GPO

Admin Templates Now Available for Windows 10 Fall Creators Update (1709)

To manage Windows 10 Fall Creators Update computers through Group Policy, IT Pros will need the updated administrative templates. Group Policy tools use Administrative template files to populate policy settings in the user interface. This allows administrators to manage registry-based policy settings. Download: Administrative Templates (.admx) for Windows 10 Fall Creators Update (1709)   Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

October Windows 10 CU for 1703 Allows Disabling of Dual Scan

One new feature (let’s call it a fix) included in the October Cumulative Update for Windows 10 (1703), is the ability to manage the Dual Scan capability that was first introduced in Windows 10 version 1607. Dual Scan behavior gave enterprises the ability to select Windows Update (WU) to be their primary update source and then WSUS as a secondary source for all other update content. In making this function available, Microsoft broke software deployments for Configuration Manager customers. Microsoft quickly provided workarounds for enterprises that suffered from the oversight, but this month’s CU delivers new capabilities to finally solve it. The fix is a Group Policy setting called “Do not allow update deferral policies to cause scans against Windows Update.” This p...

Windows 10 Fall Creators Update GPO: Hide the Virus and Threat Protection Panel

With Windows 10 Fall Creators Update ready to deliver on October 17, there are some new Group Policy settings that will be introduced. As these are uncovered, we’ll highlight them here on myITforum. ADMX File: WindowsDefenderSecurityCenter.admx Overview: Hide the Virus and threat protection area Class: Machine Location: SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Virus and threat protection Value: UILockdown Policy values:  1 (Enabled); 0 (Disabled) Details: Hide the Firewall and network protection area in the Windows Defender Security Center.  Enabled: The Firewall and network protection area will be hidden. Disabled: The Firewall and network protection area will be shown. Not configured:  Same as Disabled.   Looking for an awesome, no-nonsense technical conference f...

Windows 10 Fall Creators Update GPO: Hiding the Family Options Panel in Security Center

With Windows 10 Fall Creators Update ready to deliver on October 17, there are some new Group Policy settings that will be introduced. As these are uncovered, we’ll highlight them here on myITforum. ADMX File: WindowsDefenderSecurityCenter.admx Overview: Hide the Family options area Class: Machine Location: SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Family options Value: UILockdown Policy values:  1 (Enabled); 0 (Disabled) Details: Hide the Family options area in the Windows Defender Security Center. Enabled: The Family options area will be hidden. Disabled: The Family options area will be shown. Not configured: Same as Disabled.   Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francis...

Windows 10 Fall Creators Update GPO: Configure Support Info for Windows Defender

With Windows 10 Fall Creators Update ready to deliver on October 17, there are some new Group Policy settings that will be introduced. As these are uncovered, we’ll highlight them here on myITforum. ADMX File: WindowsDefender.admx Overview: Configure customized contact information Class: Machine Location: SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Enterprise Customization Value: EnableInApp Policy values:  1 (Enabled); 0 (Disabled) Details: Display specified contact information to local users in a contact card flyout menu in the Windows Defender Security Center. Disabled: No contact information will be shown in the Windows Defender Security Center.  Not configured: Same as Disabled. Enabled: Your company contact information will be displayed in a flyout menu in the Window...

Windows 10 Fall Creators Update GPO: Block Dangerous Websites

With Windows 10 Fall Creators Update ready to deliver on October 17, there are some new Group Policy settings that will be introduced. As these are uncovered, we’ll highlight them here on myITforum. ADMX File: WindowsDefender.admx Overview: Prevent users and apps from accessing dangerous websites Class: Machine Location: Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection Value: EnableNetworkProtection Policy values:  (see details) Details: Enable or disable Windows Defender Exploit Guard network protection to prevent employees from using any application to access dangerous domains that may host phishing scams, exploit-hosting sites, and other malicious content on the Internet. – Enabled:  Specify the mode in the Options section: – Blo...

