Policy CSP - System
Tips
This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>
. For details, see Understanding ADMX-backed policies.
The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1507 [10.0.10240] and later |
./Device/Vendor/MSFT/Policy/Config/System/AllowBuildPreview
This policy setting determines whether users can get preview builds of Windows, by configuring controls in Settings > Update and security > Windows Insider Program.
If you enable or don't configure this policy setting, users can download and install preview builds of Windows by configuring Windows Insider Program settings.
If you disable this policy setting, Windows Insider Program settings will be unavailable to users through the Settings app.
This policy is only supported up to Windows 10, Version 1703. Please use 'Manage preview builds' under 'Windows Update for Business' for newer Windows 10 versions.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 2 |
Allowed values:
Value | Description |
---|---|
0 | Not allowed. The item "Get Insider builds" is unavailable, users are unable to make their devices available for preview software. |
1 | Allowed. Users can make their devices available for downloading and installing preview software. |
2 (Default) | Not configured. Users can make their devices available for downloading and installing preview software. |
Group policy mapping:
Name | Value |
---|---|
Name | AllowBuildPreview |
Friendly Name | Toggle user control over Insider builds |
Location | Computer Configuration |
Path | WindowsComponents > Data Collection and Preview Builds |
Registry Key Name | Software\Policies\Microsoft\Windows\PreviewBuilds |
Registry Value Name | AllowBuildPreview |
ADMX File Name | AllowBuildPreview.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1903 [10.0.18362] and later |
./Device/Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline
This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.
AllowCommercialDataPipeline configures a Microsoft Entra joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>.
To enable this behavior:
- Enable this policy setting
- Join a Microsoft Entra account to the device.
Windows diagnostic data is collected when the Allow Telemetry policy setting is set to value 1 - Required or above. Configuring this setting doesn't change the Windows diagnostic data collection level set for the device.
If you disable or don't configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft's privacy statement at https://go.microsoft.com/fwlink/?LinkId=521839 unless you have enabled policies like 'Allow Update Compliance Processing' or 'Allow Desktop Analytics Processing'.
See the documentation at https://go.microsoft.com/fwlink/?linkid=2011107 for information on this and other policies that will result in Microsoft being the processor of Windows diagnostic data.
Anteckning
Configuring this setting doesn't affect the operation of optional analytics processor services like Desktop Analytics and Windows Update for Business reports.
Anteckning
Starting with the January 2023 preview cumulative update, this policy is no longer supported to configure the processor option. For more information, see Enable Windows diagnostic data processor configuration.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | Disabled. |
1 | Enabled. |
Group policy mapping:
Name | Value |
---|---|
Name | AllowCommercialDataPipeline |
Friendly Name | Allow commercial data pipeline |
Location | Computer Configuration |
Path | WindowsComponents > Data Collection and Preview Builds |
Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
ADMX File Name | DataCollection.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1809 with KB4551853 [10.0.17763.1217] and later ✅ Windows 10, version 1903 with KB4556799 [10.0.18362.836] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/System/AllowDesktopAnalyticsProcessing
This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.
This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID, enables organizations to configure the device so that Microsoft is the processor for Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>.
To enable this behavior:
Enable this policy setting
Join a Microsoft Entra account to the device.
Set Allow Telemetry to value 1 - Required, or higher
Set the Configure the Commercial ID setting for your Desktop Analytics workspace.
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
This setting has no effect on devices unless they're properly enrolled in Desktop Analytics. If you disable this policy setting, devices won't appear in Desktop Analytics.
Anteckning
Starting with the January 2023 preview cumulative update, this policy is no longer supported to configure the processor option. For more information, see Enable Windows diagnostic data processor configuration.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | Disabled. |
2 | Allowed. |
Group policy mapping:
Name | Value |
---|---|
Name | AllowDesktopAnalyticsProcessing |
Friendly Name | Allow Desktop Analytics Processing |
Location | Computer Configuration |
Path | WindowsComponents > Data Collection and Preview Builds |
Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
ADMX File Name | DataCollection.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1809 [10.0.17763] and later |
./Device/Vendor/MSFT/Policy/Config/System/AllowDeviceNameInDiagnosticData
This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data.
