Windows 10 or Windows 11 GPO ADMX – An Update

Posted by

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

Hi community,

 

I am Helmut Wagensonner, a Cloud Solution Architect – Engineer at Microsoft. In a former blog (https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/windows-10-or-windows-11-gpo-admx-which-one-to-use-for-your/ba-p/3063322), where I did a comparison between Windows 10 and Windows 11 ADMX files, I promised in my comments to do a follow-up when both 22H2 ADMX versions are finalized.

 

A couple of weeks after the ADMX files for both versions were available for download, I did another comparison. I used the Windows 10 October 2022 ADMX files vs. Windows 11 September 2022 templates. Still, we have differences between the two versions. I did not compare the diffs from the old blog with the current ones, so I cannot tell if the number of distinctions has increased, but after a short peek it seems that not too much has changed. I did a file comparison of both versions and created an Excel table, which is partly reflected in the table further down below this article.

 

hewagen_0-1671804677570.png

 

Some settings shown in the table below are sub-settings or options. I added the parent setting name where it made sense, so that you can imagine where it belongs to. In a few cases only the name or the description of an existing setting has changed. For example: In the AppHvsi.adml the help text has been extended by two words.

 

hewagen_1-1671804742801.png

 

Small modifications or plain text modifications like those are not considered in the table below. Other than the first comparison I did not distinguish between user or computer settings anymore.

 

