- Update Windows 10 multi-app kiosk using Run Script in Microsoft Endpoint Configuration Manager (MEMCM) - Fri, Oct 9 2020
- Deploy a Windows 10 multi-app kiosk with Microsoft Endpoint Manager Configuration Manager (MEMCM) and PowerShell - Fri, Oct 2 2020
- New in Application requests in SCCM 1906 - Mon, Sep 16 2019
- Enable App-V
- Send all sites not included in the Enterprise Mode Site List to Microsoft Edge
- Prevent access to the about:flags page in Microsoft Edge
- Allow extensions
- Turn off Windows default printer management
- Only display the private store within the Windows Store app
- Turn off auto restart for updates during active hours
I found that some settings in the spreadsheet were not marked as new. Thus, I put together the list below. Please note that:
- To make the list more readable, I removed all settings for the App-V and the UE-V client (except "Enable APP-V" and the "Enable UE-V").
- I included additional new settings I am aware of.
- I will discuss the highlighted settings this post.
|Policy Setting Name||Scope||Policy Path|
|Let Windows apps access account information||Machine||Windows Components\App Privacy|
|Let Windows apps access notifications||Machine||Windows Components\App Privacy|
|Enable App-V Client||Machine||System\App-V|
|Control Device Reactivation for Retail devices||Machine||Windows Components\Software Protection Platform|
|Allow Use of Camera||Machine||Windows Components\Camera|
|Configure Windows spotlight on lock screen||User||Windows Components\Cloud Content|
|Turn off all Windows spotlight features||User||Windows Components\Cloud Content|
|Do not suggest third-party content in Windows spotlight||User||Windows Components\Cloud Content|
|Configure the Commercial ID||Machine||Windows Components\Data Collection and Preview Builds|
|Absolute Max Cache Size (in GB)||Machine||Windows Components\Delivery Optimization|
|Maximum Download Bandwidth (in KB/s)||Machine||Windows Components\Delivery Optimization|
|Maximum Download Bandwidth (Percentage)||Machine||Windows Components\Delivery Optimization|
|Minimum Background QoS (in KB/s)||Machine||Windows Components\Delivery Optimization|
|Modify Cache Drive||Machine||Windows Components\Delivery Optimization|
|Monthly Upload Data Cap (in GB)||Machine||Windows Components\Delivery Optimization|
|Allow companion device for secondary authentication||Machine||Windows Components\Microsoft Secondary Authentication Factor|
|Turn on cloud candidate for CHS||User||Windows Components\IME|
|Allow edge swipe||Machine||Windows Components\Edge UI|
|Allow edge swipe||User||Windows Components\Edge UI|
|Enable Win32 long paths||Machine||System\Filesystem|
|Continue experiences on this device||Machine||System\Group Policy|
|Enable Font Providers||Machine||Network\Fonts|
|Process Mitigation Options||Machine||System\Mitigation Options|
|Process Mitigation Options||User||System\Mitigation Options|
|Allow Internet Explorer to use the SPDY/3 network protocol||Machine||Internet Control Panel\Advanced Page|
|Allow Internet Explorer to use the SPDY/3 network protocol||User||Internet Control Panel\Advanced Page|
|Send all sites not included in the Enterprise Mode Site List to Microsoft Edge.||Machine||Windows Components\Internet Explorer|
|Send all sites not included in the Enterprise Mode Site List to Microsoft Edge.||User||Windows Components\Internet Explorer|
|KDC support for PKInit Freshness Extension||Machine||System\KDC|
|Handle Caching on Continuous Availability Shares||Machine||Network\Lanman Workstation|
|Offline Files Availability on Continuous Availability Shares||Machine||Network\Lanman Workstation|
|Block user from showing account details on sign-in||Machine||System\Logon|
|Disable MDM Enrollment||Machine||Windows Components\MDM|
|Prevent access to the about:flags page in Microsoft Edge||Machine||Windows Components\Microsoft Edge|
|Prevent access to the about:flags page in Microsoft Edge||User||Windows Components\Microsoft Edge|
|Show message when opening sites in Internet Explorer||Machine||Windows Components\Microsoft Edge|
|Show message when opening sites in Internet Explorer||User||Windows Components\Microsoft Edge|
