Edit

New policies for Windows 10

  • Article
  • 20 minutes to read

Applies to

  • Windows 10
  • Windows 11

As of September 2020 This page will no longer be updated. To find the Group Polices that ship in each version of Windows, refer to the Group Policy Settings Reference Spreadsheet. You can always locate the most recent version of the Spreadsheet by searching the Internet for "Windows Version + Group Policy Settings Reference".

For example, searching for "Windows 2004" + "Group Policy Settings Reference Spreadsheet" in a web browser will return to you the link to download the Group Policy Settings Reference Spreadsheet for Windows 2004.

The latest group policy reference for Windows 10 version 2004 is available here.

New Group Policy settings in Windows 10, version 1903

The following Group Policy settings were added in Windows 10, version 1903:

System

  • System\Service Control Manager Settings\Security Settings\Enable svchost.exe mitigation options
  • System\Storage Sense\Allow Storage Sense
  • System\Storage Sense\Allow Storage Sense Temporary Files cleanup
  • System\Storage Sense\Configure Storage Sense
  • System\Storage Sense\Configure Storage Sense Cloud content dehydration threshold
  • System\Storage Sense\Configure Storage Sense Recycle Bin cleanup threshold
  • System\Storage Sense\Configure Storage Sense Downloads cleanup threshold
  • System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool\Troubleshooting:Allow users to access recommended troubleshooting for known problems

Windows Components

  • Windows Components\App Privacy\Let Windows apps activate with voice
  • Windows Components\App Privacy\Let Windows apps activate with voice while the system is locked
  • Windows Components\Data Collection and Preview Builds\Allow commercial data pipeline
  • Windows Components\Data Collection and Preview Builds\Configure collection of browsing data for Desktop Analytics
  • Windows Components\Data Collection and Preview Builds\Configure diagnostic data upload endpoint for Desktop Analytics
  • Windows Components\Delivery Optimization\Delay background download Cache Server fallback (in seconds)
  • Windows Components\Delivery Optimization\Delay Foreground download Cache Server fallback (in seconds)
  • Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Use WDDM graphics display driver for Remote Desktop Connections
  • Windows Components\Windows Logon Options\Configure the mode of automatically signing in and locking last interactive user after a restart or cold boot

New Group Policy settings in Windows 10, version 1809

The following Group Policy settings were added in Windows 10, version 1809:

Start Menu and Taskbar

  • Start Menu and Taskbar\Force Start to be either full screen size or menu size
  • Start Menu and Taskbar\Remove "Recently added" list from Start Menu
  • Start Menu and Taskbar\Remove All Programs list from the Start menu
  • Start Menu and Taskbar\Remove frequent programs list from the Start Menu

