Print this page
Tuesday, 14 January 2020 04:51

Group Policy Changes in Windows 10 20H1 Preview

Written by
Rate this item
(3 votes)


As Windows 10 Vibranium Update (20H1) development winds down, Microsoft is now beginning the phase of checking in the final code to prepare for the final release of the Windows 10 20H1 Update. It's been almost a year now since I poked around ADMX files meaning it’s that time again to examine updated and new Group Policy settings

Based on my results, the following Group Policy settings were added in Windows 10, version 20H1, or modified to an extent that warrants listing them here:

Note: An Excel spreadsheet containing policy descriptions, registry paths and possible settings (where applicable) is attached to this post. Please keep in mind, that the text-based analysis is somewhat error-prone, so take the information below with a grain of salt.

ADMX File Parent Category Policy Class
AppPrivacy.admx App Privacy Let Windows apps access user movements while running in the background Machine
AppxPackageManager.admx App Package Deployment Prevent non-admin users from installing packaged Windows apps Machine
ControlPanel.admx   Settings Page Visibility Both
CredentialProviders.admx Logon Turn on security key sign-in Machine
DeliveryOptimization.admx Delivery Optimization Cache Server Hostname Machine
DeliveryOptimization.admx Delivery Optimization Cache Server Hostname Source Machine
EAIME.admx IME Configure Simplified Chinese IME version User
EAIME.admx IME Configure Traditional Chinese IME version User
EAIME.admx IME Configure Japanese IME version User
EAIME.admx IME Configure Korean IME version User
Programs.admx Calculator Allow Graphing Calculator User
WindowsDefender.admx MpEngine Enable file hash computation feature Machine
WindowsUpdate.admx Windows Update for Business Select the target feature update version Machine

In terms of new features, there isn’t anything to be excited about the Windows 10 20H1 Update as Microsoft's primary focus this time around appears to be the improvement of the overall OS quality and Windows 10 hardening instead of implementation of new features which are so meaningless, that they could literally make your brain hurt.

Notable changes are:

  • Building on the investment into the Delivery Optimization technology, Microsoft is adding the Cache Server policies (previously included as reserved for future use), which allow you to set one or more Delivery Optimization in Network Cache servers that will be used by your client(s)
  • In addition, you can configure how your client(s) can discover Delivery Optimization in Network Cache servers dynamically. Options available are: 1 = DHCP Option 235. 2 = DHCP Option 235 Force. For both options, the client will query DHCP Option ID 235 and use the returned value as the Cache Server Hostname. Option 2 overrides the Cache Server Hostname policy, if configured.
  • You can now configure whether Microsoft Defender will compute hash value for files it scans, so it can quickly determine if it is legitimate.
  • Using Windows Update for Business policy you can now specify a target feature update. Possible target versions are listed in the Windows Release Information page
  • You can now specify whether Windows apps can access the movement of the user's head, hands, motion controllers, and other tracked objects, while the apps are running in the background. You can specify either a default setting for all apps or a per-app setting by specifying a Package Family Name. A per-app setting overrides the default setting.
  • Microsoft is adding the ability to prevent non-admin users from installing packaged Windows apps. If you enable this policy, non-Administrators will be unable to initiate installation of Windows app packages. Administrators who wish to install an app will need to do so from an Administrator context (for example, an Administrator PowerShell window). All users will still be able to install Windows app packages via the Windows Store, if permitted by other policies.
  • You can now control whether users can sign in using external security keys

In addition, the following changes are also worth mentioning:

  • The Configure Automatic Updates policy now includes an additional option, which applies only to Server SKU devices: 7 = Notify for install and notify for restart. With this option (applicable from Windows Server 2016) local administrators will be allowed to use Windows Update to proceed with installations or reboots manually.
  • As Microsoft continues to tweak the user experience, you can now control whether graphing functionality is available in the Windows Calculator app.
  • In addition, you can now specify the version of Microsoft IME to use. The new Microsoft IME is on by default. If you don't configure this policy setting, user can control IME version to use. If you enable this, user is not allowed to control IME version to use. The previous version of Microsoft IME is always selected.
  • If you are using the Allow users to access recommended troubleshooting for known problems policy, the instructions to trigger recommended troubleshooting for devices in your domain changed slightly. The path used to trigger remediations changed to: schtasks /run /TN ""\Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner""
  • 20H1 group policy templates include a new policy to specify the list of pages to show or hide from the System Settings app. For use on earlier systems, see KB4458469.
  • Finally, the Max Upload Bandwidth (in KB/s) Delivery Optimization policy is no longer included in the ADMX files. It was used to configure the maximum upload bandwidth that Delivery Optimization uses across all concurrent upload activities in KB/second. The default value 0 (zero) permits an unlimited use in which uploads are dynamically optimized for minimal usage of upload bandwidth.
Read 15340 times Last modified on Tuesday, 14 January 2020 10:22