Microsoft vient de publier les modèles d’administrations (ADMX, ADML) Active Directory pour Windows 10 1709 (Fall Creator Updates). Les modèles d’administrations pour Active Directory permettent d’ajouter les paramètres permettant de personnaliser les paramétrages et valeurs de registre dédiées à Windows 10.
Parmi les nouveautés par rapport à Windows 10 1703, on retrouve :
- Pour Windows Defender Application Guard :
- Allow data persistence for Windows Defender Application Guard
- Allow auditing events in Windows Defender Application Guard
- Pour Microsoft Edge :
- Always show the Books Library in Microsoft Edge
- Provision Favorites
- Prevent changes to Favorites on Microsoft Edge
- Pour Windows Defender Exploit Guard :
- Use a common set of exploit protection settings
- Pour Windows Hello for Business :
- Configure device unlock factors
- Configure dynamic lock factors
- Turn off smart card emulation
- Allow enumeration of emulated smart card for all users
- Pour Windows Defender :
- Prevent users and apps from accessing dangerous websites
- Configure Controlled folder access
- Configure Attack Surface Reduction rules
- Exclude files and paths from Attack Surface Reduction Rules
- Configure allowed applications
- Configure protected folders
- Pour Windows Defender Security Center :
- Hide the Virus and threat protection area
- Hide the Firewall and network protection area
- Hide the App and browser protection area
- Prevent users from modifying settings
- Hide the Device performance and health area
- Hide the Family options area
- Hide all notifications
- Hide non-critical notifications
- Configure customized notifications
- Configure customized contact information
- Specify contact company name
- Specify contact phone number or Skype ID
- Specify contact email address or Email ID
- Specify contact website
- Pour Windows Update :
- Allow updates to be downloaded automatically over metered connections
- Do not allow update deferral policies to cause scans against Windows Update
- Pour OneDrive :
- Prevent OneDrive from generating network traffic until the user signs in to OneDrive
- Pour Internet Explorer :
- Hide the button (next to the New Tab button) that opens Microsoft Edge
- Pour MDM :
- Auto MDM Enrollment with AAD Token
- Plus généralement :
- Let Windows apps communicate with unpaired devices
- Allow Online Tips
- Limit Enhanced diagnostic data to the minimum required by Windows Analytics
- Enable usage of FIDO devices to sign on
- Handwriting Panel Default Mode Docked
- Allow Message Service Cloud Sync
- Specify global DNS
- Enables Activity Feed
- Allow publishing of User Activities
- Turn off Power Throttling
- Turn off Push To Install service
- Allow Cloud Search
- Allow downloading updates to the Disk Failure Prediction Model
- Enable Device Health Attestation Monitoring and Reporting
- Configure the system to clear the TPM if it is not in a ready state.
- Set Per-App Cellular Access UI Visibility
- Let Windows apps access cellular data
Pour voir le listing complet des paramétrages, vous pouvez utiliser le fichier des différences.
Télécharger Administrative Templates (.admx) for Windows 10 Fall Creators Update (1709)