If you disable or don't configure this policy setting, then device name won't be sent to Microsoft as part of Windows diagnostic data.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | Disabled. |
1 | Allowed. |
Group policy mapping:
Name | Value |
---|---|
Name | AllowDeviceNameInDiagnosticData |
Friendly Name | Allow device name to be sent in Windows diagnostic data |
Location | Computer Configuration |
Path | WindowsComponents > Data Collection and Preview Builds |
Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
ADMX File Name | DataCollection.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1607 [10.0.14393] and later |
./Device/Vendor/MSFT/Policy/Config/System/AllowEmbeddedMode
Specifies whether set general purpose device to be in embedded mode. Most restricted value is 0.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | Not allowed. |
1 | Allowed. |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1607 [10.0.14393] and later |
./Device/Vendor/MSFT/Policy/Config/System/AllowExperimentation
Anteckning
This policy isn't supported in Windows 10, version 1607. This policy setting determines the level that Microsoft can experiment with the product to study user preferences or device behavior. Most restricted value is 0.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 1 |
Allowed values:
Value | Description |
---|---|
0 | Disabled. |
1 (Default) | Permits Microsoft to configure device settings only. |
2 | Allows Microsoft to conduct full experimentation. |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1703 [10.0.15063] and later |
./Device/Vendor/MSFT/Policy/Config/System/AllowFontProviders
This policy setting determines whether Windows is allowed to download fonts and font catalog data from an online font provider.
If you enable this policy setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text.
If you disable this policy setting, Windows doesn't connect to an online font provider and only enumerates locally-installed fonts.
If you don't configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
This MDM setting corresponds to the EnableFontProviders Group Policy setting. If both the Group Policy and the MDM settings are configured, the group policy setting takes precedence. If neither is configured, the behavior depends on a DisableFontProviders registry value. In server editions, this registry value is set to 1 by default, so the default behavior is false (disabled). In all other editions, the registry value isn't set by default, so the default behavior is true (enabled).
This setting is used by lower-level components for text display and fond handling and hasn't direct effect on web browsers, which may download web fonts used in web content.
Anteckning
Reboot is required after setting the policy; alternatively you can stop and restart the FontCache service.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 1 |
Allowed values:
Value | Description |
---|---|
0 | Not allowed. No traffic to fs.microsoft.com and only locally installed fonts are available. |
1 (Default) | Allowed. There may be network traffic to fs.microsoft.com and downloadable fonts are available to apps that support them. |
Group policy mapping:
Name | Value |
---|---|
Name | EnableFontProviders |
Friendly Name | Enable Font Providers |
Location | Computer Configuration |
Path | Network > Fonts |
Registry Key Name | Software\Policies\Microsoft\Windows\System |
Registry Value Name | EnableFontProviders |
ADMX File Name | GroupPolicy.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1507 [10.0.10240] and later |
./Device/Vendor/MSFT/Policy/Config/System/AllowLocation
Specifies whether to allow app access to the Location service. Most restricted value is 0. While the policy is set to 0 (Force Location Off) or 2 (Force Location On), any Location service call from an app would trigger the value set by this policy. When switching the policy back from 0 (Force Location Off) or 2 (Force Location On) to 1 (User Control), the app reverts to its original Location service setting. For example, an app's original Location setting is Off. The administrator then sets the AllowLocation policy to 2 (Force Location On. ) The Location service starts working for that app, overriding the original setting. Later, if the administrator switches the AllowLocation policy back to 1 (User Control), the app will revert to using its original setting of Off.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 1 |
Allowed values:
Value | Description |
---|---|
0 | Force Location Off. All Location Privacy settings are toggled off and grayed out. Users can't change the settings, and no apps are allowed access to the Location service, including Cortana and Search. |
1 (Default) | Location service is allowed. The user has control and can change Location Privacy settings on or off. |
2 | Force Location On. All Location Privacy settings are toggled on and grayed out. Users can't change the settings and all consent permissions will be automatically suppressed. |
Group policy mapping:
Name | Value |
---|---|
Name | DisableLocation_2 |
Friendly Name | Turn off location |
Location | Computer Configuration |
