Let’s quickly check the details of the Windows 11 22H2 Group Policy Settings. Microsoft released Windows 11 22H2 version on 20th September 2022, with every new release of the Windows version, group policy settings are updated to enhance the work experience.
Windows 11 22H2 includes a couple of new security features, more productivity-focused features and management capabilities, You will see the Windows 11 22H2 Group Policy settings lists.
Windows 11 22H2 will continue to be a free update available to Windows 10 and Windows 11 users with PCs meeting the Windows 11 minimum requirements for Windows 11 upgrade. Using the PC Health Check app, you can check for compatibility to see if your current PC meets system requirements to run Windows 11.
There are different methods to upgrade to Windows 11 22H2. As per Microsoft, Windows 11 22H2 availability can vary depending on the device and WUfB policy configured from Intune. You can also use the SCCM Windows Servicing option to upgrade to Windows 11 22H2 version.
If you are looking to get details of Group Policy Settings added in Windows 10, version 21H2, 21H1 and earlier. You can refer to this blog post – Group Policy Settings Available in Different Versions of Windows 10. The best way to find the more list of policies from the blog post below.
- List of Windows 11 Group Policy Settings
- ADMX Templates for Windows 11 October 2021 Update [21H2]
- Download Windows 10 Administrative Templates for All Versions
Windows 11 22H2 Group Policy Settings Reference Spreadsheet
This spreadsheet lists the policy settings for computer and user configurations included in the ADMX files delivered for Windows 11 2022 Update (Version 22H2). You can configure these policy settings when you edit Windows 11 22H2 Group Policy Objects.
- To download Group Policy settings reference spreadsheet for Windows 11 22H2, Select the link. You’ll be redirected to the Download Center details page.
- On the download page that opens, Validate the Windows version details. Click on the Download button.
Group Policy settings reference spreadsheet for Windows 11, version 22H2
Here you can get the Windows11andWindowsServer2019PolicySettings–22H2.xlsx. You can use the filtering capabilities. In addition, you can click Custom in the drop-down list of any of the column headings to add additional filtering criteria within that column.
To view a specific subset of data, click the drop-down arrow in the column heading of cells that contain the value or combination of values on which you want to filter, and then click the desired value in the drop-down list.
The Administrative Templates, Security tab in this spreadsheet also covers Windows 10( version 21H2), Windows Server 2019, Windows Server 2016, Windows 10, or earlier windows versions.
Windows 11 22H2 Group Policy Settings
The following Windows 11 22H2 Group Policy Settings lists for computer and user configurations are included in the Administrative template files (.admx and .adml) delivered with Windows 11 22H2. The list includes only the new policies added.
Group Policy Path | Group Policy Setting Name | Descriptions |
Desktop | Hide and disable all items on the desktop | Removes icons shortcuts and other default and user-defined items from the desktop including Briefcase Recycle Bin Computer and Network Locations. |
MS Security Guide | Configure RPC packet level privacy setting for incoming connections | This policy setting controls whether packet level privacy is enabled for RPC for incoming connections. |
Network\DNS Client | Configure Discovery of Designated Resolvers (DDR) protocol | Specifies if the DNS client would use the DDR protocol. The Discovery of Designated Resolvers (DDR) protocol allows Windows to move from unencrypted DNS to encrypted DNS when only the IP address of a resolver is known. |
Network\DNS Client | Configure NetBIOS settings | Specifies if the DNS client will perform name resolution over NetBIOS. By default the DNS client will disable NetBIOS name resolution on public networks for security reasons. |
Printers | Always send job page count information for IPP printers | Determines whether to always send page count information for accounting purposes for printers using the Microsoft IPP Class Driver. |
Printers | Configure Redirection Guard | The added Windows 11 22H2 Group Policy Determines whether Redirection Guard is enabled for the print spooler. You can enable this setting to configure the Redirection Guard policy being applied to spooler. |
Printers | Configure RPC connection settings | This policy setting controls which protocol and protocol settings to use for outgoing RPC connections to a remote print spooler. |
Printers | Configure RPC listener settings | This policy setting controls which protocols incoming RPC connections to the print spooler are allowed to use. |
Printers | Configure RPC over TCP port | This policy setting controls which port is used for RPC over TCP for incoming connections to the print spooler and outgoing connections to remote print spoolers. |
Printers | Limits print driver installation to Administrators | Determines whether users that aren’t Administrators can install print drivers on this computer. |
Printers | Manage Print Driver exclusion list | This policy setting controls the print driver exclusion list. The exclusion list allows an administrator to curate a list of printer drivers that are not allowed to be installed on the system. |
