- How to use delivery optimization with WSUS - Mon, Jul 13 2020
- ESXi 7.0 Free: New features, limitations, upgrade - Mon, Jul 6 2020
- Update baseline: Microsoft's recommended GPO settings for Windows updates - Wed, Jul 1 2020
Based on the ADMX templates included in the operating system and the security baseline draft, it was obvious which new settings Windows 10 2004 would contain (see Windows 10 2004: 17 new settings for group policies).
Among other things, these new settings affect the delivery optimization for Windows Update for Business (WUfB), app and LDAP security, the virus scanner, and FIDO authentication. Two important changes apply to password policies, but these are introduced by the security policies and not the ADMX templates.
Transferring ADMX to a central store ^
As usual, Microsoft provides the ADMX files as an MSI package, which requires an administrative account to install. By default, it unpacks the templates to
%ProgramFiles(x86)%\Microsoft Group Policy\Windows 10 May 2020 Update (2004)
If you use a central storage for the GPO templates, then copy the *.admx and the required language files from the installation directory to:
Edge settings are back ^
Unlike the templates that come with the operating system, the ADMX download still contains MicrosoftEdge.admx and thus all the settings for the original version of the Edge browser. The settings for the Chromium version are not on board, nor are the templates for Microsoft Office, which were also part of the MSI until Windows 10 1903.
As usual, the separately available ADMX templates include the files for 22 languages, while on a workstation only en-US or the language of the localized Windows is available. This is convenient for companies that use the operating system in several language versions.
In addition, there are ADMX files that are not relevant for local group policies and are therefore not included in Windows 10. These include GroupPolicyPreferences.admx for configuring the Group Policy Preferences, which are only available in a domain.
Five settings removed ^
However, it should be noted that Microsoft has removed some settings in the templates for Windows 10 2004. In this case, the corresponding policies in existing GPOs can no longer be edited.
A workstation with an older version of the ADMX files can help, but you should then deactivate access to any existing central store on this computer.
The ADMX files for Windows 10 2004 can be downloaded from Microsoft's website.
Excel spreadsheet with all GPO settings ^
In the past, Microsoft published an Excel spreadsheet as documentation for the group policy settings. It has not been updated for the latest releases. Instead, it has been replaced by a rather sloppy spreadsheet from the (currently still preliminary) Security Baseline.
As an alternative, I have again generated my own overview from the ADMX files. Unlike the Microsoft documentation, it is not only in English, but also contains the settings' names and descriptions in several languages.
An important piece of information in the Excel spreadsheet has always been the version of Windows on which a particular setting is supported. It is also included in the ADMX files and is displayed by the GPO editor when configuring a setting.
However, Microsoft began to omit the exact release of Windows 10 some time ago. In Microsoft's overview from the Security Baseline, 1903 is already the last release mentioned. The ADMX files from which I extracted the data still contain references to 1909, but none for 2004, so I highlighted these in red.
Therefore, it remains unclear whether the new settings in Windows 10 2004 will be supported on older versions after an update, or they are simply poorly documented.
The multilingual table with all GPO settings can be downloaded here.