System

  • System\Group Policy\Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services
  • System\Group Policy\Configure Applications preference extension policy processing
  • System\Group Policy\Configure Data Sources preference extension policy processing
  • System\Group Policy\Configure Devices preference extension policy processing
  • System\Group Policy\Configure Drive Maps preference extension policy processing
  • System\Group Policy\Configure Environment preference extension policy processing
  • System\Group Policy\Configure Files preference extension policy processing
  • System\Group Policy\Configure Folder Options preference extension policy processing
  • System\Group Policy\Configure Folders preference extension policy processing
  • System\Group Policy\Configure Ini Files preference extension policy processing
  • System\Group Policy\Configure Internet Settings preference extension policy processing
  • System\Group Policy\Configure Local Users and Groups preference extension policy processing
  • System\Group Policy\Configure Network Options preference extension policy processing
  • System\Group Policy\Configure Network Shares preference extension policy processing
  • System\Group Policy\Configure Power Options preference extension policy processing
  • System\Group Policy\Configure Printers preference extension policy processing
  • System\Group Policy\Configure Regional Options preference extension policy processing
  • System\Group Policy\Configure Registry preference extension policy processing
  • System\Group Policy\Configure Scheduled Tasks preference extension policy processing
  • System\Group Policy\Configure Services preference extension policy processing
  • System\Group Policy\Configure Shortcuts preference extension policy processing
  • System\Group Policy\Configure Start Menu preference extension policy processing
  • System\Group Policy\Logging and tracing\Configure Applications preference logging and tracing
  • System\Group Policy\Logging and tracing\Configure Data Sources preference logging and tracing
  • System\Group Policy\Logging and tracing\Configure Devices preference logging and tracing
  • System\Group Policy\Logging and tracing\Configure Drive Maps preference logging and tracing
  • System\Group Policy\Logging and tracing\Configure Environment preference logging and tracing
  • System\Group Policy\Logging and tracing\Configure Files preference logging and tracing
  • System\Group Policy\Logging and tracing\Configure Folder Options preference logging and tracing
  • System\Group Policy\Logging and tracing\Configure Folders preference logging and tracing
  • System\Group Policy\Logging and tracing\Configure INI Files preference logging and tracing
  • System\Group Policy\Logging and tracing\Configure Internet Settings preference logging and tracing
  • System\Group Policy\Logging and tracing\Configure Local Users and Groups preference logging and tracing
  • System\Group Policy\Logging and tracing\Configure Network Options preference logging and tracing
  • System\Group Policy\Logging and tracing\Configure Network Shares preference logging and tracing
  • System\Group Policy\Logging and tracing\Configure Power Options preference logging and tracing
  • System\Group Policy\Logging and tracing\Configure Printers preference logging and tracing
  • System\Group Policy\Logging and tracing\Configure Regional Options preference logging and tracing
  • System\Group Policy\Logging and tracing\Configure Registry preference logging and tracing
  • System\Group Policy\Logging and tracing\Configure Scheduled Tasks preference logging and tracing
  • System\Group Policy\Logging and tracing\Configure Services preference logging and tracing
  • System\Group Policy\Logging and tracing\Configure Shortcuts preference logging and tracing
  • System\Group Policy\Logging and tracing\Configure Start Menu preference logging and tracing
  • System\Kernel DMA Protection\Enumeration policy for external devices incompatible with Kernel DMA Protection
  • System\OS Policies\Allow Clipboard History
  • System\OS Policies\Allow Clipboard synchronization across devices

