Windows 10 Fall Creators Update GPO: Hide the Virus and Threat Protection Panel

With Windows 10 Fall Creators Update ready to deliver on October 17, there are some new Group Policy settings that will be introduced. As these are uncovered, we’ll highlight them here on myITforum.

  • ADMX File: WindowsDefenderSecurityCenter.admx
  • Overview: Hide the Virus and threat protection area
  • Class: Machine
  • Location: SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Virus and threat protection
  • Value: UILockdown
  • Policy values:  1 (Enabled); 0 (Disabled)
  • Details: Hide the Firewall and network protection area in the Windows Defender Security Center.  Enabled: The Firewall and network protection area will be hidden. Disabled: The Firewall and network protection area will be shown. Not configured:  Same as Disabled.

 


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Windows 10 Fall Creators Update GPO: Hiding the Family Options Panel in Security Center

With Windows 10 Fall Creators Update ready to deliver on October 17, there are some new Group Policy settings that will be introduced. As these are uncovered, we’ll highlight them here on myITforum.

  • ADMX File: WindowsDefenderSecurityCenter.admx
  • Overview: Hide the Family options area
  • Class: Machine
  • Location: SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Family options
  • Value: UILockdown
  • Policy values:  1 (Enabled); 0 (Disabled)
  • Details: Hide the Family options area in the Windows Defender Security Center. Enabled: The Family options area will be hidden. Disabled: The Family options area will be shown. Not configured: Same as Disabled.

 


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Windows 10 Fall Creators Update GPO: Configure Support Info for Windows Defender

With Windows 10 Fall Creators Update ready to deliver on October 17, there are some new Group Policy settings that will be introduced. As these are uncovered, we’ll highlight them here on myITforum.

  • ADMX File: WindowsDefender.admx
  • Overview: Configure customized contact information
  • Class: Machine
  • Location: SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Enterprise Customization
  • Value: EnableInApp
  • Policy values:  1 (Enabled); 0 (Disabled)
  • Details: Display specified contact information to local users in a contact card flyout menu in the Windows Defender Security Center. Disabled: No contact information will be shown in the Windows Defender Security Center.  Not configured: Same as Disabled. Enabled: Your company contact information will be displayed in a flyout menu in the Windows Defender Security Center. After setting this to Enabled, you must configure the Specify contact company name GP setting and at least one of the following GP settings:
-Specify contact phone number or Skype ID
-Specify contact email number or email ID
-Specify contact website

 

  • ADMX File: WindowsDefender.admx
  • Overview: Specify contact phone number or Skype ID
  • Class: Machine
  • Location: SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Enterprise Customization
  • Value: (See above)
  • Policy values:  (see details)
  • Details: Specify the phone number or Skype ID that will be displayed in the Windows Defender Security Center and associated notifications. Users can click on the contact information to automatically call the supplied number. Skype will be used to initiate the call. Enabled: Enter the phone number or Skype ID in the Options section. Disabled: A contact phone number or Skype ID will not be shown in either the Windows Defender Security Center or any notifications it creates. Not configured: Same as Disabled.

 


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Windows 10 Fall Creators Update GPO: Block Dangerous Websites

With Windows 10 Fall Creators Update ready to deliver on October 17, there are some new Group Policy settings that will be introduced. As these are uncovered, we’ll highlight them here on myITforum.

  • ADMX File: WindowsDefender.admx
  • Overview: Prevent users and apps from accessing dangerous websites
  • Class: Machine
  • Location: Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection
  • Value: EnableNetworkProtection
  • Policy values:  (see details)
  • Details: Enable or disable Windows Defender Exploit Guard network protection to prevent employees from using any application to access dangerous domains that may host phishing scams, exploit-hosting sites, and other malicious content on the Internet.
– Enabled:  Specify the mode in the Options section:
– Block: Users and applications will not be able to access dangerous domains
– Audit Mode: Users and applications can connect to dangerous domains, however if this feature would have blocked access if it were set to Block, then a record of the event will be in the event logs.
– Disabled: Users and applications will not be blocked from connecting to dangerous domains.
– Not configured: Same as Disabled.

 


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Windows 10 Fall Creators Update GPO: Configure Attack Surface Reduction rules

With Windows 10 Fall Creators Update ready to deliver on October 17, there are some new Group Policy settings that will be introduced. As these are uncovered, we’ll highlight them here on myITforum.

