Forum Discussion
Custom Policy CSP for NCSC Guidance for Windows 10
Hi Andrew,
you need to specify the list elements slightly different. Every list element must be specified as a tuple with the official separator and then it is working. e.g. instead of PCI\CC_0C0A you must specify PCI\CC_0C0APCI\CC_0C0A. In addition the retroactive values must be true or false.
./Vendor/MSFT/Policy/Config/DeviceInstallation/PreventInstallationOfMatchingDeviceIDs
<enabled/>
<data id="DeviceInstall_IDs_Deny_List" value="PCI\CC_0C0APCI\CC_0C0A"/>
<data id="DeviceInstall_IDs_Deny_Retroactive" value="true"/>
./Vendor/MSFT/Policy/Config/DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses
<enabled/>
<data id="DeviceInstall_Classes_Deny_List" value="
{d48179be-ec20-11d1-b6b8-00c04fa372a7}{d48179be-ec20-11d1-b6b8-00c04fa372a7}{7ebefbc0-3200-11d2-b4c2-00a0C9697d07}{7ebefbc0-3200-11d2-b4c2-00a0C9697d07}{c06ff265-ae09-48f0-812c-16753d7cba83}{c06ff265-ae09-48f0-812c-16753d7cba83}{6bdd1fc1-810f-11d0-bec7-08002be2092f}{6bdd1fc1-810f-11d0-bec7-08002be2092f}"/><data id="DeviceInstall_Classes_Deny_Retroactive" value="true"/>this applies successfully on my devices.best,
Oliver
Hi Oliver,
One last question, as I'm following also the NCSC Guidance.
How did you configured the autoplay settings with MDM? I'm assuming that those are String (XML).
All the NCSC guide, set String XML for almost all the policies (even the previous one)
Hi,
it's a bit misleading they write String (XML) but they mean data type string and use the XML string as value. Later in the guide they write String (XML file) and there they really mean String (XML file). Treat all String (XML) entries as data type String.
Your TrunOffAutoPlay example:
./User/Vendor/MSFT/Policy/Config/Autoplay/TurnOffAutoPlay
String:
<enabled/><data id="Autorun_Box" value="255">
best,
Oliver
Thanks again,
very helpful comment! ;)