With each new release of Windows 10, Microsoft used to document all the settings for the group policies in an Excel spreadsheet. This, however, has not been done since Version 1809. With a little help from PowerShell and by studying the ADMX file structure, I have now created one myself.

The regularly updated Excel spreadsheets were the official documentation for the GPO settings for Windows and Internet Explorer. Among other things, they showed where an option could be found in the GPO editor, from which version of the operating system it was available, and what purpose it served.

However, the quality of the document left much to be desired, and Microsoft apparently wanted to avoid the effort of creating the documentation from scratch. Currently, the Security Baseline also contains a list with all the settings for the group policies, but this list is even more confusing than the usual Excel sheet.

ADMX data quality ^

The root of the problem is the administrative templates, which have grown over the years and now comprise over 4,000 settings (if you count the entries for both computers and users separately). Over time, inconsistencies and errors have crept in that need to be corrected.

The data quality of the ADMX and ADML files not only affects tools for the automatic documentation, but also the GPO editor. The GPO editor obtains all the information from these XML files in order to build the navigation tree for the settings or to display the explanation for each setting.

Accordingly, it cannot provide any information about the supported operating system, if, for example, the storagesense.admx introduced with Windows 10 1903 contains invalid references to the language files.

The storagesense.admx file contains invalid references to the ADML file; hence, the GPO editor cannot display the OS version

The storagesense.admx file contains invalid references to the ADML file; hence, the GPO editor cannot display the OS version

If the ADMX files declare the new settings for Windows 10 1909 as compatible with Server 2016 and Windows 10 1903, the editor will, of course, pass this wrong information to the user ("garbage in, garbage out").

The new settings for Windows 10 1909 are declared for the previous version

The new settings for Windows 10 1909 are declared for the previous version

The security settings, which can be found in the GPO editor under the Windows settings, are not defined in the administrative templates. As nothing has changed there in recent versions of Windows 10, I have taken this list from Microsoft's Excel spreadsheet for the sake of completeness.

Multilingualism ^

A fundamental advantage of separating the structure (ADMX) from the human-readable parts (ADML), e.g., explanations, is that the same tool can be used to generate the documentation for several languages.

Microsoft has translated the descriptions of the GPO settings into several languages

Microsoft has translated the descriptions of the GPO settings into several languages

Unfortunately, Microsoft has so far ignored this option and only provided an English spreadsheet. My Excel document contains worksheets for seven languages.

In general, Excel is probably not the best tool for documenting GPO settings, mainly because the large amount of data affects its performance (at least when editing). But you can remove unwanted languages to trim the document. Reading the relatively long help text is easier if you double-click the corresponding cell.

Availability ^

Due to the large number of settings, I have only checked them randomly and have not found any major anomalies. Your feedback on any incorrect data is therefore welcome.

The Excel spreadsheet with all GPO settings up to Windows 10 1909 can be downloaded here.

Read 4sysops without ads by becoming a member!

Your question was not answered? Ask in the forum!

2+

Users who have LIKED this post:

  • avatar
Share
2 Comments
  1. Thanks for your work. It's definitely gonna make my work easy. 

    0

  2. DeployGuy 2 months ago

    A burst of brilliance in a see of darkness. Very nice.

    1+

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account