Windows 11 22H2 gets a slew of new group policy changes

Introduced formally previous 7 days, Home windows 11 22H2 offers a range of new features and options, however lots of are not but offered — Microsoft will be “dribbling” out improvements throughout the coming 12 months. The significantly-touted Windows File Explorer tabs, for case in point, has not yet rolled out, but the merchandise produced do involve Improved Phishing Protection, which is out there to buyers as perfectly as enterprises. (To consider advantage of the new reporting and alerts, you do have to have a license to the Microsoft 365 security portal, which is integrated in a Microsoft 365 E5 license, or a Microsoft 365 business enterprise high quality license. The latter is a specific license for providers with fewer than 300 seats.)

Microsoft is currently being a little bit cagey about its plans for pushing out the incremental alterations in the months in advance, however it has stated they will not be enabled by default on a business or domain-joined personal computer. It’s also unclear whether these incremental tweaks can be managed as a result of registry keys on Home windows 11 House versions.

As Computerworld’s Preston Gralla defined in his Windows 11 22H2 critique: “Microsoft states that from now on, Windows will get attribute updates like 22H2 when a year, but that in in between, person new capabilities may be launched as often as at the time a thirty day period. That will transpire in Oct, when Microsoft will launch an update that provides tabs to File Explorer. The update will be optional and sent through a phased rollout, and will then be included in the typical month to month security update release in November.”

In addition to tabs in File Explorer, advised steps — wherever Windows 11 recommends steps to take in certain applications — are also anticipated in Oct. And when Microsoft has sent alerts indicating enterprises will be able to handle these new enhancements, it has not documented precisely how.

A single would assume there’d be some form of group plan placing to manage these releases, but so considerably, the team plan templates connected to the latest alterations provide no clues.

With that history, in this article are the team policy changes we do see that are new in Home windows 11 22H2. Many are self-explanatory, other people showcase some of the working system’s new alternatives. They’re stated in this article in alphabetical order, along with short explanations of what they do:

Conceal messages when Home windows method requirements are not met.

(Plainly, a lot of of us are working with this registry entry to go all over the components mandates in Home windows 11. This new setting will allow administrators to hide the notification that your hardware will not run Home windows 11.)

Conceal and disable all merchandise on the desktop.

This eliminates icons, shortcuts, and other default and user-defined items from the desktop. Although this policy is not new, it does offer new options.

Permit Application Installer.
Permit Application Installer Options.
Allow Application Installer Experimental Capabilities.
Empower App Installer Area Manifest Data files.
Help Application Installer Hash Override.
Help Application Installer Default Resource.
Allow App Installer Microsoft Retail store Resource.
Set Application Installer Resource Car Update Interval In Minutes.
Empower App Installer Extra Resources.
Allow App Installer Allowed Resources.
Allow App Installer ms-appinstaller protocol.

These options manage no matter whether customers can operate the Windows Package Manager.

Configure Discovery of Selected Resolvers (DDR) protocol
Configure NetBIOS configurations.

This coverage specifies irrespective of whether the DNS consumer would use the DDR protocol.  The Discovery of Selected Resolvers (DDR) protocol will allow Home windows to go from unencrypted DNS to encrypted DNS when only the IP deal with of a resolver is recognised. 

Switch off information from in Brief obtain see.

This also will stop File Explorer from requesting current cloud file metadata and displaying it in the Rapid entry check out.

Flip off Adobe Flash in World wide web Explorer and stop apps from using Internet Explorer technologies to instantiate Flash objects
Convert off Adobe Flash in World-wide-web Explorer and avoid applications from applying Web Explorer technological know-how to instantiate Flash objects
Permit worldwide window record in World-wide-web Explorer mode
Allow global window list in World wide web Explorer manner
Reset zoom to default for HTML dialogs in Internet Explorer method
Reset zoom to default for HTML dialogs in Online Explorer manner
Disable HTML Software
Disable HTML Application

This allows various browser configurations.

Configure hash algorithms for certification logon.

This placing controls hash or checksum algorithms applied by the Kerberos customer when accomplishing certification authentication.

Configure hash algorithms for certificate logon.
Let retrieving the Azure Advert Kerberos Ticket Granting Ticket throughout logon.

These policies management many Kerberos settings.

Ask for site visitors compression for all shares.
Disable SMB compression.

This controls numerous SMB compression settings.

Use SMB compression by default.
Disable SMB compression.

This, too, controls many SMB compression options.

Make it possible for Personalized SSPs and APs to be loaded into LSASS.
Configures LSASS to run as a shielded method.

This is made use of to command new settings with regards to LSASS protection (Area security secrets).

Suppress the display screen of Edge Deprecation Notification.
Suppress the exhibit of Edge Deprecation Notification.

This is utilised to manage Edge notifications.

Only let gadget authentication for the Microsoft Account Sign-In Assistant.

This limitations authentication procedures.

Help ESS with Supported Peripherals.

This Enhanced Indication-in Stability isolates Home windows Hi there biometric (facial area and fingerprint) template knowledge and matching functions to dependable hardware or specified memory regions.

Restrictions print driver set up to Directors.
Control processing of Queue-unique files.
Take care of Print Driver signature validation.
Take care of Print Driver exclusion checklist.
Configure RPC listener settings.
Configure RPC link settings.
Configure RPC more than TCP port.
Constantly send task webpage rely data for IPP printers.
Configure Redirection Guard.

This enables options for new printer protections.

look for.admx
Thoroughly disable Research UI.
Allow lookup highlights.

This enables settings for lookup.

Drive Prompt Dim.

This will allow admins to tweak dim options.

Do not sync accessibility configurations.

This boundaries sync of these options.

Eliminate Operate menu from Commence Menu.
Prevent variations to Taskbar and Start Menu Settings.
Clear away accessibility to the context menus for the taskbar.
Prevent buyers from uninstalling purposes from Start off.
Take away Recommended area from Start Menu.
Remove Recommended portion from Commence Menu.
Simplify Quick Settings Structure.
Disable Editing Speedy Settings.
Get rid of Swift Configurations.

This makes it possible for supplemental changes for Start off menus.

Eliminate pinned packages from the Taskbar.
Disguise the TaskView button.
Disguise the TaskView button.

This makes it possible for more adjustments for the Taskbar.

Do not permit WebAuthn redirection.
Disable Cloud Clipboard integration for server-to-consumer knowledge transfer.

This offers changes for terminal server settings.

Services Enabled.
Notify Destructive.
Notify Password Reuse.
Notify Unsafe Application.
Unit Command.
Select Device Manage Default Enforcement Coverage.
Define Unit Command proof facts distant area.
Handle regardless of whether or not exclusions are visible to Regional Admins.
Decide on the channel for Microsoft Defender regular monthly platform updates.
Find the channel for Microsoft Defender every month motor updates.
Select the channel for Microsoft Defender every day security intelligence updates.
Configure time interval for company overall health studies.
CPU throttling type.
Disable gradual rollout of Microsoft Defender updates.

These are new adjustments for Enhanced Phishing Defense.

Allow MPR notifications for the system.

This plan controls the configuration less than which winlogon sends MPR notifications in the system.

It remains unclear accurately how we will be ready to handle these new characteristics and whether or not Windows 11 2022 House consumers will be equipped to manage these new incremental variations. Remain tuned. Home windows 11 is evidently still a work in development.

Copyright © 2022 IDG Communications, Inc.

About the Author: AKDSEO

You May Also Like