Policy CSP - ADMX_iSCSI
Tip
This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see Understanding ADMX-backed policies.
The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.
iSCSIDiscovery_ConfigureiSNSServers
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 2004 [10.0.19041.1202] and later ✅ Windows 10, version 2009 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_iSCSI/iSCSIDiscovery_ConfigureiSNSServers
If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed. If disabled then new iSNS servers may be added and thus new targets discovered via those iSNS servers; existing iSNS servers may be removed.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
| Name | Value |
|---|---|
| Name | iSCSIDiscovery_ConfigureiSNSServers |
| Friendly Name | Do not allow manual configuration of iSNS servers |
| Location | Computer Configuration |
| Path | System > iSCSI > iSCSI Target Discovery |
| Registry Key Name | Software\Policies\Microsoft\Windows\iSCSI |
| Registry Value Name | ConfigureiSNSServers |
| ADMX File Name | iSCSI.admx |
iSCSIDiscovery_ConfigureTargetPortals
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 2004 [10.0.19041.1202] and later ✅ Windows 10, version 2009 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_iSCSI/iSCSIDiscovery_ConfigureTargetPortals
If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed. If disabled then new target portals may be added and thus new targets discovered on those portals; existing target portals may be removed.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
| Name | Value |
|---|---|
| Name | iSCSIDiscovery_ConfigureTargetPortals |
| Friendly Name | Do not allow manual configuration of target portals |
| Location | Computer Configuration |
| Path | System > iSCSI > iSCSI Target Discovery |
| Registry Key Name | Software\Policies\Microsoft\Windows\iSCSI |
| Registry Value Name | ConfigureTargetPortals |
| ADMX File Name | iSCSI.admx |
iSCSIDiscovery_ConfigureTargets
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 2004 [10.0.19041.1202] and later ✅ Windows 10, version 2009 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_iSCSI/iSCSIDiscovery_ConfigureTargets
If enabled then discovered targets may not be manually configured. If disabled then discovered targets may be manually configured. Note if enabled there may be cases where this will break VDS.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
| Name | Value |
|---|---|
| Name | iSCSIDiscovery_ConfigureTargets |
| Friendly Name | Do not allow manual configuration of discovered targets |
| Location | Computer Configuration |
| Path | System > iSCSI > iSCSI Target Discovery |
| Registry Key Name | Software\Policies\Microsoft\Windows\iSCSI |
| Registry Value Name | ConfigureTargets |
| ADMX File Name | iSCSI.admx |
iSCSIDiscovery_NewStaticTargets
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 2004 [10.0.19041.1202] and later ✅ Windows 10, version 2009 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_iSCSI/iSCSIDiscovery_NewStaticTargets
If enabled then new targets may not be manually configured by entering the target name and target portal; already discovered targets may be manually configured. If disabled then new and already discovered targets may be manually configured. Note if enabled there may be cases where this will break VDS.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
| Name | Value |
|---|---|
| Name | iSCSIDiscovery_NewStaticTargets |
| Friendly Name | Do not allow adding new targets via manual configuration |
| Location | Computer Configuration |
| Path | System > iSCSI > iSCSI Target Discovery |
| Registry Key Name | Software\Policies\Microsoft\Windows\iSCSI |
| Registry Value Name | NewStaticTargets |
| ADMX File Name | iSCSI.admx |
iSCSIGeneral_ChangeIQNName
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 2004 [10.0.19041.1202] and later ✅ Windows 10, version 2009 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_iSCSI/iSCSIGeneral_ChangeIQNName
If enabled then don't allow the initiator iqn name to be changed. If disabled then the initiator iqn name may be changed.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
| Name | Value |
|---|---|
| Name | iSCSIGeneral_ChangeIQNName |
| Friendly Name | Do not allow changes to initiator iqn name |
| Location | Computer Configuration |
| Path | System > iSCSI > General iSCSI |
| Registry Key Name | Software\Policies\Microsoft\Windows\iSCSI |
| Registry Value Name | ChangeIQNName |
