List of Windows 11 Group Policy Settings

Let’s quickly check the details of the New Windows 11 Group Policy Settings. Microsoft released the new Windows 11 operating system officially on October 4th; with every new release of the Windows version, group policy settings are updated to enhance the work experience. You can see the Windows 11 Group Policy settings lists in this post.

How to get Windows 11? Microsoft released different editions of Windows 11 ISOs (Consumer and Business). You can download the Windows 11 ISO directly from the Microsoft Software Download website.

You don’t have to log in to download the ISO. To get the details about the latest version of the Windows 11 ISO download (production version), the latest Windows 11 ISO is ready to download the production version.

The devices should meet the Windows 11 minimum requirements for Windows 11 upgrade. Using the PC Health Check app, you can check for compatibility to see if your current PC meets the minimum system requirements to run Windows 11.

Patch My PC

You have to download the Windows 11 PC Health Check App from the Microsoft site. Here let’s explore the Windows 11 Group Policy; if you are looking to get Group Policy settings added in Windows 10, version 21H1, and earlier.

The best way to find the list of policies from the blog post below – 

List of Windows 11 Group Policy Settings
List of Windows 11 Group Policy Settings

List of Windows 11 Group Policy Settings

The following Windows 11 Group Policy Settings lists for computer and user configurations are included in the Administrative template files (.admx and .adml) delivered with Windows 11.

We will try to keep the list up to date with the latest Windows 11 Group Policy.

Adaptiva
Location Policy Path Policy Setting Name
Machine Control Panel\PersonalizationPrevent lock screen background motion
Machine Control Panel\Regional and Language OptionsRestrict Language Pack and Language Feature Installation
Machine MS Security GuideLimits print driver installation to Administrators.
Machine Network\DNS ClientConfigure DNS over HTTPS (DoH) name resolution
Machine PrintersEnable Device Control Printing Restrictions
Machine PrintersList of Approved USB-connected print devices
Machine Start Menu and TaskbarShow or hide “Most used” list from Start menu
Machine Start Menu and Taskbar\NotificationsEnables group policy for the WNS FQDN
Machine System\Device Installation\Device Installation RestrictionsApply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria
Machine System\Filesystem\NTFSEnable NTFS non-paged pool usage
Machine System\Filesystem\NTFSNTFS default tier
Machine System\Filesystem\NTFSNTFS parallel flush threshold
Machine System\Filesystem\NTFSNTFS parallel flush worker threads
Machine System\KerberosAllow retrieving the cloud kerberos ticket during the logon
Machine System\Net Logon\DC Locator DNS RecordsUse lowercase DNS host names when registering domain controller SRV records
Machine System\Security Account ManagerConfigure validation of ROCA-vulnerable WHfB keys during authentication
MachineWindows Components\App Package DeploymentArchive infrequently used apps
MachineWindows Components\App Package DeploymentNot allow sideloaded apps to auto-update in the background
MachineWindows Components\App Package DeploymentNot allow sideloaded apps to auto-update in the background on a metered network
MachineWindows Components\App PrivacyLet Windows apps take screenshots of various windows or displays
MachineWindows Components\App PrivacyLet Windows apps turn off the screenshot border
MachineWindows Components\ChatConfigures the Chat icon on the taskbar
MachineWindows Components\Cloud ContentTurn off cloud consumer account state content
MachineWindows Components\Data Collection and Preview BuildsDisable OneSettings Downloads
MachineWindows Components\Data Collection and Preview BuildsEnable OneSettings Auditing
MachineWindows Components\Data Collection and Preview BuildsLimit Diagnostic Log Collection
MachineWindows Components\Data Collection and Preview BuildsLimit Dump Collection
MachineWindows Components\Human PresenceForce Instant Lock
MachineWindows Components\Human PresenceForce Instant Wake
MachineWindows Components\Human PresenceLock Timeout
MachineWindows Components\Internet ExplorerReplace JScript by loading JScript9Legacy in place of JScript via MSHTML/WebOC.
MachineWindows Components\Microsoft Defender AntivirusConfigure scheduled task times randomization window
MachineWindows Components\Microsoft Defender AntivirusDefine the directory path to copy support log files
MachineWindows Components\Microsoft Defender Antivirus\Device ControlDefine device control policy groups
MachineWindows Components\Microsoft Defender Antivirus\Device ControlDefine device control policy rules
MachineWindows Components\Microsoft Defender Antivirus\ExclusionsIp Address Exclusions
MachineWindows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Network ProtectionThis settings controls whether Network Protection is allowed to be configured into block or audit mode on Windows Server.
MachineWindows Components\Microsoft Defender Antivirus\Network Inspection SystemThis setting controls datagram processing for network protection.
MachineWindows Components\Microsoft Defender Antivirus\Real-time ProtectionTurn on script scanning
MachineWindows Components\Microsoft Defender Antivirus\Security Intelligence UpdatesAllows Microsoft Defender Antivirus to update and communicate over a metered connection.
MachineWindows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource RedirectionAllow UI Automation redirection
MachineWindows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource RedirectionDo not allow location redirection
MachineWindows Components\Tenant RestrictionsCloud Policy Details
MachineWindows Components\WidgetsAllow widgets
MachineWindows Components\Windows Hello for BusinessUse cloud trust for on-premises authentication
MachineWindows Components\Windows SandboxAllow audio input in Windows Sandbox
MachineWindows Components\Windows SandboxAllow clipboard sharing with Windows Sandbox
MachineWindows Components\Windows SandboxAllow networking in Windows Sandbox
MachineWindows Components\Windows SandboxAllow printer sharing with Windows Sandbox
MachineWindows Components\Windows SandboxAllow vGPU sharing for Windows Sandbox
MachineWindows Components\Windows SandboxAllow video input in Windows Sandbox
MachineWindows Components\Windows Update\Manage updates offered from Windows Server Update ServiceSpecify source service for specific classes of Windows Updates
UserAutoSubscriptionEnable auto-subscription
UserControl Panel\PrintersEnable Device Control Printing Restrictions
UserControl Panel\PrintersList of Approved USB-connected print devices
UserControl Panel\Regional and Language OptionsRestrict Language Pack and Language Feature Installation
UserStart Menu and TaskbarShow or hide “Most used” list from Start menu
UserWindows Components\Cloud ContentTurn off Spotlight collection on Desktop
UserWindows Components\IMEConfigure Korean IME version
UserWindows Components\Internet ExplorerReplace JScript by loading JScript9Legacy in place of JScript via MSHTML/WebOC.
Windows 11 Group Policy Settings