Windows Components

  • Windows Components\Data Collection and Preview Builds\Configure Microsoft 365 Update Readiness upload endpoint
  • Windows Components\Data Collection and Preview Builds\Disable deleting diagnostic data
  • Windows Components\Data Collection and Preview Builds\Disable diagnostic data viewer
  • Windows Components\Delivery Optimization[Reserved for future use] Cache Server Hostname
  • Windows Components\Location and Sensors\Windows Location Provider\Turn off Windows Location Provider
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\DFS Management
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\File Server Resource Manager
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Share and Storage Management
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Storage Manager for SANs
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins\DFS Management Extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins\Disk Management Extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins\File Server Resource Manager Extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins\Share and Storage Management Extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins\Storage Manager for SANS Extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy Management Editor
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy Starter GPO Editor
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Application snap-ins
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Applications preference extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Control Panel Settings (Computers)
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Control Panel Settings (Users)
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Data Sources preference extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Devices preference extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Drive Maps preference extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Environment preference extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Files preference extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Folder Options preference extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Folders preference extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Ini Files preference extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Internet Settings preference extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Local Users and Groups preference extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Network Options preference extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Network Shares preference extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Power Options preference extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Preferences tab
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Printers preference extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Regional Options preference extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Registry preference extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Scheduled Tasks preference extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Services preference extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Shortcuts preference extension
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Start Menu preference extension
  • Windows Components\OOBE\Don't launch privacy settings experience on user logon
  • Windows Components\OOBE\Don't launch privacy settings experience on user logon
  • Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility\Do not use Remote Desktop Session Host server IP address when virtual IP address is not available
  • Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility\Select the network adapter to be used for Remote Desktop IP Virtualization
  • Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility\Turn off Windows Installer RDS Compatibility
  • Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility\Turn on Remote Desktop IP Virtualization
  • Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Allow remote start of unlisted programs
  • Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Turn off Fair Share CPU Scheduling
  • Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Allow time zone redirection
  • Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow Clipboard redirection
  • Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection\Redirect only the default client printer
  • Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection\Redirect only the default client printer
  • Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker\Use RD Connection Broker load balancing
  • Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Allow desktop composition for remote desktop sessions
  • Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Always show desktop on connection
  • Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Do not allow font smoothing
  • Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Remove remote desktop wallpaper
  • Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\Set time limit for logoff of RemoteApp sessions
  • Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\Set time limit for logoff of RemoteApp sessions
  • Windows Components\Microsoft Defender Antivirus\Configure detection for potentially unwanted applications
  • Windows Components\Microsoft Defender Antivirus\Scan\Configure low CPU priority for scheduled scans
  • Windows Components\Windows Defender Application Guard\Allow camera and microphone access in Windows Defender Application Guard
  • Windows Components\Windows Defender Application Guard\Allow users to trust files that open in Windows Defender Application Guard
  • Windows Components\Windows Defender Application Guard\Allow Windows Defender Application Guard to use Root Certificate Authorities from the user’s device
  • Windows Components\Windows Defender Application Guard\Configure additional sources for untrusted files in Windows Defender Application Guard
  • Windows Components\Windows Hello for Business\Use Windows Hello for Business certificates as smart card certificates
  • Windows Components\Windows Media Player\Do Not Show First Use Dialog Boxes
  • Windows Components\Windows Media Player\Prevent Automatic Updates
  • Windows Components\Windows Media Player\Prevent CD and DVD Media Information Retrieval
  • Windows Components\Windows Media Player\Prevent Desktop Shortcut Creation
  • Windows Components\Windows Media Player\Prevent Media Sharing
  • Windows Components\Windows Media Player\Prevent Music File Media Information Retrieval
  • Windows Components\Windows Media Player\Prevent Quick Launch Toolbar Shortcut Creation
  • Windows Components\Windows Media Player\Prevent Radio Station Preset Retrieval
  • Windows Components\Windows Media Player\Prevent Video Smoothing
  • Windows Components\Windows Media Player\Networking\Configure HTTP Proxy
  • Windows Components\Windows Media Player\Networking\Configure MMS Proxy
  • Windows Components\Windows Media Player\Networking\Configure Network Buffering
  • Windows Components\Windows Media Player\Networking\Configure RTSP Proxy
  • Windows Components\Windows Media Player\Networking\Hide Network Tab
  • Windows Components\Windows Media Player\Networking\Streaming Media Protocols
  • Windows Components\Windows Media Player\Playback\Allow Screen Saver
  • Windows Components\Windows Media Player\Playback\Prevent Codec Download
  • Windows Components\Windows Media Player\User Interface\Do Not Show Anchor
  • Windows Components\Windows Media Player\User Interface\Hide Privacy Tab
  • Windows Components\Windows Media Player\User Interface\Hide Security Tab
  • Windows Components\Windows Media Player\User Interface\Set and Lock Skin
  • Windows Components\Windows Security\Account protection\Hide the Account protection area
  • Windows Components\Windows Security\App and browser protection\Hide the App and browser protection area
  • Windows Components\Windows Security\App and browser protection\Prevent users from modifying settings
  • Windows Components\Windows Security\Device performance and health\Hide the Device performance and health area
  • Windows Components\Windows Security\Device security\Disable the Clear TPM button
  • Windows Components\Windows Security\Device security\Hide the Device security area
  • Windows Components\Windows Security\Device security\Hide the Secure boot area
  • Windows Components\Windows Security\Device security\Hide the Security processor (TPM) troubleshooter page
  • Windows Components\Windows Security\Device security\Hide the TPM Firmware Update recommendation
  • Windows Components\Windows Security\Enterprise Customization\Configure customized contact information
  • Windows Components\Windows Security\Enterprise Customization\Configure customized notifications
  • Windows Components\Windows Security\Enterprise Customization\Specify contact company name
  • Windows Components\Windows Security\Enterprise Customization\Specify contact email address or Email ID
  • Windows Components\Windows Security\Enterprise Customization\Specify contact phone number or Skype ID
  • Windows Components\Windows Security\Enterprise Customization\Specify contact website
  • Windows Components\Windows Security\Family options\Hide the Family options area
  • Windows Components\Windows Security\Firewall and network protection\Hide the Firewall and network protection area
  • Windows Components\Windows Security\Notifications\Hide all notifications
  • Windows Components\Windows Security\Notifications\Hide non-critical notifications
  • Windows Components\Windows Security\Systray\Hide Windows Security Systray
  • Windows Components\Windows Security\Virus and threat protection\Hide the Ransomware data recovery area
  • Windows Components\Windows Security\Virus and threat protection\Hide the Virus and threat protection area
  • Windows Components\Windows Update\Display options for update notifications
  • Windows Components\Windows Update\Remove access to "Pause updates" feature

