ADMX download for Windows 10 2004: GPO settings reference spreadsheet

Following the start of the general rollout of Windows 10 2004, Microsoft provided the corresponding group policy templates as a separate download. For documentation, I have created a multilingual reference of all settings as an Excel spreadsheet.

Based on the ADMX templates included in the operating system and the security baseline draft, it was obvious which new settings Windows 10 2004 would contain (see Windows 10 2004: 17 new settings for group policies).

Setup to install the ADMX templates for Windows 10 2004

Setup to install the ADMX templates for Windows 10 2004

Among other things, these new settings affect the delivery optimization for Windows Update for Business (WUfB), app and LDAP security, the virus scanner, and FIDO authentication. Two important changes apply to password policies, but these are introduced by the security policies and not the ADMX templates.

Transferring ADMX to a central store ^

As usual, Microsoft provides the ADMX files as an MSI package, which requires an administrative account to install. By default, it unpacks the templates to

%ProgramFiles(x86)%\Microsoft Group Policy\Windows 10 May 2020 Update (2004)

By default, the installation routine stores the templates under Programs (x86)

By default, the installation routine stores the templates under Programs (x86)

If you use a central storage for the GPO templates, then copy the *.admx and the required language files from the installation directory to:

\\<FQDN>\SYSVOL\<FQDN>\policies\PolicyDefinitions

Edge settings are back ^

Unlike the templates that come with the operating system, the ADMX download still contains MicrosoftEdge.admx and thus all the settings for the original version of the Edge browser. The settings for the Chromium version are not on board, nor are the templates for Microsoft Office, which were also part of the MSI until Windows 10 1903.

As usual, the separately available ADMX templates include the files for 22 languages, while on a workstation only en-US or the language of the localized Windows is available. This is convenient for companies that use the operating system in several language versions.

In addition, there are ADMX files that are not relevant for local group policies and are therefore not included in Windows 10. These include GroupPolicyPreferences.admx for configuring the Group Policy Preferences, which are only available in a domain.

Five settings removed ^

However, it should be noted that Microsoft has removed some settings in the templates for Windows 10 2004. In this case, the corresponding policies in existing GPOs can no longer be edited.

A workstation with an older version of the ADMX files can help, but you should then deactivate access to any existing central store on this computer.

The ADMX files for Windows 10 2004 can be downloaded from Microsoft's website.

Excel spreadsheet with all GPO settings ^

In the past, Microsoft published an Excel spreadsheet as documentation for the group policy settings. It has not been updated for the latest releases. Instead, it has been replaced by a rather sloppy spreadsheet from the (currently still preliminary) Security Baseline.

As an alternative, I have again generated my own overview from the ADMX files. Unlike the Microsoft documentation, it is not only in English, but also contains the settings' names and descriptions in several languages.

An important piece of information in the Excel spreadsheet has always been the version of Windows on which a particular setting is supported. It is also included in the ADMX files and is displayed by the GPO editor when configuring a setting.

After Windows 10 1903, the Excel table of the Security Baseline no longer gives an exact version number

After Windows 10 1903, the Excel table of the Security Baseline no longer gives an exact version number

However, Microsoft began to omit the exact release of Windows 10 some time ago. In Microsoft's overview from the Security Baseline, 1903 is already the last release mentioned. The ADMX files from which I extracted the data still contain references to 1909, but none for 2004, so I highlighted these in red.

Therefore, it remains unclear whether the new settings in Windows 10 2004 will be supported on older versions after an update, or they are simply poorly documented.

The multilingual table with all GPO settings can be downloaded here.

Want to write for 4sysops? We are looking for new authors.

Read 4sysops without ads by becoming a member!

1+
Share
3 Comments
  1. Is there any best practice for changing the ADMX files in the central storage?

    I'm used to backup the central store, leave it empty and only then move the new files.

    1+

  2. Doug 3 weeks ago

    Can you give the info on which 5 settings were removed?

    0

    • Wolfgang Sommergut 3 weeks ago

      Doug, I have written about the removed settings in this article.

      0

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account