List of Windows 11 Group Policy Settings

We will try to keep the list up to date with the latest Windows 11 Group Policy. If you want to share your experience while using Windows 11 Group Policy, you can let us update in the comment section below.

Author

About Author -> Jitesh has over 5 years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus area is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.

6 thoughts on “List of Windows 11 Group Policy Settings”

  1. How do i activate this last setting that is off Windows Defender Application Contol ?!?!?!?!?!

    OS Name Microsoft Windows 11 Pro
    Version 10.0.22581 Build 22581
    Other OS Description Not Available
    OS Manufacturer Microsoft Corporation
    System Name ERIC
    System Manufacturer System manufacturer
    System Model System Product Name
    System Type x64-based PC
    System SKU SKU
    Processor AMD Ryzen 9 5950X 16-Core Processor, 4001 Mhz, 16 Core(s), 32 Logical Processor(s)
    BIOS Version/Date American Megatrends Inc. 4204, 2/24/2022
    SMBIOS Version 3.3
    Embedded Controller Version 255.255
    BIOS Mode UEFI
    BaseBoard Manufacturer ASUSTeK COMPUTER INC.
    BaseBoard Product ROG STRIX X570-E GAMING
    BaseBoard Version Rev X.0x
    Platform Role Desktop
    Secure Boot State On
    PCR7 Configuration Bound
    Windows Directory C:\WINDOWS
    System Directory C:\WINDOWS\system32
    Boot Device \Device\HarddiskVolume1
    Locale United States
    Hardware Abstraction Layer Version = “10.0.22581.1”
    User Name Eric\Administrator
    Time Zone Mountain Daylight Time
    Installed Physical Memory (RAM) 32.0 GB
    Total Physical Memory 31.9 GB
    Available Physical Memory 24.1 GB
    Total Virtual Memory 36.9 GB
    Available Virtual Memory 26.3 GB
    Page File Space 5.00 GB
    Page File C:\pagefile.sys
    Kernel DMA Protection On
    Virtualization-based security Running
    Virtualization-based security Required Security Properties Base Virtualization Support, Secure Boot
    Virtualization-based security Available Security Properties Base Virtualization Support, Secure Boot, DMA Protection, Secure Memory Overwrite, UEFI Code Readonly, Mode Based Execution Control
    Virtualization-based security Services Configured Credential Guard, Hypervisor enforced Code Integrity, Secure Launch
    Virtualization-based security Services Running Credential Guard, Hypervisor enforced Code Integrity, Hardware-enforced Stack Protection (Kernel-mode)
    Windows Defender Application Control policy Enforced
    Windows Defender Application Control user mode policy Off <<——————– This one !!
    Device Encryption Support Reasons for failed automatic device encryption: Un-allowed DMA capable bus/device(s) detected
    A hypervisor has been detected. Features required for Hyper-V will not be displayed.

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.