- Join Windows 11 to an Active Directory domain - Thu, Jun 1 2023
- Change Windows network profiles between public and private - Wed, May 24 2023
- How to map a network drive with PowerShell - Wed, May 17 2023
Based on the ADMX templates included in the operating system and the security baseline draft, it was obvious which new settings Windows 10 2004 would contain (see Windows 10 2004: 17 new settings for group policies).
Setup to install the ADMX templates for Windows 10 2004
Among other things, these new settings affect the delivery optimization for Windows Update for Business (WUfB), app and LDAP security, the virus scanner, and FIDO authentication. Two important changes apply to password policies, but these are introduced by the security policies and not the ADMX templates.
Transferring ADMX to a central store
As usual, Microsoft provides the ADMX files as an MSI package, which requires an administrative account to install. By default, it unpacks the templates to
%ProgramFiles(x86)%\Microsoft Group Policy\Windows 10 May 2020 Update (2004)
By default, the installation routine stores the templates under Programs (x86)
If you use a central storage for the GPO templates, then copy the *.admx and the required language files from the installation directory to:
\\<FQDN>\SYSVOL\<FQDN>\policies\PolicyDefinitions
Edge settings are back
Unlike the templates that come with the operating system, the ADMX download still contains MicrosoftEdge.admx and thus all the settings for the original version of the Edge browser. The settings for the Chromium version are not on board, nor are the templates for Microsoft Office, which were also part of the MSI until Windows 10 1903.
As usual, the separately available ADMX templates include the files for 22 languages, while on a workstation only en-US or the language of the localized Windows is available. This is convenient for companies that use the operating system in several language versions.
In addition, there are ADMX files that are not relevant for local group policies and are therefore not included in Windows 10. These include GroupPolicyPreferences.admx for configuring the Group Policy Preferences, which are only available in a domain.
Five settings removed
However, it should be noted that Microsoft has removed some settings in the templates for Windows 10 2004. In this case, the corresponding policies in existing GPOs can no longer be edited.
A workstation with an older version of the ADMX files can help, but you should then deactivate access to any existing central store on this computer.
The ADMX files for Windows 10 2004 can be downloaded from Microsoft's website.
Excel spreadsheet with all GPO settings
In the past, Microsoft published an Excel spreadsheet as documentation for the group policy settings. It has not been updated for the latest releases. Instead, it has been replaced by a rather sloppy spreadsheet from the (currently still preliminary) Security Baseline.
As an alternative, I have again generated my own overview from the ADMX files. Unlike the Microsoft documentation, it is not only in English, but also contains the settings' names and descriptions in several languages.
An important piece of information in the Excel spreadsheet has always been the version of Windows on which a particular setting is supported. It is also included in the ADMX files and is displayed by the GPO editor when configuring a setting.
After Windows 10 1903, the Excel table of the Security Baseline no longer gives an exact version number
However, Microsoft began to omit the exact release of Windows 10 some time ago. In Microsoft's overview from the Security Baseline, 1903 is already the last release mentioned. The ADMX files from which I extracted the data still contain references to 1909, but none for 2004, so I highlighted these in red.
Therefore, it remains unclear whether the new settings in Windows 10 2004 will be supported on older versions after an update, or they are simply poorly documented.
The multilingual table with all GPO settings can be downloaded here.
Is there any best practice for changing the ADMX files in the central storage?
I'm used to backup the central store, leave it empty and only then move the new files.
Can you give the info on which 5 settings were removed?
Doug, I have written about the removed settings in this article.