Control Panel

  • Control Panel\Settings Page Visibility
  • Control Panel\Regional and Language Options\Allow users to enable online speech recognition services

Network

  • Network\Windows Connection Manager\Enable Windows to soft-disconnect a computer from a network

New Group Policy settings in Windows 10, version 1803

The following Group Policy settings were added in Windows 10, version 1803:

System

  • System\Credentials Delegation\Encryption Oracle Remediation
  • System\Group Policy\Phone-PC linking on this device
  • System\OS Policies\Allow upload of User Activities

Windows Components

  • Windows Components\App Privacy\Let Windows apps access an eye tracker device
  • Windows Components\Cloud Content\Turn off Windows Spotlight on Settings
  • Windows Components\Data Collection and Preview Builds\Allow device name to be sent in Windows diagnostic data
  • Windows Components\Data Collection and Preview Builds\Configure telemetry opt-in setting user interface
  • Windows Components\Data Collection and Preview Builds\Configure telemetry opt-in change notifications
  • Windows Components\Delivery Optimization\Maximum Background Download Bandwidth (percentage)
  • Windows Components\Delivery Optimization\Maximum Foreground Download Bandwidth (percentage)
  • Windows Components\Delivery Optimization\Select the source of Group IDs
  • Windows Components\Delivery Optimization\Delay background download from http (in secs)
  • Windows Components\Delivery Optimization\Delay Foreground download from http (in secs)
  • Windows Components\Delivery Optimization\Select a method to restrict Peer Selection
  • Windows Components\Delivery Optimization\Set Business Hours to Limit Background Download Bandwidth
  • Windows Components\Delivery Optimization\Set Business Hours to Limit Foreground Download Bandwidth
  • Windows Components\IME\Turn on Live Sticker
  • Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow video capture redirection
  • Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Use hardware graphics adapters for all Remote Desktop Services sessions
  • Windows Components\Search\Allow Cortana Page in OOBE on an Azure Active Directory account
  • Windows Components\Store\Disable all apps from Microsoft Store
  • Windows Components\Text Input\Allow Uninstallation of Language Features
  • Windows Components\Text Input\Improve inking and typing recognition
  • Windows Components\Windows Defender Application Guard\Allow hardware-accelerated rendering for Windows Defender Application Guard
  • Windows Components\Windows Defender Security Center\Account protection\Hide the Account protection area
  • Windows Components\Windows Defender Security Center\Device security\Hide the Device security area
  • Windows Components\Windows Defender Security Center\Device security\Hide the Security processor (TPM) troubleshooter page
  • Windows Components\Windows Defender Security Center\Device security\Hide the Secure boot area
  • Windows Components\Windows Defender Security Center\Virus and threat protection\Hide the Ransomware data recovery area

New Group Policy settings in Windows 10, version 1709

The following Group Policy settings were added in Windows 10, version 1709:

Control Panel

  • Control Panel\Allow Online Tips

Network

  • Network\Network Connectivity Status Indicator\Specify global DNS
  • Network\WWAN Service\WWAN UI Settings\Set Per-App Cellular Access UI Visibility
  • Network\WWAN Service\Cellular Data Access\Let Windows apps access cellular data

System

  • System\Device Health Attestation Service\Enable Device Health Attestation Monitoring and Reporting
  • System\OS Policies\Enables Activity Feed
  • System\OS Policies\Allow publishing of User Activities
  • System\Power Management\Power Throttling Settings\Turn off Power Throttling
  • System\Storage Health\Allow downloading updates to the Disk Failure Prediction Model
  • System\Trusted Platform Module Services\Configure the system to clear the TPM if it is not in a ready state.

