Policy CSP - ADMX_srmfci
Tip
This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see Understanding ADMX-backed policies.
The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.
AccessDeniedConfiguration
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_srmfci/AccessDeniedConfiguration
This policy setting specifies the message that users see when they're denied access to a file or folder. You can customize the Access Denied message to include additional text and links. You can also provide users with the ability to send an email to request access to the file or folder to which they were denied access.
If you enable this policy setting, users receive a customized Access Denied message from the file servers on which this policy setting is applied.
If you disable this policy setting, users see a standard Access Denied message that doesn't provide any of the functionality controlled by this policy setting, regardless of the file server configuration.
If you don't configure this policy setting, users see a standard Access Denied message unless the file server is configured to display the customized Access Denied message. By default, users see the standard Access Denied message.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
| Name | Value |
|---|---|
| Name | AccessDeniedConfiguration |
| Friendly Name | Customize message for Access Denied errors |
| Location | Computer Configuration |
| Path | System > Access-Denied Assistance |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied |
| Registry Value Name | Enabled |
| ADMX File Name | srm-fci.admx |
CentralClassificationList
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_srmfci/CentralClassificationList
This policy setting controls which set of properties is available for classifying files on affected computers.
Administrators can define the properties for the organization by using Active Directory Domain Services (AD DS), and then group these properties into lists. Administrators can supplement these properties on individual file servers by using File Classification Infrastructure, which is part of the File Server Resource Manager role service.
If you enable this policy setting, you can select which list of properties is available for classification on the affected computers.
If you disable or don't configure this policy setting, the Global Resource Property List in AD DS provides the default set of properties.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
| Name | Value |
|---|---|
| Name | CentralClassificationList |
| Friendly Name | File Classification Infrastructure: Specify classification properties list |
| Location | Computer Configuration |
| Path | System > File Classification Infrastructure |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\FCI |
| ADMX File Name | srm-fci.admx |
EnableManualUX
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_srmfci/EnableManualUX
This policy setting controls whether the Classification tab is displayed in the Properties dialog box in File Explorer.
The Classification tab enables users to manually classify files by selecting properties from a list. Administrators can define the properties for the organization by using Group Policy, and supplement these with properties defined on individual file servers by using File Classification Infrastructure, which is part of the File Server Resource Manager role service.
If you enable this policy setting, the Classification tab is displayed.
If you disable or don't configure this policy setting, the Classification tab is hidden.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
| Name | Value |
|---|---|
| Name | EnableManualUX |
| Friendly Name | File Classification Infrastructure: Display Classification tab in File Explorer |
| Location | Computer Configuration |
| Path | System > File Classification Infrastructure |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\FCI |
| Registry Value Name | EnableManualUX |
| ADMX File Name | srm-fci.admx |
EnableShellAccessCheck
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_srmfci/EnableShellAccessCheck
This Group Policy Setting should be set on Windows clients to enable access-denied assistance for all file types.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
Tip
This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.
ADMX mapping:
| Name | Value |
|---|---|
| Name | EnableShellAccessCheck |
| Friendly Name | Enable access-denied assistance on client for all file types |
| Location | Computer Configuration |
| Path | System > Access-Denied Assistance |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\Explorer |
| Registry Value Name | EnableShellExecuteFileStreamCheck |
| ADMX File Name | srm-fci.admx |