download and install ADMX templates

download and install ADMX templates

I. Presentation

In this tutorial, we will see how to download and integrate the Windows 11 22H2 ADMX administrative templates in order to benefit from the new GPO settings on your Active Directory environment. Windows 11 22H2 is officially available since Tuesday, September 20, 2022, which is an opportunity for Microsoft to offer additional settings for system administrators.

II. Windows 11 22H2: what are the new GPO settings?

If we refer to the Excel file which lists all the GPO parameters and apply a filter to display only the parameters introduced with the “22H2” version, we obtain a list of 79 parameters. This file is available on the Microsoft site, by clicking on the link below.

GPO Windows 11 22H2 - Guide Excel

In this file, within the “Administrative Templates“, you must apply a filter on the column “New in Windows 11“for the purpose of choosing only the value”22H2“. This way, only the new settings associated with Windows 11 22H2 are listed.

Windows 11 22H2 - New GPO settings

Here is the list of parameters included:

Hide messages when Windows system requirements are not met
Hide and disable all items on the desktop
Enable App Installer
Enable App Installer Settings
Enable App Installer Experimental Features
Enable App Installer Local Manifest Files
Enable App Installer Hash Override
Enable App Installer Default Source
Enable App Installer Microsoft Store Source
Set App Installer Source Auto Update Interval In Minutes
Enable App Installer Additional Sources
Enable App Installer Allowed Sources
Enable App Installer ms-appinstaller protocol
Configure Discovery of Designated Resolvers (DDR) protocol
Configure NetBIOS settings
Turn off files from Office.com in Quick access view
Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects
Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects
Enable global window list in Internet Explorer mode
Enable global window list in Internet Explorer mode
Reset zoom to default for HTML dialogs in Internet Explorer mode
Reset zoom to default for HTML dialogs in Internet Explorer mode
Disable HTML Application
Disable HTML Application
Configure hash algorithms for certificate logon
Configure hash algorithms for certificate logon
Allow retrieving the Azure AD Kerberos Ticket Granting Ticket during logon
Request traffic compression for all shares
Disable SMB compression
Use SMB compression by default
Disable SMB compression
Allow Custom SSPs and APs to be loaded into LSASS
Configures LSASS to run as a protected process
Suppress the display of Edge Deprecation Notification
Suppress the display of Edge Deprecation Notification
Only allow device authentication for the Microsoft Account Sign-In Assistant
Enable ESS with Supported Peripherals
Limits print driver installation to Administrators
Manage processing of Queue-specific files
Manage Print Driver signature validation
Manage Print Driver exclusion list
Configure RPC listener settings
Configure RPC connection settings
Configure RPC over TCP port
Always send job page count information for IPP printers
Configure Redirection Guard
Fully disable Search UI
Allow search highlights
Force Instant Dim
Do not sync accessibility settings
Remove Run menu from Start Menu
Prevent changes to Taskbar and Start Menu Settings
Remove access to the context menus for the taskbar
Prevent users from uninstalling applications from Start
Remove Recommended section from Start Menu
Remove Recommended section from Start Menu
Simplify Quick Settings Layout
Disable Editing Quick Settings
Remove Quick Settings
Remove pinned programs from the Taskbar
Hide the TaskView button
Hide the TaskView button
Do not allow WebAuthn redirection
Disable Cloud Clipboard integration for server-to-client data transfer
Service Enabled
Notify Malicious
Notify Password Reuse
Notify Unsafe App
Device Control
Select Device Control Default Enforcement Policy
Define Device Control evidence data remote location
Control whether or not exclusions are visible to Local Admins.
Select the channel for Microsoft Defender monthly platform updates
Select the channel for Microsoft Defender monthly engine updates
Select the channel for Microsoft Defender daily security intelligence updates
Configure time interval for service health reports
CPU throttling type
Disable gradual rollout of Microsoft Defender updates.
Enable MPR notifications for the system

For more details, it is worth looking at the Excel file.

III. Models ADMX de Windows 11 22H2

If you want to integrate the new Administrative Templates for Windows 11 22H2 to your Active Directory environment, you need to download the ADMX files. For this, it is always on the Microsoft site, with the following link:

This download results in an MSI package that you must install on your machine in order to “unzip” its contents. Then the files we are interested in will be available in the following location:

C:\Program Files (x86)\Microsoft Group Policy\Windows 11 September 2022 Update (22H2)\PolicyDefinitions

The objective is simple: copy all the “.ADMX” files located at the root of this folder, as well as the “fr-fr” and “en-US” language folders in order to have the French and English translations (useful if a parameter is not translated), in order to paste them into the central Active Directory store.

As a reminder, the central store corresponds to the “PolicyDefinitions” folder on the SYSVOL share of the Active Directory and it is used to store administrative templates as well as translation files. Since it is stored in the SYSVOL directory, the files will be replicated to different domain controllers.

If we take the example of the domain “it-connect.local“, this means to store the files in this location:

\\IT-CONNECT.LOCAL\SysVol\IT-CONNECT.LOCAL\Policies\PolicyDefinitions

Now, if you create a new GPO or edit an existing GPO, the “Administrative Templates” sections under User and Computer will incorporate the new settings, as well as any settings that already exist. For example, there are the new settings associated with the “Enhanced Phishing Protectionmentioned in a previous article.

GPO - Settings Windows 11 22H2

Up to you…

Astuces,Stratégie de groupe,GPO,Windows 11,

#download #install #ADMX #templates

Leave a Comment

Your email address will not be published. Required fields are marked *