What’s new in admx templates for Windows 10 Version 1511

Leave a reply

Today Microsoft released new Administrative Templates for Windows 10 Version 201511 which can be found here.

New admx files:

AppPrivacy.admx
CloudContent.admx
FeedbackNotifications.admx
WindowsStore.admx
WinMaps.admx

Updated admx files:

AVSValidationGP.admx
Biometrics.admx
ControlPanelDisplay.admx
CredentialProviders.admx
DeviceGuard.admx
ErrorReporting.admx
Explorer.admx
LanmanServer.admx
LanmanWorkstation.admx
MicrosoftEdge.admx
Passport.admx
SearchOCR.admx
SettingSync.admx
StartMenu.admx
TerminalServer.admx
VolumeEncryption.admx
W32Time.admx
Windows.admx
WindowsUpdate.admx
wlansvc.admx

A selection of interesting updates:

Admx: VolumeEncryption
Path: Computer Configuration\Policies\Administrative Templates\Windows Components\Bitlocker Drive Encryption\
Setting: Choose drive encryption method and cipher strength (Windows 10 [Version1511] and later

policy_BL

More info about BitLocker and XTS-AES here and here.

Admx: Passport
Path: Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Passport for Work\Remote Passport\
Setting: Use Remote Passport

remotepassport

More info about Microsoft Passport here.

Admx: DeviceGuard
Path: Computer Configuration\Policies\Administrative Templates\System\Device Guard\
Setting: Turn On Virtualization Based Security

uefi_lock

The new options:
The “Enabled with UEFI lock” option ensures that Credential Guard cannot be disabled remotely. In order to disable the feature, you must set the Group Policy to “Disabled” as well as remove the security functionality from each computer, with a physically present user, in order to clear configuration persisted in UEFI.

The “Enabled without lock” option allows Credential Guard to be disabled remotely by using Group Policy. The devices that use this setting must be running at least Windows 10 (Version 1511).

More info about Credential Guard here.

Admx: Biometrics
Path: Computer Configuration\Policies\Administrative Templates\Windows Components\Biometrics\Facial Features\
Setting: Use enhanced anti-spoofing when available

facial

Well that’s it for today. Enjoy the new Policys.

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.