Windows 11 22H2 gets a slew of new group policy changes

Released formally past 7 days, Home windows 11 22H2 gives a quantity of new options and possibilities, even though a lot of are not still offered — Microsoft will be “dribbling” out improvements all over the coming year. The a lot-touted Windows File Explorer tabs, for example, has not yet rolled out, but the things produced do include Improved Phishing Protection, which is accessible to individuals as very well as enterprises. (To just take edge of the new reporting and alerts, you do need to have a license to the Microsoft 365 protection portal, which is provided in a Microsoft 365 E5 license, or a Microsoft 365 business top quality license. The latter is a unique license for providers with fewer than 300 seats.)

Microsoft is currently being a little bit cagey about its designs for pushing out the incremental improvements in the months forward, nevertheless it has explained they will not be enabled by default on a organization or area-joined computer system. It is also unclear regardless of whether these incremental tweaks can be controlled via registry keys on Home windows 11 Home versions.

As Computerworld’s Preston Gralla discussed in his Windows 11 22H2 assessment: “Microsoft claims that from now on, Windows will get feature updates like 22H2 the moment a yr, but that in in between, specific new features may perhaps be produced as usually as as soon as a month. That will transpire in October, when Microsoft will release an update that delivers tabs to File Explorer. The update will be optional and sent through a phased rollout, and will then be provided in the normal every month stability update release in November.”

In addition to tabs in File Explorer, suggested steps — where by Windows 11 recommends steps to just take in selected apps — are also anticipated in October. And whilst Microsoft has sent signals indicating organizations will be able to regulate these new enhancements, it hasn’t documented precisely how.

One particular would imagine there’d be some form of team plan setting to management these releases, but so significantly, the team plan templates relevant to the newest modifications offer you no clues.

With that history, right here are the team plan changes we do see that are new in Home windows 11 22H2. Quite a few are self-explanatory, other individuals showcase some of the running system’s new options. They’re stated in this article in alphabetical order, alongside with quick explanations of what they do:

controlpanel.admx    
Hide messages when Home windows technique prerequisites are not fulfilled.

(Clearly, numerous of us are applying this registry entry to go all around the hardware mandates in Windows 11. This new environment will allow administrators to disguise the notification that your hardware won’t operate Home windows 11.)

desktop.admx  
Disguise and disable all things on the desktop.

This removes icons, shortcuts, and other default and consumer-described items from the desktop. Though this coverage is not new, it does supply new alternatives.

desktopappinstaller.admx 
Allow App Installer.
Enable App Installer Options.
Permit App Installer Experimental Characteristics.
Empower App Installer Area Manifest Files.
Allow App Installer Hash Override.
Empower App Installer Default Supply.
Enable Application Installer Microsoft Retail outlet Resource.
Set Application Installer Source Vehicle Update Interval In Minutes.
Allow App Installer Additional Resources.
Empower App Installer Authorized Resources.
Help App Installer ms-appinstaller protocol.

These options management no matter whether customers can run the Home windows Offer Supervisor.

dnsclient.admx 
Configure Discovery of Designated Resolvers (DDR) protocol
Configure NetBIOS options.

This coverage specifies whether the DNS consumer would use the DDR protocol.  The Discovery of Designated Resolvers (DDR) protocol permits Windows to shift from unencrypted DNS to encrypted DNS when only the IP address of a resolver is acknowledged. 

explorer.admx  
Change off data files from Office.com in Fast accessibility perspective.

This also will protect against File Explorer from requesting recent cloud file metadata and displaying it in the Swift entry perspective.

inetres.admx    
Turn off Adobe Flash in Internet Explorer and reduce apps from utilizing World-wide-web Explorer technological innovation to instantiate Flash objects
Turn off Adobe Flash in Internet Explorer and reduce apps from working with World-wide-web Explorer technological innovation to instantiate Flash objects
Help world window listing in World wide web Explorer manner
Empower world wide window checklist in World wide web Explorer mode
Reset zoom to default for HTML dialogs in World wide web Explorer mode
Reset zoom to default for HTML dialogs in Online Explorer mode
Disable HTML Application
Disable HTML Application

This enables various browser options.

kdc.admx 
Configure hash algorithms for certification logon.

This location controls hash or checksum algorithms employed by the Kerberos customer when undertaking certificate authentication.

kerberos.admx 
Configure hash algorithms for certificate logon.
Permit retrieving the Azure Advertisement Kerberos Ticket Granting Ticket all through logon.

These insurance policies command many Kerberos configurations.

lanmanserver.admx  
Ask for visitors compression for all shares.
Disable SMB compression.

This controls different SMB compression options.

lanmanworkstation.admx
Use SMB compression by default.
Disable SMB compression.

This, much too, controls many SMB compression settings.

localsecurityauthority.admx      
Let Custom SSPs and APs to be loaded into LSASS.
Configures LSASS to run as a secured method.

This is employed to control new settings concerning LSASS security (Community safety insider secrets).

microsoftedge.admx 
Suppress the screen of Edge Deprecation Notification.
Suppress the screen of Edge Deprecation Notification.

This is applied to regulate Edge notifications.

msapolicy.admx
Only make it possible for system authentication for the Microsoft Account Signal-In Assistant.

This limits authentication procedures.

passport.admx 
Enable ESS with Supported Peripherals.

This Improved Sign-in Protection isolates Windows Good day biometric (experience and fingerprint) template facts and matching operations to trustworthy hardware or specified memory areas.

printing.admx   
Limitations print driver set up to Administrators.
Deal with processing of Queue-precise data files.
Handle Print Driver signature validation.
Handle Print Driver exclusion checklist.
Configure RPC listener configurations.
Configure RPC link options.
Configure RPC more than TCP port.
Often send out work page count data for IPP printers.
Configure Redirection Guard.

This will allow configurations for new printer protections.

research.admx
Absolutely disable Look for UI.
Enable look for highlights.

This will allow configurations for research.

sensors.admx   
Force Instantaneous Dim.

This enables admins to tweak dim options.

settingsync.admx      
Do not sync accessibility configurations.

This boundaries sync of these options.

startmenu.admx       
Take away Run menu from Begin Menu.
Stop improvements to Taskbar and Start off Menu Configurations.
Clear away access to the context menus for the taskbar.
Avert buyers from uninstalling apps from Start off.
Remove Encouraged part from Commence Menu.
Remove Encouraged segment from Start Menu.
Simplify Rapid Configurations Format.
Disable Enhancing Swift Settings.
Remove Rapid Options.

This will allow additional adjustments for Start off menus.

taskbar.admx   
Clear away pinned systems from the Taskbar.
Disguise the TaskView button.
Conceal the TaskView button.

This enables more adjustments for the Taskbar.

terminalserver.admx
Do not let WebAuthn redirection.
Disable Cloud Clipboard integration for server-to-customer data transfer.

This presents changes for terminal server settings.

webthreatdefense.admx
Provider Enabled.
Notify Destructive.
Notify Password Reuse.
Notify Unsafe Application.
Unit Command.
Pick Unit Manage Default Enforcement Plan.
Outline Machine Management proof knowledge distant locale.
Manage regardless of whether or not exclusions are noticeable to Neighborhood Admins.
Pick out the channel for Microsoft Defender regular system updates.
Pick the channel for Microsoft Defender monthly engine updates.
Choose the channel for Microsoft Defender day-to-day protection intelligence updates.
Configure time interval for services health stories.
CPU throttling kind.
Disable gradual rollout of Microsoft Defender updates.

These are new changes for Improved Phishing Defense.

winlogon.admx
Permit MPR notifications for the system.

This plan controls the configuration beneath which winlogon sends MPR notifications in the procedure.

It remains unclear just how we will be able to manage these new options and whether Home windows 11 2022 Household people will be ready to management these new incremental improvements. Keep tuned. Home windows 11 is obviously continue to a work in development.

Copyright © 2022 IDG Communications, Inc.