Printers | Manage Print Driver signature validation | This policy setting controls the print driver signature validation mechanism. This policy controls the type of digital signature that is required for a print driver to be considered valid and installed on the system. |
Printers | Manage processing of Queue-specific files | Manages how Queue-specific files are processed during printer installation. At printer installation time a vendor-supplied installation application can specify a set of files of any type to be associated with a particular print queue. |
Security Settings\Account Policies\Account Lockout Policy | Allow Administrator account lockout | This security setting determines whether the builtin Administrator account is subject to account lockout policy. |
Start Menu and Taskbar | Disable Editing Quick Settings | If you enable this policy the user will be unable to modify Quick Settings. If you disable or don’t configure this policy setting the user will be able to edit Quick Settings such as pinning or unpinning buttons. |
Start Menu and Taskbar | Hide the TaskView button | This policy setting allows you to hide the TaskView button. If you enable this policy setting the TaskView button will be hidden and the Settings toggle will be disabled. |
Start Menu and Taskbar | Prevent changes to Taskbar and Start Menu Settings | This policy setting allows you to prevent changes to Taskbar and Start Menu Settings. |
Start Menu and Taskbar | Prevent users from uninstalling applications from Start | If you enable this setting users cannot uninstall apps from Start.If you disable this setting or do not configure it users can access the uninstall command from Start |
Start Menu and Taskbar | Remove access to the context menus for the taskbar | The added Windows 11 22H2 Group Policy allows you to remove access to the context menus for the taskbar. |
Start Menu and Taskbar | Remove pinned programs from the Taskbar | This policy setting allows you to remove pinned programs from the taskbar. |
Start Menu and Taskbar | Remove Recommended section from Start Menu | This policy allows you to prevent the Start Menu from displaying a list of recommended applications and files. |
Start Menu and Taskbar | Remove Run menu from Start Menu | Allows you to remove the Run command from the Start menu Internet Explorer and Task Manager. |
Start Menu and Taskbar | Simplify Quick Settings Layout | If you enable this policy Quick Settings will be reduced to only having the WiFi Bluetooth Accessibility and VPN buttons; the brightness and volume sliders; and battery indicator and link to the Settings app. |
System | Hide messages when Windows system requirements are not met | The added Windows 11 22H2 Group Policy controls messages which are shown when Windows is running on a device that does not meet the minimum system requirements for this OS version. |
System\KDC | Configure hash algorithms for certificate logon | This policy setting controls hash or checksum algorithms used by the Kerberos client when performing certificate authentication. |
System\Kerberos | Configure hash algorithms for certificate logon | The added Windows 11 22H2 Group Policy controls hash or checksum algorithms used by the Kerberos client when performing certificate authentication. |
System\Local Security Authority | Allow Custom SSPs and APs to be loaded into LSASS | This policy controls the configuration under which LSASS loads custom SSPs and APs. |
System\Local Security Authority | Configures LSASS to run as a protected process | The added Windows 11 22H2 Group Policy controls the configuration under which LSASS is run. |
Windows Components\Desktop App Installer | Enable App Installer | This policy controls whether the Windows Package Manager can be used by users. |
Windows Components\Desktop App Installer | Enable App Installer Additional Sources | This policy controls additional sources provided by the enterprise IT administrator. |
Windows Components\Desktop App Installer | Enable App Installer Allowed Sources | The added Windows 11 22H2 Group Policy controls additional sources allowed by the enterprise IT administrator. |
Windows Components\Desktop App Installer | Enable App Installer Default Source | This policy controls the default source included with the Windows Package Manager. |
Windows Components\Desktop App Installer | Enable App Installer Experimental Features | The added Windows 11 22H2 Group Policy controls whether users can enable experimental features in the Windows Package Manager. |
Windows Components\Desktop App Installer | Enable App Installer Hash Override | This policy controls whether or not the Windows Package Manager can be configured to enable the ability override the SHA256 security validation in settings. |
Windows Components\Desktop App Installer | Enable App Installer Local Manifest Files | The added Windows 11 22H2 Group Policy controls whether users can install packages with local manifest files. |
Windows Components\Desktop App Installer | Enable App Installer Microsoft Store Source | This policy controls the Microsoft Store source included with the Windows Package Manager. |
Windows Components\Desktop App Installer | Enable App Installer ms-appinstaller protocol | This policy controls whether users can install packages from a website that is using the ms-appinstaller protocol. |
Windows Components\Desktop App Installer | Enable App Installer Settings | The added Windows 11 22H2 Group Policy controls whether users can change their settings. |
