Windows 11 22H2 Group Policy Settings list Download

Let’s quickly check the details of the Windows 11 22H2 Group Policy Settings. Microsoft released Windows 11 22H2 version on 20th September 2022, with every new release of the Windows version, group policy settings are updated to enhance the work experience.

Windows 11 22H2 includes a couple of new security features, more productivity-focused features and management capabilities, You will see the Windows 11 22H2 Group Policy settings lists.

Windows 11 22H2 will continue to be a free update available to Windows 10 and Windows 11 users with PCs meeting the Windows 11 minimum requirements for Windows 11 upgrade. Using the PC Health Check app, you can check for compatibility to see if your current PC meets system requirements to run Windows 11.

There are different methods to upgrade to Windows 11 22H2. As per Microsoft, Windows 11 22H2 availability can vary depending on the device and WUfB policy configured from Intune. You can also use the SCCM Windows Servicing option to upgrade to Windows 11 22H2 version.

Patch My PC

If you are looking to get details of Group Policy Settings added in Windows 10, version 21H2, 21H1 and earlier. You can refer to this blog post – Group Policy Settings Available in Different Versions of Windows 10. The best way to find the more list of policies from the blog post below. 

Windows 11 22H2 Group Policy Settings Reference Spreadsheet

This spreadsheet lists the policy settings for computer and user configurations included in the ADMX files delivered for Windows 11 2022 Update (Version 22H2). You can configure these policy settings when you edit Windows 11 22H2 Group Policy Objects.

  • To download Group Policy settings reference spreadsheet for Windows 11 22H2, Select the link. You’ll be redirected to the Download Center details page.
  • On the download page that opens, Validate the Windows version details. Click on the Download button.

Group Policy settings reference spreadsheet for Windows 11, version 22H2

Group Policy Settings Reference Spreadsheet - Windows 11 22H2 Group Policy Settings list Download
Group Policy Settings Reference Spreadsheet – Windows 11 22H2 Group Policy Settings list Download

Here you can get the Windows11andWindowsServer2019PolicySettings–22H2.xlsx. You can use the filtering capabilities. In addition, you can click Custom in the drop-down list of any of the column headings to add additional filtering criteria within that column.

To view a specific subset of data, click the drop-down arrow in the column heading of cells that contain the value or combination of values on which you want to filter, and then click the desired value in the drop-down list.

The Administrative Templates, Security tab in this spreadsheet also covers Windows 10( version 21H2),  Windows Server 2019, Windows Server 2016, Windows 10, or earlier windows versions. 

Windows 11 22H2 Group Policy Settings list Download 1
Windows 11 22H2 Group Policy Settings list

Windows 11 22H2 Group Policy Settings

The following Windows 11 22H2 Group Policy Settings lists for computer and user configurations are included in the Administrative template files (.admx and .adml) delivered with Windows 11 22H2. The list includes only the new policies added.

Group Policy PathGroup Policy Setting NameDescriptions
DesktopHide and disable all items on the desktopRemoves icons shortcuts and other default and user-defined items from the desktop including Briefcase Recycle Bin Computer and Network Locations.
MS Security GuideConfigure RPC packet level privacy setting for incoming connectionsThis policy setting controls whether packet level privacy is enabled for RPC for incoming connections.
Network\DNS ClientConfigure Discovery of Designated Resolvers (DDR) protocolSpecifies if the DNS client would use the DDR protocol. The Discovery of Designated Resolvers (DDR) protocol allows Windows to move from unencrypted DNS to encrypted DNS when only the IP address of a resolver is known.
Network\DNS ClientConfigure NetBIOS settingsSpecifies if the DNS client will perform name resolution over NetBIOS. By default the DNS client will disable NetBIOS name resolution on public networks for security reasons.
PrintersAlways send job page count information for IPP printersDetermines whether to always send page count information for accounting purposes for printers using the Microsoft IPP Class Driver.
PrintersConfigure Redirection GuardThe added Windows 11 22H2 Group Policy Determines whether Redirection Guard is enabled for the print spooler. You can enable this setting to configure the Redirection Guard policy being applied to spooler.
PrintersConfigure RPC connection settingsThis policy setting controls which protocol and protocol settings to use for outgoing RPC connections to a remote print spooler.
PrintersConfigure RPC listener settingsThis policy setting controls which protocols incoming RPC connections to the print spooler are allowed to use.
PrintersConfigure RPC over TCP portThis policy setting controls which port is used for RPC over TCP for incoming connections to the print spooler and outgoing connections to remote print spoolers.
PrintersLimits print driver installation to AdministratorsDetermines whether users that aren’t Administrators can install print drivers on this computer.
PrintersManage Print Driver exclusion listThis policy setting controls the print driver exclusion list. The exclusion list allows an administrator to curate a list of printer drivers that are not allowed to be installed on the system.
PrintersManage Print Driver signature validationThis policy setting controls the print driver signature validation mechanism. This policy controls the type of digital signature that is required for a print driver to be considered valid and installed on the system.
PrintersManage processing of Queue-specific filesManages how Queue-specific files are processed during printer installation. At printer installation time a vendor-supplied installation application can specify a set of files of any type to be associated with a particular print queue.
Security Settings\Account Policies\Account Lockout PolicyAllow Administrator account lockoutThis security setting determines whether the builtin Administrator account is subject to account lockout policy.
Start Menu and TaskbarDisable Editing Quick SettingsIf you enable this policy the user will be unable to modify Quick Settings. If you disable or don’t configure this policy setting the user will be able to edit Quick Settings such as pinning or unpinning buttons.
Start Menu and TaskbarHide the TaskView buttonThis policy setting allows you to hide the TaskView button. If you enable this policy setting the TaskView button will be hidden and the Settings toggle will be disabled.
Start Menu and TaskbarPrevent changes to Taskbar and Start Menu SettingsThis policy setting allows you to prevent changes to Taskbar and Start Menu Settings.
Start Menu and TaskbarPrevent users from uninstalling applications from StartIf you enable this setting users cannot uninstall apps from Start.If you disable this setting or do not configure it users can access the uninstall command from Start
Start Menu and TaskbarRemove access to the context menus for the taskbarThe added Windows 11 22H2 Group Policy allows you to remove access to the context menus for the taskbar.
Start Menu and TaskbarRemove pinned programs from the TaskbarThis policy setting allows you to remove pinned programs from the taskbar.
Start Menu and TaskbarRemove Recommended section from Start MenuThis policy allows you to prevent the Start Menu from displaying a list of recommended applications and files.
Start Menu and TaskbarRemove Run menu from Start MenuAllows you to remove the Run command from the Start menu Internet Explorer and Task Manager.
Start Menu and TaskbarSimplify Quick Settings LayoutIf you enable this policy Quick Settings will be reduced to only having the WiFi Bluetooth Accessibility and VPN buttons; the brightness and volume sliders; and battery indicator and link to the Settings app.
SystemHide messages when Windows system requirements are not metThe added Windows 11 22H2 Group Policy controls messages which are shown when Windows is running on a device that does not meet the minimum system requirements for this OS version.
System\KDCConfigure hash algorithms for certificate logonThis policy setting controls hash or checksum algorithms used by the Kerberos client when performing certificate authentication.
System\KerberosConfigure hash algorithms for certificate logonThe added Windows 11 22H2 Group Policy controls hash or checksum algorithms used by the Kerberos client when performing certificate authentication.
System\Local Security AuthorityAllow Custom SSPs and APs to be loaded into LSASSThis policy controls the configuration under which LSASS loads custom SSPs and APs.
System\Local Security AuthorityConfigures LSASS to run as a protected processThe added Windows 11 22H2 Group Policy controls the configuration under which LSASS is run.
Windows Components\Desktop App InstallerEnable App InstallerThis policy controls whether the Windows Package Manager can be used by users.
Windows Components\Desktop App InstallerEnable App Installer Additional SourcesThis policy controls additional sources provided by the enterprise IT administrator.
Windows Components\Desktop App InstallerEnable App Installer Allowed SourcesThe added Windows 11 22H2 Group Policy controls additional sources allowed by the enterprise IT administrator.