Windows Components

  • Windows Components\App Privacy\Let Windows apps communicate with unpaired devices
  • Windows Components\Data Collection and Preview Builds\Limit Enhanced diagnostic data to the minimum required by Windows Analytics
  • Windows Components\Handwriting\Handwriting Panel Default Mode Docked
  • Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing\Hide the button (next to the New Tab button) that opens Microsoft Edge
  • Windows Components\MDM\Auto MDM Enrollment with Azure Active Directory Token
  • Windows Components\Messaging\Allow Message Service Cloud Sync
  • Windows Components\Microsoft Edge\Always show the Books Library in Microsoft Edge
  • Windows Components\Microsoft Edge\Provision Favorites
  • Windows Components\Microsoft Edge\Prevent changes to Favorites on Microsoft Edge
  • Windows Components\Microsoft FIDO Authentication\Enable usage of FIDO devices to sign on
  • Windows Components\OneDrive\Prevent OneDrive from generating network traffic until the user signs in to OneDrive
  • Windows Components\Push To Install\Turn off Push To Install service
  • Windows Components\Search\Allow Cloud Search
  • Windows Components\Windows Defender Application Guard\Allow data persistence for Windows Defender Application Guard
  • Windows Components\Windows Defender Application Guard\Allow auditing events in Windows Defender Application Guard
  • Windows Components\Microsoft Defender Antivirus\Windows Defender Exploit Guard\Network Protection\Prevent users and apps from accessing dangerous websites
  • Windows Components\Microsoft Defender Antivirus\Windows Defender Exploit Guard\Controlled Folder Access\Configure Controlled folder access
  • Windows Components\Microsoft Defender Antivirus\Windows Defender Exploit Guard\Attack Surface Reduction\Configure Attack Surface Reduction rules
  • Windows Components\Microsoft Defender Antivirus\Windows Defender Exploit Guard\Attack Surface Reduction\Exclude files and paths from Attack Surface Reduction Rules
  • Windows Components\Microsoft Defender Antivirus\Windows Defender Exploit Guard\Controlled Folder Access\Configure allowed applications
  • Windows Components\Microsoft Defender Antivirus\Windows Defender Exploit Guard\Controlled Folder Access\Configure protected folders
  • Windows Components\Windows Defender Exploit Guard\Exploit Protection\Use a common set of exploit protection settings
  • Windows Components\Windows Defender Security Center\Virus and threat protection\Hide the Virus and threat protection area
  • Windows Components\Windows Defender Security Center\Firewall and network protection\Hide the Firewall and network protection area
  • Windows Components\Windows Defender Security Center\App and browser protection\Hide the App and browser protection area
  • Windows Components\Windows Defender Security Center\App and browser protection\Prevent users from modifying settings
  • Windows Components\Windows Defender Security Center\Device performance and health\Hide the Device performance and health area
  • Windows Components\Windows Defender Security Center\Family options\Hide the Family options area
  • Windows Components\Windows Defender Security Center\Notifications\Hide all notifications
  • Windows Components\Windows Defender Security Center\Notifications\Hide non-critical notifications
  • Windows Components\Windows Defender Security Center\Enterprise Customization\Configure customized notifications
  • Windows Components\Windows Defender Security Center\Enterprise Customization\Configure customized contact information
  • Windows Components\Windows Defender Security Center\Enterprise Customization\Specify contact company name
  • Windows Components\Windows Defender Security Center\Enterprise Customization\Specify contact phone number or Skype ID
  • Windows Components\Windows Defender Security Center\Enterprise Customization\Specify contact email address or Email ID
  • Windows Components\Windows Defender Security Center\Enterprise Customization\Specify contact website
  • Windows Components\Windows Hello for Business\Configure device unlock factors
  • Windows Components\Windows Hello for Business\Configure dynamic lock factors
  • Windows Components\Windows Hello for Business\Turn off smart card emulation
  • Windows Components\Windows Hello for Business\Allow enumeration of emulated smart card for all users
  • Windows Components\Windows Update\Allow updates to be downloaded automatically over metered connections
  • Windows Components\Windows Update\Do not allow update deferral policies to cause scans against Windows Update

New Group Policy settings in Windows 10, version 1703

The following Group Policy settings were added in Windows 10, version 1703:

Control Panel

  • Control Panel\Add or Remove Programs\Specify default category for Add New Programs
  • Control Panel\Add or Remove Programs\Hide the "Add a program from CD-ROM or floppy disk" option
  • Control Panel\Personalization\Prevent changing lock screen and logon image

