From e6887192d42f486f9e8b96f0de1e8bb08039d596 Mon Sep 17 00:00:00 2001 From: Tommy Date: Fri, 19 Jan 2024 02:46:56 -0700 Subject: [PATCH] Policy clean up Signed-off-by: Tommy --- .../{Microsoft Edge/README.md => Microsoft Edge.md} | 4 +++- .../Default Domain Policy/Microsoft Edge/Cast.md | 5 ----- .../Microsoft Edge/Content Settings.md | 13 ------------- .../Gaming/Microsoft Edge (Gaming).md | 5 +++++ .../Microsoft Office/Microsoft Account (Allow).md | 0 Group Policies Objects/README.md | 6 +++++- 6 files changed, 13 insertions(+), 20 deletions(-) rename Group Policies Objects/Default Domain Policy/{Microsoft Edge/README.md => Microsoft Edge.md} (75%) delete mode 100644 Group Policies Objects/Default Domain Policy/Microsoft Edge/Cast.md delete mode 100644 Group Policies Objects/Default Domain Policy/Microsoft Edge/Content Settings.md create mode 100644 Group Policies Objects/Gaming/Microsoft Edge (Gaming).md rename Group Policies Objects/{Gaming => Parallels}/Microsoft Office/Microsoft Account (Allow).md (100%) diff --git a/Group Policies Objects/Default Domain Policy/Microsoft Edge/README.md b/Group Policies Objects/Default Domain Policy/Microsoft Edge.md similarity index 75% rename from Group Policies Objects/Default Domain Policy/Microsoft Edge/README.md rename to Group Policies Objects/Default Domain Policy/Microsoft Edge.md index e9d28b3..5900d7d 100644 --- a/Group Policies Objects/Default Domain Policy/Microsoft Edge/README.md +++ b/Group Policies Objects/Default Domain Policy/Microsoft Edge.md @@ -4,4 +4,6 @@ You will need to download the Edge policies from https://www.microsoft.com/en-us/edge/business/download?form=MA13FJ and install it. -SmartScreen and Typosquatting as recommeded settings doesn't seem to apply consistently, therefore I force them to be disabled in my Domain Default Policy. \ No newline at end of file +SmartScreen and Typosquatting as recommeded settings doesn't seem to apply consistently, therefore I force them to be disabled in my Domain Default Policy. + +Policies to set are documented at https://github.com/TommyTran732/Microsoft-Edge-Policies \ No newline at end of file diff --git a/Group Policies Objects/Default Domain Policy/Microsoft Edge/Cast.md b/Group Policies Objects/Default Domain Policy/Microsoft Edge/Cast.md deleted file mode 100644 index aebdc57..0000000 --- a/Group Policies Objects/Default Domain Policy/Microsoft Edge/Cast.md +++ /dev/null @@ -1,5 +0,0 @@ -# Cast - -`Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Cast` - -- Enabled Google Cast -> Disabled `EnableMediaRouter: false` \ No newline at end of file diff --git a/Group Policies Objects/Default Domain Policy/Microsoft Edge/Content Settings.md b/Group Policies Objects/Default Domain Policy/Microsoft Edge/Content Settings.md deleted file mode 100644 index 9196f48..0000000 --- a/Group Policies Objects/Default Domain Policy/Microsoft Edge/Content Settings.md +++ /dev/null @@ -1,13 +0,0 @@ -# Content Settings - -`Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Content Settings` - -- Block cookies on specific sites -> ntp.msn.com `CookiesBlockedForUrls": [ "ntp.msn.com" ]` -- Default geolocation setting -> Enabled -> Don't allow any site to track users' physical location `DefaultGeolocationSetting: 2` -- Control use of insecure content Exceptions -> Enabled -> Do not allow any sites to load mixed content `DefaultInsecureContentSetting: 2` -- Configure cookies -> Enabled -> Keep cookies for the duration of the session, except ones listed in "SaveCookiesOnExit" `DefaultCookiesSetting: 4` -- Default setting for third-party storage partitioning -> Let third-party storage partitioning to be enabled. `DefaultThirdPartyStoragePartitioningSetting: 1` -- Control the use of File System API for reading -> Don't allow any site to request and read access to files and directories via the File System API `DefaultFileSystemReadGuardSetting: 2` -- Control the use of File System API for writing -> Don't allow any site to request and write access to files and directories via the File System API `DefaultFileSystemWriteGuardSetting: 2` -- Control use of the Web Bluetooth API -> Don't allow any site to request access to Bluetooth devices via the Web Bluetooth API `DefaultWebBluetoothGuardSetting: 2` -- Allow notifications to set Microsoft Edge as default PDF reader -> Disabled `ShowPDFDefaultRecommendationsEnabled: false` \ No newline at end of file diff --git a/Group Policies Objects/Gaming/Microsoft Edge (Gaming).md b/Group Policies Objects/Gaming/Microsoft Edge (Gaming).md new file mode 100644 index 0000000..cbc7625 --- /dev/null +++ b/Group Policies Objects/Gaming/Microsoft Edge (Gaming).md @@ -0,0 +1,5 @@ +# Microsoft Edge + +`Computer Configuration\Policies\Administrative Templates\Microsoft Edge` + +- Game Settings -> Enable Gamer Mode -> Enabled \ No newline at end of file diff --git a/Group Policies Objects/Gaming/Microsoft Office/Microsoft Account (Allow).md b/Group Policies Objects/Parallels/Microsoft Office/Microsoft Account (Allow).md similarity index 100% rename from Group Policies Objects/Gaming/Microsoft Office/Microsoft Account (Allow).md rename to Group Policies Objects/Parallels/Microsoft Office/Microsoft Account (Allow).md diff --git a/Group Policies Objects/README.md b/Group Policies Objects/README.md index bb461a5..e9689da 100644 --- a/Group Policies Objects/README.md +++ b/Group Policies Objects/README.md @@ -1,4 +1,8 @@ # Group Policy Objects - Make Central Store for policies: https://learn.microsoft.com/en-us/troubleshoot/windows-client/group-policy/create-and-manage-central-store -- Windows 23H2 template can be found here: https://www.microsoft.com/en-us/download/details.aspx?id=105667 \ No newline at end of file +- Windows 23H2 template can be found here: https://www.microsoft.com/en-us/download/details.aspx?id=105667 + +The Default Domain Policy directory contains all of the policies I set domain wide. You can either apply them in the Default Domain Policy or break them up into multiple small ones. I split them into files in this repo so that it is easy to read. + +Other directories contain the overrides I give to each Organizational Unit (OU). I do recommend breaking these down, as you might reuse the specific overrides across different OUs later on. \ No newline at end of file