Skip to content

Latest commit

 

History

History
1003 lines (822 loc) · 34.1 KB

policy-csp-admx-tcpip.md

File metadata and controls

1003 lines (822 loc) · 34.1 KB
Raw
title description ms.author ms.localizationpriority ms.topic ms.prod ms.technology author ms.date ms.reviewer manager
Policy CSP - ADMX_tcpip
Policy CSP - ADMX_tcpip
dansimp
medium
article
w10
windows
manikadhiman
09/23/2020
dansimp

Policy CSP - ADMX_tcpip

Warning

Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.

ADMX_tcpip policies

ADMX_tcpip/6to4_Router_Name
ADMX_tcpip/6to4_Router_Name_Resolution_Interval
ADMX_tcpip/6to4_State
ADMX_tcpip/IPHTTPS_ClientState
ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State
ADMX_tcpip/ISATAP_Router_Name
ADMX_tcpip/ISATAP_State
ADMX_tcpip/Teredo_Client_Port
ADMX_tcpip/Teredo_Default_Qualified
ADMX_tcpip/Teredo_Refresh_Rate
ADMX_tcpip/Teredo_Server_Name
ADMX_tcpip/Teredo_State
ADMX_tcpip/Windows_Scaling_Heuristics_State

ADMX_tcpip/6to4_Router_Name

Windows Edition Supported?
Home cross mark
Pro cross mark
Business cross mark
Enterprise check mark
Education cross mark

Scope:

[!div class = "checklist"]

  • Device

Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host.

If you enable this policy setting, you can specify a relay name for a 6to4 host.

If you disable or do not configure this policy setting, the local host setting is used, and you cannot specify a relay name for a 6to4 host.

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Set 6to4 Relay Name
  • GP name: 6to4_Router_Name
  • GP path: Network\TCPIP Settings\IPv6 Transition Technologies
  • GP ADMX file name: tcpip.admx

ADMX_tcpip/6to4_Router_Name_Resolution_Interval

Windows Edition Supported?
Home cross mark
Pro cross mark
Business cross mark
Enterprise check mark
Education cross mark

Scope:

[!div class = "checklist"]

  • Device

Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host.

If you enable this policy setting, you can specify the value for the duration at which the relay name is resolved periodically.

If you disable or do not configure this policy setting, the local host setting is used.

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Set 6to4 Relay Name Resolution Interval
  • GP name: 6to4_Router_Name_Resolution_Interval
  • GP path: Network\TCPIP Settings\IPv6 Transition Technologies
  • GP ADMX file name: tcpip.admx

ADMX_tcpip/6to4_State

Windows Edition Supported?
Home cross mark
Pro cross mark
Business cross mark
Enterprise check mark
Education cross mark

Scope:

[!div class = "checklist"]

  • Device

Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure 6to4, an address assignment and router-to-router automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 uses the global address prefix: 2002:WWXX:YYZZ::/48 in which the letters are a hexadecimal representation of the global IPv4 address (w.x.y.z) assigned to a site.

If you disable or do not configure this policy setting, the local host setting is used.

If you enable this policy setting, you can configure 6to4 with one of the following settings:

Policy Default State: 6to4 is turned off and connectivity with 6to4 will not be available.

Policy Enabled State: If a global IPv4 address is present, the host will have a 6to4 interface. If no global IPv4 address is present, the host will not have a 6to4 interface.

Policy Disabled State: 6to4 is turned off and connectivity with 6to4 will not be available.

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Set 6to4 State
  • GP name: 6to4_State
  • GP path: Network\TCPIP Settings\IPv6 Transition Technologies
  • GP ADMX file name: tcpip.admx

ADMX_tcpip/IPHTTPS_ClientState

Windows Edition Supported?
Home cross mark
Pro cross mark
Business cross mark
Enterprise check mark
Education cross mark

Scope:

[!div class = "checklist"]

  • Device

Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure IP-HTTPS, a tunneling technology that uses the HTTPS protocol to provide IP connectivity to a remote network.

If you disable or do not configure this policy setting, the local host settings are used.