Network

  • Network\Background Intelligent Transfer Service (BITS)\Limit the maximum network bandwidth for BITS background transfers
  • Network\Background Intelligent Transfer Service (BITS)\Allow BITS Peercaching
  • Network\Background Intelligent Transfer Service (BITS)\Limit the age of files in the BITS Peercache
  • Network\Background Intelligent Transfer Service (BITS)\Limit the BITS Peercache size
  • Network\DNS Client\Allow NetBT queries for fully qualified domain names
  • Network\Network Connections\Prohibit access to properties of components of a LAN connection
  • Network\Network Connections\Ability to Enable/Disable a LAN connection
  • Network\Offline Files\Turn on economical application of administratively assigned Offline Files
  • Network\Offline Files\Configure slow-link mode
  • Network\Offline Files\Enable Transparent Caching
  • Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds\Set the Seed Server
  • Network\Microsoft Peer-to-Peer Networking Services\Disable password strength validation for Peer Grouping

System

  • System\App-V\Streaming\Location Provider
  • System\App-V\Streaming\Certificate Filter For Client SSL
  • System\Credentials Delegation\Allow delegating default credentials with NTLM-only server authentication
  • System\Ctrl+Alt+Del Options\Remove Change Password
  • System\Ctrl+Alt+Del Options\Remove Lock Computer
  • System\Ctrl+Alt+Del Options\Remove Task Manager
  • System\Ctrl+Alt+Del Options\Remove Logoff
  • System\Device Installation\Do not send a Windows error report when a generic driver is installed on a device
  • System\Device Installation\Prevent Windows from sending an error report when a device driver requests additional software during installation
  • System\Locale Services\Disallow user override of locale settings
  • System\Logon\Do not process the legacy run list
  • System\Logon\Always use custom logon background
  • System\Logon\Do not display network selection UI
  • System\Logon\Block user from showing account details on sign-in
  • System\Logon\Turn off app notifications on the lock screen
  • System\User Profiles\Establish timeout value for dialog boxes
  • System\Enable Windows NTP Server\Windows Time Service\Enable Windows NTP Client

