- Messages
- 4,746
- Solutions
- 120
- Reaction score
- 946
- Points
- 413
The data below shows all the new group policy settings that can configured for Windows 11 24H2.
New in Windows 11 | File name | Policy Setting Name |
24H2 | appdeviceinventory.admx | Turn off Install Tracing |
24H2 | appdeviceinventory.admx | Turn off API Sampling |
24H2 | appdeviceinventory.admx | Turn off Application Footprint |
24H2 | appdeviceinventory.admx | Turn off compatibility scan for backed up applications |
24H2 | appxpackagemanager.admx | Allows development of packaged Microsoft Store apps and installing them from an integrated development environment (IDE) |
24H2 | appxpackagemanager.admx | Not allow per-user unsigned packages to install by default (requires explicitly allow per install) |
24H2 | appxruntime.admx | Turn on dynamic Content URI Rules for packaged Microsoft Store apps |
24H2 | controlpaneldisplay.admx | Load a specific theme |
24H2 | desktopappinstaller.admx | Enable App Installer Microsoft Store Source Certificate Validation Bypass |
24H2 | desktopappinstaller.admx | Enable App Installer Local Archive Malware Scan Override |
24H2 | desktopappinstaller.admx | Enable Windows Package Manager command line interfaces |
24H2 | desktopappinstaller.admx | Enable Windows Package Manager Configuration |
24H2 | deviceguard.admx | Deploy App Control for Business |
24H2 | dnsclient.admx | Configure encrypted name resolution |
24H2 | dnsclient.admx | Configure multicast DNS (mDNS) protocol |
24H2 | dnsclient.admx | Turn off default IPv6 DNS Servers |
24H2 | eventlog.admx | Limit remote access to the Event Log Service |
24H2 | inetres.admx | Allow legacy functionality for Internet Shortcut files |
24H2 | inetres.admx | Allow legacy functionality for Internet Shortcut files |
24H2 | inetres.admx | Replace JScript by loading JScript9Legacy in place of JScript. |
24H2 | inetres.admx | Replace JScript by loading JScript9Legacy in place of JScript. |
24H2 | kdc.admx | Allow name-based strong mappings for certificates |
24H2 | kerberos.admx | Enable Delegated Managed Service Account logons |
24H2 | lanmanserver.admx | Mandate the maximum version of SMB |
24H2 | lanmanserver.admx | Mandate the minimum version of SMB |
24H2 | lanmanserver.admx | Enable remote mailslots |
24H2 | lanmanserver.admx | Enable authentication rate limiter |
24H2 | lanmanserver.admx | Audit client does not support encryption |
24H2 | lanmanserver.admx | Audit client does not support signing |
24H2 | lanmanserver.admx | Audit insecure guest logon |
24H2 | lanmanserver.admx | Enable SMB over QUIC |
24H2 | lanmanserver.admx | Set authentication rate limiter delay (milliseconds) |
24H2 | lanmanworkstation.admx | Mandate the maximum version of SMB |
24H2 | lanmanworkstation.admx | Mandate the minimum version of SMB |
24H2 | lanmanworkstation.admx | Block NTLM (LM, NTLM, NTLMv2) |
24H2 | lanmanworkstation.admx | Block NTLM Server Exception List |
24H2 | lanmanworkstation.admx | Enable remote mailslots |
24H2 | lanmanworkstation.admx | Require Encryption |
24H2 | lanmanworkstation.admx | Enable Alternative Ports |
24H2 | lanmanworkstation.admx | Audit server does not support encryption |
24H2 | lanmanworkstation.admx | Audit server does not support signing |
24H2 | lanmanworkstation.admx | Audit insecure guest logon |
24H2 | lanmanworkstation.admx | Alternative Port Mappings |
24H2 | lanmanworkstation.admx | Enable SMB over QUIC |
24H2 | laps.admx | Configure automatic account management |
24H2 | netlogon.admx | Block NetBIOS-based discovery for domain controller location |
24H2 | passport.admx | Disable caching of the Windows Hello for Business credential after sign-in |
24H2 | printing.admx | Configure RPC packet level privacy setting for incoming connections |
24H2 | printing.admx | Configure Windows protected print |
24H2 | sam.admx | Configure SAM change password RPC methods policy |
24H2 | startmenu.admx | Prevent users from customizing their Start Screen |
24H2 | sudo.admx | Configure the behavior of the sudo command |
24H2 | taskbar.admx | Show packaged Microsoft Store apps on the taskbar |
24H2 | taskbar.admx | Remove Notifications and Action Center |
24H2 | windowscopilot.admx | Turn off Saving Snapshots for Windows |
24H2 | windowsdefender.admx | Set the retention period for files in the local device control cache |
24H2 | windowsdefender.admx | Turn on device control for specific device types |
24H2 | windowsdefender.admx | Set up a support link for device control notifications |
24H2 | windowsdefender.admx | Set the policy refresh rate |
24H2 | windowsdefender.admx | Set the Azure AD refresh rate |
24H2 | windowsdefender.admx | Set the data duplication limit (MB) |
24H2 | windowsdefender.admx | Control whether or not exclusions are visible to Local Admins |
24H2 | windowsdefender.admx | Control whether exclusions are visible to local users |
24H2 | windowsdefender.admx | Configure real-time protection and Security Intelligence Updates during OOBE |
24H2 | windowsdefender.admx | Configure performance mode status |
24H2 | windowsdefender.admx | Configure Remote Encryption Protection Mode |
24H2 | windowsdefender.admx | Configure Remote Encryption Protection blocking time |
24H2 | windowsdefender.admx | Configure how aggressively Remote Encryption Protection blocks threats |
24H2 | windowsdefender.admx | Set exclusions from Remote Encryption Protection |
24H2 | windowsdefender.admx | Configure Remote Encryption Protection Mode |
24H2 | windowsdefender.admx | Configure Brute-Force Protection blocking time |
24H2 | windowsdefender.admx | Configure Brute-Force Protection aggressiveness |
24H2 | windowsdefender.admx | Set exclusions from Brute-Force Protection |
24H2 | windowsdefender.admx | Configure whether to report Dynamic Signature dropped events |
24H2 | windowsdefender.admx | Trigger a quick scan after X days without any scans |
24H2 | windowsdefender.admx | Configure scanning of network files |
24H2 | windowsdefender.admx | Scan excluded files and directories during quick scans |
24H2 | windowsdefender.admx | Turn on asynchronous inspection |
24H2 | windowsdefender.admx | Convert warn verdict to block |
24H2 | windowsdefender.admx | Configure security intelligence updates according to the scheduler for VDI clients. |
24H2 | windowsdefender.admx | Apply a list of exclusions to specific attack surface reduction (ASR) rules |
24H2 | windowsdefender.admx | Intel TDT Integration Level |
24H2 | windowsdefender.admx | Enable EDR in block mode |
24H2 | windowsexplorer.admx | Do not apply the Mark of the Web tag to files copied from insecure sources |
24H2 | windowssandbox.admx | Allow mapping folders into Windows Sandbox |
24H2 | windowsupdate.admx | Always automatically restart at the scheduled time |
24H2 | windowsupdate.admx | Specify deadline for automatic updates and restarts for feature update |
24H2 | windowsupdate.admx | Specify deadline for automatic updates and restarts for quality update |
24H2 | winlogon.admx | Configure the transmission of the user's password in the content of MPR notifications sent by winlogon. |
24H2 | wpn.admx | Turn off toast notifications |