Display Name Name (en-us) Win 10 Win 11 ADMX
LetAppsAccessGraphicsCaptureProgrammatic_Name Let Windows apps take screenshots of various windows or displays   x AppPrivacy.admx
LetAppsAccessGraphicsCaptureWithoutBorder_Name Let Windows apps turn off the screenshot border   x AppPrivacy.admx
AllowAutomaticAppArchiving Archive infrequently used apps   x AppxPackageManager.admx
DisableBackgroundAutoUpdates Not allow sideloaded apps to auto-update in the background   x AppxPackageManager.admx
DisableMeteredNetworkBackgroundAutoUpdates Not allow sideloaded apps to auto-update in the background on a metered network   x AppxPackageManager.admx
DisableSpotlightCollectionOnDesktop Turn off Spotlight collection on Desktop   x CloudContent.admx
DisableConsumerAccountStateContent Turn off cloud consumer account state content   x CloudContent.admx
HideUnsupportedHardwareNotifications Hide messages when Windows system requirements are not met   x ControlPanel.admx
CPL_Personalization_AnimateLockScreenBackground Prevent lock screen background motion   x ControlPanelDisplay.admx
AllowTelemetry_2 Allow telemetry - 2 Enhanced x   DataCollection.admx
LimitDiagnosticLogCollection Limit Diagnostic Log Collection   x DataCollection.admx
LimitDumpCollection Limit Dump Collection   x DataCollection.admx
RestrictPeerSelectionBy_LinkLocal Restrict Peer Collection to Local Discovery   x DeliveryOptimization.admx
<COMPLETE ADMX File>     x DesktopAppInstaller.admx
KernalShadowStacksLaunch Virtualization Based Security: Kernel-mode Hardware-enforced Stack Protection   x DeviceGuard.amdx
DNS_Doh Configure DNS over HTTPS (DoH) name resolution   x DnsClient.admx
DNS_Ddr Configure Discovery of Designated Resolvers (DDR) protocol   x DnsClient.admx
DNS_Netbios Configure NetBIOS settings   x DnsClient.admx
L_TurnOnLiveSticker Turn on Live Sticker x   EAIME.admx
L_TurnOnLexiconUpdate Turn on lexicon update x   EAIME.admx
L_ConfigureKoreanImeVersion Configure Korean IME version   x EAIME.admx
DisableGraphRecentItems Turn off files from Office.com in Quick access view   x Explorer.admx
NtfsForceNonPagedPoolAllocation Enable NTFS non-paged pool usage   x FileSys.admx
NtfsParallelFlushThreshold NTFS parallel flush threshold   x FileSys.admx
NtfsParallelFlushWorkers NTFS parallel flush worker threads   x FileSys.admx
NtfsDefaultTier NTFS default tier   x FileSys.admx
RestrictLanguagePacksAndFeaturesInstall Restrict Language Pack and Language Feature Installation   x Globalization.admx
DisableIEAppDeprecationNotification Hide Internet Explorer 11 retirement notification x   Inetres.admx
JScriptReplacement Replace JScript by loading JScript9Legacy in place of JScript via MSHTML/WebOC.   x Inetres.admx
PKINITHashAlgorithmConfiguration Configure hash algorithms for certificate logon   x Kdc.admx
PKInitHashAlgorithmConfiguration Configure hash algorithms for certificate logon   x Kerberos.admx
Pol_EnableCompressedTraffic_Name Request traffic compression for all shares   x LanmanServer.admx
Pol_DisableCompression_Name Disable SMB compression   x LanmanServer.admx
Pol_EnableCompressedTraffic_Name Request traffic compression for all shares   x LanmanWorkstation.admx
Pol_DisableCompression_Name Disable SMB compression   x LanmanWorkstation.admx
<COMPLETE ADMX File>     x LocalSecurityAuthority.admx
MicrosoftAccount_RestrictToEnterpriseDeviceAuthenticationOnly Only allow device authentication for the Microsoft Account Sign-In Assistant   x MSAPolicy.admx
Netlogon_DnsSrvRecordUseLowerCaseHostNames Use lowercase DNS host names when registering domain controller SRV records   x Netlogon.admx
<COMPLETE ADMX File>     x NewsAndInterests.admx
MSPassport_EnableEnhancedSignInSecurity Enable ESS with Supported Peripherals   x Passport.admx
CopyFilesPolicy Manage processing of Queue-specific files   x Printing.admx
DriverValidationLevel Manage Print Driver signature validation   x Printing.admx
DriverExclusionList Manage Print Driver exclusion list   x Printing.admx
RpcListenerPolicy Configure RPC listener settings   x Printing.admx
RpcConnectionPolicy Configure RPC connection settings   x Printing.admx
RpcTcpPortPolicy Configure RPC over TCP port   x Printing.admx
AlwaysSendIppPageCounts Always send job page count information for IPP printers   x Printing.admx
<COMPLETE ADMX File>     x Sam.admx
DisableSearch_DisplayName Fully disable Search UI   x Serach.admx
ForceInstantWake_DisplayName Force Instant Wake   x Sensors.admx
ForceInstantLock_DisplayName Force Instant Lock   x Sensors.admx
ForceLockTimeout_DisplayName Lock Timeout   x Sensors.admx
ForceInstantDim_DisplayName Force Instant Dim   x Sensors.admx
DisableAccessibilitySettingSync Do not sync accessibility settings   x SettingSync.admx
LockedStartLayout_ReapplyEveryLogon Reapply layout at every logon   x StartMenu.admx
HideRecommendedSection Remove Recommended section from Start Menu   x StartMenu.admx
SimplifyQuickSettings_DisplayName Simplify Quick Settings Layout   x StartMenu.admx
DisableEditingQuickSettings_DisplayName Disable Editing Quick Settings   x StartMenu.admx
DisableControlCenter Remove Quick Settings   x StartMenu.admx
ConfigureChatIcon Configures the Chat icon on the taskbar   x Taskbar.admx
HideTaskViewButton Hide the TaskView button   x Taskbar.admx
TS_LICENSING_MODE_AAD_PER_USER Set the Remote Desktop licensing mode: AAD per User x   TerminalServer.admx
TS_LOCATION_REDIRECTION Do not allow location redirection   x TerminalServer.admx
TS_UIA Allow UI Automation redirection   x TerminalServer.admx
TS_CLIPRDR_CLOUD_CLIP_INTEGRATION Disable Cloud Clipboard integration for server-to-client data transfer   x TerminalServer.admx
<COMPLETE ADMX File>     x WebThreadDefense.admx
Features_DeviceControlEnabled Enable or Disable Defender Device Control on this machine.   x WindowsDefender.admx
DeviceControl_DefaultEnforcement Select Device Control Default Enforcement Policy   x WindowsDefender.admx
DeviceControl_DataDuplicationRemoteLocation Define Device Control evidence data remote location   x WindowsDefender.admx
SchedulerRandomizationTime Configure scheduled task times randomization window   x WindowsDefender.admx
SupportLogLocation Define the directory path to copy support log files   x WindowsDefender.admx
Root_PlatformUpdateChannel Select the channel for Microsoft Defender monthly platform updates   x WindowsDefender.admx
Root_EngineUpdateChannel Select the channel for Microsoft Defender monthly engine updates   x WindowsDefender.admx
Root_SecurityIntelligenceUpdateChannel Select the channel for Microsoft Defender daily security intelligence updates   x WindowsDefender.admx
Exclusions_IpAddresses Ip Address Exclusions   x WindowsDefender.admx
RealtimeProtection_DisableSriptScanning Turn on script scanning   x WindowsDefender.admx
Reporting_ServiceHealthReportInterval Configure time interval for service health reports   x WindowsDefender.admx
Scan_ThrottleForScheduledScanOnly CPU throttling type   x WindowsDefender.admx
Scan_DisablePackedExeScanning Scan packed executables x   WindowsDefender.admx
MeteredConnectionUpdates Allows Microsoft Defender Antivirus to update and communicate over a metered connection.   x WindowsDefender.admx
AllowNetworkProtectionOnWinServer Configure Network Protection into block or audit mode on Windows Server.   x WindowsDefender.admx
DisableDatagramProcessing This setting controls datagram processing for network protection.   x WindowsDefender.admx
MpEngine_DisableGradualRelease Disable gradual rollout of Microsoft Defender updates.   x WindowsDefender.admx
<COMPLETE ADMX File>     x WindowsSandbox.admx
<STRUCTURE/CATEGORY CHANGE ONLY>     x WindowsUpdate.admx
EnableMPRNotifications Enable MPR notifications for the system   x WinLogon.admx
WnsEndpoint Turn off notification mirroring: FQDN for WNS   x Wpn.admx
ExpandedToastNotifications Turn on multiple expanded toast notifications in action center x   Wpn.admx