Windows Components

  • Windows Components\ActiveX Installer Service\Approved Installation Sites for ActiveX Controls
  • Windows Components\ActiveX Installer Service\Establish ActiveX installation policy for sites in Trusted zones
  • Windows Components\Application Compatibility\Turn off Application Compatibility Engine
  • Windows Components\Application Compatibility\Turn off Program Compatibility Assistant
  • Windows Components\Application Compatibility\Turn off Steps Recorder
  • Windows Components\Attachment Manager\Notify antivirus programs when opening attachments
  • Windows Components\Biometrics\Allow the use of biometrics
  • Windows Components\NetMeeting\Disable Whiteboard
  • Windows Components\Data Collection and Preview Builds\Configure the Commercial ID
  • Windows Components\File Explorer\Display the menu bar in File Explorer
  • Windows Components\File History\Turn off File History
  • Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Play animations in web pages
  • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Turn on Cross-Site Scripting Filter
  • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn on Cross-Site Scripting Filter
  • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Run ActiveX controls and plugins
  • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Script ActiveX controls marked safe for scripting
  • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Run ActiveX controls and plugins
  • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Script ActiveX controls marked safe for scripting
  • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Run ActiveX controls and plugins
  • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Script ActiveX controls marked safe for scripting
  • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Run ActiveX controls and plugins
  • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Script ActiveX controls marked safe for scripting
  • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Run ActiveX controls and plugins
  • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Script ActiveX controls marked safe for scripting
  • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run ActiveX controls and plugins
  • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Script ActiveX controls marked safe for scripting
  • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Run ActiveX controls and plugins
  • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Script ActiveX controls marked safe for scripting
  • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Run ActiveX controls and plugins
  • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Script ActiveX controls marked safe for scripting
  • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Run ActiveX controls and plugins
  • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Script ActiveX controls marked safe for scripting
  • Windows Components\Internet Explorer\Accelerators\Restrict Accelerators to those deployed through Group Policy
  • Windows Components\Internet Explorer\Compatibility View\Turn on Internet Explorer 7 Standards Mode
  • Windows Components\Location and Sensors\Windows Location Provider\Turn off Windows Location Provider
  • Windows Components\Microsoft Account\Block all consumer Microsoft account user authentication
  • Windows Components\Microsoft Edge\Configure Autofill
  • Windows Components\Microsoft Edge\Allow Developer Tools
  • Windows Components\Microsoft Edge\Configure Do Not Track
  • Windows Components\Microsoft Edge\Allow InPrivate browsing
  • Windows Components\Microsoft Edge\Configure Password Manager
  • Windows Components\Microsoft Edge\Configure Pop-up Blocker
  • Windows Components\Microsoft Edge\Allow search engine customization
  • Windows Components\Microsoft Edge\Configure search suggestions in Address bar
  • Windows Components\Microsoft Edge\Set default search engine
  • Windows Components\Microsoft Edge\Configure additional search engines
  • Windows Components\Microsoft Edge\Configure the Enterprise Mode Site List
  • Windows Components\Microsoft Edge\Prevent using Localhost IP address for WebRTC
  • Windows Components\Microsoft Edge\Configure Start pages
  • Windows Components\Microsoft Edge\Disable lockdown of Start pages
  • Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites
  • Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files
  • Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins.Net Framework Configuration
  • Windows Components\Windows Installer\Prohibit use of Restart Manager
  • Windows Components\Desktop Gadgets\Restrict unpacking and installation of gadgets that are not digitally signed.
  • Windows Components\Desktop Gadgets\Turn Off user-installed desktop gadgets
  • Windows Components\OneDrive\Prevent the usage of OneDrive for file storage
  • Windows Components\OneDrive\Prevent the usage of OneDrive for file storage on Windows 8.1
  • Windows Components\OneDrive\Prevent OneDrive files from syncing over metered connections
  • Windows Components\OneDrive\Save documents to OneDrive by default
  • Windows Components\Smart Card\Allow certificates with no extended key usage certificate attribute
  • Windows Components\Smart Card\Turn on certificate propagation from smart card
  • Windows Components\Tablet PC\Pen UX Behaviors\Prevent flicks
  • Windows Components\BitLocker Drive Encryption\Choose drive encryption method and cipher strength (Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10 [Version 1507])
  • Windows Components\Microsoft Defender Antivirus\Real-time Protection\Turn on behavior monitoring
  • Windows Components\Microsoft Defender Antivirus\Signature Updates\Define file shares for downloading definition updates
  • Windows Components\Microsoft Defender Antivirus\Signature Updates\Turn on scan after signature update
  • Windows Components\File Explorer\Display confirmation dialog when deleting files
  • Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow OpenSearch queries in File Explorer
  • Windows Components\Windows Update\Remove access to use all Windows Update features
  • Windows Components\Windows Update\Configure Automatic Updates
  • Windows Components\Windows Update\Specify intranet Microsoft update service location
  • Windows Components\Windows Update\Automatic Updates detection frequency
  • Windows Components\Windows Update\Allow non-administrators to receive update notifications
  • Windows Components\Windows Update\Allow Automatic Updates immediate installation
  • Windows Components\Windows Update\Turn on recommended updates via Automatic Updates
  • Windows Components\Shutdown Options\Turn off legacy remote shutdown interface

For a spreadsheet of Group Policy settings included in Windows 10 and Windows Server 2016, see Group Policy Settings Reference for Windows and Windows Server.

New MDM policies

Mobile device management (MDM) for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education include previous Windows Phone settings, and new or enhanced settings for Windows 10, such as:

  • Defender (Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education only)

  • Enhanced Bluetooth policies

  • Passport and Hello

  • Device update

  • Hardware-based device health attestation

  • Kiosk mode, start screen, start menu layout

  • Security

  • VPN and enterprise Wi-Fi management

  • Certificate management

  • Windows Tips

  • Consumer experiences, such as suggested apps in Start and app tiles from Microsoft dynamically inserted in the default Start menu

Windows 10, version 1703, adds a number of ADMX-backed policies to MDM.

If you use Microsoft Intune for MDM, you can configure custom policies to deploy Open Mobile Alliance Uniform Resource Identifier (OMA-URI) settings that can be used to control features on Windows 10. For a list of OMA-URI settings, see Custom URI settings for Windows 10 devices.

No new Exchange ActiveSync policies. For more information, see the ActiveSync configuration service provider technical reference.

Group Policy Settings Reference Spreadsheet Windows 1803

Manage corporate devices

Changes to Group Policy settings for Start in Windows 10