  • ADMX File: WindowsDefender.admx
  • Overview: Configure Attack Surface Reduction rules
  • Class: Machine
  • Location: Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR
  • Value: ExploitGuard_ASR_Rules
  • Policy values:  (see details)
  • Details: Set the state for each Attack Surface Reduction (ASR) rule.  After enabling this setting, you can set each rule to the following in the Options section:
    – Block: the rule will be applied
– Audit Mode: if the rule would normally cause an event, then it will be recorded (although the rule will not actually be applied)
– Off: the rule will not be applied
    Enabled:
Specify the state for each ASR rule under the Options section for this setting.
Enter each rule on a new line as a name-value pair:
– Name column: Enter a valid ASR rule ID
– Value column: Enter the status ID that relates to state you want to specify for the associated rule
    The following status IDs are permitted under the value column:
– 1 (Block)
– 0 (Off)
– 2 (Audit)Example:
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx            0
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx            1
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx            2

    Disabled:
No ASR rules will be configured.
    Not configured:
Same as Disabled.
    You can exclude folders or files in the “”””Exclude files and paths from Attack Surface Reduction Rules”””” GP setting.

 


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

New modern management features for IT pros

Windows 10 is designed for Modern IT. In this session, we talk about how the different ways you can modernize IT management to get the most out of Windows 10 devices. This session is presented to you by the Windows modern management team alongside Jeremy Moskowitz, 15-year Group Policy and MDM MVP. The session covers the paths we see organizations adopt to move to modern management, when to use modern management, challenges we see and how we recommend addressing them. Also, learn about new modern management features in Windows 10 that helps make MDM feature rich, where Group Policy and MDM have parity, where there is still work to do, and how we work with vendors to make Day-1 support possible for every Windows release._x000D_

 


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Windows 10 Fall Creators Update GPO: Managing Edge Favorites

With Windows 10 Fall Creators Update ready to deliver on October 17, there are some new Group Policy settings that will be introduced. As these are uncovered, we’ll highlight them here on myITforum.

  • ADMX File: MicrosoftEdge.admx
  • Overview: Provision Favorites.
  • Class: Machine/User
  • Location: Software\Policies\Microsoft\MicrosoftEdge\Favorites
  • Value: ConfiguredFavorites
  • Policy values: (Custom)
  • Details: This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites. If you enable this setting, you can set favorite URL’s and favorite folders to appear on top of users’ favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites. Important: Don’t enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. If you disable or don’t configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.

 

  • ADMX File: MicrosoftEdge.admx
  • Overview: Prevent changes to Favorites on Microsoft Edge.
  • Class: Machine/User
  • Location: Software\Policies\Microsoft\MicrosoftEdge\Favorites
  • Value: LockdownFavorites
  • Policy values:    1 (Enabled);   0 (Disabled)
  • Details: This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge. If you enable this setting, employees won’t be able to add, import, or change anything in the Favorites list. Also as part of this, Save a Favorite, Import settings, and the context menu items (such as, Create a new folder) are all turned off. Important: Don’t enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. If you disable or don’t configure this setting (default), employees can add, import and make changes to the Favorites list.

Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Windows 10 Fall Creators Update GPO: Disable Books Library in Microsoft Edge

With Windows 10 Fall Creators Update ready to deliver on October 17, there are some new Group Policy settings that will be introduced. As these are uncovered, we’ll highlight them here on myITforum.

  • ADMX File: MicrosoftEdge.admx
  • Overview: Always show the Books Library in Microsoft Edge.
  • Class: Machine/User
  • Location: Software\Policies\Microsoft\MicrosoftEdge\Main
  • Value: AlwaysEnableBooksLibrary
  • Policy values:    1 (Enabled);   0 (Disabled)
  • Details: This policy setting helps you to decide whether to make the Books tab visible, regardless of a device’s country or region setting, as configured in the Country or region area of Windows settings. If you enable this setting, Microsoft Edge shows the Books Library, regardless of the device’s country or region. If you disable or don’t configure this setting, Microsoft Edge shows the Books Library only in countries or regions where it’s supported.

Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Windows 10 Fall Creators Update GPO: Manage Notifications for Windows Defender Security Center

With Windows 10 Fall Creators Update ready to deliver on October 17, there are some new Group Policy settings that will be introduced. As these are uncovered, we’ll highlight them here on myITforum.

  • ADMX File: WindowsDefenderSecurityCenter.admx
  • Overview: Hide notifications from the Windows Defender Security Center.
  • Class: Machine
  • Location: SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
  • Value: DisableNotifications
  • Policy values:    1 (Enabled);   0 (Disabled)
  • Details:    Enabled: Local users will not see notifications from the Windows Defender Security Center. Disabled: Local users can see notifications from the Windows Defender Security Center. Not configured: Same as Disabled.

