prompted on the secure desktop to enter a different user name and password. If the user enters valid credentials, the operation continues with the applicable privilege. + {df01bce1-bd7e-5876-ab1c-77d85582b235} + True + 3 + + + + + + + Tree + Location + + {039d1b57-eaf5-50d0-b528-3e2728386492} + False + + + + + + Int + EnableLocation + + {a6294a22-e4db-5202-b4fd-782512120e92} + True + 0 + + 0 + 1 + + + + + + + Tree + MemoryDump + + {883c5266-6b64-5f6f-bc55-01c9802c9bca} + False + + + + + + Int + AllowCrashDump + This policy setting decides if crash dump collection on the machine is allowed or not. Supported values: 0 - Disable crash dump collection. 1 (default) - Allow crash dump collection. + {20629170-155f-5382-9d73-4f9d033de64e} + True + 1 + + 0 + 1 + + + + + + + Int + AllowLiveDump + This policy setting decides if live dump collection on the machine is allowed or not. Supported values: 0 - Disable live dump collection. 1 (default) - Allow live dump collection. + {8e57588f-c335-5873-bee1-b4c7e513df1a} + True + 1 + + 0 + 1 + + + + + + + Tree + Power + + {b84d6bff-b411-59bf-be07-b6d84e7745c9} + False + + + + + + Int + AllowHibernate + This policy setting decides if hibernate on the machine is allowed or not. Supported values: 0 – Disable hibernate. 1 (default) - Allow hibernate. + {a2daddc7-8c10-5ac1-868b-92cc3f4bf851} + True + 1 + + 0 + 1 + + + + + + + Text + AllowStandbyStatesWhenSleepingOnBattery + This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state. If you enable or do not configure this policy setting, Windows uses standby states to put the computer in a sleep state. If you disable this policy setting, standby states (S1-S3) are not allowed. + {cecb6994-d3a0-52a2-a5f3-028a034d8ccb} + True + + + + + + + Text + AllowStandbyWhenSleepingPluggedIn + This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state. If you enable or do not configure this policy setting, Windows uses standby states to put the computer in a sleep state. If you disable this policy setting, standby states (S1-S3) are not allowed. + {111b26b4-c0ff-5795-aedb-0ed4a2613e25} + True + + + + + + + Text + DisplayOffTimeoutOnBattery + This policy setting allows you to specify the period of inactivity before Windows turns off the display. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. If you disable or do not configure this policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. For example, set the value to <enabled/><data id="EnterVideoDCPowerDownTimeOut" value="300"/> to enable this policy, <disabled/> to disable it. + {eed8192e-9c4c-5c6f-894b-9464507d49aa} + True + + + + + + + Text + DisplayOffTimeoutPluggedIn + This policy setting allows you to specify the period of inactivity before Windows turns off the display. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. If you disable or do not configure this policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. For example, set the value to <enabled/><data id="EnterVideoACPowerDownTimeOut" value="300"/> to enable this policy, <disabled/> to disable it. + {29362ca9-5709-5d6a-8d82-5b2a91eab2ce} + True + + + + + + + Int + EnergySaverBatteryThresholdOnBattery + This policy setting allows you to specify battery charge level at which Energy Saver is turned on. If you enable this policy setting, you must provide a percent value, indicating the battery charge level. Energy Saver will be automatically turned on at (and below) the specified level. If you disable or do not configure this policy setting, users control this setting. + {d78a6744-30ce-5317-8e36-3009bc04282e} + True + + 0 + 100 + + + + + + + Int + EnergySaverBatteryThresholdPluggedIn + This policy setting allows you to specify battery charge level at which Energy Saver is turned on. If you enable this policy setting, you must provide a percent value, indicating the battery charge level. Energy Saver will be automatically turned on at (and below) the specified level. If you disable or do not configure this policy setting, users control this setting. + {dee8a499-95dd-56a8-8eed-5ef50c661253} + True + + 0 + 100 + + + + + + + Text + HibernateTimeoutOnBattery + This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate. If you disable or do not configure this policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. For example, set the value to <enabled/><data id="EnterDCHibernateTimeOut" value="300"/> to enable this policy, <disabled/> to disable it. + {20b0bf03-701c-52e8-852e-99f681783607} + True + + + + + + + Text + HibernateTimeoutPluggedIn + This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate. If you disable or do not configure this policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. For example, set the value to <enabled/><data id="EnterACHibernateTimeOut" value="300"/> to enable this policy, <disabled/> to disable it. + {24170149-3f1e-5204-870a-83fa8cf66b1c} + True + + + + + + + Text + RequirePasswordWhenComputerWakesOnBattery + This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep. If you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep. If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep. + {7ddda626-60ba-5c22-82c1-86a1fa2a29ff} + True + + + + + + + Text + RequirePasswordWhenComputerWakesPluggedIn + This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep. If you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep. If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep. + {c241b9e8-2a99-5612-9cca-2d99cfdc8c85} + True + + + + + + + Int + SelectLidCloseActionOnBattery + This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC. Possible actions include: 0 - Take no action 1 - Sleep 2 - Hibernate 3 - Shut down If you enable this policy setting, you must select the desired action. If you disable this policy setting or do not configure it, users can see and change this setting. + {92134eef-c181-5a4f-899b-877db9197206} + True + 1 + + 0 + 3 + + + + + + + Int + SelectLidCloseActionPluggedIn + This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC. Possible actions include: 0 - Take no action 1 - Sleep 2 - Hibernate 3 - Shut down If you enable this policy setting, you must select the desired action. If you disable this policy setting or do not configure it, users can see and change this setting. + {35a2a088-594a-5857-babe-8e83b3066323} + True + 1 + + 0 + 3 + + + + + + + Int + SelectPowerButtonActionOnBattery + This policy setting specifies the action that Windows takes when a user presses the power button. Possible actions include: 0 - Take no action 1 - Sleep 2 - Hibernate 3 - Shut down If you enable this policy setting, you must select the desired action. If you disable this policy setting or do not configure it, users can see and change this setting. + {dff27d96-46e6-5e3b-8c3a-e4d2df0d8bad} + True + 1 + + 0 + 3 + + + + + + + Int + SelectPowerButtonActionPluggedIn + This policy setting specifies the action that Windows takes when a user presses the power button. Possible actions include: 0 - Take no action 1 - Sleep 2 - Hibernate 3 - Shut down If you enable this policy setting, you must select the desired action. If you disable this policy setting or do not configure it, users can see and change this setting. + {0624a9e6-ca63-5d49-b259-d60f8b236638} + True + 1 + + 0 + 3 + + + + + + + Int + SelectSleepButtonActionOnBattery + This policy setting specifies the action that Windows takes when a user presses the sleep button. Possible actions include: 0 - Take no action 1 - Sleep 2 - Hibernate 3 - Shut down If you enable this policy setting, you must select the desired action. If you disable this policy setting or do not configure it, users can see and change this setting. + {f4091e23-869a-5a69-83a4-8101a42981b0} + True + 1 + + 0 + 3 + + + + + + + Int + SelectSleepButtonActionPluggedIn + This policy setting specifies the action that Windows takes when a user presses the sleep button. Possible actions include: 0 - Take no action 1 - Sleep 2 - Hibernate 3 - Shut down If you enable this policy setting, you must select the desired action. If you disable this policy setting or do not configure it, users can see and change this setting. + {05cdcb85-367b-5301-ac14-89b7a3be9568} + True + 1 + + 0 + 3 + + + + + + + Text + StandbyTimeoutOnBattery + This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep. If you disable or do not configure this policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. For example, set the value to <enabled/><data id="EnterDCStandbyTimeOut" value="300"/> to enable this policy, <disabled/> to disable it. + {0e1bd395-ebd3-5afe-9a93-9454e36a5459} + True + + + + + + + Text + StandbyTimeoutPluggedIn + This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep. If you disable or do not configure this policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. For example, set the value to <enabled/><data id="EnterACStandbyTimeOut" value="300"/> to enable this policy, <disabled/> to disable it. + {c5725480-821c-5778-a245-8ccf5c4d66b4} + True + + + + + + + Int + TurnOffHybridSleepOnBattery + This policy setting allows you to turn off hybrid sleep. If you enable this policy setting, a hiberfile is not generated when the system transitions to sleep (Stand By). If you disable or do not configure this policy setting, users control this setting. + {263f7421-aa7f-5cf9-9e09-44b94fb6ba95} + True + 0 + + 0 + 1 + + + + + + + Int + TurnOffHybridSleepPluggedIn + This policy setting allows you to turn off hybrid sleep. If you enable this policy setting, a hiberfile is not generated when the system transitions to sleep (Stand By). If you disable or do not configure this policy setting, users control this setting. + {941a3ff2-e3c5-55b4-96ae-d4fa4f21c052} + True + 0 + + 0 + 1 + + + + + + + Int + UnattendedSleepTimeoutOnBattery + This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep. If you disable or do not configure this policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. + {baef33c9-5a2a-5ef1-b567-9e0bf35b5173} + True + + + + + + + Int + UnattendedSleepTimeoutPluggedIn + This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows automatically transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep. If you disable or do not configure this policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature. + {a3cacd52-5cb5-50ba-ba69-ebc082a807fa} + True + + + + + + + Tree + Privacy + + {319e60cb-47c0-59f1-889b-9805b9da6662} + False + + + + + + Int + AllowInputPersonalization + + {b1dd7065-7c29-5cf1-9df0-a0bc4bd6b4be} + True + 1 + + 0 + 1 + + + + + + + Int + DisableAdvertisingId + This policy setting turns off the advertising ID, preventing apps from using the ID for experiences across apps. If you enable this policy setting, the advertising ID is turned off. Apps can"t use the ID for experiences across apps. If you disable or do not configure this policy setting, users can control whether apps can use the advertising ID for experiences across apps. + {d273cc2e-51c1-5ca3-87c9-dee61a7def60} + True + 0 + + 0 + 1 + + + + + + + Tree + Search + + {fbcfbeb1-760e-5f5e-8b28-87a99662208a} + False + + + + + + Int + AllowCloudSearch + + {28f2ec61-9032-5196-9311-829444c00398} + True + 2 + + 0 + 2 + + + + + + + Bool + AllowCortanaInAAD + This features allows you to show the cortana opt-in page during Windows Setup + {fc0bdadf-8d6c-57af-90a7-e4ca7f46e138} + True + False + + + + + + + Int + AllowIndexingEncryptedStoresOrItems + + {57502702-7722-576d-994c-7b73bdf9857b} + True + 0 + + 0 + 1 + + + + + + + Bool + AllowSearchHighlights + Disabling this setting turns off search highlights in the Windows search box and in search home. Enabling or not configuring this setting turns on search highlights in the Windows search box and in search home. + {19f69238-42ef-5a5e-b61a-dddd5eefe148} + True + True + + + + + + + Int + AllowSearchToUseLocation + + {1f045472-49a4-5864-ae68-5d8628df5c4a} + True + 1 + + 0 + 1 + + + + + + + Int + AllowUsingDiacritics + + {ec6bfe89-d46c-5401-a7cc-b199c16a9371} + True + 0 + + 0 + 1 + + + + + + + Int + AllowWindowsIndexer + + {fdc67ae7-cca3-598d-98ef-e3ba035e5bb5} + True + 3 + + 0 + 3 + + + + + + + Int + AlwaysUseAutoLangDetection + + {4bb4035e-99cb-5efa-ba02-93760a2e7c38} + True + 0 + + 0 + 1 + + + + + + + Int + DisableBackoff + + {2c90b6bc-9c4d-54ae-b14b-25f170afaa25} + True + 0 + + 0 + 1 + + + + + + + Int + DisableRemovableDriveIndexing + + {7bd41427-7f0e-5d8a-9f21-19b9436c2ef9} + True + 0 + + 0 + 1 + + + + + + + Bool + DisableSearch + Enabling this policy completely disables Search UI and all its entry points such as keyboard shortcuts and touchpad gestures. It removes the Search button from the Taskbar and the corresponding option in the Settings. It also disables type-to-search in the Start menu and removes the Start menu's search box. + {a591904e-859e-5d8b-bebf-916c519d88bc} + True + False + + + + + + + Int + DoNotUseWebResults + + {29073ec3-ef4a-59da-9353-a95290681421} + True + 1 + + 0 + 1 + + + + + + + Int + PreventIndexingLowDiskSpaceMB + + {6669fad0-b6ac-5c55-b3ce-d1adaf5ad241} + True + 1 + + 0 + 1 + + + + + + + Int + PreventRemoteQueries + + {e9eb2229-07e2-5ffd-90b6-0f8df2111196} + True + 1 + + 0 + 1 + + + + + + + Tree + Security + + {1df1bb7e-1f43-5473-99a6-eb130282f9e6} + False + + + + + + Int + AllowAddProvisioningPackage + + {f52399f4-72ec-5496-9fa5-021469fd89bb} + True + 1 + + 0 + 1 + + + + + + + Int + AllowRemoveProvisioningPackage + + {5b372a90-e391-56af-a254-76646224857e} + True + 1 + + 0 + 1 + + + + + + + Int + RequireDeviceEncryption + + {50cf81d8-1eab-57aa-bcd4-5b001679cad4} + True + 0 + + 0 + 1 + + + + + + + Int + RequireProvisioningPackageSignature + + {b785de4e-400d-5db3-b0ca-977de03dae69} + True + 0 + + 0 + 1 + + + + + + + Int + RequireRetrieveHealthCertificateOnBoot + + {f85b32b2-1aa4-57ed-8de5-0148230e7bb5} + True + 0 + + 0 + 1 + + + + + + + Tree + Settings + + {b854b9eb-b43d-50a0-9cb8-961585a0dd3a} + False + + + + + + Int + ConfigureTaskbarCalendar + + {8a02200c-795d-553b-a987-e3726293bee0} + True + 0 + + 0 + 3 + + + + + + + Text + PageVisibilityList + This policy allows an administrator to block a given set of pages from the System Settings app. Blocked pages will not be visible in the app, and if all pages in a category are blocked the category will be hidden as well. Direct navigation to a blocked page via URI, context menu in Explorer or other means will result in the front page of Settings being shown instead. The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:". Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. Multiple page identifiers are separated by semicolons. + {04b4d9b4-2c84-5006-8e7f-a84b80a88f2c} + True + + + + + + + Tree + Start + + {a6a3c082-e5f2-542d-83d3-9507807e45b8} + False + + + + + + Int + AllowPinnedFolderDocuments + This policy controls the visibility of the Documents shortcut on the Start menu. The possible values are "Enforced off" - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, "Enforced on" - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, "Not configured" - means that there is no enforced configuration and the setting can be changed by the user. + {1bbaf016-9c09-51df-91e8-12477de2263c} + True + 65535 + + 0 + 65535 + + + + + + + Int + AllowPinnedFolderDownloads + This policy controls the visibility of the Downloads shortcut on the Start menu. The possible values are "Enforced off" - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, "Enforced on" - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, "Not configured" - means that there is no enforced configuration and the setting can be changed by the user. + {3bc91796-db0b-59db-bb3c-833dea1c1300} + True + 65535 + + 0 + 65535 + + + + + + + Int + AllowPinnedFolderFileExplorer + This policy controls the visibility of the File Explorer shortcut on the Start menu. The possible values are "Enforced off" - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, "Enforced on" - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, "Not configured" - means that there is no enforced configuration and the setting can be changed by the user. + {27b5d9bf-dc11-5c05-84b3-e1c39f77a659} + True + 65535 + + 0 + 65535 + + + + + + + Int + AllowPinnedFolderHomeGroup + This policy controls the visibility of the HomeGroup shortcut on the Start menu. The possible values are "Enforced off" - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, "Enforced on" - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, "Not configured" - means that there is no enforced configuration and the setting can be changed by the user. + {e2fb4bd3-77be-59f0-9339-0376dace5514} + True + 65535 + + 0 + 65535 + + + + + + + Int + AllowPinnedFolderMusic + This policy controls the visibility of the Music shortcut on the Start menu. The possible values are "Enforced off" - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, "Enforced on" - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, "Not configured" - means that there is no enforced configuration and the setting can be changed by the user. + {3b9b4edd-eb53-5cf6-a3a7-d8fb49bf6e55} + True + 65535 + + 0 + 65535 + + + + + + + Int + AllowPinnedFolderNetwork + This policy controls the visibility of the Network shortcut on the Start menu. The possible values are "Enforced off" - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, "Enforced on" - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, "Not configured" - means that there is no enforced configuration and the setting can be changed by the user. + {debca144-6ab9-5e4b-8a9e-569f7ff5735b} + True + 65535 + + 0 + 65535 + + + + + + + Int + AllowPinnedFolderPersonalFolder + This policy controls the visibility of the Personal Folder shortcut on the Start menu. The possible values are "Enforced off" - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, "Enforced on" - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, "Not configured" - means that there is no enforced configuration and the setting can be changed by the user. + {1b04476c-300d-56c1-baad-01b33d1040ad} + True + 65535 + + 0 + 65535 + + + + + + + Int + AllowPinnedFolderPictures + This policy controls the visibility of the Pictures shortcut on the Start menu. The possible values are "Enforced off" - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, "Enforced on" - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, "Not configured" - means that there is no enforced configuration and the setting can be changed by the user. + {cc0214f9-86f1-53ef-a4e6-9e5eaf053802} + True + 65535 + + 0 + 65535 + + + + + + + Int + AllowPinnedFolderSettings + This policy controls the visibility of the Settings shortcut on the Start menu. The possible values are "Enforced off" - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, "Enforced on" - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, "Not configured" - means that there is no enforced configuration and the setting can be changed by the user. + {31d0e203-e725-5b45-ae9e-8e49fa974c87} + True + 65535 + + 0 + 65535 + + + + + + + Int + AllowPinnedFolderVideos + This policy controls the visibility of the Videos shortcut on the Start menu. The possible values are "Enforced off" - means that the shortcut should be hidden and grays out the corresponding toggle in the Settings app, "Enforced on" - means that the shortcut should be visible and grays out the corresponding toggle in the Settings app, "Not configured" - means that there is no enforced configuration and the setting can be changed by the user. + {4a530030-11b4-5d00-a45d-8ab4770b4441} + True + 65535 + + 0 + 65535 + + + + + + + Text + ConfigureStartPins + This policy configures the list of apps pinned to Start. + {e36717ef-d908-5b18-8845-1c089cf933bf} + True + + + + + + + Int + DisableContextMenus + Enabling this policy prevents context menus from being invoked in the Start Menu. + {3a36a105-bea9-560e-a1bc-43f2cb574abc} + True + 0 + + 0 + 1 + + + + + + + Text + DisableControlCenter + This policy disables Quick Settings. + {f924aeff-4f3b-55dc-94c7-78af7c607829} + True + + + + + + + Text + DisableEditingQuickSettings + This policy disables users from editing Quick Settings. + {59654000-f60e-530e-aba0-a9c5e5bba7c1} + True + + + + + + + Int + ForceStartSize + + {20878992-0fa6-58e9-b1c5-0a0468d081ca} + True + 0 + + 0 + 2 + + + + + + + Int + HideAppList + Setting the value of this policy to 1 or 2 collapses the app list. Setting the value of this policy to 3 removes the app list entirely. Setting the value of this policy to 2 or 3 disables the corresponding toggle in the Settings app. + {d42ecd2c-04a4-5ea3-8acf-a56f25452626} + True + 0 + + 0 + 3 + + + + + + + Int + HideChangeAccountSettings + Enabling this policy hides "Change account settings" from appearing in the user tile in the start menu. + {cbb96d88-7d87-5b95-aa94-bb1e320e9e87} + True + 0 + + 0 + 1 + + + + + + + Int + HideFrequentlyUsedApps + Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app. + {85e82219-e092-5a84-af8d-cc4d78d36f13} + True + 0 + + 0 + 1 + + + + + + + Int + HideHibernate + Enabling this policy hides "Hibernate" from appearing in the power button in the start menu. + {ad5502f1-cb2a-5c55-a5c6-7506b498fd06} + True + 0 + + 0 + 1 + + + + + + + Int + HideLock + Enabling this policy hides "Lock" from appearing in the user tile in the start menu. + {1edfdccf-1c79-5b55-91f7-ed0d50585656} + True + 0 + + 0 + 1 + + + + + + + Int + HidePeopleBar + Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar. + {659c6c0f-668e-5170-b700-7ce2e6de0f81} + True + 0 + + 0 + 1 + + + + + + + Int + HidePowerButton + Enabling this policy hides the power button from appearing in the start menu. + {799c694c-1d19-5f88-8999-060699486eb7} + True + 0 + + 0 + 1 + + + + + + + Int + HideRecentJumplists + Enabling this policy hides recent jumplists from appearing on the start menu/taskbar and disables the corresponding toggle in the Settings app. + {f30e99c8-f203-5061-8c1f-b24d2a03f398} + True + 0 + + 0 + 1 + + + + + + + Int + HideRecentlyAddedApps + Enabling this policy hides recently added apps from appearing on the start menu and disables the corresponding toggle in the Settings app. + {e93d1676-97ca-5e53-9736-118b47fb0244} + True + 0 + + 0 + 1 + + + + + + + Int + HideRestart + Enabling this policy hides "Restart/Update and restart" from appearing in the power button in the start menu. + {8b0a6213-69ec-5d8e-baf5-8ce4784ff76c} + True + 0 + + 0 + 1 + + + + + + + Int + HideShutDown + Enabling this policy hides "Shut down/Update and shut down" from appearing in the power button in the start menu. + {72782941-e814-5de5-974b-09d0e232bf8d} + True + 0 + + 0 + 1 + + + + + + + Int + HideSignOut + Enabling this policy hides "Sign out" from appearing in the user tile in the start menu. + {502ac73b-f1da-5f72-90e2-9723e3d3446c} + True + 0 + + 0 + 1 + + + + + + + Int + HideSleep + Enabling this policy hides "Sleep" from appearing in the power button in the start menu. + {9b277c8b-4741-5082-a29a-796030d4eddd} + True + 0 + + 0 + 1 + + + + + + + Int + HideSwitchAccount + Enabling this policy hides "Switch account" from appearing in the user tile in the start menu. + {04602cfa-26b9-5fe1-a599-b30a7f76cf22} + True + 0 + + 0 + 1 + + + + + + + Int + HideUserTile + Enabling this policy hides the user tile from appearing in the start menu. + {4efcf331-c072-5c05-adde-8821289af42d} + True + 0 + + 0 + 1 + + + + + + + Text + ImportEdgeAssets + This policy setting allows you to import Microsoft Edge assets to be used with StartLayout policy. Start layout can contain secondary tile from Microsoft Edge app which looks for Microsoft Edge local asset file. Microsoft Edge local asset would not exist and cause Microsoft Edge secondary tile to appear empty in this case. This policy only gets applied when StartLayout policy is modified. + {c282434c-8d26-5ab8-a70c-ae6f6e0de590} + True + + + + + + + Int + NoPinningToTaskbar + This policy setting allows you to control pinning programs to the Taskbar. If you enable this policy setting, users cannot change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users cannot unpin these programs already pinned to the Taskbar, and they cannot pin new programs to the Taskbar. If you disable or do not configure this policy setting, users can change the programs currently pinned to the Taskbar. + {41245fbf-d3ca-58bd-a12a-cb355f6018ed} + True + 0 + + 0 + 1 + + + + + + + Int + ShowOrHideMostUsedApps + This policy controls the visibility of the list of user's most used apps on the Start menu. The possible values are 0 - means that there is no enforced configuration and the setting can be changed by the user (default behavior equivalent to not configuring the policy), 1 - means that the list should be shown and grays out (disables) the corresponding toggle in the Settings app, 2 - means that the list should be hidden and grays out the corresponding toggle in the Settings app. Configuring this policy to 1 or 2 will override any setting of older policy "Hide most used apps from the start menu." (HideFrequentlyUsedApps), which manages the same part of Start menu but with fewer options. + {b34a5020-1a0b-59a8-867b-9bfa4dffc994} + True + 0 + + 0 + 2 + + + + + + + Text + SimplifyQuickSettings + This policy applies the default or simplified Quick Actions layout. + {02dadde9-fbdc-536d-95fc-98ceba78a80d} + True + + + + + + + Text + StartLayout + This policy applies a layout to Start (typically the output of Export-StartLayout in PowerShell). When a full Start layout is applied with this method, the users cannot pin, unpin, or uninstall apps from Start. Users can view and open all apps in the All Apps view, but they cannot pin any apps to Start. When a partial Start layout is applied, the contents of the specified tile groups cannot be changed, but users can move those groups, and can also create and customize their own groups. + {1e615adf-5fae-54f8-a9bd-8d3835acaf64} + True + + + + + + + Tree + System + + {93c6822f-97ba-5091-a608-8cf5defe9a67} + False + + + + + + Int + AllowBuildPreview + + {57231d02-a257-527d-b73e-e648b7cfede9} + True + 2 + + 0 + 2 + + + + + + + Int + AllowCommercialDataPipeline + AllowCommercialDataPipeline opts the device into the Windows enterprise data pipeline. If you enable this setting, data collected from the device will be opted into the Windows enterprise data pipeline. If you disable or don"t configure this setting, all data from the device will be collected and processed in accordance with our policies for the Windows standard data pipeline. Configuring this setting does not change the telemetry collection level or the ability of the user to change the level. This setting only applies to the Windows operating system and apps included with Windows, not third-party apps or services running on Windows 10. + {94e381fb-6d94-556e-8f97-f1f66635759a} + True + 0 + + 0 + 1 + + + + + + + Int + AllowDesktopAnalyticsProcessing + Allows IT admins to enable diagnostic data from this device to be processed by Desktop Analytics. The following list shows the supported values: 0 (default)– Diagnostic data is not processed by Desktop Analytics. 2 – Diagnostic data is allowed to be processed by Desktop Analytics. If you disable or do not configure this policy setting, diagnostic data from this device will not be processed by Desktop Analytics. + {af890952-6ef9-5827-9036-05da19c0de2c} + True + 0 + + + + + + + Int + AllowEmbeddedMode + + {fd220822-e149-5e5d-92c1-b59ddf6d4f3e} + True + 0 + + 0 + 1 + + + + + + + Int + AllowExperimentation + + {767a531f-410b-5948-b0a4-2d577bb048e3} + True + 1 + + 0 + 2 + + + + + + + Int + AllowLocation + + {35529e5b-7770-5f2c-869f-609897c81d51} + True + 1 + + 0 + 1 + + + + + + + Int + AllowMicrosoftManagedDesktopProcessing + Allows diagnostic data from this device to be processed by Microsoft Managed Desktop. The following list shows the supported values: 0 (default)– Diagnostic data is not processed by Microsoft Managed Desktop. 32 – Diagnostic data is processed by Microsoft Managed Desktop. If this policy is disabled or not configured, diagnostic data from this device will not be processed by Microsoft Managed Desktop. + {cbd3c930-1d29-5e0b-9d2e-d25bf8d2467d} + True + 0 + + + + + + + Int + AllowStorageCard + + {a1ddad93-de22-521c-8648-389c7f5137f9} + True + 1 + + 0 + 1 + + + + + + + Int + AllowTelemetry + By configuring this setting in Windows 10, you limit the options available to your end users for diagnostic data collection. This limitation applies only to the Windows operating system and apps that are considered part of Windows and does not apply to app installed by your organization. - Diagnostic data off (not recommended). Using this policy value turns off sending diagnostic data from the device. This value is only supported on Enterprise editions. - Send required diagnostic data. This is the minimum diagnostic data necessary to keep Windows secure, up to date, and performing as expected. Using this policy value disables the “Send optional diagnostic data” control in the Settings app. - Send optional diagnostic data. If this policy value is used, in addition to required diagnostic data, additional diagnostic data is collected that helps us make product improvements, as well as detect, diagnose and fix issues. This can include diagnostic log files and crash dumps. Use the "Limit Dump Collection", "Limit Diagnostic Log Collection", and/or the "Limit Optional diagnostic data for Desktop Analytics" policies for more granular control of what optional diagnostic data is sent. If you do not configure this policy setting, diagnostic data collection is determined by the end user from the Settings app. Note: The "Configure telemetry opt-in setting user interface" group policy can be used to prevent end users from changing their data collection settings. + {ed4b6965-3486-5cc0-98f8-c89bc9e39bcc} + True + 1 + + 0 + 3 + + + + + + + Int + AllowUpdateComplianceProcessing + Allows IT admins to enable diagnostic data from this device to be processed by Update Compliance. The following list shows the supported values: 0 (default)– Diagnostic data is not processed by Update Compliance. 16 – Diagnostic data is allowed to be processed by Update Compliance. If you disable or do not configure this policy setting, diagnostic data from this device will not be processed by Update Compliance. + {13d0d3d6-aabb-5603-b487-606abdd32606} + True + 0 + + + + + + + Int + AllowUserToResetPhone + + {ce6aac3e-afc6-585b-a2fc-0cf4b9d17671} + True + 1 + + 0 + 1 + + + + + + + Int + AllowWUfBCloudProcessing + Allows IT admins to enable diagnostic data from this device to be processed by Windows Update for Business cloud. The following list shows the supported values: 0 (default)– Diagnostic data is not processed by Windows Update for Business cloud. 8 – Diagnostic data is allowed to be processed by Windows Update for Business cloud. If you disable or do not configure this policy setting, diagnostic data from this device will not be processed by Windows Update for Business cloud. + {7cce2e8c-1976-5086-b429-c9aab3b728a1} + True + 0 + + + + + + + Int + ConfigureTelemetryOptInChangeNotification + This policy setting determines whether a device shows notifications about telemetry levels to people on first logon or when changes occur in Settings. If you set this policy setting to "Disable telemetry change notifications", telemetry level notifications stop appearing. If you set this policy setting to "Enable telemetry change notifications" or don"t configure this policy setting, telemetry notifications appear at first logon and when changes occur in Settings. + {d87b4cfe-2e49-525b-85e3-ad4e5ad083bd} + True + 0 + + 0 + 1 + + + + + + + Int + ConfigureTelemetryOptInSettingsUx + This policy setting determines whether people can change their own telemetry levels in Settings. This setting should be used in conjunction with the Allow Telemetry settings. If you set this policy setting to "Disable Telemetry opt-in Settings", telemetry levels are disabled in Settings, preventing people from changing them. If you set this policy setting to "Enable Telemetry opt-in Setings" or don"t configure this policy setting, people can change their own telemetry levels in Settings.Note: Set the Allow Telemetry policy setting to prevent people from sending diagnostic data to Microsoft beyond your organization"s limit. + {052abf17-16c8-511d-9c78-446d909764b5} + True + 0 + + 0 + 1 + + + + + + + Int + DisableDeviceDelete + This policy setting determines whether the delete diagnostic data is enabled in Diagnostic & Feedback Settings page. If you enable this policy setting, the Delete diagnostic data will be disabled in Settings, preventing the deletion of diagnostic data collected by Microsoft from the device. If you disable or don"t configure this policy setting, the Delete diagnostic data will be enabled in the Diagnostic Data Settings, which allows people to erase all diagnostic data collected by Microsoft from that device. + {e86db08d-2fcf-5b7b-b791-5cbcfe3ad3e1} + True + 0 + + 0 + 1 + + + + + + + Int + DisableDiagnosticDataViewer + This policy setting determines whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page. If you enable this policy setting, the Diagnostic Data Viewer will not be enabled in Settings, and it will prevent the viewer from showing diagnostic data collected by Microsoft from the device. If you disable or don"t configure this policy setting, the Diagnostic Data Viewer will be enabled in the Diagnostic Data Settings. + {f9d76d38-c89d-5a62-956c-978c184f5128} + True + 0 + + 0 + 1 + + + + + + + Int + DisableOneDriveFileSync + This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users can’t access OneDrive from the OneDrive app and file picker; Windows Store apps can’t access OneDrive using the WinRT API; OneDrive doesn’t appear in the navigation pane in File Explorer; OneDrive files aren’t kept in sync with the cloud; Users can’t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage. + {97924125-f026-5d3d-9ae6-b47e6111b113} + True + 0 + + 0 + 1 + + + + + + + Int + DisableOneSettingsDownloads + This policy setting controls whether Windows attempts to connect with the OneSettings service. If you enable this policy, Windows will not attempt to connect with the OneSettings Service. If you disable or don't configure this policy setting, Windows will periodically attempt to connect with the OneSettings service to download configuration settings. + {3fb8a8ec-3588-5db8-b166-4049a4841a55} + True + 0 + + 0 + 1 + + + + + + + Int + EnableOneSettingsAuditing + This policy setting controls whether Windows records attempts to connect with the OneSettings service to the EventLog. If you enable this policy, Windows will record attempts to connect with the OneSettings service to the Microsoft\Windows\Privacy-Auditing\Operational EventLog channel. If you disable or don't configure this policy setting, Windows will not record attempts to connect with the OneSettings service to the EventLog. + {1aaa6df3-f5cf-5431-814a-e07af725a320} + True + 0 + + 0 + 1 + + + + + + + Int + HideUnsupportedHardwareNotifications + This policy controls messages which are shown when Windows is running on a device that does not meet the minimum system requirements for this OS version. If you enable this policy setting, these messages will never appear on desktop or in the Settings app. If you disable or do not configure this policy setting, these messages will appear on desktop and in the Settings app when Windows is running on a device that does not meet the minimum system requirements for this OS version. + {542bbeea-7eea-584a-9898-f1329dc23c5c} + True + 0 + + + + + + + Int + LimitDiagnosticLogCollection + This policy setting specifies whether diagnostic log data can be collected when more information is needed to troubleshoot a problem. The diagnostic data logs are collected, only if we have permission to collect optional diagnostic data, and only if the device meets the criteria for additional data collection. If you disable or do not configure this policy setting, we may occasionally collect advanced diagnostic data if the user has opted to send optional diagnostic data. + {aeacf065-3617-51f9-935f-be87465ad8f4} + True + 0 + + 0 + 1 + + + + + + + Int + LimitDumpCollection + This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. These dumps are not sent unless we have permission to collect optional diagnostic data. By enabling this policy setting, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps only. If you disable or do not configure this policy setting, we may occasionally collect full or heap dumps if the user has opted to send optional diagnostic data. + {8266f4f0-a767-5675-b7c4-d8ad95b8e12a} + True + 0 + + 0 + 1 + + + + + + + Int + LimitEnhancedDiagnosticDataWindowsAnalytics + This policy setting, in combination with the "Allow Diagnostic Data" policy setting, enables organizations to send the minimum data required by Desktop Analytics. To enable this behavior, you must complete the following steps: - Enable this policy setting. - Set the "Allow Diagnostic Data" policy to "Send optional diagnostic data". - Enable "Limit Diagnostic