mirror of
https://github.com/TommyTran732/Windows-Setup.git
synced 2024-11-21 15:41:45 -05:00
Policy clean up
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
7b226b2cb7
commit
e6887192d4
@ -4,4 +4,6 @@
|
||||
|
||||
You will need to download the Edge policies from https://www.microsoft.com/en-us/edge/business/download?form=MA13FJ and install it.
|
||||
|
||||
SmartScreen and Typosquatting as recommeded settings doesn't seem to apply consistently, therefore I force them to be disabled in my Domain Default Policy.
|
||||
SmartScreen and Typosquatting as recommeded settings doesn't seem to apply consistently, therefore I force them to be disabled in my Domain Default Policy.
|
||||
|
||||
Policies to set are documented at https://github.com/TommyTran732/Microsoft-Edge-Policies
|
@ -1,5 +0,0 @@
|
||||
# Cast
|
||||
|
||||
`Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Cast`
|
||||
|
||||
- Enabled Google Cast -> Disabled `EnableMediaRouter: false`
|
@ -1,13 +0,0 @@
|
||||
# Content Settings
|
||||
|
||||
`Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Content Settings`
|
||||
|
||||
- Block cookies on specific sites -> ntp.msn.com `CookiesBlockedForUrls": [ "ntp.msn.com" ]`
|
||||
- Default geolocation setting -> Enabled -> Don't allow any site to track users' physical location `DefaultGeolocationSetting: 2`
|
||||
- Control use of insecure content Exceptions -> Enabled -> Do not allow any sites to load mixed content `DefaultInsecureContentSetting: 2`
|
||||
- Configure cookies -> Enabled -> Keep cookies for the duration of the session, except ones listed in "SaveCookiesOnExit" `DefaultCookiesSetting: 4`
|
||||
- Default setting for third-party storage partitioning -> Let third-party storage partitioning to be enabled. `DefaultThirdPartyStoragePartitioningSetting: 1`
|
||||
- Control the use of File System API for reading -> Don't allow any site to request and read access to files and directories via the File System API `DefaultFileSystemReadGuardSetting: 2`
|
||||
- Control the use of File System API for writing -> Don't allow any site to request and write access to files and directories via the File System API `DefaultFileSystemWriteGuardSetting: 2`
|
||||
- Control use of the Web Bluetooth API -> Don't allow any site to request access to Bluetooth devices via the Web Bluetooth API `DefaultWebBluetoothGuardSetting: 2`
|
||||
- Allow notifications to set Microsoft Edge as default PDF reader -> Disabled `ShowPDFDefaultRecommendationsEnabled: false`
|
5
Group Policies Objects/Gaming/Microsoft Edge (Gaming).md
Normal file
5
Group Policies Objects/Gaming/Microsoft Edge (Gaming).md
Normal file
@ -0,0 +1,5 @@
|
||||
# Microsoft Edge
|
||||
|
||||
`Computer Configuration\Policies\Administrative Templates\Microsoft Edge`
|
||||
|
||||
- Game Settings -> Enable Gamer Mode -> Enabled
|
@ -1,4 +1,8 @@
|
||||
# Group Policy Objects
|
||||
|
||||
- Make Central Store for policies: https://learn.microsoft.com/en-us/troubleshoot/windows-client/group-policy/create-and-manage-central-store
|
||||
- Windows 23H2 template can be found here: https://www.microsoft.com/en-us/download/details.aspx?id=105667
|
||||
- Windows 23H2 template can be found here: https://www.microsoft.com/en-us/download/details.aspx?id=105667
|
||||
|
||||
The Default Domain Policy directory contains all of the policies I set domain wide. You can either apply them in the Default Domain Policy or break them up into multiple small ones. I split them into files in this repo so that it is easy to read.
|
||||
|
||||
Other directories contain the overrides I give to each Organizational Unit (OU). I do recommend breaking these down, as you might reuse the specific overrides across different OUs later on.
|
Loading…
Reference in New Issue
Block a user