Path | Windows Components > Location and Sensors |
Registry Key Name | Software\Policies\Microsoft\Windows\LocationAndSensors |
Registry Value Name | DisableLocation |
ADMX File Name | Sensors.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1809 with KB4551853 [10.0.17763.1217] and later ✅ Windows 10, version 1903 with KB4556799 [10.0.18362.836] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/System/AllowMicrosoftManagedDesktopProcessing
This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows. This policy setting configures a Microsoft Entra joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>. For customers who enroll into the Microsoft Managed Desktop service, enabling this policy is required to allow Microsoft to process data for operational and analytic needs. See https://go.microsoft.com/fwlink/?linkid=2184944 for more information. hen these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments. This setting has no effect on devices unless they're properly enrolled in Microsoft Managed Desktop. If you disable this policy setting, devices may not appear in Microsoft Managed Desktop.
Anteckning
Starting with the January 2023 preview cumulative update, this policy is no longer supported to configure the processor option. For more information, see Enable Windows diagnostic data processor configuration.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | Disabled. |
32 | Allowed. |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1507 [10.0.10240] and later |
./Device/Vendor/MSFT/Policy/Config/System/AllowStorageCard
Controls whether the user is allowed to use the storage card for device storage. This setting prevents programmatic access to the storage card. Most restricted value is 0.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 1 |
Allowed values:
Value | Description |
---|---|
0 | SD card use isn't allowed and USB drives are disabled. This setting doesn't prevent programmatic access to the storage card. |
1 (Default) | Allow a storage card. |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ✅ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1507 [10.0.10240] and later |
./User/Vendor/MSFT/Policy/Config/System/AllowTelemetry
./Device/Vendor/MSFT/Policy/Config/System/AllowTelemetry
By configuring this policy setting you can adjust what diagnostic data is collected from Windows. This policy setting also restricts the user from increasing the amount of diagnostic data collection via the Settings app. The diagnostic data collected under this policy impacts the operating system and apps that are considered part of Windows and doesn't apply to any additional apps installed by your organization.
Diagnostic data off (not recommended). Using this value, no diagnostic data is sent from the device. This value is only supported on Enterprise, Education, and Server editions.
Send required diagnostic data. This is the minimum diagnostic data necessary to keep Windows secure, up to date, and performing as expected. Using this value disables the "Optional diagnostic data" control in the Settings app.
Send optional diagnostic data. Additional diagnostic data is collected that helps us to detect, diagnose and fix issues, as well as make product improvements. Required diagnostic data will always be included when you choose to send optional diagnostic data. Optional diagnostic data can also include diagnostic log files and crash dumps. Use the "Limit Dump Collection" and the "Limit Diagnostic Log Collection" policies for more granular control of what optional diagnostic data is sent.
If you disable or don't configure this policy setting, the device will send required diagnostic data and the end user can choose whether to send optional diagnostic data from the Settings app.
Anteckning
The "Configure diagnostic data opt-in settings user interface" group policy can be used to prevent end users from changing their data collection settings.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 1 |
Allowed values:
Value | Description |
---|---|
0 | Security. Information that's required to help keep Windows more secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender. Note: This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016. Using this setting on other devices is equivalent to setting the value of 1. |
1 (Default) | Basic. Basic device info, including: quality-related data, app compatibility, app usage data, and data from the Security level. |
3 | Full. All data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced levels. |
Group policy mapping:
Name | Value |
---|---|
Name | AllowTelemetry |
Friendly Name | Allow Diagnostic Data |
Location | Computer and User Configuration |
Path | WindowsComponents > Data Collection and Preview Builds |
Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
ADMX File Name | DataCollection.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1809 with KB4551853 [10.0.17763.1217] and later ✅ Windows 10, version 1903 with KB4556799 [10.0.18362.836] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/System/AllowUpdateComplianceProcessing
This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.