Log Collection" policy setting. - Enable "Limit Dump Collection" policy setting. When these policies are configured, Microsoft will collect only required diagnostic data and the events required by Desktop Analytics, which can be viewed at https://go.microsoft.com/fwlink/?linkid=2116020. If you disable or do not configure this policy setting, diagnostic data collection is determined by the "Allow Diagnostic Data" policy setting or by the end user from the Settings app. + {2a5ca41e-9047-506a-82a1-a8ea9cdfcd69} + True + 0 + + 0 + 1 + + + + + + + Int + TurnOffFileHistory + This policy setting allows you to turn off File History. If you enable this policy setting, File History cannot be activated to create regular, automatic backups. If you disable or do not configure this policy setting, File History can be activated to create regular, automatic backups. + {c3331277-4d3b-5395-8304-93f6c253bb35} + True + 0 + + 0 + 1 + + + + + + + Tree + TextInput + + {bc6e62c8-16dc-53ec-a0c1-b0527847adf8} + False + + + + + + Int + AllowIMELogging + + {970d814c-7582-5ee9-802a-13ba1f7e53ce} + True + 1 + + 0 + 1 + + + + + + + Int + AllowIMENetworkAccess + + {ecbe9014-82e0-5e54-b75f-8b9d71d85369} + True + 1 + + 0 + 1 + + + + + + + Int + AllowInputPanel + + {1366c19a-bc7e-5754-99aa-09bfea118013} + True + 1 + + 0 + 1 + + + + + + + Int + AllowJapaneseIMESurrogatePairCharacters + + {599e46a4-f305-5298-befc-bd9aab13c257} + True + 1 + + 0 + 1 + + + + + + + Int + AllowJapaneseIVSCharacters + + {860e7d14-a41b-53ff-a2ad-f2d303c4eb67} + True + 1 + + 0 + 1 + + + + + + + Int + AllowJapaneseNonPublishingStandardGlyph + + {8bd3638c-4d43-5a9b-8afd-4c0b6924e79f} + True + 1 + + 0 + 1 + + + + + + + Int + AllowJapaneseUserDictionary + + {c6f5ddbb-e3fc-5c9a-b8a4-68481eab053c} + True + 1 + + 0 + 1 + + + + + + + Int + AllowKeyboardTextSuggestions + When set to no, disables text prediction for consumers using msTextPrediction DLL + {863444e0-c49b-562a-8fe9-7855f06b4fd1} + True + 1 + + 0 + 1 + + + + + + + Int + AllowLanguageFeaturesUninstall + + {580d2573-c064-5487-ad5d-59b479b575fc} + True + 1 + + 0 + 1 + + + + + + + Int + AllowLinguisticDataCollection + + {a72b5c8b-a5f2-5d65-a1cd-af4f2bbe8c47} + True + 1 + + 0 + 1 + + + + + + + Int + AllowUserInputsFromMiracastRecevier + + {ed113722-e4b0-59a4-89e9-b1cfd20b84fd} + True + 1 + + 0 + 1 + + + + + + + Int + ExcludeJapaneseIMEExceptJIS0208 + + {593eef52-2723-5dfe-a691-5f7a7f7240a5} + True + 0 + + 0 + 1 + + + + + + + Int + ExcludeJapaneseIMEExceptJIS0208andEUDC + + {7151a8cb-6f55-5b30-8bf3-ca18041ffce4} + True + 0 + + 0 + 1 + + + + + + + Int + ExcludeJapaneseIMEExceptShiftJIS + + {29878242-d3ec-5777-8a44-4d6cd5e8a188} + True + 0 + + 0 + 1 + + + + + + + Tree + TimeLanguageSettings + + {49a42a29-e310-5623-b010-639573b4fe6d} + False + + + + + + Text + ConfigureTimeZone + Specifies the time zone to be applied to the device. This is the standard Windows name for the target time zone. + {9bcb8a16-b49b-512a-b252-4921347e528b} + True + + + + + + + Tree + Update + + {f6e78b73-0663-5fce-99f2-da63501aa673} + False + + + + + + Int + ActiveHoursEnd + If you enable this policy, the PC will not automatically restart after updates during active hours. The PC will attempt to restart outside of active hours. Note that the PC must restart for certain updates to take effect. If you disable or do not configure this policy and have no other reboot group policies, the user selected active hours will be in effect. If any of the following two policies are enabled, this policy has no effect: 1. No auto-restart with logged on users for scheduled automatic updates installations. 2. Always automatically restart at scheduled time. Note that the default max active hours range is 18 hours from the active hours start time unless otherwise configured via the Specify active hours range for auto-restarts policy. + {80d87fd0-6bec-5b56-858f-da8e64a573bc} + True + 17 + + 0 + 23 + + + + + + + Int + ActiveHoursMaxRange + Enable this policy to specify the maximum number of hours from the start time that users can set their active hours. The max active hours range can be set between 8 and 18 hours. If you disable or do not configure this policy, the default max active hours range will be used. + {36bc2750-a68e-56a5-a50b-84a412af8930} + True + 18 + + 8 + 18 + + + + + + + Int + ActiveHoursStart + If you enable this policy, the PC will not automatically restart after updates during active hours. The PC will attempt to restart outside of active hours. Note that the PC must restart for certain updates to take effect. If you disable or do not configure this policy and have no other reboot group policies, the user selected active hours will be in effect. If any of the following two policies are enabled, this policy has no effect: 1. No auto-restart with logged on users for scheduled automatic updates installations. 2. Always automatically restart at scheduled time. Note that the default max active hours range is 18 hours from the active hours start time unless otherwise configured via the Specify active hours range for auto-restarts policy. + {873ff396-7e1f-5675-91c8-86a46a58db5c} + True + 8 + + 0 + 23 + + + + + + + Int + AllowAutoUpdate + + {993d53a2-de74-5f82-85f3-e3fcfcab308e} + True + 6 + + 0 + 6 + + + + + + + Int + AllowAutoWindowsUpdateDownloadOverMeteredNetwork + Enabling this policy will automatically download updates, even over metered data connections (charges may apply) + {44bb4555-ecb2-50c2-a4d3-2d93b533a2f4} + True + 0 + + 0 + 1 + + + + + + + Int + AllowMUUpdateService + + {3d211691-9d42-50f5-8374-401ed514354a} + True + 0 + + 0 + 1 + + + + + + + Int + AllowNonMicrosoftSignedUpdate + + {60c430b1-ae6c-50a7-b596-fb3c812e01b6} + True + 1 + + 0 + 1 + + + + + + + Int + AllowUpdateService + + {c3049db0-f9ec-5c53-a827-b2217ea2db7d} + True + 1 + + 0 + 1 + + + + + + + Bool + AutomaticMaintenanceWakeUp + This policy setting allows you to configure Automatic Maintenance wake up policy. The maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. Note, that if the OS power wake policy is explicitly disabled, then this setting has no effect. If you enable this policy setting, Automatic Maintenance will attempt to set OS wake policy and make a wake request for the daily scheduled time, if required. If you disable or do not configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel will apply. + {de653ffb-5b11-582b-81d5-817150aee335} + True + True + + + + + + + Int + AutoRestartDeadlinePeriodInDays + Days after which force restart will occurs after restart pending and out of active hours. + {b3c5d97f-6e20-56ce-b743-37b79bfbefde} + True + 7 + + 2 + 30 + + + + + + + Int + AutoRestartDeadlinePeriodInDaysForFeatureUpdates + Days after which force restart will occurs after restart pending and out of active hours for feature updates. + {5964dba7-97e1-5385-ae40-3895bf317812} + True + 7 + + 2 + 30 + + + + + + + Int + AutoRestartNotificationSchedule + The period for auto-restart reminder notifications in minutes. + {da9b6890-6ce7-52ac-a099-e3c8a2098e77} + True + 15 + + + + + + + Int + AutoRestartRequiredNotificationDismissal + Method by which the auto-restart required notification is dismissed. + {5093de44-b48e-5d1b-a996-5118b0d30dc5} + True + 1 + + 1 + 2 + + + + + + + Int + BranchReadinessLevel + Set which branch to receive updates from. + {cf9eee8d-dcfa-59dc-9729-d1efc5e65754} + True + 16 + + + + + + + Int + ConfigureDeadlineForFeatureUpdates + Days after which feature updates will be installed and device rebooted automatically. + {a52f6050-49a8-53ee-baa1-a7b7112a3407} + True + 7 + + 0 + 30 + + + + + + + Int + ConfigureDeadlineForQualityUpdates + Days after which quality updates will be installed and device rebooted automatically. + {76fdbebe-2f42-5af4-874a-4d74f75420c6} + True + 7 + + 0 + 30 + + + + + + + Int + ConfigureDeadlineGracePeriod + Minimum number of days a device will be in reboot pending state for quality updates before being forced to restart. + {5b2eb859-90b3-5429-936c-02925c7664f0} + True + 2 + + 0 + 7 + + + + + + + Int + ConfigureDeadlineGracePeriodForFeatureUpdates + Minimum number of days a device will be in reboot pending state for feature updates before being forced to restart. + {ca7258f5-55e4-5b68-b7ff-823a5b78d58f} + True + 2 + + 0 + 7 + + + + + + + Bool + ConfigureDeadlineNoAutoReboot + Whether to allow devices to automatically restart outside of active hours before the deadline + {174db7f2-684a-5f4b-9bae-ec4659c0489f} + True + False + + + + + + + Int + DeferFeatureUpdatesPeriodInDays + Defers Feature Updates for the specified number of days. + {ec282e30-f66e-5626-89d6-3dc8972e6f1a} + True + 0 + + 0 + 365 + + + + + + + Int + DeferQualityUpdatesPeriodInDays + Defers Quality Updates for the specified number of days. + {446cfef1-b100-5c83-8cf5-2f2d29749ce4} + True + 0 + + 0 + 30 + + + + + + + Int + DeferUpdatePeriod + Defers Quality Updates for the specified number of weeks. + {483bac2b-0ef4-52aa-b1fb-f3ee74c275a7} + True + 0 + + 0 + 4 + + + + + + + Int + DeferUpgradePeriod + Defers Feature Updates for the specified number of months. + {9ef0ede1-28c1-522a-8707-feceb01a39f7} + True + 0 + + 0 + 8 + + + + + + + Int + DetectionFrequency + Specify the Automatic Updates detection frequency. + {52940a81-e9f3-56f1-853b-a9a4608b87fd} + True + 22 + + 1 + 22 + + + + + + + Int + DisableDualScan + + {00708dc5-55ed-5f27-a399-401883a50812} + True + 0 + + 0 + 1 + + + + + + + Int + DisableWUfBSafeguards + Enable this setting when Feature Updates should be deployed to devices without blocking on any safeguard holds. Safeguard holds are known compatibility issues that block the upgrade from being deployed to affected devices until the issue is resolved. Enabling this policy can allow an organization to deploy the Feature Update to devices for testing, or to deploy the Feature Update without blocking on safeguard holds. The following list shows the supported values: 0 (Default) – Safeguard holds are enabled and devices may be blocked for upgrades until the applicable safeguard hold is removed. 1  – Safeguard holds are not enabled and upgrades will be deployed without blocking on safeguard holds. + {71cf1e28-2396-53d7-8a8b-871fc834fc71} + True + 0 + + 0 + 1 + + + + + + + Int + DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection + + {8286347d-135d-5498-a262-93d24e4d2b00} + True + 0 + + 0 + 1 + + + + + + + Int + EngagedRestartDeadline + Specify the deadline before a pending restart will automatically be executed outside of active hours. + {11b42afb-e830-51fc-bee2-cf8df8f452c7} + True + 14 + + 2 + 30 + + + + + + + Int + EngagedRestartDeadlineForFeatureUpdates + Specify the deadline before a pending restart will automatically be executed outside of active hours for FU. + {d10194a5-2b5f-5b24-b7aa-f2e1f77c774c} + True + 14 + + 2 + 30 + + + + + + + Int + EngagedRestartSnoozeSchedule + Specify snooze for Engaged restart reminder notifications. + {a3ade689-562c-571b-8fc7-4b4c9e0a2582} + True + 3 + + 1 + 3 + + + + + + + Int + EngagedRestartSnoozeScheduleForFeatureUpdates + Specify snooze for Engaged restart reminder notifications for FU. + {aaa82cad-9753-5aac-8e7d-4eb7e5c26264} + True + 3 + + 1 + 3 + + + + + + + Int + EngagedRestartTransitionSchedule + Specify the period for auto-restart immiment warning notifications. + {3b4c34e1-8f83-5525-acb2-fd7e86340608} + True + 7 + + 0 + 30 + + + + + + + Int + EngagedRestartTransitionScheduleForFeatureUpdates + Specify the period for auto-restart immiment warning notifications for FU. + {6bdba5d3-bfe1-5462-8dc8-9eda1bd0b265} + True + 7 + + 0 + 30 + + + + + + + Int + ExcludeWUDriversInQualityUpdate + Enable this policy to not include drivers with Windows quality updates. + {68a68470-12fa-5643-b9dd-d9ecbbb9b0b8} + True + 0 + + 0 + 1 + + + + + + + Int + FillEmptyContentUrls + + {0b635a61-7d80-50eb-a365-8b3deca05519} + True + 0 + + 0 + 1 + + + + + + + Int + ManagePreviewBuilds + Set the behavior for receiving preview builds. + {8ef4a351-bc87-5541-a6ab-f4d1c3dcde77} + True + 3 + + + + + + + Bool + NoUpdateNotificationsDuringActiveHours + Whether to allow devices to display notifications during active hours. + {bdec5cf2-0bb3-5a60-81d3-e9a4d6f7cffc} + True + False + + + + + + + Text + ProductVersion + Enable this policy to specify a Windows product version for the target feature update. + {83296c80-a6f8-5068-bb85-8fa081ed9f41} + True + + + + + + + Int + RequireDeferUpgrade + + {b7f9ce6e-f5ab-5858-b162-57fd9ac05392} + True + 0 + + 0 + 1 + + + + + + + Int + ScheduledInstallDay + + {fd24506a-28e6-59e1-84cd-af0f9dd1d7cb} + True + 0 + + 0 + 7 + + + + + + + Int + ScheduledInstallEveryWeek + Every week of the month for installs to take place. + {ba66068d-5993-5257-b1f7-097d29709ec8} + True + 1 + + 0 + 1 + + + + + + + Int + ScheduledInstallFirstWeek + First week of the month for installs to take place. + {6ce90324-2c6d-5274-a008-35d5ae5bec2f} + True + 0 + + 0 + 1 + + + + + + + Int + ScheduledInstallFourthWeek + Fourth week of the month for installs to take place. + {cd34445a-aac1-5d05-96c7-5b85bb8908ac} + True + 0 + + 0 + 1 + + + + + + + Int + ScheduledInstallSecondWeek + Second week of the month for installs to take place. + {1cd8fd6f-ee45-5136-8234-9b6fc49c001c} + True + 0 + + 0 + 1 + + + + + + + Int + ScheduledInstallThirdWeek + Third week of the month for installs to take place. + {d4b3f43b-006d-5a54-a998-80d2eef1b86c} + True + 0 + + 0 + 1 + + + + + + + Int + ScheduledInstallTime + Hour of the day for installs to take place, 0 is midnight. + {c908b96f-580e-566e-bc0f-11f7eb6c2545} + True + 3 + + 0 + 23 + + + + + + + Int + ScheduleImminentRestartWarning + Specify the period for auto-restart imminent warning notifications in minutes. + {b87d9b35-cd8d-59d2-a2ec-2059f094cc7e} + True + 15 + + + + + + + Int + ScheduleRestartWarning + Specify the period for auto-restart warning reminder notifications in hours. + {6e9d2675-b6f5-56d5-8917-8bb133870365} + True + 4 + + + + + + + Int + SetAutoRestartNotificationDisable + Turn off auto-restart notifications for update installations. + {2a13607e-516e-57db-bfba-8298cbc98b8c} + True + 0 + + 0 + 1 + + + + + + + Int + SetDisablePauseUXAccess + Once enabled user access to pause updates is removed + {eb94e391-2bb6-5631-a2f1-df1d6fdffd30} + True + 0 + + 0 + 1 + + + + + + + Int + SetDisableUXWUAccess + If you enable this setting, user access to Windows Update scan, download and install is removed + {17c546a4-445a-5808-af87-d97c582c9c0c} + True + 0 + + 0 + 1 + + + + + + + Int + SetEDURestart + Skip power checks to ensure update reboots will happen at the scheduled install time for EDU devices in carts. + {7bdf5609-3e36-5fe5-8c0d-ead3ef94d490} + True + 0 + + 0 + 1 + + + + + + + Int + SetPolicyDrivenUpdateSourceForDriverUpdates + + {48440bcd-0766-5c82-9c63-b4fc234e5c06} + True + 1 + + 0 + 1 + + + + + + + Int + SetPolicyDrivenUpdateSourceForFeatureUpdates + + {f74694bd-dc34-535b-ba44-4e6aa857b393} + True + 1 + + 0 + 1 + + + + + + + Int + SetPolicyDrivenUpdateSourceForOtherUpdates + + {a7884973-29df-5642-a82b-fde68634963b} + True + 1 + + 0 + 1 + + + + + + + Int + SetPolicyDrivenUpdateSourceForQualityUpdates + + {26d68106-05f2-5534-a8dd-4e44f426f2fe} + True + 1 + + 0 + 1 + + + + + + + Int + SetProxyBehaviorForUpdateDetection + + {9a256c60-7688-5562-8576-0dd8b34328b7} + True + 0 + + 0 + 1 + + + + + + + Text + TargetReleaseVersion + Enable this policy to specify a target feature update. + {0d8e722a-2798-590e-9476-61478a0762db} + True + + + + + + + Int + UpdateNotificationLevel + Display options for update notifications. + {1e124988-4fb9-551a-9de2-003ba212c960} + True + 0 + + 0 + 2 + + + + + + + Text + UpdateServiceUrl + + {5f3d69f0-6e03-5e48-a36e-dfc9a1c40edd} + True + CorpWSUS + + + + + + + Text + UpdateServiceUrlAlternate + + {dca8d7d4-6708-5c8c-97d4-129a761d6a2f} + True + + + + + + + Tree + VirtualizationBasedTechnology + + {7489fd1b-b80e-5243-b15d-e619da20ae76} + False + + + + + + Int + HypervisorEnforcedCodeIntegrity + Hypervisor-Protected Code Integrity + {98a8f85f-5983-515f-81e7-74269478ff85} + True + 0 + + 0 + 2 + + + + + + + Bool + RequireUEFIMemoryAttributesTable + Require UEFI Memory Attributes Table + {d2303826-0d27-58a4-a412-16c054e77818} + True + False + + + + + + + Tree + WiFi + + {3fec4f3a-9274-57f3-9e27-cd757f0b7b76} + False + + + + + + Int + AllowAutoConnectToWiFiSenseHotspots + + {bce75d2e-c699-5e6c-911c-d94a363f40cf} + True + 1 + + 0 + 1 + + + + + + + Int + AllowInternetSharing + + {71d147bf-8792-50a1-91ae-7fed567dec73} + True + 1 + + 0 + 1 + + + + + + + Int + WLANScanMode + + {5e9b65ae-c55b-5b1d-aa81-2b706a1366bd} + True + 0 + + 0 + 1000 + + + + + + + Tree + WindowsInkWorkspace + + {5031db2e-e593-5145-bc30-c2d45a73f3b8} + False + + + + + + Int + AllowSuggestedAppsInWindowsInkWorkspace + + {77bf6dcb-1e8f-5947-9e1d-2219af99fc2d} + True + 1 + + 0 + 1 + + + + + + + Int + AllowWindowsInkWorkspace + + {ad9cafdd-ed8b-5a0f-aaa3-d9b477908d0c} + True + 2 + + 0 + 2 + + + + + + + Tree + WindowsLogon + + {2f6662e1-0c13-55f7-a227-5821697d2b53} + False + + + + + + Text + AllowAutomaticRestartSignOn + This policy setting controls whether a device will automatically sign-in the last interactive user after Windows Update restarts the system. If you enable or do not configure this policy setting, the device securely saves the user"s credentials (including the user name, domain and encrypted password) to configure automatic sign-in after a Windows Update restart. After the Windows Update restart, the user is automatically signed-in and the session is automatically locked with all the lock screen apps configured for that user. If you disable this policy setting, the device does not store the user"s credentials for automatic sign-in after a Windows Update restart. The users" lock screen apps are not restarted after the system restarts. + {cafdb468-53d6-503c-b032-0c08c0a1df9e} + True + + + + + + + Text + DisableLockScreenAppNotifications + This policy setting allows you to prevent app notifications from appearing on the lock screen. If you enable this policy setting, no app notifications are displayed on the lock screen. If you disable or do not configure this policy setting, users can choose which apps display notifications on the lock screen. + {78d551f6-8600-5cdc-ba23-7d9f0a16974e} + True + + + + + + + Int + EnableFirstLogonAnimation + This policy setting allows you to control whether users see the first sign-in animation when signing in to the computer for the first time. This applies to both the first user of the computer who completes the initial setup and users who are added to the computer later. It also controls if Microsoft account users will be offered the opt-in prompt for services during their first sign-in. If you enable this policy setting, Microsoft account users will see the opt-in prompt for services, and users with other accounts will see the sign-in animation. If you disable this policy setting, users will not see the animation and Microsoft account users will not see the opt-in prompt for services. If you do not configure this policy setting, the user who completes the initial Windows setup will see the animation during their first sign-in. If the first user had already completed the initial setup and this policy setting is not configured, users new to this computer will not see the animation. Note: The first sign-in animation will not be shown on Server, so this policy will have no effect. + {973e9ba7-b744-5568-9267-8a5ca7725883} + True + 1 + + 0 + 1 + + + + + + + Int + HideFastUserSwitching + This policy setting allows you to hide the Switch User interface in the Logon UI, the Start menu and the Task Manager. If you enable this policy setting, the Switch User interface is hidden from the user who is attempting to log on or is logged on to the computer that has this policy applied. The locations that Switch User interface appear are in the Logon UI, the Start menu and the Task Manager. If you disable or do not configure this policy setting, the Switch User interface is accessible to the user in the three locations. + {c22525ae-2c55-58ab-bfc7-b5608694924d} + True + 0 + + 0 + 1 + + + + + + + Tree + WirelessDisplay + + {1e9a84e2-5259-515e-97f4-161313ae40ca} + False + + + + + + Int + AllowUserInputFromWirelessDisplayReceiver + + {59fee216-7de4-57c8-8286-75489a9dfe1a} + True + 1 + + 0 + 1 + + + + + + + Tree + Power + + {593bcbc6-8305-5038-911f-ff5c3925cf84} + False + + + + + + Tree + Controls + + {7448aa5c-b761-5d87-8739-3f75f3b9bce6} + False + + + + + + Bool + AllowHibernate + Specifies whether hibernate is allowed or not. + {689d3496-f5ac-564d-a854-51049117fc42} + True + True + + + + + + + Bool + AllowSystemRequiredPowerRequests + Specifies whether System Required power requests are allowed on systems capable of connected standby. + {9b5df08a-2f38-5ab5-9736-e62b0930bd40} + True + False + + + + + + + Int + BootLowLatencyDuration + + {3953033c-73da-529d-be48-472f6a4a6ed7} + True + + + + + + + Text + DefaultOverlayAcPowerScheme + Specifies the default overlay power scheme to use on AC. + {be079cb2-4505-50d4-8eb2-4532f5535896} + True + + + + + + + Text + DefaultOverlayDcPowerScheme + Specifies the default overlay power scheme to use on DC. + {49786c4b-b95e-50f4-9ea4-f46dc8aa517c} + True + + + + + + + Text + DefaultOverlayPowerScheme + Specifies the default overlay power scheme to use. This setting is deprecated. + {a5af4de0-2c17-55cb-b0e5-d41392819f08} + True + + + + + + + Bool + DimTimeoutIsManuallySpecified + Set to True to control the period before the screen dims using the DimTimeout setting, False to allow Windows to automatically select the period based on the screen off timeout + {76753963-2994-5853-9f96-17e84ed1e968} + True + + + + + + + Int + DirectedDripsAction + + {ba469f6a-18cf-5b39-8261-3b94f377f05c} + True + + + + + + + Bool + DisableBatteryDischargeEstimator + Configures battery discharge time estimaton. + {1e887200-139c-5af2-bd92-da1da473df78} + True + + + + + + + Bool + DisableInboxPepGeneratedConstraints + Specifies whether or not dynamically generate device constraints for inbox pep on modern standby systems. + {89d5e17c-9835-5074-b66c-1b2bef2fd225} + True + + + + + + + Bool + EnableInputSuppression + Specifies whether to suppress input for modern standby systems when the lid is closed. + {28d34ea1-3433-504d-9d79-0a17e2cb3ff5} + True + + + + + + + Bool + EnablePowerButtonSuppression + Specifies whether to suppress power button press for modern standby systems when the input suppression is engaged. + {33c65d17-0164-5624-bf33-caa383657acd} + True + + + + + + + Bool + EnableSettingsAppBatteryCapacitySection + Enable the battery capacity section on the battery saver page of the system settings app. + {3a08c309-0561-59ca-8759-5d881c91a0d4} + True + + + + + + + Int + EnergyEstimationEnabled + + {9d29f5e3-6acb-56c7-99c6-8efc5e0f6f33} + True + + + + + + + Bool + EnforceConsoleLockScreenTimeout + Specifies whether the console lock screen timeout should be enforced independently of the user display timeout + {8b2d8764-c95a-51ea-9ede-61b21232ed8d} + True + + + + + + + Bool + EnforceDisconnectedStandby + Specifies whether to force the network to disconnect during standby + {e90d124b-f26d-5b0a-8ddb-c3ccbcb39f69} + True + + + + + + + Int + HiberFileType + Specifies the type of HiberFile to be used by the system. Set to 'Reduced' to allow Fast Startup but not Hibernate. Set to 'Full' to allow both Fast Startup and Hibernate. + {2b0adf04-1271-52e6-b3bc-cbaa5c0fa4cc} + True + + + + + + + Int + IgnoreCsComplianceCheck + Specifies whether to ignore Connected-Standby compliance checks + {bd277de6-00f8-500e-9a2e-9a20ecca8e36} + True + + + + + + + Bool + LidNotificationsAreReliable + Set to True if the platform guarantees that lid notifications will be sent every time the lid is opened or closed. False otherwise + {20f36f5b-c054-517d-ba23-8ea1cc23627f} + True + + + + + + + Int + SmartUserPresenceConfidence + Specifies the confidence (in percentage) in predicted user-away interval(s) + {3d835cf5-1e07-5433-bb9d-ff0387619893} + True + + + + + + + Tree + EnergyEstimationEngine + + {9419403d-a64b-50a4-a3b4-34e525e4ab41} + False + + + + + + Tree + CPU + Specify the parameters needed for CPU power model. + {febfb0f9-5365-54c4-ae7e-801a425a27b1} + False + + + + + + Map + EfficiencyClass + + {369ef907-a931-5054-9f43-f1302b8b70c8} + True + + + + + + + + + Tree + Display + Specify the parameters needed for display power model. + {d387f19e-0013-5a81-b082-741e5734d595} + False + + + + + + Int + DisplayBacklightPowerFloor + Specifies display backlight power floor in milli-watts. + {c1c2d12f-3368-54ba-9ec0-d3d405fd1d2c} + True + + 25 + 250 + + + + + + + Int + DisplayBacklightPowerGradient + Specifies display backlight power gradient with respect to