| ADMX File Name | iSCSI.admx |
iSCSIGeneral_RestrictAdditionalLogins
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 2004 [10.0.19041.1202] and later ✅ Windows 10, version 2009 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_iSCSI/iSCSIGeneral_RestrictAdditionalLogins
If enabled then only those sessions that are established via a persistent login will be established and no new persistent logins may be created. If disabled then additional persistent and non persistent logins may be established.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
| Name | Value |
|---|---|
| Name | iSCSIGeneral_RestrictAdditionalLogins |
| Friendly Name | Do not allow additional session logins |
| Location | Computer Configuration |
| Path | System > iSCSI > General iSCSI |
| Registry Key Name | Software\Policies\Microsoft\Windows\iSCSI |
| Registry Value Name | RestrictAdditionalLogins |
| ADMX File Name | iSCSI.admx |
iSCSISecurity_ChangeCHAPSecret
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 2004 [10.0.19041.1202] and later ✅ Windows 10, version 2009 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_iSCSI/iSCSISecurity_ChangeCHAPSecret
If enabled then don't allow the initiator CHAP secret to be changed. If disabled then the initiator CHAP secret may be changed.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
| Name | Value |
|---|---|
| Name | iSCSISecurity_ChangeCHAPSecret |
| Friendly Name | Do not allow changes to initiator CHAP secret |
| Location | Computer Configuration |
| Path | System > iSCSI > iSCSI Security |
| Registry Key Name | Software\Policies\Microsoft\Windows\iSCSI |
| Registry Value Name | ChangeCHAPSecret |
| ADMX File Name | iSCSI.admx |
iSCSISecurity_RequireIPSec
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 2004 [10.0.19041.1202] and later ✅ Windows 10, version 2009 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_iSCSI/iSCSISecurity_RequireIPSec
If enabled then only those connections that are configured for IPSec may be established. If disabled then connections that are configured for IPSec or connections not configured for IPSec may be established.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
| Name | Value |
|---|---|
| Name | iSCSISecurity_RequireIPSec |
| Friendly Name | Do not allow connections without IPSec |
| Location | Computer Configuration |
| Path | System > iSCSI > iSCSI Security |
| Registry Key Name | Software\Policies\Microsoft\Windows\iSCSI |
| Registry Value Name | RequireIPSec |
| ADMX File Name | iSCSI.admx |
iSCSISecurity_RequireMutualCHAP
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 2004 [10.0.19041.1202] and later ✅ Windows 10, version 2009 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_iSCSI/iSCSISecurity_RequireMutualCHAP
If enabled then only those sessions that are configured for mutual CHAP may be established. If disabled then sessions that are configured for mutual CHAP or sessions not configured for mutual CHAP may be established.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
| Name | Value |
|---|---|
| Name | iSCSISecurity_RequireMutualCHAP |
| Friendly Name | Do not allow sessions without mutual CHAP |
| Location | Computer Configuration |
| Path | System > iSCSI > iSCSI Security |
| Registry Key Name | Software\Policies\Microsoft\Windows\iSCSI |
| Registry Value Name | RequireMutualCHAP |
| ADMX File Name | iSCSI.admx |
iSCSISecurity_RequireOneWayCHAP
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 2004 [10.0.19041.1202] and later ✅ Windows 10, version 2009 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_iSCSI/iSCSISecurity_RequireOneWayCHAP
If enabled then only those sessions that are configured for one-way CHAP may be established. If disabled then sessions that are configured for one-way CHAP or sessions not configured for one-way CHAP may be established. Note that if the "Do not allow sessions without mutual CHAP" setting is enabled then that setting overrides this one.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
| Name | Value |
|---|---|
| Name | iSCSISecurity_RequireOneWayCHAP |
| Friendly Name | Do not allow sessions without one way CHAP |
| Location | Computer Configuration |
| Path | System > iSCSI > iSCSI Security |
| Registry Key Name | Software\Policies\Microsoft\Windows\iSCSI |
| Registry Value Name | RequireOneWayCHAP |
| ADMX File Name | iSCSI.admx |
Related articles
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for