This policy setting, in combination with the Allow Telemetry and Configure the Commercial ID, enables organizations to configure the device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>.
To enable this behavior:
Enable this policy setting
Join a Microsoft Entra account to the device.
Set Allow Telemetry to value 1 - Required, or higher
Set the Configure the Commercial ID setting for your Update Compliance workspace.
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
If you disable or don't configure this policy setting, devices won't appear in Update Compliance.
Anteckning
Starting with the January 2023 preview cumulative update, this policy is no longer supported to configure the processor option. For more information, see Enable Windows diagnostic data processor configuration.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | Disabled. |
16 | Enabled. |
Group policy mapping:
Name | Value |
---|---|
Name | AllowUpdateComplianceProcessing |
Friendly Name | Allow Update Compliance Processing |
Location | Computer Configuration |
Path | WindowsComponents > Data Collection and Preview Builds |
Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
ADMX File Name | DataCollection.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1507 [10.0.10240] and later |
./Device/Vendor/MSFT/Policy/Config/System/AllowUserToResetPhone
Specifies whether to allow the user to factory reset the device by using control panel and hardware key combination. Most restricted value is 0. Tip, This policy is also applicable to Windows 10 and not exclusive to phone.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 1 |
Allowed values:
Value | Description |
---|---|
0 | Not allowed. |
1 (Default) | Allowed to reset to factory default settings. |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1809 with KB4551853 [10.0.17763.1217] and later ✅ Windows 10, version 1903 with KB4556799 [10.0.18362.836] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/System/AllowWUfBCloudProcessing
This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.
This policy setting configures a Microsoft Entra joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>.
To enable this behavior:
Enable this policy setting
Join a Microsoft Entra account to the device.
Set Allow Telemetry to value 1 - Required, or higher.
When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
If you disable or don't configure this policy setting, devices enrolled to the Windows Update for Business deployment service won't be able to take advantage of some deployment service features.
Anteckning
Starting with the January 2023 preview cumulative update, this policy is no longer supported to configure the processor option. For more information, see Enable Windows diagnostic data processor configuration.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | Disabled. |
8 | Enabled. |
Group policy mapping:
Name | Value |
---|---|
Name | AllowWUfBCloudProcessing |
Friendly Name | Allow WUfB Cloud Processing |
Location | Computer Configuration |
Path | WindowsComponents > Data Collection and Preview Builds |
Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
ADMX File Name | DataCollection.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1703 [10.0.15063] and later |
./Device/Vendor/MSFT/Policy/Config/System/BootStartDriverInitialization
This policy setting allows you to specify which boot-start drivers are initialized based on a classification determined by an Early Launch Antimalware boot-start driver. The Early Launch Antimalware boot-start driver can return the following classifications for each boot-start driver:
Good: The driver has been signed and hasn't been tampered with.
Bad: The driver has been identified as malware. It's recommended that you don't allow known bad drivers to be initialized.
Bad, but required for boot: The driver has been identified as malware, but the computer can't successfully boot without loading this driver.
Unknown: This driver hasn't been attested to by your malware detection application and hasn't been classified by the Early Launch Antimalware boot-start driver.
If you enable this policy setting you'll be able to choose which boot-start drivers to initialize the next time the computer is started.
If you disable or don't configure this policy setting, the boot start drivers determined to be Good, Unknown or Bad but Boot Critical are initialized and the initialization of drivers determined to be Bad is skipped.
If your malware detection application doesn't include an Early Launch Antimalware boot-start driver or if your Early Launch Antimalware boot-start driver has been disabled, this setting has no effect and all boot-start drivers are initialized.