brightness. + {0c1953b8-6d38-50b3-adfd-6755c11eaccc} + True + + 1 + 25 + + + + + + + Int + DisplayBacklightPowerQDenominator + Specifies display backlight power's denominator part of the gradient with respect to brightness squared. + {32188428-2541-5398-a13d-872eb164068e} + True + + 1 + 100 + + + + + + + Int + DisplayBacklightPowerQNumerator + Specifies display backlight power's numerator part of the gradient with respect to brightness squared. + {2b667342-545a-55af-852b-ab55d5f62052} + True + + 1 + 100 + + + + + + + Int + DisplayPanelPowerAreaFactor + Specifies display panel power factor for panel area. + {9bc9a98c-450a-5605-b0cc-613f9e1f5b73} + True + + 1 + 10 + + + + + + + Int + DisplayPanelPowerDpiFactor + Specifies display panel power factor for display DPI. + {4fe58dee-de2e-5f59-a2c0-f538ca995f77} + True + + 1 + 5 + + + + + + + Int + DisplayPanelPowerFloor + Specifies display panel power floor in milli-watts. + {7cfe33c2-bfe0-5667-a452-c149cd9fba67} + True + + 250 + 1250 + + + + + + + Int + DisplayPanelPowerVsyncDelta + Specifies additional display panel power in milli-watts when vsync is on. + {6a46c686-070b-5859-b75f-5e953be81650} + True + + 25 + 250 + + + + + + + Tree + EnergyEstimationTelemetry + + {eeb7e23b-a11c-599d-b847-a0e04cf8bac2} + False + + + + + + Int + BatteryDrainMaxE3UploadRank + + {8650c434-87bc-5f02-b677-54c191e31f4b} + True + + + + + + + Int + BatteryDrainMinE3UploadBI + + {8c136488-3ca3-5c40-b450-8f9a88eb68b2} + True + + + + + + + Int + BatteryDrainMinRate + + {64811019-9a46-5996-80c8-4ddbbcf8b4ee} + True + + + + + + + Int + LongtermTimerInMinutes + + {885270e5-375c-5014-b166-cdbc5376f067} + True + + + + + + + Int + UploadAcRecords + + {7d78a083-a30e-5d77-893c-3b84b69e0b54} + True + + + + + + + Tree + MobileBroadband + Specify the parameters needed for mobile broadband power model. + {bba57214-014a-5136-bd36-6b961160bfca} + False + + + + + + Map + MBBClass + + {8d78979b-4e3f-59f9-b19b-1c8bfadd129b} + True + + + + + + + + + Tree + StandbyActivationEnergy + Specify the parameters needed for standby activation energy model. + {fe2af717-6943-5683-b828-59193ad0089f} + False + + + + + + Int + DripsPowerFloorMilliWatts + + {4bab1d74-2c57-5454-b65a-f7cbdf5297f1} + True + + + + + + + Int + NonDripsPenaltyMilliWatts + + {c65aabe8-d295-5ff4-8053-3ad1444466ca} + True + + + + + + + Int + Policy + + {4c78a4f6-d878-5c61-84bf-81b2a9d1783e} + True + + + + + + + Int + ScreenOnMaxPercentage + + {88d68634-045a-5b1f-aea7-a14b00d96589} + True + + + + + + + Tree + Storage + Specify the parameters needed for storage power model. + {b003e61c-a13a-54a0-af23-d60a22b58669} + False + + + + + + Map + StorageType + + {a733dc6a-64d1-5ec6-a253-6bf291bf21a3} + True + + + + + + + + + Tree + Wifi + Specify the parameters needed for wifi power model. + {c657fc5d-7184-546d-8301-90792fda1ef7} + False + + + + + + Map + WifiClass + + {90b3c69f-3548-5e76-a6a1-0826d9085c0a} + True + + + + + + + + + Tree + Policy + + {b1cc4255-a176-5fbc-a622-6987804d060c} + False + + + + + + Tree + Definitions + + {ccb9f9f2-f9f4-5e33-9f8c-f8390d5442d6} + False + + + + + + Tree + Processor + + {9eca27ea-717b-5dbc-bd80-6f2b5de95fd2} + False + + + + + + Tree + HeteroDecreaseThreshold + Processor decrease threshold for individual class1 processors + {00df885d-11ee-5c58-96a4-1bf0e8e994b7} + False + + + + + + Map + List + + {21899233-907b-54ca-ac84-c8237d0fc4b0} + True + + ^\d$ + + + + + + + Tree + HeteroDecreaseThreshold1 + Processor decrease threshold for individual class2 processors + {555bee5d-0a8e-5edf-b56d-2f89a7366122} + False + + + + + + Map + List + + {4b063506-6bfa-5d46-95af-bf4d1fa7892c} + True + + ^\d$ + + + + + + + Tree + HeteroIncreaseThreshold + Processor increase threshold for individual class1 processors + {4911151c-1fe2-539c-9a29-eeae29cc9b57} + False + + + + + + Map + List + + {2ddf2b49-7318-5eed-9ad4-caacf4e4e22f} + True + + ^\d$ + + + + + + + Tree + HeteroIncreaseThreshold1 + Processor increase threshold for individual class2 processors + {795a1c00-ef1d-5e1e-ab83-f8c5eea48d04} + False + + + + + + Map + List + + {faa8478a-9b4a-5184-a220-327ac40e478c} + True + + ^\d$ + + + + + + + Tree + Settings + + {b7240274-eb9b-5642-90b1-afaedea91996} + False + + + + + + Tree + AdaptivePowerBehavior + + {fffe2ed2-6d3f-5f8e-bfe1-7a74787c1465} + False + + + + + + Map + SchemePersonality + + {12c14393-9e4d-5cca-a8ac-569580550403} + True + + + + + + + + + Tree + Battery + + {c8c2443d-5489-52e9-aa3a-1a4e908ad82d} + False + + + + + + Map + SchemePersonality + + {d9dfdd2c-bd66-5f75-963d-f4da4440a2b1} + True + + + + + + + + + Tree + Button + + {806de059-224d-5917-a6b4-1621ac0c8708} + False + + + + + + Map + SchemePersonality + + {a7a32b89-9bb5-5962-8dc9-78f28dcd165d} + True + + + + + + + + + Tree + Disk + + {a7ffaf18-6f51-5365-a17d-efc0a7a3086d} + False + + + + + + Map + SchemePersonality + + {35ee2dcc-870b-5f27-9be7-a0f08cd93bf1} + True + + + + + + + + + Tree + Display + + {054b5a2d-5478-5e9a-a22f-590c0080dadc} + False + + + + + + Map + SchemePersonality + + {10e2e336-9ca3-580d-82c5-ab397d1171cc} + True + + + + + + + + + Tree + EnergySaver + + {449b1d14-8c1e-59f1-9f0b-fe21afe4edf3} + False + + + + + + Map + SchemePersonality + + {db303c6a-9621-567b-9a2d-24d578f21578} + True + + + + + + + + + Tree + Graphics + + {fb71e738-29cc-5da5-a15c-7a22c7b612a3} + False + + + + + + Map + SchemePersonality + + {6079cce9-d410-5093-bb96-04a86ebc228a} + True + + + + + + + + + Tree + IdleResiliency + + {cc698800-de19-58f4-9f9c-a03b9f636b46} + False + + + + + + Map + SchemePersonality + + {a8e8789b-4eb9-536d-99a2-51cc1f9353fe} + True + + + + + + + + + Tree + Misc + + {1b4dfdbc-1023-59ab-91a0-81a97fecaa4e} + False + + + + + + Map + SchemePersonality + + {607c659b-b07e-5a30-8245-a8365f00f6dd} + True + + + + + + + + + Tree + Multimedia + + {2928856e-5427-5ec5-9ab9-697e1764552e} + False + + + + + + Map + SchemePersonality + + {95ce02cc-6b5e-50f3-b3b1-acbb93bd01ec} + True + + + + + + + + + Tree + PCIExpress + + {10833689-a012-5bec-9f52-18ad369190d4} + False + + + + + + Map + SchemePersonality + + {19cf3fe3-a70a-53a3-8fbc-00e49bb52aad} + True + + + + + + + + + Tree + Processor + + {1e4b6b47-9034-5fe7-a2b9-1549007f0b12} + False + + + + + + Map + SchemePersonality + + {3a5fb5d8-9f0f-55f4-a7ec-e6ac5b3bce09} + True + + + + + + + + + Tree + Sleep + + {7b057ce7-2706-5287-ad97-3585533d6315} + False + + + + + + Map + SchemePersonality + + {19f8df52-28e6-5e9d-ba35-1cbc90b1c0ef} + True + + + + + + + + + Tree + Privacy + + {105be7e3-aaaf-5e9f-99ce-8a4a575c04a0} + False + + + + + + Int + LetAppsActivateWithVoice + + {a05be8da-1158-5bd0-8d43-de96f7e433ad} + True + 0 + + 0 + 2 + + + + + + + Int + LetAppsActivateWithVoiceAboveLock + + {6ed6f601-cb01-5c96-b488-97361f80c355} + True + 0 + + 0 + 2 + + + + + + + Tree + ProvisioningCommands + Run scripts and commands during provisioning to allow custom setup and installation of win32 applications. + {f2ba411b-f8f4-5a7f-8c62-80f0c175beb2} + False + + + + + + Tree + DeviceContext + Commands and scripts to run in a device context. + {fe52acc0-b37d-53fa-a415-146bddf43713} + False + + + + + + AssetList + CommandFiles + + {d3cd340c-1347-5968-8668-723804ca5ce9} + True + + + + + + Text + CommandLine + + {a0c0d785-1c0c-549e-ae2c-9cf68851901f} + True + + + + + + + Tree + PrimaryContext + Commands and scripts to run in a device context. + {d2607796-13a1-5b6f-8755-6335e7234afa} + False + + + + + + OrderedList + Command + + {a068aee4-a3fb-59da-b485-cf14b30c1d5f} + True + + + + + + Tree + SecureStart + + {f0852fa0-f9e7-5bf0-b4ce-d395aff1fa9a} + False + + + + + + Int + ConfigureSystemGuardLaunch + + {9e77c248-91dd-542c-87c2-19aa0cf931f7} + True + + + + + + + Int + DeviceEnumerationPolicy + + {86206ec3-3807-5b80-af6e-82bf7b4906b0} + True + + + + + + + Int + EnableVirtualizationBasedSecurity + + {124f7110-dec0-5c42-af1c-54510621ab26} + True + + + + + + + Int + HypervisorEnforcedCodeIntegrity + + {26ec264e-cd9f-578c-84a6-806ec99dce14} + True + + + + + + + Int + HypervisorEnforcedCodeIntegrityPreference + + {7dc7ecb9-0c57-5e93-bb0c-d5b65582dbb4} + True + + + + + + + Int + LsaCfgFlags + + {9003c545-7f85-5136-880e-899316d2e201} + True + + + + + + + Tree + SharedPC + Configure a PC for shared use scenarios. + {489272cb-e73b-5521-aff0-8a57c8d68bcf} + False + + + + + + Tree + AccountManagement + Set options for shared PC account management. + {a547dfb9-dc49-5be2-a26a-b2ce4c10c09b} + False + + + + + + Int + AccountModel + Configures which type of accounts are allowed to use the PC. + {f2c8bec1-fc92-5551-b0f6-8fbc63a3fc0d} + True + 0 + + 0 + 2 + + + + + + + Int + DeletionPolicy + Configures when accounts will be deleted. + {cae65797-3046-56f8-b2d5-7c444be24989} + True + 1 + + 0 + 2 + + + + + + + Int + DiskLevelCaching + Stop deleting accounts when available disk space reaches this threshold, given as percent of total disk capacity. + {8abf8b9a-9ce5-52b8-b432-6c821fc8a8e9} + True + 50 + + 0 + 100 + + + + + + + Int + DiskLevelDeletion + Accounts will start being deleted when available disk space falls below this threshold, given as percent of total disk capacity. Accounts that have been inactive the longest will be deleted first. + {cf7e2c68-985e-50f3-a8fc-dbfcaf458a7e} + True + 25 + + 0 + 100 + + + + + + + Bool + EnableAccountManager + Enable the account manager for shared PC mode. + {3cdbd5e1-f67b-5382-aebe-2f319805e7de} + True + False + + + + + + + Int + InactiveThreshold + Accounts will start being deleted when they have not been logged on during the specified period, given as number of days. + {0eb1c485-47e0-5338-9bae-a24ff7a97dd1} + True + 30 + + 0 + + + + + + + Text + KioskModeAUMID + Specifies the AUMID of the app to use with assigned access. + {1bbf4b35-d76c-54ce-8428-db499554bb7b} + True + + + + + + + Text + KioskModeUserTileDisplayText + Specifies the display text for the account shown on the sign-in screen which launches the app specified by KioskModeAUMID. + {947c3a93-92b3-557d-9a10-ed63d5452c5c} + True + + + + + + + Bool + EnableSharedPCMode + Enable shared PC mode and apply policies. + {3b615ac2-52bb-5c9e-a8a4-bfb34207cbc1} + True + False + + + + + + + Tree + PolicyCustomization + Shared PC mode policy customization. + {5170d3c3-ce38-5d08-a45d-b2349ca04f07} + False + + + + + + Int + MaintenanceStartTime + Daily start time of maintenance hour, given in minutes from midnight. + {95fdb203-494e-5ede-94bb-74bf66ed7e5e} + True + 0 + + 0 + 1440 + + + + + + + Int + MaxPageFileSizeMB + Maximum size of the paging file in MB. Applies only to systems with less than 32 GB storage and at least 3 GB of RAM. + {20b21599-2efa-579a-87e2-3eb579814825} + True + 1024 + + 1024 + 2048 + + + + + + + Bool + RestrictLocalStorage + Restrict using local storage when configuring shared PC mode. + {34b4a29d-285b-527e-9a56-c7b95dd1a68f} + True + False + + + + + + + Bool + SetEduPolicies + Set education-appropriate policies. + {e1512032-d981-54e6-8f47-c80ec8d9326c} + True + False + + + + + + + Bool + SetPowerPolicies + Set power policies when configuring shared PC mode. + {c49a609d-18f3-51b3-ab0d-2e7397cd4a1f} + True + True + + + + + + + Bool + SignInOnResume + Require users to sign in when the device resumes from sleep. + {75cdcac5-9d50-54dd-8fa5-f78431c53bc9} + True + False + + + + + + + Int + SleepTimeout + The amount of idle time before the PC sleeps, given in seconds. 