|Allow Extensions||Machine||Windows Components\Microsoft Edge|
|Allow Extensions||User||Windows Components\Microsoft Edge|
|Turn off Windows default printer management||User||Control Panel\Printers|
|Allow Cortana above lock screen||Machine||Windows Components\Search|
|Enable UEV||Machine||Windows Components\Microsoft User Experience Virtualization|
|Configure the 'Block at First Sight' feature||Machine||Windows Components\Windows Defender\MAPS|
|Define proxy auto-config (.pac) for connecting to the network||Machine||Windows Components\Windows Defender|
|Suppress all notifications||Machine||Windows Components\Windows Defender\Client Interface|
|Allow suggested apps in Windows Ink Workspace||Machine||Windows Components\Windows Ink Workspace|
|Allow Windows Ink Workspace||Machine||Windows Components\Windows Ink Workspace|
|Only display the private store within the Windows Store app||User||Windows Components\Store|
|Only display the private store within the Windows Store app||Machine||Windows Components\Store|
|Do not include drivers with Windows Updates||Machine||Windows Components\Windows Update|
|Select when Feature Updates are received||Machine||Windows Components\Windows Update\Defer Windows Updates|
|Select when Quality Updates are received||Machine||Windows Components\Windows Update\Defer Windows Updates|
|Turn off auto-restart for updates during active hours||Machine||Windows Components\Windows Update|
|Turn off unsolicited network traffic on the Offline Maps settings page||Machine||Windows Components\Maps|
|Don't allow this PC to be projected to||Machine||Windows Components\Connect|
|Require pin for pairing||Machine||Windows Components\Connect|
|Turn off notification mirroring||User||Start Menu and Taskbar\Notifications|
Enable App-V ^
The App-V client now is part of Windows 10 and can be enabled using Group Policy or PowerShell (Enable-Appv) on Windows Enterprise and Education.
Let’s hope that App-V being a part of Windows 10 will help spread it, because it is really good technology.
Send all sites not included in the Enterprise Mode Site List to Microsoft Edge ^
This is an interesting, new setting. Although Internet Explorer is still around to provide compatibility, a day will come when websites will have issues when used in Internet Explorer. This new setting can be used to ensure that sites that are not included in our Enterprise Mode Site List are opened in Edge. I am really looking forward to this when this time comes!
Prevent access to the about:flags page in Microsoft Edge ^
The about:flags page in Edge allows you to enable experimental browser features or features that are of interest to developers. It might make sense to disable access to this page to prevent unnecessary service desk calls.
Windows 10 1607 introduced a new feature that allows you to set "active hours" when Windows Update won't reboot the computer. We discussed this feature and the corresponding Group Policy in another post.
Allow extensions ^
Extensions in Edge are one of the new cool features. Most extensions target consumer users and are of little value in a corporate environment. Extensions also pose a security risk because it is often unclear what data they collect. With the help of this new Group Policy setting, we can disable extensions in Edge.
Turn off Windows default printer management ^
In with Windows 10 1511 that the last printer used is set as the default printer.
In many organizations this behavior is unwanted. We had to use a Group Policy preference setting and a Registry key to turn it off. In Windows 10 1607, we now have a new Group Policy setting that can be used to turn off the default printer management.
Only display the private store within the Windows Store app ^
This is a topic we already covered in another post. This policy allows you to control which applications can be installed from the Store.
Turn off auto restart for updates during active hours ^
This policy allows you to configure the new Active hours feature in Windows 10. Please read this post for more information.
If you are aware of another new Group Policy in Windows 10 1607, please post a comment below.