If you enable this policy setting, you can specify an IP-HTTPS server URL. You will be able to configure IP-HTTPS with one of the following settings:

Policy Default State: The IP-HTTPS interface is used when there are no other connectivity options.

Policy Enabled State: The IP-HTTPS interface is always present, even if the host has other connectivity options.

Policy Disabled State: No IP-HTTPS interfaces are present on the host.

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Set IP-HTTPS State
  • GP name: IPHTTPS_ClientState
  • GP path: Network\TCPIP Settings\IPv6 Transition Technologies
  • GP ADMX file name: tcpip.admx

ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State

Windows Edition Supported?
Home cross mark
Pro cross mark
Business cross mark
Enterprise check mark
Education cross mark

Scope:

[!div class = "checklist"]

  • Device

Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure IP Stateless Autoconfiguration Limits.

If you enable or do not configure this policy setting, IP Stateless Autoconfiguration Limits will be enabled and system will limit the number of autoconfigured addresses and routes.

If you disable this policy setting, IP Stateless Autoconfiguration Limits will be disabled and system will not limit the number of autoconfigured addresses and routes.

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Set IP Stateless Autoconfiguration Limits State
  • GP name: IP_Stateless_Autoconfiguration_Limits_State
  • GP path: Network\TCPIP Settings\Parameters
  • GP ADMX file name: tcpip.admx

ADMX_tcpip/ISATAP_Router_Name

Windows Edition Supported?
Home cross mark
Pro cross mark
Business cross mark
Enterprise check mark
Education cross mark

Scope:

[!div class = "checklist"]

  • Device

Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router.

If you enable this policy setting, you can specify a router name or IPv4 address for an ISATAP router. If you enter an IPv4 address of the ISATAP router in the text box, DNS services are not required.

If you disable or do not configure this policy setting, the local host setting is used.

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Set ISATAP Router Name
  • GP name: ISATAP_Router_Name
  • GP path: Network\TCPIP Settings\IPv6 Transition Technologies
  • GP ADMX file name: tcpip.admx

ADMX_tcpip/ISATAP_State

Windows Edition Supported?
Home cross mark
Pro cross mark
Business cross mark
Enterprise check mark
Education cross mark

Scope:

[!div class = "checklist"]

  • Device

Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), an address-to-router and host-to-host, host-to-router and router-to-host automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 hosts across an IPv4 intranet.

If you disable or do not configure this policy setting, the local host setting is used.

If you enable this policy setting, you can configure ISATAP with one of the following settings:

Policy Default State: No ISATAP interfaces are present on the host.

Policy Enabled State: If the ISATAP name is resolved successfully, the host will have ISATAP configured with a link-local address and an address for each prefix received from the ISATAP router through stateless address auto-configuration. If the ISATAP name is not resolved successfully, the host will have an ISATAP interface configured with a link-local address.

Policy Disabled State: No ISATAP interfaces are present on the host.

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Set ISATAP State
  • GP name: ISATAP_State
  • GP path: Network\TCPIP Settings\IPv6 Transition Technologies
  • GP ADMX file name: tcpip.admx

ADMX_tcpip/Teredo_Client_Port

Windows Edition Supported?
Home cross mark
Pro cross mark
Business cross mark
Enterprise check mark
Education cross mark

Scope:

[!div class = "checklist"]

  • Device

Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0, the operating system will select a port (recommended). If you select a UDP port that is already in use by a system, the Teredo client will fail to initialize.

If you enable this policy setting, you can customize a UDP port for the Teredo client.

If you disable or do not configure this policy setting, the local host setting is used.

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Set Teredo Client Port
  • GP name: Teredo_Client_Port
  • GP path: Network\TCPIP Settings\IPv6 Transition Technologies
  • GP ADMX file name: tcpip.admx

ADMX_tcpip/Teredo_Default_Qualified

Windows Edition Supported?
Home cross mark
Pro cross mark
Business cross mark
Enterprise check mark
Education cross mark

Scope:

[!div class = "checklist"]

  • Device

Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set Teredo to be ready to communicate, a process referred to as qualification. By default, Teredo enters a dormant state when not in use. The qualification process brings it out of a dormant state.

