Ši naršyklė nebepalaikoma.
Atnaujinkite į „Microsoft Edge“, kad pasinaudotumėte naujausiomis funkcijomis, saugos naujinimais ir techniniu palaikymu.
Arbatpinigiai
This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see Understanding ADMX-backed policies.
The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_AuditSettings/IncludeCmdLine
This policy setting determines what information is logged in security audit events when a new process has been created.
This setting only applies when the Audit Process Creation policy is enabled.
If you enable this policy setting the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied.
If you disable or don't configure this policy setting, the process's command line information won't be included in Audit Process Creation events.
Default: Not configured.
Pastaba
When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information such as passwords or user data.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Arbatpinigiai
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
| Name | Value |
|---|---|
| Name | IncludeCmdLine |
| Friendly Name | Include command line in process creation events |
| Location | Computer Configuration |
| Path | System > Audit Process Creation |
| Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit |
| Registry Value Name | ProcessCreationIncludeCmdLine_Enabled |
| ADMX File Name | AuditSettings.admx |
Mokymas
Mokymosi kelias
MD-102 Execute device enrollment - Training
This learning path will cover Microsoft Entra join and will introduce Microsoft Endpoint Manager. We'll also discuss how to configure policies for enrolling devices to Configuration Manager and Microsoft Intune.
Dokumentacija
WindowsInkWorkspace Policy CSP
Learn more about the WindowsInkWorkspace Area in Policy CSP.
Learn more about the ADMX_GroupPolicy Area in Policy CSP.
Learn more about the SystemServices Area in Policy CSP.