 

  • ADMX File: WindowsDefenderSecurityCenter.admx
  • Overview: Only show critical notifications from the Windows Defender Security Center.
  • Class: Machine
  • Location: SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
  • Value: DisableEnhancedNotifications
  • Policy values:    1 (Enabled);   0 (Disabled)
  • Details:   If the Suppress all notifications GP setting has been enabled, this setting will have no effect. Enabled: Local users will only see critical notifications from the Windows Defender Security Center. They will not see other types of notifications, such as regular PC or device health information. Disabled: Local users will see all types of notifications from the Windows Defender Security Center.  Not configured: Same as Disabled.

Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Windows 10 Fall Creators Update GPO: Preventing OneDrive Network Traffic

With Windows 10 Fall Creators Update ready to deliver on October 17, there are some new Group Policy settings that will be introduced. As these are uncovered, we’ll highlight them here on myITforum.

  • ADMX File: SkyDrive.admx
  • Overview: Prevent OneDrive from generating network traffic until the user signs in to OneDrive.
  • Class: Machine
  • Location: SOFTWARE\Microsoft\OneDrive
  • Value: PreventNetworkTrafficPreUserSignIn
  • Policy values:    1 (Enabled);   0 (Disabled)
  • Details: Enable this setting to prevent the OneDrive sync client (OneDrive.exe) from generating network traffic (checking for updates, etc.) until the user signs in to OneDrive or starts syncing files to the local computer. If you enable this setting, users must sign in to the OneDrive sync client on the local computer, or select to sync OneDrive or SharePoint files on the computer, for the sync client to start automatically. If this setting is not enabled, the OneDrive sync client will start automatically when users sign in to Windows. If you enable or disable this setting, do not return the setting to Not Configured. Doing so will not change the configuration and the last configured setting will remain in effect.

 


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Migrating from GPO to MDM with the MDM Migration Analysis Tool

From the myITforum TipLine:

Transitioning from Group Policy to MDM can be challenging.  Some organizations have Group Policies that have been in place for over a decade and which may not be fully inventoried, never mind understood.  Furthermore, MDM does not have a 1-1 mapping for all legacy Group Policies.  While it is possible for an IT administrator to manually inventory Group Policy and cross reference MDM documentation on MSDN to determine the support level, this would be labor intensive and error prone.

MMAT will determine which Group Policies have been set for a target user/computer and cross-reference against its built-in list of supported MDM policies.  MMAT will then generate both XML and HTML reports indicating the level of support for each Group Policy in terms of MDM equivalents.

Download: MDM Migration Analysis Tool


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Windows 10 Creators Update Annoyance, Edge Tab in Internet Explorer

Microsoft would really like customers to use Microsoft Edge instead of Internet Explorer. But, for a lot of enterprises that’s just not acceptable due to lingering incompatibilities and remaining functionality issues with Microsoft Edge. Microsoft Edge in Windows 10 Creators Update is much better than in previous iterations, but it still has a bit to go before it becomes a reliable replacement for Google Chrome. Edge’s purported speed awards and much ballyhooed battery saving capabilities just aren’t enough for most – particularly for enterprises where end-users support tickets provide the final decision point.

Instead of producing the best browser on the market to get customers to switch, Microsoft is employing at least one other tactic that many companies are finding a bit annoying. Once Windows 10 Creators Update is installed, a new “Edge” tab is added to Internet Explorer – right next to the “open new tab” action on the tab bar. End-users are reportedly accidentally clicking this action tab which whisks the user away Microsoft Edge.

Fortunately, Microsoft has provided a way to eliminate this annoyance. You can do it a couple different ways.

First, in Internet Explorer itself, go to Settings – Internet Options and then the Advanced tab. Locate the Browsing section in the Advanced windows and put a checkmark beside the Hide the button (next to the New Tab button) that opens Microsoft Edge option.

hideit

Secondly, you can also turn this off through GPO, but navigating to:

User Configuration – Administrative Templates – Windows Components – Internet Explorer – Internet Settings – Advanced Settings – Browsing – Hide the button (next to the New Tab button) that opens Microsoft Edge 

gpostop

This policy setting allows you to manage if users can see the button (next to the New Tab button) that opens Microsoft Edge. If you enable this policy setting, the button to open Microsoft Edge from Internet Explorer will be hidden. If you disable this policy setting, the button to open Microsoft Edge from Internet Explorer will be shown. If you do not configure this policy setting, the button to open Microsoft Edge from Internet Explorer can be configured by the user.

Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections