IT tools to support Windows 10, version 22H2

There are four new group policies in Windows 10 22H2:

1. This policy setting specifies if running the HTML Application (HTA file) is blocked or allowed. If you enable this policy setting, running the HTML Application (HTA file) will be blocked. If you disable or do not configure this policy setting, running the HTML Application (HTA file) is allowed.

2. This policy setting specifies if running the HTML Application (HTA file) is blocked or allowed. If you enable this policy setting, running the HTML Application (HTA file) will be blocked. If you disable or do not configure this policy setting, running the HTML Application (HTA file) is allowed.

3. Determines whether Redirection Guard is enabled for the print spooler. You can enable this setting to configure the Redirection Guard policy being applied to spooler. If you disable or do not configure this policy setting, Redirection Guard will default to being 'enabled'. If you enable this setting you may select the following options: -- Enabled : Redirection Guard will prevent any file redirections from being followed -- Disabed : Redirection Guard will not be enabled and file redirections may be used within the spooler process -- Audit : Redirection Guard will log events as though it were enabled but will not actually prevent file redirections from being used within the spooler.

4. This policy setting lets you control the redirection of web authentication (WebAuthn) requests from a Remote Desktop session to the local device. This redirection enables users to authenticate to resources inside the Remote Desktop session using their local authenticator (e.g., Windows Hello for Business, security key, or other). By default, Remote Desktop allows redirection of WebAuthn requests. If you enable this policy setting, users can't use their local authenticator inside the Remote Desktop session. If you disable or do not configure this policy setting, users can use local authenticators inside the Remote Desktop session.

5. This policy setting controls whether or not exclusions are visible to Local Admins. For end users (that are not Local Admins) exclusions are not visible, whether or not this setting is enabled. Disabled(Default): If you disable or do not configure this setting, Local Admins will be able to see exclusions in the Windows Security App or via PowerShell. Enabled: If you enable this setting, Local Admins will no longer be able to see the exclusion list in Windows Security App or via PowerShell. Note: Applying this setting will not remove exclusions, it will only prevent them from being visible to Local Admins. This is reflected in Get-MpPreference.

6. This policy setting determines whether users can get preview builds of Windows, by configuring controls in Settings > Update and security > Windows Insider Program. If you enable or do not configure this policy setting, users can download and install preview builds of Windows by configuring Windows Insider Program settings. If you disable this policy setting, Windows Insider Program settings will be unavailable to users through the Settings app. This policy is only supported up to Windows 10, Version 1703. Please use 'Manage preview builds' under 'Windows Update for Business' for newer Windows 10 versions.