If you disable or do not configure this policy setting, the local host setting is used.

This policy setting contains only one state:

Policy Enabled State: If Default Qualified is enabled, Teredo will attempt qualification immediately and remain qualified if the qualification process succeeds.

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Set Teredo Default Qualified
  • GP name: Teredo_Default_Qualified
  • GP path: Network\TCPIP Settings\IPv6 Transition Technologies
  • GP ADMX file name: tcpip.admx

ADMX_tcpip/Teredo_Refresh_Rate

Windows Edition Supported?
Home cross mark
Pro cross mark
Business cross mark
Enterprise check mark
Education cross mark

Scope:

[!div class = "checklist"]

  • Device

Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the Teredo refresh rate.

Note

On a periodic basis (by default, every 30 seconds), Teredo clients send a single Router Solicitation packet to the Teredo server. The Teredo server sends a Router Advertisement Packet in response. This periodic packet refreshes the IP address and UDP port mapping in the translation table of the Teredo client's NAT device.

If you enable this policy setting, you can specify the refresh rate. If you choose a refresh rate longer than the port mapping in the Teredo client's NAT device, Teredo might stop working or connectivity might be intermittent.

If you disable or do not configure this policy setting, the refresh rate is configured using the local settings on the computer. The default refresh rate is 30 seconds.

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Set Teredo Refresh Rate
  • GP name: Teredo_Refresh_Rate
  • GP path: Network\TCPIP Settings\IPv6 Transition Technologies
  • GP ADMX file name: tcpip.admx

ADMX_tcpip/Teredo_Server_Name

Windows Edition Supported?
Home cross mark
Pro cross mark
Business cross mark
Enterprise check mark
Education cross mark

Scope:

[!div class = "checklist"]

  • Device

Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied.

If you enable this policy setting, you can specify a Teredo server name that applies to a Teredo client.

If you disable or do not configure this policy setting, the local settings on the computer are used to determine the Teredo server name.

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Set Teredo Server Name
  • GP name: Teredo_Server_Name
  • GP path: Network\TCPIP Settings\IPv6 Transition Technologies
  • GP ADMX file name: tcpip.admx

ADMX_tcpip/Teredo_State

Windows Edition Supported?
Home cross mark
Pro cross mark
Business cross mark
Enterprise check mark
Education cross mark

Scope:

[!div class = "checklist"]

  • Device

Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Teredo, an address assignment and automatic tunneling technology that provides unicast IPv6 connectivity across the IPv4 Internet.

If you disable or do not configure this policy setting, the local host settings are used.

If you enable this policy setting, you can configure Teredo with one of the following settings:

Default: The default state is "Client."

Disabled: No Teredo interfaces are present on the host.

Client: The Teredo interface is present only when the host is not on a network that includes a domain controller.

Enterprise Client: The Teredo interface is always present, even if the host is on a network that includes a domain controller.

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Set Teredo State
  • GP name: Teredo_State
  • GP path: Network\TCPIP Settings\IPv6 Transition Technologies
  • GP ADMX file name: tcpip.admx

ADMX_tcpip/Windows_Scaling_Heuristics_State

Windows Edition Supported?
Home cross mark
Pro cross mark
Business cross mark
Enterprise check mark
Education cross mark

Scope:

[!div class = "checklist"]

  • Device

Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly.

If you do not configure this policy setting, the local host settings are used.

If you enable this policy setting, Window Scaling Heuristics will be enabled and system will try to identify connectivity and throughput problems and take appropriate measures.

If you disable this policy setting, Window Scaling Heuristics will be disabled and system will not try to identify connectivity and throughput problems caused by Firewalls or other middle boxes.

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Set Window Scaling Heuristics State
  • GP name: Windows_Scaling_Heuristics_State
  • GP path: Network\TCPIP Settings\Parameters
  • GP ADMX file name: tcpip.admx

Note

These policies are currently only available as part of a Windows Insider release.