Description framework properties:
Property name | Property value |
---|---|
Format | chr (string) |
Access Type | Add, Delete, Get, Replace |
Tips
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name | Value |
---|---|
Name | POL_DriverLoadPolicy_Name |
Friendly Name | Boot-Start Driver Initialization Policy |
Location | Computer Configuration |
Path | System > Early Launch Antimalware |
Registry Key Name | System\CurrentControlSet\Policies\EarlyLaunch |
Registry Value Name | DriverLoadPolicy |
ADMX File Name | EarlyLaunchAM.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1809 [10.0.17763] and later |
./Device/Vendor/MSFT/Policy/Config/System/ConfigureMicrosoft365UploadEndpoint
This policy sets the upload endpoint for this device's diagnostic data as part of the Desktop Analytics program.
If your organization is participating in the program and has been instructed to configure a custom upload endpoint, then use this setting to define that endpoint.
The value for this setting will be provided by Microsoft as part of the onboarding process for the program.
Description framework properties:
Property name | Property value |
---|---|
Format | chr (string) |
Access Type | Add, Delete, Get, Replace |
Group policy mapping:
Name | Value |
---|---|
Name | ConfigureMicrosoft365UploadEndpoint |
Friendly Name | Configure diagnostic data upload endpoint for Desktop Analytics |
Element Name | Desktop Analytics Custom Upload Endpoint. |
Location | Computer Configuration |
Path | WindowsComponents > Data Collection and Preview Builds |
Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
ADMX File Name | DataCollection.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1803 [10.0.17134] and later |
./Device/Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptInChangeNotification
This policy setting controls whether notifications are shown, following a change to diagnostic data opt-in settings, on first logon and when the changes occur in settings.
If you set this policy setting to "Disable diagnostic data change notifications", diagnostic data opt-in change notifications won't appear.
If you set this policy setting to "Enable diagnostic data change notifications" or don't configure this policy setting, diagnostic data opt-in change notifications appear at first logon and when the changes occur in Settings.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | Enable telemetry change notifications. |
1 | Disable telemetry change notifications. |
Group policy mapping:
Name | Value |
---|---|
Name | ConfigureTelemetryOptInChangeNotification |
Friendly Name | Configure diagnostic data opt-in change notifications |
Location | Computer Configuration |
Path | WindowsComponents > Data Collection and Preview Builds |
Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
ADMX File Name | DataCollection.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1803 [10.0.17134] and later |
./Device/Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptInSettingsUx
This policy setting determines whether an end user can change diagnostic data settings in the Settings app.
If you set this policy setting to "Disable diagnostic data opt-in settings", diagnostic data settings are disabled in the Settings app.
If you don't configure this policy setting, or you set it to "Enable diagnostic data opt-in settings", end users can change the device diagnostic settings in the Settings app.
Anteckning
To set a limit on the amount of diagnostic data that's sent to Microsoft by your organization, use the "Allow Diagnostic Data" policy setting.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | Enable Telemetry opt-in Settings. |
1 | Disable Telemetry opt-in Settings. |
Group policy mapping:
Name | Value |
---|---|
Name | ConfigureTelemetryOptInSettingsUx |
Friendly Name | Configure diagnostic data opt-in settings user interface |
Location | Computer Configuration |
Path | WindowsComponents > Data Collection and Preview Builds |
Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
ADMX File Name | DataCollection.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1809 [10.0.17763] and later |
./Device/Vendor/MSFT/Policy/Config/System/DisableDeviceDelete
This policy setting controls whether the Delete diagnostic data button is enabled in Diagnostic & feedback Settings page.
If you enable this policy setting, the Delete diagnostic data button will be disabled in Settings page, preventing the deletion of diagnostic data collected by Microsoft from the device.