 

For your convenience, I also uploaded this table in Excel format, where you can sort and filter columns.

 

Regarding the future design of the Windows Client ADMX files: I cannot tell if the GPO settings for Windows 10 and Windows 11 versions will ever be merged to one set. The product group is still working on this issue but since Windows 10 runs out of support on October 2025, it could happen, that we will have to deal with this until Win 10 EOL. However, this is just my opinion, not an official statement.

 

Please note: In this article I do not repeat the “How-To” from the first blog as this is only an update. If you don’t know what to do with your central store in a mixed environment, have a look at the blog mentioned at the beginning of this article. Generally, I suggest to go with Windows 11 ADMX now, since there are < 10 settings, which are only available in Window 10 definition files.

 

There will not be any further comparisons from my side because I already found other sources on the internet doing this. Also, keep in mind that ADMX files can be updated from time to time when new features are made available through periodic updates (https://support.microsoft.com/en-us/windows/delivering-continuous-innovation-in-windows-11-b0aa0a27-ea9a-4365-9224-cb155e517f12). This can happen asynchronously between the two Windows versions.

 

That said, let me clarify that I cannot guarantee the integrity of all the differences mentioned in this post but you can easily do this comparison on your own by downloading and extracting the two ADMX sets (see links below) and compare them using any file and folder comparison tool (i.e. Beyond Compare). 

 

Stay healthy and all the best...

 

 

Download Windows 10 22H2 ADMX files:

https://www.microsoft.com/en-us/download/details.aspx?id=104677

 

Download Windows 11 22H2 ADMX files:

https://www.microsoft.com/en-us/download/details.aspx?id=104593

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.