-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: add Windows administrative template #10721
Conversation
This seems to be fully functional but in the group policy editor, if I filter by supported product, there's a Tailscale checkbox in the filter options but if I select it, nothing is shown and if I edit the filter options it is not checked. I'm not sure what I'm doing wrong, but it's probably related to the I had multiple versions specified at first but after looking at the granularity in Microsoft's list, that did not seem to be the usual procedure so I took that out. I kept the supported version number information because that seems useful. |
fyi if anyone is interested in taking a peek @clairew @dblohm7 @nickoneill @agottardo |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall, it looks good to me! I believe the names and help texts can be improved for clarity, style and unambiguity, and in certain cases we might want to indicate that the policy value, such as an Exit Node ID, is required.
But the only critical update is to fix the namespace
attribute value to remove the colon.
If you enable this policy, then Allow Incoming Connections is always enabled and the menu option is hidden. | ||
If you disable this policy, then Allow Incoming Connections is always disabled and the menu option is hidden. | ||
If you do not configure this policy, then Allow Incoming Connections depends on what is selected in the Preferences submenu.]]></string> | ||
<string id="UnattendedMode">Enable Run Unattended</string> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: As a general rule, we should use more descriptive policy names as the help text might be unavailable in certain contexts. An example would be a group policy report that looks like this:
To make policy names less ambiguous and emphasize that these policies actually change the Tailscale client behavior rather than just enable certain option or capability, we might want to rename them to something like this:
- Run Tailscale in Unattended Mode
- Run Tailscale as an Exit Node
Similarly, we might want to rename "Require Exit Node" to "Use the specified Exit Node" or something similar to emphasize not only that an exit node is required but also that the policy configures which exit node to use, etc.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I only changed the items that didn't have a clear directive. Does this look better?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is really cool! ✨
To make setting Windows policies easier, this adds ADMX policy descriptions. Fixes #6495 Updates ENG-2515 Change-Id: If4613c9d8ec734afec8bd781575e24b4aef9bb73 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>
d987f84
to
11805c8
Compare
To make setting Windows policies easier, this adds ADMX policy descriptions.
Fixes #6495
Updates ENG-2515
Change-Id: If4613c9d8ec734afec8bd781575e24b4aef9bb73