If you disable or don't configure this policy setting, the Delete diagnostic data button will be enabled in Settings page, which allows people to erase all diagnostic data collected by Microsoft from that device.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | Not disabled. |
1 | Disabled. |
Group policy mapping:
Name | Value |
---|---|
Name | DisableDeviceDelete |
Friendly Name | Disable deleting diagnostic data |
Location | Computer Configuration |
Path | WindowsComponents > Data Collection and Preview Builds |
Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
ADMX File Name | DataCollection.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1809 [10.0.17763] and later |
./Device/Vendor/MSFT/Policy/Config/System/DisableDiagnosticDataViewer
This policy setting controls whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & feedback Settings page.
If you enable this policy setting, the Diagnostic Data Viewer won't be enabled in Settings page, and it will prevent the viewer from showing diagnostic data collected by Microsoft from the device.
If you disable or don't configure this policy setting, the Diagnostic Data Viewer will be enabled in Settings page.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | Not disabled. |
1 | Disabled. |
Group policy mapping:
Name | Value |
---|---|
Name | DisableDiagnosticDataViewer |
Friendly Name | Disable diagnostic data viewer |
Location | Computer Configuration |
Path | WindowsComponents > Data Collection and Preview Builds |
Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
ADMX File Name | DataCollection.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1903 [10.0.18362] and later |
./Device/Vendor/MSFT/Policy/Config/System/DisableDirectXDatabaseUpdate
This group policy allows control over whether the DirectX Database Updater task will be run on the system.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | Not disabled. |
1 | Disabled. |
Group policy mapping:
Name | Value |
---|---|
Name | DisableDirectXDatabaseUpdate |
Path | GroupPolicy > AT > Network > DirectXDatabase |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1709 [10.0.16299] and later |
./Device/Vendor/MSFT/Policy/Config/System/DisableEnterpriseAuthProxy
This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or don't configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
1 | Enable. |
0 (Default) | Disable. |
Group policy mapping:
Name | Value |
---|---|
Name | DisableEnterpriseAuthProxy |
Friendly Name | Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service |
Location | Computer Configuration |
Path | WindowsComponents > Data Collection and Preview Builds |
Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
ADMX File Name | DataCollection.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1703 [10.0.15063] and later |
./Device/Vendor/MSFT/Policy/Config/System/DisableOneDriveFileSync
This policy setting lets you prevent apps and features from working with files on OneDrive.
- If you enable this policy setting:
Users can't access OneDrive from the OneDrive app and file picker.
Packaged Microsoft Store apps can't access OneDrive using the WinRT API.
OneDrive doesn't appear in the navigation pane in File Explorer.
OneDrive files aren't kept in sync with the cloud.
Users can't automatically upload photos and videos from the camera roll folder.
- If you disable or don't configure this policy setting, apps and features can work with OneDrive file storage.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | Sync enabled. |
1 | Sync disabled. |
Group policy mapping:
Name | Value |
---|---|
Name | PreventOnedriveFileSync |
Friendly Name | Prevent the usage of OneDrive for file storage |
Location | Computer Configuration |
Path | Windows Components > OneDrive |
Registry Key Name | Software\Policies\Microsoft\Windows\OneDrive |
Registry Value Name | DisableFileSyncNGSC |
ADMX File Name | SkyDrive.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/System/DisableOneSettingsDownloads
This policy setting controls whether Windows attempts to connect with the OneSettings service.
If you enable this policy, Windows won't attempt to connect with the OneSettings Service.
If you disable or don't configure this policy setting, Windows will periodically attempt to connect with the OneSettings service to download configuration settings.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | Not disabled. |
1 | Disabled. |
Group policy mapping:
Name | Value |
---|---|
Name | DisableOneSettingsDownloads |
Friendly Name | Disable OneSettings Downloads |
Location | Computer Configuration |
Path | WindowsComponents > Data Collection and Preview Builds |
Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
ADMX File Name | DataCollection.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1703 [10.0.15063] and later |
./Device/Vendor/MSFT/Policy/Config/System/DisableSystemRestore
Allows you to disable System Restore.
