Microsoft a publié une mise à jour de son fichier de listing des paramétrages de stratégies de groupe (GPO) pour Windows 10 1703 (Creators Update). On retrouve de nombreux nouveaux paramétrages dont :
- Turn On/Off Windows Defender Application Guard (WDAG)
- Configure Windows Defender Application Guard clipboard settings
- Configure Windows Defender Application Guard Print Settings
- Block Entperise websites to load non-Enterprise content in IE and Edge
- Let Windows apps make phone calls
- Let Windows apps access Tasks
- Let Windows apps run in the background
- Let Windows apps access diagnostic information about other apps
- Enable automatic cleanup of unused appv packages
- Enable background sync to server when on battery power
- Configure enhanced anti-spoofing
- User State Management Client Side Extension
- Do not use diagnostic data for tailored experiences
- Do not suggest third-party content in Windows spotlight
- Turn off the Windows Spotlight on Action Center
- Turn off the Windows Welcome Experience
- Settings Page Visibility
- Remote host allows delegation of non-exportable credentials
- Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service
- Minimum Peer Caching Content File Size (in MB)
- Enable Peer Caching while the device connects via VPN
- Minimum RAM capacity (inclusive) required to enable use of Peer Caching (in GB)
- Minimum disk size allowed to use Peer Caching (in GB)
- Allow uploads while the device is on battery while under set Battery level (percentage)
- Turn on GdiDPIScaling for applications
- Turn off GdiDPIScaling for applications
- Turn on lexicon update
- Turn On/Off Find My Device
- Enables or disables Windows Game Recording and Broadcasting
- Configure web-to-app linking with app URI handlers
- Hide the button (next to the New Tab button) that opens Microsoft Edge
- Allow VBScript to run in Internet Explorer
- Show message when opening sites in Microsoft Edge using Enterprise Mode
- Allow Address bar drop-down list suggestions
- Allow search engine customization
- Configure Windows Defender SmartScreen
- Set default search engine
- Configure additional search engines
- Configure Start pages
- Disable lockdown of Start pages
- Prevent bypassing Windows Defender SmartScreen prompts for sites
- Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
- Prevent the First Run webpage from opening on Microsoft Edge
- Keep favorites in sync between Internet Explorer and Microsoft Edge
- Configure the Adobe Flash Click-to-Run setting
- Allow clearing browsing data on exit
- Allow Adobe Flash
- Allow Microsoft Compatibility List
- Block all consumer Microsoft account user authentication
- Configure Dynamic Lock
- Enterprise resource domains hosted in the cloud
- Domains categorized as both work and personal
- Use Windows Hello for Business
- Use phone sign-in
- Use certificate for on-premises authentication
- Configure Windows Defender SmartScreen
- Configure App Install Control
- Allow Automatic Update of Speech Data
- Show additional calendar
- Disable new DMA devices when this computer is locked
- Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN.
- Turn off Windows Defender Antivirus
- Turn off enhanced notifications
- Select cloud protection level
- Configure extended cloud check
- Turn off Windows Key hotkeys
- Configure Windows Defender SmartScreen
- Specify active hours range for auto-restarts
- Configure auto-restart required notification for updates
- Configure auto-restart reminder notifications for updates
- Turn off auto-restart notifications for update installations
- Configure auto-restart warning notifications schedule for updates
- Specify Engaged restart transition and notification schedule for updates
- Update Power Policy for Cart Restarts
- Enables the use of Token Broker for AD FS authentication
Télécharger Group Policy Settings Reference for Windows and Windows Server