Windows Components\Desktop App Installer | Set App Installer Source Auto Update Interval In Minutes | This policy controls the auto update interval for package-based sources. |
Windows Components\File Explorer | Turn off files from Office.com in Quick access view | Turning off files from Office.com will prevent File Explorer from requesting recent cloud file metadata and displaying it in the Quick access view. |
Windows Components\Human Presence | Force Instant Dim | Determines whether Attention Based Display Dimming is forced on/off by the MDM policy. The user will not be able to change this setting and the toggle in the UI will be greyed out. |
Windows Components\Internet Explorer | Disable HTML Application | The added Windows 11 22H2 Group Policy setting specifies if running the HTML Application (HTA file) is blocked or allowed. |
Windows Components\Internet Explorer | Enable global window list in Internet Explorer mode | This setting allows Internet Explorer mode to use the global window list that enables sharing state with other applications. The setting will take effect only when Internet Explorer 11 is disabled as a standalone browser. |
Windows Components\Internet Explorer | Reset zoom to default for HTML dialogs in Internet Explorer mode | The added Windows 11 22H2 Group Policy setting lets admins reset zoom to default for HTML dialogs in Internet Explorer mode. |
Windows Components\Internet Explorer\Security Features\Add-on Management | Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects | The added Windows 11 22H2 Group Policy turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects. |
Windows Components\Microsoft account | Only allow device authentication for the Microsoft Account Sign-In Assistant | This setting determines whether to only allow enterprise device authentication for the Microsoft Account Sign-in Assistant service (wlidsvc). |
Windows Components\Microsoft Defender Antivirus | Control whether or not exclusions are visible to Local Admins. | This policy setting controls whether or not exclusions are visible to Local Admins. For end users (that are not Local Admins) exclusions are not visible whether or not this setting is enabled. |
Windows Components\Microsoft Defender Antivirus | Select the channel for Microsoft Defender daily security intelligence updates | Enable this policy to specify when devices receive Microsoft Defender security intelligence updates during the daily gradual rollout. |
Windows Components\Microsoft Defender Antivirus | Select the channel for Microsoft Defender monthly engine updates | Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout. |
Windows Components\Microsoft Defender Antivirus | Select the channel for Microsoft Defender monthly platform updates | Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout. |
Windows Components\Microsoft Defender Antivirus\Device Control | Define Device Control evidence data remote location | The added Windows 11 22H2 Group Policy Define evidence file remote location where Device Control service will move evidence data captured. |
Windows Components\Microsoft Defender Antivirus\Device Control | Select Device Control Default Enforcement Policy | Default Allow: Choosing this default enforcement will Allow any operations to occur on the attached devices if no policy rules are found to match. |
Windows Components\Microsoft Defender Antivirus\Features | Device Control | Enable or Disable Defender Device Control on this machine. Note: You must be enrolled as E3 or E5 in order for Device Control to be enabled. |
Windows Components\Microsoft Defender Antivirus\MpEngine | Disable gradual rollout of Microsoft Defender updates. | Enable the added Windows 11 22H2 group policy to disable gradual rollout of Defender updates. |
Windows Components\Microsoft Defender Antivirus\Reporting | Configure time interval for service health reports | This policy setting configures the time interval (in minutes) for the service health reports to be sent from endpoints. |
Windows Components\Microsoft Defender Antivirus\Scan | CPU throttling type | This policy setting determines whether the maximum percentage CPU utilization permitted during a scan applies only to scheduled scans or to both scheduled and custom scans (but not real-time protection). |
Windows Components\Microsoft Edge | Suppress the display of Edge Deprecation Notification | You can configure Microsoft Edge to suppress the display of the notification that informs users that support of this version of Microsoft Edge ended on March 9th 2021. |
Windows Components\Remote Desktop Services\Remote Desktop Connection Client | Disable Cloud Clipboard integration for server-to-client data transfer | This policy setting lets you control whether data transferred from the remote session to the client using clipboard redirection is added to the client-side Cloud Clipboard. |
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection | Do not allow WebAuthn redirection | This policy setting lets you control the redirection of web authentication (WebAuthn) requests from a Remote Desktop session to the local device. This redirection enables users to authenticate to resources inside the Remote Desktop session using their local authenticator (e.g. Windows Hello for Business security key or other). |
Windows Components\Search | Allow search highlights | Disabling this setting turns off search highlights in the start menu search box and in search home. Enabling or not configuring this setting turns on search highlights in the start menu search box and in search home. |
