Print this page
Wednesday, 20 October 2021 07:20

Group Policy Changes in Windows 10 21H2

Written by
Rate this item
(0 votes)


As Windows 10, version 21H2 update development winds down, Microsoft is now preparing for the final release of the Windows 10 20H2 Update, including the release of the new group policy spread sheet listing the policy settings for computer and user configurations that are included in the Administrative template files delivered with for Windows 10 October 2021 Update (21H2). It's been a while now since I poked around ADMX files meaning it’s that time again to examine updated and new Group Policy settings

As if out of nowhere, what is this new blog post, full of all the joys of autumn? Yes, after a sporadic, semi-weekly service throughout the past decade, in which this website was resolutely dropped to the very bottom of my work schedule for reasons ranging from laziness, a lack of imagination, taking care of the family, impromptu holidays interfering with writing schedules and even more laziness, I am looking to overcome my enigmatic past to reassert itself as the market-leading online resource based on technology that was looked on as being slightly outdated some 10 years ago.

Where this new-found desire for achievement has come from is hard for me to place. Either way, I have rediscovered my mojo. So, aside from the odd pre-planned holiday, leaving me no time to make weak jokes for the benefit of my very limited readership, I promise to update this blog on a more regular basis. 

Anyhow, let's get into it. In terms of new features, there isn’t anything to be excited about the Windows 10, version 21H2 as Microsoft's primary focus is the improvement of the overall OS quality and Windows 10 hardening instead of implementation of new features which are so meaningless, that they could literally make your brain hurt.

The following Group Policy settings were added in Windows 10, version 21H2, or modified to an extent that warrants listing them here:

Notable changes are:

  • You can now control whether Windows apps can take screenshots of various windows or displays
  • You can now configure whether sideloaded apps' ability to auto-update in the background and whether the system can archive infrequently used apps.
  • The "Prevent installation of devices not described by other policy settings" policy setting has been replaced by the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting for supported target Windows 10 versions. It is recommended that you use the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting when possible.
  • You can now turn off Spotlight collection setting in Personalization.
  • You can now specify, whether additional diagnostic logs and dumps are collected when more information is needed to troubleshoot a problem and whether Windows attempts to connect with the OneSettings service.
  • Additionally, you can now restrict Language Pack and Language Feature Installation.
  • 21H2 group policy templates include new policies to control the behavior of the Enterprise Mode Site List.
  • Building on the investment into Azure AD Join capability, Microsoft is adding policies which allow retrieving the cloud Kerberos ticket during the logon and whether Windows Hello for Business will use a Kerberos ticket retrieved from authenticating to Azure for on-premises authentication.
  • Finally, you can now control Sandbox device redirection behavior, including virtualized GPU, networking, audio/video input, printer and clipboard sharing from the host..

Additionally, as I have done in the past, I compared the latest Windows 10, version 21H1 group policy templates to the admx files shipped with the latest insider build of Windows 10, version 21H2. An Excel spreadsheet containing policy descriptions, registry paths and possible settings (where applicable) is attached to this post. My results differ somewhat from the Microsoft's spread sheet with two additional policies showing up on a freshly installed Windows 10 October 2021 Update (21H2) system, which are not present in the official spread sheet.

  • Reset zoom to default for HTML dialogs in Internet Explorer mode: This policy setting lets admins reset zoom to default for HTML dialogs in Internet Explorer mode. If you enable this policy, the zoom of an HTML dialog in Internet Explorer mode will not get propagated from its parent page
  • Limits print driver installation to Administrators: Determines whether users that aren't Administrators can install print drivers on this computer. By default, users that aren't Administrators can't install print drivers on this computer.

Finally, some of the so-called "new" settings are somewhat misleading, as they actually do not apply to Windows 10 systems, including:

  • Remove access to use all Windows Update features: This setting allows you to remove access to Windows Update.
  • Allow Automatic Updates immediate installation: Specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor restart Windows.
  • Turn on recommended updates via Automatic Updates: Specifies whether Automatic Updates will deliver both important as well as recommended updates from the Windows Update update service.
  • Automatic Updates detection frequency: Specifies the hours that Windows will use to determine how long to wait before checking for available updates. The exact wait time is a sum of the specific value and a random variant of 0-4 hours.
Read 5252 times Last modified on Wednesday, 20 October 2021 08:40