Windows 10 1803 New MDM Policy CSP Settings

Hello. Long time no see. Finally I'm back with a new post. This time I created a nice little list with Windows 10 1803 New MDM Policy CSP Settings for the next Windows 10 release.  If you're not familiar with Policy CSP Settings - that are GPO Settings configureable over an Intune OMA-Uri Policy. Here's a great introducation to Policy CSP Settings.

You can find the entire list (CSV) on Github: https://github.com/nicolonsky/Techblog/blob/master/PolicyCSP/CSPPolicyList_New.csv

If you want to know how to generate your own list - just let me know.

Here are my favorite Windows 10 1803 new MDM Policy CSP Settings:

ControlPolicyConflict, MDMWinsOverGP

This policy allows the IT admin to control which policy will be used whenever both the MDM policy and its equivalent Group Policy are set on the device.

https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-controlpolicyconflict

LanmanWorkstation, EnableInsecureGuestLogons

Added in Windows 10, version 1803. This policy setting determines if the SMB client will allow insecure guest logons to an SMB server

https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-lanmanworkstation

RestrictedGroups, ConfigureGroupMembership

This security setting allows an administrator to define the members of a security-sensitive (restricted) group.

https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-restrictedgroups

The next blog post will cover the Restricted-Groups setting, to define the local administrator group. This can be useful, to remove the local administrator rights for a user who enrolled his device to Intune or Azure AD - without the need for Windows AutoPilot.

If interested, I created a Github folder containing the scripts to retrieve and compare the available Policy CSP Settings for a Windows Version. Feel free to leave feedback or improvement changes.

https://github.com/nicolonsky/Techblog/tree/master/PolicyCSP

 

See also my other script to check for open TCP ports: https://tech.nicolonsky.ch/power-shell-script-test-open-tcp-ports/

 

Nicola

The guy behind this blog. Combining work sports and social life.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.