This policy setting allows you to turn off System Restore.
System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. By default, System Restore is turned on for the boot volume.
If you enable this policy setting, System Restore is turned off, and the System Restore Wizard can't be accessed. The option to configure System Restore or create a restore point through System Protection is also disabled.
If you disable or don't configure this policy setting, users can perform System Restore and configure System Restore settings through System Protection.
Also, see the "Turn off System Restore configuration" policy setting. If the "Turn off System Restore" policy setting is disabled or not configured, the "Turn off System Restore configuration" policy setting is used to determine whether the option to configure System Restore is available.
Description framework properties:
Property name | Property value |
---|---|
Format | chr (string) |
Access Type | Add, Delete, Get, Replace |
Tips
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
Name | Value |
---|---|
Name | SR_DisableSR |
Friendly Name | Turn off System Restore |
Location | Computer Configuration |
Path | System > System Restore |
Registry Key Name | Software\Policies\Microsoft\Windows NT\SystemRestore |
Registry Value Name | DisableSR |
ADMX File Name | SystemRestore.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/System/EnableOneSettingsAuditing
This policy setting controls whether Windows records attempts to connect with the OneSettings service to the EventLog.
If you enable this policy, Windows will record attempts to connect with the OneSettings service to the Microsoft\Windows\Privacy-Auditing\Operational EventLog channel.
If you disable or don't configure this policy setting, Windows won't record attempts to connect with the OneSettings service to the EventLog.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | Disabled. |
1 | Enabled. |
Group policy mapping:
Name | Value |
---|---|
Name | EnableOneSettingsAuditing |
Friendly Name | Enable OneSettings Auditing |
Location | Computer Configuration |
Path | WindowsComponents > Data Collection and Preview Builds |
Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
ADMX File Name | DataCollection.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1709 [10.0.16299] and later |
./Device/Vendor/MSFT/Policy/Config/System/FeedbackHubAlwaysSaveDiagnosticsLocally
Diagnostic files created when a feedback is filed in the Feedback Hub app will always be saved locally. If this policy isn't present or set to false, users will be presented with the option to save locally. The default is to not save locally.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | False. The Feedback Hub won't always save a local copy of diagnostics that may be created when a feedback is submitted. The user will have the option to do so. |
1 | True. The Feedback Hub should always save a local copy of diagnostics that may be created when a feedback is submitted. |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 24H2 [10.0.26100] and later |
./Device/Vendor/MSFT/Policy/Config/System/HideUnsupportedHardwareNotifications
This policy controls messages which are shown when Windows is running on a device that doesn't meet the minimum system requirements for this OS version.
If you enable this policy setting, these messages will never appear on desktop or in the Settings app.
If you disable or don't configure this policy setting, these messages will appear on desktop and in the Settings app when Windows is running on a device that doesn't meet the minimum system requirements for this OS version.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | Disabled. |
1 | Enabled. |
Group policy mapping:
Name | Value |
---|---|
Name | HideUnsupportedHardwareNotifications |
Friendly Name | Hide messages when Windows system requirements are not met |
Location | Computer Configuration |
Path | System |
Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System |
Registry Value Name | HideUnsupportedHardwareNotifications |
ADMX File Name | ControlPanel.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/System/LimitDiagnosticLogCollection
This policy setting controls whether additional diagnostic logs are collected when more information is needed to troubleshoot a problem on the device. Diagnostic logs are only sent when the device has been configured to send optional diagnostic data.
By enabling this policy setting, diagnostic logs won't be collected.
If you disable or don't configure this policy setting, we may occasionally collect diagnostic logs if the device has been configured to send optional diagnostic data.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | Disabled. |
1 | Enabled. |
Group policy mapping:
Name | Value |
---|---|
Name | LimitDiagnosticLogCollection |
Friendly Name | Limit Diagnostic Log Collection |
Location | Computer Configuration |
Path | WindowsComponents > Data Collection and Preview Builds |
Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
ADMX File Name | DataCollection.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/System/LimitDumpCollection
This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. Dumps are only sent when the device has been configured to send optional diagnostic data.