Windows Components\Desktop App InstallerEnable App Installer Default SourceThis policy controls the default source included with the Windows Package Manager.
Windows Components\Desktop App InstallerEnable App Installer Experimental FeaturesThe added Windows 11 22H2 Group Policy controls whether users can enable experimental features in the Windows Package Manager.
Windows Components\Desktop App InstallerEnable App Installer Hash OverrideThis policy controls whether or not the Windows Package Manager can be configured to enable the ability override the SHA256 security validation in settings.
Windows Components\Desktop App InstallerEnable App Installer Local Manifest FilesThe added Windows 11 22H2 Group Policy controls whether users can install packages with local manifest files.
Windows Components\Desktop App InstallerEnable App Installer Microsoft Store SourceThis policy controls the Microsoft Store source included with the Windows Package Manager.
Windows Components\Desktop App InstallerEnable App Installer ms-appinstaller protocolThis policy controls whether users can install packages from a website that is using the ms-appinstaller protocol.
Windows Components\Desktop App InstallerEnable App Installer SettingsThe added Windows 11 22H2 Group Policy controls whether users can change their settings.
Windows Components\Desktop App InstallerSet App Installer Source Auto Update Interval In MinutesThis policy controls the auto update interval for package-based sources.
Windows Components\File ExplorerTurn off files from Office.com in Quick access viewTurning off files from Office.com will prevent File Explorer from requesting recent cloud file metadata and displaying it in the Quick access view.
Windows Components\Human PresenceForce Instant DimDetermines whether Attention Based Display Dimming is forced on/off by the MDM policy. The user will not be able to change this setting and the toggle in the UI will be greyed out.
Windows Components\Internet ExplorerDisable HTML ApplicationThe added Windows 11 22H2 Group Policy setting specifies if running the HTML Application (HTA file) is blocked or allowed.
Windows Components\Internet ExplorerEnable global window list in Internet Explorer modeThis setting allows Internet Explorer mode to use the global window list that enables sharing state with other applications. The setting will take effect only when Internet Explorer 11 is disabled as a standalone browser.
Windows Components\Internet ExplorerReset zoom to default for HTML dialogs in Internet Explorer modeThe added Windows 11 22H2 Group Policy setting lets admins reset zoom to default for HTML dialogs in Internet Explorer mode.
Windows Components\Internet Explorer\Security Features\Add-on ManagementTurn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objectsThe added Windows 11 22H2 Group Policy turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects.
Windows Components\Microsoft accountOnly allow device authentication for the Microsoft Account Sign-In AssistantThis setting determines whether to only allow enterprise device authentication for the Microsoft Account Sign-in Assistant service (wlidsvc).
Windows Components\Microsoft Defender AntivirusControl whether or not exclusions are visible to Local Admins.This policy setting controls whether or not exclusions are visible to Local Admins. For end users (that are not Local Admins) exclusions are not visible whether or not this setting is enabled.
Windows Components\Microsoft Defender AntivirusSelect the channel for Microsoft Defender daily security intelligence updatesEnable this policy to specify when devices receive Microsoft Defender security intelligence updates during the daily gradual rollout.
Windows Components\Microsoft Defender AntivirusSelect the channel for Microsoft Defender monthly engine updatesEnable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout.​
Windows Components\Microsoft Defender AntivirusSelect the channel for Microsoft Defender monthly platform updatesEnable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout.​
Windows Components\Microsoft Defender Antivirus\Device ControlDefine Device Control evidence data remote locationThe added Windows 11 22H2 Group Policy Define evidence file remote location where Device Control service will move evidence data captured.
Windows Components\Microsoft Defender Antivirus\Device ControlSelect Device Control Default Enforcement PolicyDefault Allow: Choosing this default enforcement will Allow any operations to occur on the attached devices if no policy rules are found to match.
Windows Components\Microsoft Defender Antivirus\FeaturesDevice ControlEnable or Disable Defender Device Control on this machine. Note: You must be enrolled as E3 or E5 in order for Device Control to be enabled.
Windows Components\Microsoft Defender Antivirus\MpEngineDisable gradual rollout of Microsoft Defender updates. Enable the added Windows 11 22H2 group policy to disable gradual rollout of Defender updates.
Windows Components\Microsoft Defender Antivirus\ReportingConfigure time interval for service health reportsThis policy setting configures the time interval (in minutes) for the service health reports to be sent from endpoints.
Windows Components\Microsoft Defender Antivirus\ScanCPU throttling typeThis policy setting determines whether the maximum percentage CPU utilization permitted during a scan applies only to scheduled scans or to both scheduled and custom scans (but not real-time protection).
Windows Components\Microsoft EdgeSuppress the display of Edge Deprecation NotificationYou can configure Microsoft Edge to suppress the display of the notification that informs users that support of this version of Microsoft Edge ended on March 9th 2021.
Windows Components\Remote Desktop Services\Remote Desktop Connection ClientDisable Cloud Clipboard integration for server-to-client data transferThis policy setting lets you control whether data transferred from the remote session to the client using clipboard redirection is added to the client-side Cloud Clipboard.
