SCCM | Intune | Windows 365 | Windows 11 Forums

Welcome to the forums. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your topics and posts, as well as connect with other members through your own private inbox!

List of new GPO Policies in Windows 11 24H2

Status
Not open for further replies.

Prajwal Desai

Forum Owner
Staff member
Messages
4,746
Solutions
120
Reaction score
946
Points
413
The data below shows all the new group policy settings that can configured for Windows 11 24H2.

New in Windows 11File namePolicy Setting Name
24H2appdeviceinventory.admxTurn off Install Tracing
24H2appdeviceinventory.admxTurn off API Sampling
24H2appdeviceinventory.admxTurn off Application Footprint
24H2appdeviceinventory.admxTurn off compatibility scan for backed up applications
24H2appxpackagemanager.admxAllows development of packaged Microsoft Store apps and installing them from an integrated development environment (IDE)
24H2appxpackagemanager.admxNot allow per-user unsigned packages to install by default (requires explicitly allow per install)
24H2appxruntime.admxTurn on dynamic Content URI Rules for packaged Microsoft Store apps
24H2controlpaneldisplay.admxLoad a specific theme
24H2desktopappinstaller.admxEnable App Installer Microsoft Store Source Certificate Validation Bypass
24H2desktopappinstaller.admxEnable App Installer Local Archive Malware Scan Override
24H2desktopappinstaller.admxEnable Windows Package Manager command line interfaces
24H2desktopappinstaller.admxEnable Windows Package Manager Configuration
24H2deviceguard.admxDeploy App Control for Business
24H2dnsclient.admxConfigure encrypted name resolution
24H2dnsclient.admxConfigure multicast DNS (mDNS) protocol
24H2dnsclient.admxTurn off default IPv6 DNS Servers
24H2eventlog.admxLimit remote access to the Event Log Service
24H2inetres.admxAllow legacy functionality for Internet Shortcut files
24H2inetres.admxAllow legacy functionality for Internet Shortcut files
24H2inetres.admxReplace JScript by loading JScript9Legacy in place of JScript.
24H2inetres.admxReplace JScript by loading JScript9Legacy in place of JScript.
24H2kdc.admxAllow name-based strong mappings for certificates
24H2kerberos.admxEnable Delegated Managed Service Account logons
24H2lanmanserver.admxMandate the maximum version of SMB
24H2lanmanserver.admxMandate the minimum version of SMB
24H2lanmanserver.admxEnable remote mailslots
24H2lanmanserver.admxEnable authentication rate limiter
24H2lanmanserver.admxAudit client does not support encryption
24H2lanmanserver.admxAudit client does not support signing
24H2lanmanserver.admxAudit insecure guest logon
24H2lanmanserver.admxEnable SMB over QUIC
24H2lanmanserver.admxSet authentication rate limiter delay (milliseconds)
24H2lanmanworkstation.admxMandate the maximum version of SMB
24H2lanmanworkstation.admxMandate the minimum version of SMB
24H2lanmanworkstation.admxBlock NTLM (LM, NTLM, NTLMv2)
24H2lanmanworkstation.admxBlock NTLM Server Exception List
24H2lanmanworkstation.admxEnable remote mailslots
24H2lanmanworkstation.admxRequire Encryption
24H2lanmanworkstation.admxEnable Alternative Ports
24H2lanmanworkstation.admxAudit server does not support encryption
24H2lanmanworkstation.admxAudit server does not support signing
24H2lanmanworkstation.admxAudit insecure guest logon
24H2lanmanworkstation.admxAlternative Port Mappings
24H2lanmanworkstation.admxEnable SMB over QUIC
24H2laps.admxConfigure automatic account management
24H2netlogon.admxBlock NetBIOS-based discovery for domain controller location
24H2passport.admxDisable caching of the Windows Hello for Business credential after sign-in
24H2printing.admxConfigure RPC packet level privacy setting for incoming connections
24H2printing.admxConfigure Windows protected print
24H2sam.admxConfigure SAM change password RPC methods policy
24H2startmenu.admxPrevent users from customizing their Start Screen
24H2sudo.admxConfigure the behavior of the sudo command
24H2taskbar.admxShow packaged Microsoft Store apps on the taskbar
24H2taskbar.admxRemove Notifications and Action Center
24H2windowscopilot.admxTurn off Saving Snapshots for Windows
24H2windowsdefender.admxSet the retention period for files in the local device control cache
24H2windowsdefender.admxTurn on device control for specific device types
24H2windowsdefender.admxSet up a support link for device control notifications
24H2windowsdefender.admxSet the policy refresh rate
24H2windowsdefender.admxSet the Azure AD refresh rate
24H2windowsdefender.admxSet the data duplication limit (MB)
24H2windowsdefender.admxControl whether or not exclusions are visible to Local Admins
24H2windowsdefender.admxControl whether exclusions are visible to local users
24H2windowsdefender.admxConfigure real-time protection and Security Intelligence Updates during OOBE
24H2windowsdefender.admxConfigure performance mode status
24H2windowsdefender.admxConfigure Remote Encryption Protection Mode
24H2windowsdefender.admxConfigure Remote Encryption Protection blocking time
24H2windowsdefender.admxConfigure how aggressively Remote Encryption Protection blocks threats
24H2windowsdefender.admxSet exclusions from Remote Encryption Protection
24H2windowsdefender.admxConfigure Remote Encryption Protection Mode
24H2windowsdefender.admxConfigure Brute-Force Protection blocking time
24H2windowsdefender.admxConfigure Brute-Force Protection aggressiveness
24H2windowsdefender.admxSet exclusions from Brute-Force Protection
24H2windowsdefender.admxConfigure whether to report Dynamic Signature dropped events
24H2windowsdefender.admxTrigger a quick scan after X days without any scans
24H2windowsdefender.admxConfigure scanning of network files
24H2windowsdefender.admxScan excluded files and directories during quick scans
24H2windowsdefender.admxTurn on asynchronous inspection
24H2windowsdefender.admxConvert warn verdict to block
24H2windowsdefender.admxConfigure security intelligence updates according to the scheduler for VDI clients.
24H2windowsdefender.admxApply a list of exclusions to specific attack surface reduction (ASR) rules
24H2windowsdefender.admxIntel TDT Integration Level
24H2windowsdefender.admxEnable EDR in block mode
24H2windowsexplorer.admxDo not apply the Mark of the Web tag to files copied from insecure sources
24H2windowssandbox.admxAllow mapping folders into Windows Sandbox
24H2windowsupdate.admxAlways automatically restart at the scheduled time
24H2windowsupdate.admxSpecify deadline for automatic updates and restarts for feature update
24H2windowsupdate.admxSpecify deadline for automatic updates and restarts for quality update
24H2winlogon.admxConfigure the transmission of the user's password in the content of MPR notifications sent by winlogon.
24H2wpn.admxTurn off toast notifications
 
Status
Not open for further replies.
Back
Top