Windows 10 or Windows 11 22H2 GPO ADMX - An Update


  • Staff
Hi community,

I am Helmut Wagensonner, a Cloud Solution Architect – Engineer at Microsoft. In a former blog (https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/windows-10-or-windows-11-gpo...), where I did a comparison between Windows 10 and Windows 11 ADMX files, I promised in my comments to do a follow-up when both 22H2 ADMX versions are finalized.

A couple of weeks after the ADMX files for both versions were available for download, I did another comparison. I used the Windows 10 October 2022 ADMX files vs. Windows 11 September 2022 templates. Still, we have differences between the two versions. I did not compare the diffs from the old blog with the current ones, so I cannot tell if the number of distinctions has increased, but after a short peek it seems that not too much has changed. I did a file comparison of both versions and created an Excel table, which is partly reflected in the table further down below this article.

large


Some settings shown in the table below are sub-settings or options. I added the parent setting name where it made sense, so that you can imagine where it belongs to. In a few cases only the name or the description of an existing setting has changed. For example: In the AppHvsi.adml the help text has been extended by two words.

large


Small modifications or plain text modifications like those are not considered in the table below. Other than the first comparison I did not distinguish between user or computer settings anymore.

Display NameName (en-us)Win 10Win 11ADMX
LetAppsAccessGraphicsCaptureProgrammatic_NameLet Windows apps take screenshots of various windows or displaysxAppPrivacy.admx
LetAppsAccessGraphicsCaptureWithoutBorder_NameLet Windows apps turn off the screenshot borderxAppPrivacy.admx
AllowAutomaticAppArchivingArchive infrequently used appsxAppxPackageManager.admx
DisableBackgroundAutoUpdatesNot allow sideloaded apps to auto-update in the backgroundxAppxPackageManager.admx
DisableMeteredNetworkBackgroundAutoUpdatesNot allow sideloaded apps to auto-update in the background on a metered networkxAppxPackageManager.admx
DisableSpotlightCollectionOnDesktopTurn off Spotlight collection on DesktopxCloudContent.admx
DisableConsumerAccountStateContentTurn off cloud consumer account state contentxCloudContent.admx
HideUnsupportedHardwareNotificationsHide messages when Windows system requirements are not metxControlPanel.admx
CPL_Personalization_AnimateLockScreenBackgroundPrevent lock screen background motionxControlPanelDisplay.admx
AllowTelemetry_2Allow telemetry - 2 EnhancedxDataCollection.admx
LimitDiagnosticLogCollectionLimit Diagnostic Log CollectionxDataCollection.admx
LimitDumpCollectionLimit Dump CollectionxDataCollection.admx
RestrictPeerSelectionBy_LinkLocalRestrict Peer Collection to Local DiscoveryxDeliveryOptimization.admx
<COMPLETE ADMX File>xDesktopAppInstaller.admx
KernalShadowStacksLaunchVirtualization Based Security: Kernel-mode Hardware-enforced Stack ProtectionxDeviceGuard.amdx
DNS_DohConfigure DNS over HTTPS (DoH) name resolutionxDnsClient.admx
DNS_DdrConfigure Discovery of Designated Resolvers (DDR) protocolxDnsClient.admx
DNS_NetbiosConfigure NetBIOS settingsxDnsClient.admx
L_TurnOnLiveStickerTurn on Live StickerxEAIME.admx
L_TurnOnLexiconUpdateTurn on lexicon updatexEAIME.admx
L_ConfigureKoreanImeVersionConfigure Korean IME versionxEAIME.admx
DisableGraphRecentItemsTurn off files from Office.com in Quick access viewxExplorer.admx
NtfsForceNonPagedPoolAllocationEnable NTFS non-paged pool usagexFileSys.admx
NtfsParallelFlushThresholdNTFS parallel flush thresholdxFileSys.admx
NtfsParallelFlushWorkersNTFS parallel flush worker threadsxFileSys.admx
NtfsDefaultTierNTFS default tierxFileSys.admx
RestrictLanguagePacksAndFeaturesInstallRestrict Language Pack and Language Feature InstallationxGlobalization.admx
DisableIEAppDeprecationNotificationHide Internet Explorer 11 retirement notificationxInetres.admx
JScriptReplacementReplace JScript by loading JScript9Legacy in place of JScript via MSHTML/WebOC.xInetres.admx
PKINITHashAlgorithmConfigurationConfigure hash algorithms for certificate logonxKdc.admx
PKInitHashAlgorithmConfigurationConfigure hash algorithms for certificate logonxKerberos.admx
Pol_EnableCompressedTraffic_NameRequest traffic compression for all sharesxLanmanServer.admx
Pol_DisableCompression_NameDisable SMB compressionxLanmanServer.admx
Pol_EnableCompressedTraffic_NameRequest traffic compression for all sharesxLanmanWorkstation.admx
Pol_DisableCompression_NameDisable SMB compressionxLanmanWorkstation.admx
<COMPLETE ADMX File>xLocalSecurityAuthority.admx
MicrosoftAccount_RestrictToEnterpriseDeviceAuthenticationOnlyOnly allow device authentication for the Microsoft Account Sign-In AssistantxMSAPolicy.admx
Netlogon_DnsSrvRecordUseLowerCaseHostNamesUse lowercase DNS host names when registering domain controller SRV recordsxNetlogon.admx
<COMPLETE ADMX File>xNewsAndInterests.admx
MSPassport_EnableEnhancedSignInSecurityEnable ESS with Supported PeripheralsxPassport.admx
CopyFilesPolicyManage processing of Queue-specific filesxPrinting.admx
DriverValidationLevelManage Print Driver signature validationxPrinting.admx
DriverExclusionListManage Print Driver exclusion listxPrinting.admx
RpcListenerPolicyConfigure RPC listener settingsxPrinting.admx
RpcConnectionPolicyConfigure RPC connection settingsxPrinting.admx
RpcTcpPortPolicyConfigure RPC over TCP portxPrinting.admx
AlwaysSendIppPageCountsAlways send job page count information for IPP printersxPrinting.admx
<COMPLETE ADMX File>xSam.admx
DisableSearch_DisplayNameFully disable Search UIxSerach.admx
ForceInstantWake_DisplayNameForce Instant WakexSensors.admx
ForceInstantLock_DisplayNameForce Instant LockxSensors.admx
ForceLockTimeout_DisplayNameLock TimeoutxSensors.admx
ForceInstantDim_DisplayNameForce Instant DimxSensors.admx
DisableAccessibilitySettingSyncDo not sync accessibility settingsxSettingSync.admx
LockedStartLayout_ReapplyEveryLogonReapply layout at every logonxStartMenu.admx
HideRecommendedSectionRemove Recommended section from Start MenuxStartMenu.admx
SimplifyQuickSettings_DisplayNameSimplify Quick Settings LayoutxStartMenu.admx
DisableEditingQuickSettings_DisplayNameDisable Editing Quick SettingsxStartMenu.admx
DisableControlCenterRemove Quick SettingsxStartMenu.admx
ConfigureChatIconConfigures the Chat icon on the taskbarxTaskbar.admx
HideTaskViewButtonHide the TaskView buttonxTaskbar.admx
TS_LICENSING_MODE_AAD_PER_USERSet the Remote Desktop licensing mode: AAD per UserxTerminalServer.admx
TS_LOCATION_REDIRECTIONDo not allow location redirectionxTerminalServer.admx
TS_UIAAllow UI Automation redirectionxTerminalServer.admx
TS_CLIPRDR_CLOUD_CLIP_INTEGRATIONDisable Cloud Clipboard integration for server-to-client data transferxTerminalServer.admx
<COMPLETE ADMX File>xWebThreadDefense.admx
Features_DeviceControlEnabledEnable or Disable Defender Device Control on this machine.xWindowsDefender.admx
DeviceControl_DefaultEnforcementSelect Device Control Default Enforcement PolicyxWindowsDefender.admx
DeviceControl_DataDuplicationRemoteLocationDefine Device Control evidence data remote locationxWindowsDefender.admx
SchedulerRandomizationTimeConfigure scheduled task times randomization windowxWindowsDefender.admx
SupportLogLocationDefine the directory path to copy support log filesxWindowsDefender.admx
Root_PlatformUpdateChannelSelect the channel for Microsoft Defender monthly platform updatesxWindowsDefender.admx
Root_EngineUpdateChannelSelect the channel for Microsoft Defender monthly engine updatesxWindowsDefender.admx
Root_SecurityIntelligenceUpdateChannelSelect the channel for Microsoft Defender daily security intelligence updatesxWindowsDefender.admx
Exclusions_IpAddressesIp Address ExclusionsxWindowsDefender.admx
RealtimeProtection_DisableSriptScanningTurn on script scanningxWindowsDefender.admx
Reporting_ServiceHealthReportIntervalConfigure time interval for service health reportsxWindowsDefender.admx
Scan_ThrottleForScheduledScanOnlyCPU throttling typexWindowsDefender.admx
Scan_DisablePackedExeScanningScan packed executablesxWindowsDefender.admx
MeteredConnectionUpdatesAllows Microsoft Defender Antivirus to update and communicate over a metered connection.xWindowsDefender.admx
AllowNetworkProtectionOnWinServerConfigure Network Protection into block or audit mode on Windows Server.xWindowsDefender.admx
DisableDatagramProcessingThis setting controls datagram processing for network protection.xWindowsDefender.admx
MpEngine_DisableGradualReleaseDisable gradual rollout of Microsoft Defender updates.xWindowsDefender.admx
<COMPLETE ADMX File>xWindowsSandbox.admx
<STRUCTURE/CATEGORY CHANGE ONLY>xWindowsUpdate.admx
EnableMPRNotificationsEnable MPR notifications for the systemxWinLogon.admx
WnsEndpointTurn off notification mirroring: FQDN for WNSxWpn.admx
ExpandedToastNotificationsTurn on multiple expanded toast notifications in action centerxWpn.admx

For your convenience, I also uploaded this table in Excel format, where you can sort and filter columns.

Regarding the future design of the Windows Client ADMX files: I cannot tell if the GPO settings for Windows 10 and Windows 11 versions will ever be merged to one set. The product group is still working on this issue but since Windows 10 runs out of support on October 2025, it could happen, that we will have to deal with this until Win 10 EOL. However, this is just my opinion, not an official statement.

Please note: In this article I do not repeat the “How-To” from the first blog as this is only an update. If you don’t know what to do with your central store in a mixed environment, have a look at the blog mentioned at the beginning of this article. Generally, I suggest to go with Windows 11 ADMX now, since there are < 10 settings, which are only available in Window 10 definition files.

There will not be any further comparisons from my side because I already found other sources on the internet doing this. Also, keep in mind that ADMX files can be updated from time to time when new features are made available through periodic updates (https://support.microsoft.com/en-us/windows/delivering-continuous-innovation-in-windows-11-b0aa0a27-...). This can happen asynchronously between the two Windows versions.

That said, let me clarify that I cannot guarantee the integrity of all the differences mentioned in this post but you can easily do this comparison on your own by downloading and extracting the two ADMX sets (see links below) and compare them using any file and folder comparison tool (i.e. Beyond Compare).

Stay healthy and all the best...

Download Windows 10 22H2 ADMX files:
Download Administrative Templates (.admx) for Windows 10 2022 Update (22H2) from Official Microsoft Download Center

Download Windows 11 22H2 ADMX files:
Download Administrative Templates (.admx) for Windows 11 2022 Update (22H2) from Official Microsoft Download Center

Source:
 

Attachments

  • MMC.png
    MMC.png
    7.8 KB · Views: 0
Last edited:
  • Like
Reactions: OAT

Latest Support Threads

Back
Top Bottom