Windows 10 Fall Creators Update GPO: Configure Attack Surface Reduction rules

With Windows 10 Fall Creators Update ready to deliver on October 17, there are some new Group Policy settings that will be introduced. As these are uncovered, we’ll highlight them here on myITforum. ADMX File: WindowsDefender.admx Overview: Configure Attack Surface Reduction rules Class: Machine Location: Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR Value: ExploitGuard_ASR_Rules Policy values:  (see details) Details: Set the state for each Attack Surface Reduction (ASR) rule.  After enabling this setting, you can set each rule to the following in the Options section:     – Block: the rule will be applied – Audit Mode: if the rule would normally cause an event, then it will be recorded (although the rule will not actually be applied) – Of...

New modern management features for IT pros

Windows 10 is designed for Modern IT. In this session, we talk about how the different ways you can modernize IT management to get the most out of Windows 10 devices. This session is presented to you by the Windows modern management team alongside Jeremy Moskowitz, 15-year Group Policy and MDM MVP. The session covers the paths we see organizations adopt to move to modern management, when to use modern management, challenges we see and how we recommend addressing them. Also, learn about new modern management features in Windows 10 that helps make MDM feature rich, where Group Policy and MDM have parity, where there is still work to do, and how we work with vendors to make Day-1 support possible for every Windows release._x000D_   Looking for an awesome, no-nonsense technical conference...

Windows 10 Fall Creators Update GPO: Managing Edge Favorites

With Windows 10 Fall Creators Update ready to deliver on October 17, there are some new Group Policy settings that will be introduced. As these are uncovered, we’ll highlight them here on myITforum. ADMX File: MicrosoftEdge.admx Overview: Provision Favorites. Class: Machine/User Location: Software\Policies\Microsoft\MicrosoftEdge\Favorites Value: ConfiguredFavorites Policy values: (Custom) Details: This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites. If you enable this setting, you can set favorite URL’s and favorite folders to appear on top of users’ favorites list (either in the Hub or Favorites Bar). The user favorites will appear after these...

Windows 10 Fall Creators Update GPO: Disable Books Library in Microsoft Edge

With Windows 10 Fall Creators Update ready to deliver on October 17, there are some new Group Policy settings that will be introduced. As these are uncovered, we’ll highlight them here on myITforum. ADMX File: MicrosoftEdge.admx Overview: Always show the Books Library in Microsoft Edge. Class: Machine/User Location: Software\Policies\Microsoft\MicrosoftEdge\Main Value: AlwaysEnableBooksLibrary Policy values:    1 (Enabled);   0 (Disabled) Details: This policy setting helps you to decide whether to make the Books tab visible, regardless of a device’s country or region setting, as configured in the Country or region area of Windows settings. If you enable this setting, Microsoft Edge shows the Books Library, regardless of the device’s country or region. If you disable or don̵...

Windows 10 Fall Creators Update GPO: Manage Notifications for Windows Defender Security Center

With Windows 10 Fall Creators Update ready to deliver on October 17, there are some new Group Policy settings that will be introduced. As these are uncovered, we’ll highlight them here on myITforum. ADMX File: WindowsDefenderSecurityCenter.admx Overview: Hide notifications from the Windows Defender Security Center. Class: Machine Location: SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications Value: DisableNotifications Policy values:    1 (Enabled);   0 (Disabled) Details:    Enabled: Local users will not see notifications from the Windows Defender Security Center. Disabled: Local users can see notifications from the Windows Defender Security Center. Not configured: Same as Disabled.   ADMX File: WindowsDefenderSecurityCenter.admx Overview: Only show critical not...

Windows 10 Fall Creators Update GPO: Preventing OneDrive Network Traffic

With Windows 10 Fall Creators Update ready to deliver on October 17, there are some new Group Policy settings that will be introduced. As these are uncovered, we’ll highlight them here on myITforum. ADMX File: SkyDrive.admx Overview: Prevent OneDrive from generating network traffic until the user signs in to OneDrive. Class: Machine Location: SOFTWARE\Microsoft\OneDrive Value: PreventNetworkTrafficPreUserSignIn Policy values:    1 (Enabled);   0 (Disabled) Details: Enable this setting to prevent the OneDrive sync client (OneDrive.exe) from generating network traffic (checking for updates, etc.) until the user signs in to OneDrive or starts syncing files to the local computer. If you enable this setting, users must sign in to the OneDrive sync client on the local computer, or select t...