0 means the PC never sleeps. + {2d8e569e-bf1f-5924-81c0-bd548b799a16} + True + 300 + + + + + + + Tree + SMISettings + Configure device with custom shell and suppress Windows UI during boot and logon + {ca4d4ca4-3fd7-5380-bc72-aa671faf0005} + False + + + + + + Tree + AutoLogon + sign in automatically at startup without the user needing to enter a user name and password. + {5272fa48-1192-5f16-b6de-91d820fd721f} + False + + + + + + Text + DomainName + Domain name of the auto logon user. + {c6267c54-d0fd-5f57-9ee9-95b847ffb1c6} + True + + + + + + + Text + Enable + Enable Auto Logon + {9c7725f4-e4cf-5d07-b50c-268d804e1323} + True + 1 + + + + + + + Text + Password + Password of the auto logon user. + {0ee1971a-8c0c-534c-819c-3e7c3c1a8fdf} + True + + + + + + + Text + UserName + Default user name that will be automatically signed into. + {cad2f602-f8f0-5740-a656-e211115c508c} + True + + + + + + + Int + BrandingNeutral + Bit-based setting for disabling UI anchors on logon screen. + {72731099-2d68-537d-a67a-a7f8fee5af34} + True + 17 + + + + + + + Int + CrashDumpEnabled + Specify the type of information to be saved in the event of a crash. + {079ebd21-aeb3-5c90-8464-02b651d2cee5} + True + + + + + + + Bool + DisableBootMenu + Disables boot menus (F8/F10/OS Selection). + {14e7b220-7e3b-515a-843b-dff1bce08e01} + True + False + + + + + + + Bool + DisplayDisabled + Disable the crash screen. + {fcf1e70a-7608-5521-999a-1fadb98d291b} + True + False + + + + + + + Bool + HideAllBootUI + Boolean setting for hiding all of the boot UI elements. + {4b587ffa-3d88-5400-ada9-919d98486f5d} + True + False + + + + + + + Bool + HideAutologonUI + Boolean setting for disabling AutoLogon UI. + {aba0c576-6271-5a23-9e7a-f3e573e7d476} + True + False + + + + + + + Bool + HideBootLogo + Disable the boot logo. + {6638ae42-63ad-5888-a540-bb9f1a526cc6} + True + False + + + + + + + Bool + HideBootStatusIndicator + Hide the boot status indicator. + {192a64a8-6fed-5834-95f0-33b728c4c24a} + True + False + + + + + + + Bool + HideBootStatusMessage + Hide boot status message. + {f0afec4a-6254-50c9-a7c9-5e3e1e15fff9} + True + False + + + + + + + Bool + HideFirstLogonAnimation + Boolean setting for disabling First Logon Animation. + {9fcd27ed-9ccd-5431-9be9-e05cbcc8186d} + True + True + + + + + + + Tree + KeyboardFilter + Configure device to suppress undesireable key presses or key combinations + {5b77b6f4-8ef2-5a67-89b2-243c63e60e70} + False + + + + + + Tree + CustomKeyFilters + + {ac25652f-17fd-570c-8471-5a372760a31f} + False + + + + + + Map + CustomKeyFilter + + {47052d30-6f19-5e93-aafb-9b3281fa8852} + True + + + + + + + + + Tree + CustomScancodeFilters + + {550089a9-f980-5899-b414-4312a3911bc9} + False + + + + + + Map + CustomScancodeFilter + + {b513f105-6016-5267-9731-d777d09d7f74} + True + + + + + + + + + Bool + DisableKeyboardFilterForAdministrators + Disable Keyboard Filtering of Administrator Users + {80e52848-657f-5ba4-a62e-f169a48c1c00} + True + False + + + + + + + Int + Enable + Enable Keyboard Filter + {fc7e8408-0a2b-52b9-a170-23317f30db71} + True + 2 + + + + + + + Bool + ForceOffAccessibility + Force off all accessibility features that interfere with the Keyboard Filter. + {b85d767f-605d-5803-9696-aa85595deaed} + True + False + + + + + + + Tree + PredefinedKeyFilters + + {154f5599-f7a0-518d-93c6-48143508bc22} + False + + + + + + Text + Alt + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {c0e97d9c-a91a-521e-8547-f7b7ef1a1ba2} + True + Allowed + + + + + + + Text + AltF4 + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {e63c550b-90dc-5506-a9d1-17e4d4df95de} + True + Allowed + + + + + + + Text + AltSpace + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {5e665e3a-e38e-569c-af9a-8c4ee26a0b37} + True + Allowed + + + + + + + Text + AltTab + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {d01b40af-252d-55ce-b2ed-06f8f4417895} + True + Allowed + + + + + + + Text + AltWin + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {21ec8a14-f731-5999-9466-865bf5e7743c} + True + Allowed + + + + + + + Text + Application + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {c99cad4c-4674-5b2f-9ecc-faeaae791b45} + True + Allowed + + + + + + + Text + BrowserBack + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {8e12c1a9-7234-5e37-94d9-373d1e378cf4} + True + Allowed + + + + + + + Text + BrowserFavorites + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {2061f183-f0ac-5c35-aeff-3e909d4c6e83} + True + Allowed + + + + + + + Text + BrowserForward + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {0dde9b05-a1ba-5cf6-bf4e-20803f693892} + True + Allowed + + + + + + + Text + BrowserHome + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {47c87cf7-dbce-578e-9321-4eddc4fd85f8} + True + Allowed + + + + + + + Text + BrowserRefresh + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {cca50b29-b1eb-50f8-81f7-32b69ce88d5a} + True + Allowed + + + + + + + Text + BrowserSearch + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {ae785354-5dc1-57c1-8510-33b2e42ee6a3} + True + Allowed + + + + + + + Text + BrowserStop + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {1f0eb0ac-1eee-5cc4-bac5-c3905fde11d5} + True + Allowed + + + + + + + Text + Ctrl + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {534a7d48-f6de-5e47-8071-1c007b2524fb} + True + Allowed + + + + + + + Text + CtrlAltDel + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {ae5aced0-c448-50a8-a72a-144adaa58eab} + True + Allowed + + + + + + + Text + CtrlEsc + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {745884af-b23a-5c5a-a5f9-a2f9591b6c11} + True + Allowed + + + + + + + Text + CtrlF4 + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {d15d6773-1024-527f-98f0-8e303f4b88eb} + True + Allowed + + + + + + + Text + CtrlTab + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {0196fbcb-45aa-528a-ad11-ac5f17e7137d} + True + Allowed + + + + + + + Text + CtrlWin + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {413cff0f-ed09-520b-bfaf-524b0b9f5180} + True + Allowed + + + + + + + Text + CtrlWinF + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {49545c84-d136-54a0-8cdc-493b748d87aa} + True + Allowed + + + + + + + Text + Escape + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {ffb6ee7a-3cb2-57cc-afad-20e64eb939a7} + True + Allowed + + + + + + + Text + F21 + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {aace6119-c70d-58c6-88fc-264b0bb21d2d} + True + Allowed + + + + + + + Text + LaunchApp1 + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {da32598c-d131-5226-a6e5-de08f6b49216} + True + Allowed + + + + + + + Text + LaunchApp2 + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {4eed1f86-e55d-5a4e-ad39-26a6fb3b96d3} + True + Allowed + + + + + + + Text + LaunchMail + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {973baa9b-0729-5e95-bbc5-34f2826b1cea} + True + Allowed + + + + + + + Text + LaunchMediaSelect + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {d62966a5-c9af-517a-9a3b-9c038e164989} + True + Allowed + + + + + + + Text + LShiftLAltNumLock + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {efe90d10-1aff-57fb-9df0-799a36a019cf} + True + Allowed + + + + + + + Text + LShiftLAltPrintScrn + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {fb217cd8-03f4-55c1-858f-837b21bcad56} + True + Allowed + + + + + + + Text + MediaNext + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {6e860f09-211b-5281-b9e0-048eb04ba45d} + True + Allowed + + + + + + + Text + MediaPlayPause + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {c2c67d77-0bf5-5145-acb5-26e39597bbcd} + True + Allowed + + + + + + + Text + MediaPrev + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {4cbc804b-eba2-5148-8952-28f1e4857ed2} + True + Allowed + + + + + + + Text + MediaStop + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {72e006b4-b40c-536f-8c46-ecb957ca28f6} + True + Allowed + + + + + + + Text + Shift + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {021c9b09-ea7b-5451-a7cf-a639943ccbd5} + True + Allowed + + + + + + + Text + ShiftCtrlEsc + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {f7a01324-0f33-5c51-8ad5-e01dbc089a30} + True + Allowed + + + + + + + Text + ShiftWin + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {ce610308-e798-5850-b3ec-8526f9643051} + True + Allowed + + + + + + + Text + VolumeDown + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {bfd95c8b-b0f0-56db-8ea7-0d83b332ed7a} + True + Allowed + + + + + + + Text + VolumeMute + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {672ad891-d946-5809-aca8-68932417dda8} + True + Allowed + + + + + + + Text + VolumeUp + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {c7deb060-7c21-5886-af82-2734d6849b70} + True + Allowed + + + + + + + Text + WinB + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {798aa36c-0b54-58ac-aa01-8a234de57a62} + True + Allowed + + + + + + + Text + WinBreak + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {4db0a9ee-123c-5f62-83f4-58fa8143caa7} + True + Allowed + + + + + + + Text + WinC + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {774f9d0c-1cbd-5a1d-9adc-98173dc69527} + True + Allowed + + + + + + + Text + WinComma + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {053731ef-a3ef-52a6-93ac-37a4f0eddc5e} + True + Allowed + + + + + + + Text + WinD + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {77e47a43-4577-5121-b27b-7d4c75b0baec} + True + Allowed + + + + + + + Text + WinDown + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {1066eb2f-a69a-58a1-9118-14bb9f6aa008} + True + Allowed + + + + + + + Text + Windows + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {477e14b2-d5b5-5c20-b81e-66545d166232} + True + Allowed + + + + + + + Text + WinE + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {a50b2719-f8d2-5aa9-b175-4da9ba8f8cd8} + True + Allowed + + + + + + + Text + WinEnter + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {34dfadd0-d3a6-54d3-871a-4d33398f41ec} + True + Allowed + + + + + + + Text + WinEsc + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {f129f59d-ed51-5437-93a5-86f63effee63} + True + Allowed + + + + + + + Text + WinF + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {f3e553c8-7af6-5a10-b574-37be630c09e6} + True + Allowed + + + + + + + Text + WinF1 + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {98abd064-e81e-5640-ba4d-095337810e22} + True + Allowed + + + + + + + Text + WinForwardslash + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {7511a28e-8103-51c3-af03-eb45f2aaa914} + True + Allowed + + + + + + + Text + WinH + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {6de7065c-4b8d-5fb8-987f-76ca778cdf79} + True + Allowed + + + + + + + Text + WinHome + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {eb64067a-91a7-584d-940b-b09f1dcdacb5} + True + Allowed + + + + + + + Text + WinI + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {d47c70b4-4cd6-5446-8424-58cb69969766} + True + Allowed + + + + + + + Text + WinJ + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {515855ce-90b8-5dfc-ae6c-02b7006f0be4} + True + Allowed + + + + + + + Text + WinK + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {abf0c969-5719-5b76-b998-f56a4179251c} + True + Allowed + + + + + + + Text + WinL + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {b4919964-4574-50fd-b9bb-fc835bf132dd} + True + Allowed + + + + + + + Text + WinLeft + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {81291e41-dc8c-595d-87c3-06e550de296a} + True + Allowed + + + + + + + Text + WinM + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {85724f42-78cf-5a8f-80d9-f8bfd9a4792b} + True + Allowed + + + + + + + Text + WinMinus + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {2559286c-b168-557c-8388-818f9ba90b37} + True + Allowed + + + + + + + Text + WinO + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {e630163b-2bdf-5541-8713-8bea76b07f83} + True + Allowed + + + + + + + Text + WinP + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {0288e3f8-dde9-5a1f-af98-191620e619aa} + True + Allowed + + + + + + + Text + WinPageDown + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {a0ad145f-4d6e-5e48-8048-e5d980240a97} + True + Allowed + + + + + + + Text + WinPageUp + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {40633434-193b-5957-9147-f1d3b81d40e0} + True + Allowed + + + + + + + Text + WinPeriod + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {f1931b72-ae6b-552c-b5e4-3e5e5d28ad61} + True + Allowed + + + + + + + Text + WinPlus + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {aff295ac-4aaf-5a26-b69c-6a4cfaa0c255} + True + Allowed + + + + + + + Text + WinQ + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {9af86e4c-8127-50e8-a324-0c87ac8a5200} + True + Allowed + + + + + + + Text + WinR + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {3ba5c690-7a78-540a-a4c1-42a1a7123bd6} + True + Allowed + + + + + + + Text + WinRight + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {5ee53243-d6dd-5f0c-8652-500f741c5be2} + True + Allowed + + + + + + + Text + WinShiftDown + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {d5dc4e8c-b396-5630-87be-5abf891cc1ae} + True + Allowed + + + + + + + Text + WinShiftLeft + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {d2a49474-b83a-52a0-9ec2-2bbc3991c5b7} + True + Allowed + + + + + + + Text + WinShiftRight + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {fa2d9612-f3dc-53ab-af00-5d92d808ce69} + True + Allowed + + + + + + + Text + WinShiftUp + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {dd226f7d-6e91-5935-b248-344bfe5dc1dc} + True + Allowed + + + + + + + Text + WinSpace + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {c6a946e3-6772-5799-af86-50a03d465ad1} + True + Allowed + + + + + + + Text + WinT + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {ee3836e8-8ad6-55fb-8ac7-2f64636d1808} + True + Allowed + + + + + + + Text + WinTab + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {ed2aec11-bf07-5611-ab9f-83187e9068f7} + True + Allowed + + + + + + + Text + WinU + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {02a334b8-b2ba-5f8b-aa01-1635868a73ba} + True + Allowed + + + + + + + Text + WinUp + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {474247bb-c03a-5eb3-84e2-20ff8dd0422a} + True + Allowed + + + + + + + Text + WinV + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {b3d711c5-67f5-5fce-bd25-386dbb8fb736} + True + Allowed + + + + + + + Text + WinW + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {c7e54cfe-665b-5b51-981c-9302faf59038} + True + Allowed + + + + + + + Text + WinZ + If nothing is specified, the value will default to Allow. Specifying Block will suppress the key combination + {245eb1f2-6952-5f27-a333-5ca9a3c6fd61} + True + Allowed + + + + + + + Bool + NoLockScreen + Boolean setting for disabling lock screen. + {192ef0e2-4bba-521a-bf22-bfd62b9fd87e} + True + False + + + + + + + Tree + ShellLauncher + Replaces explorer.exe with a custom shell application + {dca90d02-c088-5bec-b27c-81da2ce2dc8f} + False + + + + + + Text + DefaultCustomShell + Default custom shell launched by Shell Launcher. The shell will default to cmd.exe if not specified. + {63cfc81b-8817-501f-952f-54399836d9a2} + True + cmd.exe + + + + + + + Int + DefaultReturnCodeAction + Action for custom shell return code that is not specified for the logon user. + {1c0225b6-b6a3-57be-8314-3123cc615486} + True + 0 + + + + + + + Text + Enable + Enable Shell Launcher + {d8017b36-0da5-54bd-8b90-3820727d681b} + True + eshell.exe + + + + + + + Tree + UserSpecificSettings + Holds Custom Shell Settings for Local/Domain users and user SID + {76cc0c5e-843c-52a8-a918-68c0c0191718} + False + + + + + + Map + DomainUserSpecificSettings + Specific settings per each domain user + {9c75a1b7-0f9c-59af-bd40-c90c83ee5a29} + True + + ^[^\\\\]+$ + + + + + + + Map + LocalUserSpecificSettings + Specific settings per each local user + {29bbd7f0-40bf-5eba-acc0-2e93c2b922b7} + True + + ^[^\\\\]+$ + + + + + + + Map + UserSIDSpecificSettings + Specific settings per each user + {e27213b5-d88b-553e-a9c0-6acdd4cd723e} + True + + + + + + + + + Int + UIVerbosityLevel + Integer setting for Windows logon status display. + {bf2013c1-b837-53e8-bece-5fea11ae8430} + True + 0 + + + + + + + Tree + Start + + {410ad6bf-dc9f-58cd-9a00-63015e609bbc} + False + + + + + + Asset + StartLayout + Deploy Start Layout LayoutModification.xml file to the device (Ensure file name is LayoutModification.xml) + {5d9d40e4-2a59-5755-a2f2-c8299d508106} + True + + + + + + + Tree + StorageD3InModernStandby + StorageD3InModernStandby allows an OEM to enable Storage Device D3 in Modern Standby platform. + {28159dcb-bdb4-564a-b700-bd1274bb923f} + False + + + + + + Int + StorageD3InModernStandby + + {f3173630-8b35-5b86-ac07-a68ff1827ab8} + True + 0 + + + + + + + Tree + TabletMode + + {5d037e79-5686-5fb9-8cf4-1ab7b3f3b4b3} + False + + + + + + Int + ConvertibleSlateModePromptPreference + Sets the default for hardware-based prompts + {d9daae4f-edf9-5f4a-bf32-44ae8f44169d} + True + + + + + + + Int + SignInMode + Specifies whether users switch to tablet mode by default after signing in + {802e1a62-7d22-5b77-8d8b-79abd0e83a12} + True + + + + + + + Tree + TakeATest + Configure "Take a Test" + {73729527-8269-5c71-9670-3dd5ce228d73} + False + + + + + + Bool + AllowScreenMonitoring + Indicates if screen monitoring is allowed by the app. + {848541ca-4954-5731-9d65-ab05ee503c3f} + True + False + + + + + + + Bool + AllowTextSuggestions + Indicates if keyboard text suggestions are allowed by the app. + {bba426a8-8d15-5736-b91c-5215906ca3a0} + True + False + + + + + + + Text + Assessments + Enables support for multiple assessments and for assessment grouping. The structure is specified by an XML. + {4564c8cd-698c-5e81-8160-7a4df063c165} + True + + + + + + + Text + LaunchURI + Specify a link to an assessment that will be automatically loaded when the "Take a Test" app is launched. + {d4922fa5-5fc6-5d6a-917a-c83bd403d893} + True + + + + + + + Bool + RequirePrinting + Indicates if printing is required by the app. + {e1fe8961-51e4-5d98-9321-ceb51659eead} + True + False + + + + + + + Text + TesterAccount + Specify the dedicated account to use when taking a test. + {2239087b-b5ee-538a-adeb-391415fa7618} + True + + + + + + + Tree + TenantDefinedTelemetry + + {92baa3db-f80f-5ca7-a687-6d5f395f2126} + False + + + + + + Int + CustomTelemetryId + This policy is used to let mission control know what type of Edition we are currently in. + {1433eb4c-e1cf-5f30-9631-4ad9682e832f} + True + 0 + + + + + + + Tree + Time + + {e7928cc2-8995-5e92-b423-9e8fce22fc4b} + False + + + + + + Bool + ProvisionSetTimeZone + When set to TRUE skips time zone assignment during first user logon + {b9a540b0-55b3-5f59-8f83-a1ecc2d4b2b2} + True + True + + + + + + + Tree + UnifiedWriteFilter + Unified Write Filter Provisioning Settings + {e3264e7c-d87b-5613-bebc-73502f2c1048} + False + + + + + + Bool + FilterEnabled + Enable/Disable Unified Write filter + {43a6d041-d29f-5ade-b8b8-3b449242753a} + True + False + + + + + + + Int + OverlayFlags + Change UWF Overlay Flags + {0612c929-81b5-5129-8f2c-bcd672c3d0c0} + True + 0 + + + + + + + Int + OverlaySize + Change Maximum Overlay Size(MB) + {fb69f06e-225f-52be-ad87-b6b21a323942} + True + + 1024 + + + + + + + Int + OverlayType + Change UWF Overlay Type + {85bd8078-2ddb-5af2-a18e-8f33dbe67e6c} + True + 0 + + + + + + + Tree + RegistryExclusions + + {00ee5cee-3525-5986-a674-2edd23076ce3} + False + + + + + + Map + Add + List of registries being excluded from protection + {c7897de1-362a-5cca-a9b4-705b3e5686ad} + True + + + + + + + + + Map + Remove + List of registries being removed from registry exclusion + {1c0a8429-912e-5435-9b48-82fe89ff9b99} + True + + + + + + + + + Bool + ResetPersistentState + Reset UWF Overlay Persistent State + {299c7b9c-5487-5856-9275-fbc87f2bbb84} + True + False + + + + + + + Map + Volumes + List of historically protected volumes + {dff29190-a08c-5074-85b8-8b2fa8c8ece1} + True + + 2 + 2 + ([a-z]|[A-Z]): + + + + + + + Tree + UniversalAppInstall + Install Universal Applications from the Store or Hosted location + {df61ebac-70e8-5f97-b598-2948a08d3a6a} + False + + + + + + Map + DeviceContextApp + + {79bd0dc7-f6d4-5431-934f-016272224520} + True + + + + + + + + + Map + DeviceContextAppLicense + + {8a57f7b8-a513-5a79-a219-724f45b768d9} + True + + + + + + + + + Map + DeviceContextStoreInstall + + {e16a20c2-d939-5cc3-8d08-695fc590090b} + True + + + + + + + + + Map + StoreInstall + + {0fc75268-a34f-557a-b410-5059da16fa10} + True + + + + + + + + + Map + UserContextApp + + {0943d1c4-e8a3-53e1-aa22-32c8040b5812} + True + + + + + + + + + Map + UserContextAppLicense + + {e8108278-8d39-5811-8a25-5dd96553e702} + True + + + + + + + + + Tree + UniversalAppUninstall + Uninstall Universal Applications + {bd00e2f3-b56e-5959-8375-711927a171e2} + False + + + + + + Map + Nonremovable + + {6a20fee5-cb7d-5253-93cc-c44c10197e93} + True + + + + + + + + + Map + RemoveProvisionedApp + + {9f85d3c8-e003-5d8f-acf5-968fa1b61d02} + True + + + + + + + + + Map + Uninstall + + {40b77279-d5fe-5953-ba0f-4d840b623304} + True + + + + + + + + + Tree + UsbErrorsOEMOverride + UsbErrorOEMOverride Allows a OEM to Hide All USB Device Errors + {5fdd6cd0-febb-5c36-8da0-1460fa0345ff} + False + + + + + + Int + HideUsbErrorNotifyOptionUI + + {ba6b6683-4f62-5579-97e2-bcf1487ed0aa} + True + 0 + + + + + + + Tree + WeakCharger + Enable Weak Charger Notification by Default + {26b9f1b8-8603-55bb-b2ea-74853531fe3e} + False + + + + + + Int + HideWeakChargerNotifyOptionUI + + {ee9c0ea8-ff58-5754-8bd3-d7d4274646b2} + True + 0 + + + + + + + Int + NotifyOnWeakCharger + + {ae883710-4432-551e-97ef-4b03d93b4724} + True + 0 + + + + + + + Tree + WindowsHelloForBusiness + Configure a PC for Windows Hello for Business. + {a1459f29-bbc0-5e45-a13b-7d5c1cadf922} + False + + + + + + Tree + Biometrics + Configure biometrics usage for Windows Hello. + {f100e63e-def1-56ed-800e-f37fec8fea44} + False + + + + + + Bool + FacialFeaturesUseEnhancedAntiSpoofing + This setting determines whether enhanced anti-spoofing is required for Windows Hello face authentication. If you enable this setting, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. This disables Windows Hello face authentication on devices that do not support enhanced anti-spoofing. If you disable or do not configure this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication. Note that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices. + {8c1768d5-7714-59ed-8ae3-c1a8a903c1bd} + True + False + + + + + + + Bool + UseBiometrics + Windows Hello for Business enables users to use biometric gestures, such as face and fingerprints, as an alternative to the PIN gesture. However, users must still configure a PIN to use in case of failures. If you enable or do not configure this policy setting, Windows Hello for Business allows the use of biometric gestures. If you disable this policy setting, Windows Hello for Business prevents the use of biometric gestures. NOTE: Disabling this policy prevents the use of biometric gestures on the device for all account types. + {14bc1144-efc2-5af5-9495-521e5f640d49} + True + True + + + + + + + Tree + PoliciesForAllTenants + Configure Policies on any tenant ID for Windows Hello. + {7c128e56-135f-5668-9ec5-de5923a42f51} + False + + + + + + Bool + UsePassportForWork + Windows Hello for Business is an alternative method for signing into Windows using your Active Directory or Azure Active Directory account that can replace passwords, Smart Cards, and Virtual Smart Cards. If you enable or do not configure this policy setting, the device provisions Windows Hello for Business for all users. If you disable this policy setting, the device does not provision Windows Hello for Business for any user. + {49d431b5-64ca-5595-9312-f30ee540f49d} + True + True + + + + + + + Map + PoliciesForTenant + + {20fc24d1-3a85-5992-a238-58dc216378d1} + True + + + + + + + + + Tree + SecurityKeys + Configure Security Keys for Windows Hello. + {518861b4-40af-534e-a85e-eb54ddcb4cb8} + False + + + + + + Int + UseSecurityKeyForSignin + Use Security Keys for Windows Hello at logon + {51e92a7c-4ccf-5f87-8555-dac12ef1e9ae} + True + 0 + + 0 + 1 + + + + + + + Tree + Workplace + + {d2d05d60-0311-54f8-83c0-877e5babc93b} + False + + + + + + Map + Enrollments + + {c1bcfc86-d030-5916-b640-12cf9c6adf37} + True + + + + + + + + + \ No newline at end of file diff --git a/windows configuration/customizations.xml b/windows configuration/customizations.xml new file mode 100644 index 0000000..fb2f9aa --- /dev/null +++ b/windows configuration/customizations.xml @@ -0,0 +1,44 @@ + + + + {6ab276ae-cebd-470e-be67-5076a18a11be} + main + 1.2 + OEM + 0 + + + + + + + + True + + + + + + D:\Downloads\provisioning.ps1 + D:\Downloads\setup.ps1 + D:\Downloads\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe.msixbundle + D:\Downloads\Microsoft.UI.Xaml.2.8.x64.appx + D:\Downloads\Microsoft.VCLibs.x64.14.00.Desktop.appx + + powershell.exe -ExecutionPolicy Bypass -File setup.ps1 + + + + + cmd /c net user admin /add && net localgroup administrators admin /add + + + reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\OOBE /v DisablePrivacyExperience /t REG_DWORD /d 1 + + + + + + + + \ No newline at end of file diff --git a/windows configuration/main.icdproj.xml b/windows configuration/main.icdproj.xml new file mode 100644 index 0000000..8122dd5 --- /dev/null +++ b/windows configuration/main.icdproj.xml @@ -0,0 +1,19 @@ + + + + + File + All Windows desktop editions + Microsoft-Desktop-Provisioning.dat + Desktop + 10.0 + Selecting this option will display settings that are specific to the desktop editions as well as settings that are common to all Windows editions. + + + \ No newline at end of file