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource RedirectionDo not allow WebAuthn redirectionThis policy setting lets you control the redirection of web authentication (WebAuthn) requests from a Remote Desktop session to the local device. This redirection enables users to authenticate to resources inside the Remote Desktop session using their local authenticator (e.g. Windows Hello for Business security key or other).
Windows Components\SearchAllow search highlightsDisabling this setting turns off search highlights in the start menu search box and in search home. Enabling or not configuring this setting turns on search highlights in the start menu search box and in search home.
Windows Components\SearchFully disable Search UIIf you enable this policy the Search UI will be disabled along with all its entry points such as keyboard shortcuts touchpad gestures and type-to-search in the Start menu. The Start menu’s search box and Search Taskbar button will also be hidden.
Windows Components\Sync your settingsDo not sync accessibility settingsPrevent the “accessibility” group from syncing to and from this PC. This turns off and disables the “accessibility” group on the “Windows backup” settings page in PC settings.
Windows Components\Windows Defender SmartScreen\Enhanced Phishing ProtectionNotify MaliciousThis policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they type their work or school password into one of the following malicious scenarios: into a reported phishing site into a Microsoft login URL with an invalid certificate or into an application connecting to either a reported phishing site or a Microsoft login URL with an invalid certificate.
Windows Components\Windows Defender SmartScreen\Enhanced Phishing ProtectionNotify Password ReuseThis policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they reuse their work or school password.
Windows Components\Windows Defender SmartScreen\Enhanced Phishing ProtectionNotify Unsafe AppThis policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen warns your users if they type their work or school passwords in Notepad Winword or M365 Office apps like OneNote Word Excel etc.
Windows Components\Windows Defender SmartScreen\Enhanced Phishing ProtectionService EnabledThis policy setting determines whether Enhanced Phishing Protection in Microsoft Defender SmartScreen is in audit mode or off. Users do not see notifications for any protection scenarios when Enhanced Phishing Protection in Microsoft Defender is in audit mode. Audit mode captures unsafe password entry events and sends telemetry through Microsoft Defender.
Windows Components\Windows Hello for BusinessEnable ESS with Supported PeripheralsEnhanced Sign-in Security isolates Windows Hello biometric (face and fingerprint) template data and matching operations to trusted hardware or specified memory regions meaning the rest of the operating system cannot access or tamper with them.
Start Menu and Taskbar (User)Hide the TaskView buttonThis policy setting allows you to hide the TaskView button. If you enable this policy setting the TaskView button will be hidden and the Settings toggle will be disabled.
Start Menu and Taskbar (User)Remove Quick SettingsThis policy setting removes Quick Settings from the bottom right area on the taskbar. The quick settings area is located at the left of the clock in the taskbar and includes icons for current network and volume.
Start Menu and Taskbar (User)Remove Recommended section from Start MenuThis policy allows you to prevent the Start Menu from displaying a list of recommended applications and files.
Windows Components\Internet Explorer (User)Disable HTML ApplicationThis policy setting specifies if running the HTML Application (HTA file) is blocked or allowed.
Windows Components\Internet Explorer (User)Enable global window list in Internet Explorer modeThis setting allows Internet Explorer mode to use the global window list that enables sharing state with other applications. The setting will take effect only when Internet Explorer 11 is disabled as a standalone browser.
Windows Components\Internet Explorer (User)Reset zoom to default for HTML dialogs in Internet Explorer modeThe added Windows 11 22H2 Group Policy lets admins reset zoom to default for HTML dialogs in Internet Explorer mode.
Windows Components\Internet Explorer\Security Features\Add-on Management (User)Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objectsThe added Windows 11 22H2 Group Policy turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects.
Windows Components\Microsoft Edge (User)Suppress the display of Edge Deprecation NotificationYou can configure Microsoft Edge to suppress the display of the notification that informs users that support of this version of Microsoft Edge ended on March 9th 2021. If enabled the notification will not show.
Table 1 – Windows 11 22H2 Group Policy Settings

Removed Group Policy from Windows 11 22H2

Let’s check the latest list of Group policy removed from Windows 11 22H2. The removed polices are updated in this post.

Group Policy PathGroup Policy NameDescriptions
System\Internet Communication Management\Internet Communication settingsTurn off handwriting personalization data sharingThis setting turns off data sharing from the handwriting recognition personalization tool.
System\Internet Communication Management\Internet Communication settingsTurn off handwriting recognition error reportingTurns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel.
System\Internet Communication Management\Internet Communication settings (User)Turn off handwriting personalization data sharingTurns off data sharing from the handwriting recognition personalization tool. The handwriting recognition personalization tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples.
System\Internet Communication Management\Internet Communication settings (User)Turn off handwriting recognition error reportingTurns off the handwriting recognition error reporting tool. The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel.
Table 2 – Windows 11 22H2 Group Policy Settings Removed

Author

About Author – Jitesh, Microsoft MVP, has over five years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.