By enabling this setting, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps.
If you disable or don't configure this policy setting, we may occasionally collect full or heap dumps if the user has opted to send optional diagnostic data.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | Disabled. |
1 | Enabled. |
Group policy mapping:
Name | Value |
---|---|
Name | LimitDumpCollection |
Friendly Name | Limit Dump Collection |
Location | Computer Configuration |
Path | WindowsComponents > Data Collection and Preview Builds |
Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
ADMX File Name | DataCollection.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1709 [10.0.16299] and later |
./Device/Vendor/MSFT/Policy/Config/System/LimitEnhancedDiagnosticDataWindowsAnalytics
This policy setting, in combination with the "Allow Diagnostic Data" policy setting, enables organizations to send the minimum data required by Desktop Analytics.
To enable the behavior described above, complete the following steps:
Enable this policy setting
Set the "Allow Diagnostic Data" policy to "Send optional diagnostic data".
Enable the "Limit Dump Collection" policy
Enable the "Limit Diagnostic Log Collection" policy.
When these policies are configured, Microsoft will collect only required diagnostic data and the events required by Desktop Analytics, which can be viewed at< https://go.microsoft.com/fwlink/?linkid=2116020>.
If you disable or don't configure this policy setting, diagnostic data collection is determined by the "Allow Diagnostic Data" policy setting or by the end user from the Settings app.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | Disabled. |
1 | Enabled. |
Group policy mapping:
Name | Value |
---|---|
Name | LimitEnhancedDiagnosticDataWindowsAnalytics |
Friendly Name | Limit optional diagnostic data for Desktop Analytics |
Location | Computer Configuration |
Path | WindowsComponents > Data Collection and Preview Builds |
Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
ADMX File Name | DataCollection.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1607 [10.0.14393] and later |
./Device/Vendor/MSFT/Policy/Config/System/TelemetryProxy
With this policy setting, you can forward Connected User Experience and Telemetry requests to a proxy server.
If you enable this policy setting, you can specify the FQDN or IP address of the destination device within your organization's network (and optionally a port number, if desired). The connection will be made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if you disable or don't configure this policy setting, Connected User Experience and Telemetry data will be sent to Microsoft using the default proxy configuration.
The format for this setting is <server>
:<port>
Description framework properties:
Property name | Property value |
---|---|
Format | chr (string) |
Access Type | Add, Delete, Get, Replace |
Group policy mapping:
Name | Value |
---|---|
Name | TelemetryProxy |
Friendly Name | Configure Connected User Experiences and Telemetry |
Element Name | Proxy Server Name. |
Location | Computer Configuration |
Path | WindowsComponents > Data Collection and Preview Builds |
Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
ADMX File Name | DataCollection.admx |
Scope | Editions | Applicable OS |
---|---|---|
✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1903 [10.0.18362] and later |
./Device/Vendor/MSFT/Policy/Config/System/TurnOffFileHistory
This policy setting allows you to turn off File History.
If you enable this policy setting, File History can't be activated to create regular, automatic backups.
If you disable or don't configure this policy setting, File History can be activated to create regular, automatic backups.
Description framework properties:
Property name | Property value |
---|---|
Format | int |
Access Type | Add, Delete, Get, Replace |
Default Value | 0 |
Allowed values:
Value | Description |
---|---|
0 (Default) | Allow file history. |
1 | Turn off file history. |
Group policy mapping:
Name | Value |
---|---|
Name | DisableFileHistory |
Friendly Name | Turn off File History |
Location | Computer Configuration |
Path | Windows Components > File History |
Registry Key Name | Software\Policies\Microsoft\Windows\FileHistory |
Registry Value Name | Disabled |
ADMX File Name | FileHistory.admx |