Windows Components\Search | Fully disable Search UI | If you enable this policy the Search UI will be disabled along with all its entry points such as keyboard shortcuts touchpad gestures and type-to-search in the Start menu. The Start menu’s search box and Search Taskbar button will also be hidden. |
Windows Components\Sync your settings | Do not sync accessibility settings | Prevent the “accessibility” group from syncing to and from this PC. This turns off and disables the “accessibility” group on the “Windows backup” settings page in PC settings. |
Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection | Notify Malicious | This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they type their work or school password into one of the following malicious scenarios: into a reported phishing site into a Microsoft login URL with an invalid certificate or into an application connecting to either a reported phishing site or a Microsoft login URL with an invalid certificate. |
Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection | Notify Password Reuse | This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they reuse their work or school password. |
Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection | Notify Unsafe App | This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they type their work or school passwords in Notepad Winword or M365 Office apps like OneNote Word Excel etc. |
Windows Components\Windows Defender SmartScreen\Enhanced Phishing Protection | Service Enabled | This policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen is in audit mode or off. Users do not see notifications for any protection scenarios when Enhanced Phishing Protection in Microsoft Defender is in audit mode. Audit mode captures unsafe password entry events and sends telemetry through Microsoft Defender. |
Windows Components\Windows Hello for Business | Enable ESS with Supported Peripherals | Enhanced Sign-in Security isolates Windows Hello biometric (face and fingerprint) template data and matching operations to trusted hardware or specified memory regions meaning the rest of the operating system cannot access or tamper with them. |
Start Menu and Taskbar (User) | Hide the TaskView button | This policy setting allows you to hide the TaskView button. If you enable this policy setting the TaskView button will be hidden and the Settings toggle will be disabled. |
Start Menu and Taskbar (User) | Remove Quick Settings | This policy setting removes Quick Settings from the bottom right area on the taskbar. The quick settings area is located at the left of the clock in the taskbar and includes icons for current network and volume. |
Start Menu and Taskbar (User) | Remove Recommended section from Start Menu | This policy allows you to prevent the Start Menu from displaying a list of recommended applications and files. |
Windows Components\Internet Explorer (User) | Disable HTML Application | This policy setting specifies if running the HTML Application (HTA file) is blocked or allowed. |
Windows Components\Internet Explorer (User) | Enable global window list in Internet Explorer mode | This setting allows Internet Explorer mode to use the global window list that enables sharing state with other applications. The setting will take effect only when Internet Explorer 11 is disabled as a standalone browser. |
Windows Components\Internet Explorer (User) | Reset zoom to default for HTML dialogs in Internet Explorer mode | The added Windows 11 22H2 Group Policy lets admins reset zoom to default for HTML dialogs in Internet Explorer mode. |
Windows Components\Internet Explorer\Security Features\Add-on Management (User) | Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects | The added Windows 11 22H2 Group Policy turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects. |
Windows Components\Microsoft Edge (User) | Suppress the display of Edge Deprecation Notification | You can configure Microsoft Edge to suppress the display of the notification that informs users that support of this version of Microsoft Edge ended on March 9th 2021. If enabled the notification will not show. |
Removed Group Policy from Windows 11 22H2
Let’s check the latest list of Group policy removed from Windows 11 22H2. The removed polices are updated in this post.
Group Policy Path | Group Policy Name | Descriptions |
System\Internet Communication Management\Internet Communication settings | Turn off handwriting personalization data sharing | This setting turns off data sharing from the handwriting recognition personalization tool. |
System\Internet Communication Management\Internet Communication settings | Turn off handwriting recognition error reporting | Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. |
System\Internet Communication Management\Internet Communication settings (User) | Turn off handwriting personalization data sharing | Turns off data sharing from the handwriting recognition personalization tool. The handwriting recognition personalization tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. |
System\Internet Communication Management\Internet Communication settings (User) | Turn off handwriting recognition error reporting | Turns off the handwriting recognition error reporting tool. The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. |