Policy CSP - ADMX_MSS-legacy

Article
2025-03-12

Tip

This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see Understanding ADMX-backed policies.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

Pol_MSS_AutoAdminLogon

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later

./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_AutoAdminLogon

Enable Automatic Logon (not recommended).

Description framework properties:

Property name	Property value
Format	`chr` (string)
Access Type	Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name	Value
Name	Pol_MSS_AutoAdminLogon
ADMX File Name	MSS-legacy.admx

Pol_MSS_AutoReboot

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later

./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_AutoReboot

Allow Windows to automatically restart after a system crash (recommended except for highly secure environments).

Description framework properties:

Property name	Property value
Format	`chr` (string)
Access Type	Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name	Value
Name	Pol_MSS_AutoReboot
ADMX File Name	MSS-legacy.admx

Pol_MSS_AutoShareServer

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later

./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_AutoShareServer

Enable administrative shares on servers (recommended except for highly secure environments).

Description framework properties:

Property name	Property value
Format	`chr` (string)
Access Type	Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name	Value
Name	Pol_MSS_AutoShareServer
ADMX File Name	MSS-legacy.admx

Pol_MSS_AutoShareWks

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later

./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_AutoShareWks

Enable administrative shares on workstations (recommended except for highly secure environments).

Description framework properties:

Property name	Property value
Format	`chr` (string)
Access Type	Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name	Value
Name	Pol_MSS_AutoShareWks
ADMX File Name	MSS-legacy.admx

Pol_MSS_DisableSavePassword

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later

./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_DisableSavePassword

Description framework properties:

Property name	Property value
Format	`chr` (string)
Access Type	Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name	Value
Name	Pol_MSS_DisableSavePassword
ADMX File Name	MSS-legacy.admx

Prevent the dial-up password from being saved (recommended).

Pol_MSS_EnableDeadGWDetect

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later

./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_EnableDeadGWDetect

Allow automatic detection of dead network gateways (could lead to DoS).

Description framework properties:

Property name	Property value
Format	`chr` (string)
Access Type	Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name	Value
Name	Pol_MSS_EnableDeadGWDetect
ADMX File Name	MSS-legacy.admx

Pol_MSS_HideFromBrowseList

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later

./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_HideFromBrowseList

Hide Computer From the Browse List (not recommended except for highly secure environments).

Description framework properties:

Property name	Property value
Format	`chr` (string)
Access Type	Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name	Value
Name	Pol_MSS_HideFromBrowseList
ADMX File Name	MSS-legacy.admx

Pol_MSS_KeepAliveTime

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later

./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_KeepAliveTime

Define how often keep-alive packets are sent in milliseconds.

Description framework properties:

Property name	Property value
Format	`chr` (string)
Access Type	Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name	Value
Name	Pol_MSS_KeepAliveTime
ADMX File Name	MSS-legacy.admx

Pol_MSS_NoDefaultExempt

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later

./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_NoDefaultExempt

Configure IPSec exemptions for various types of network traffic.

Description framework properties:

Property name	Property value
Format	`chr` (string)
Access Type	Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name	Value
Name	Pol_MSS_NoDefaultExempt
ADMX File Name	MSS-legacy.admx

Pol_MSS_NtfsDisable8dot3NameCreation

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later

./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_NtfsDisable8dot3NameCreation

Enable the computer to stop generating 8.3 style filenames.

Description framework properties:

Property name	Property value
Format	`chr` (string)
Access Type	Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name	Value
Name	Pol_MSS_NtfsDisable8dot3NameCreation
ADMX File Name	MSS-legacy.admx

Pol_MSS_PerformRouterDiscovery

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later

./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_PerformRouterDiscovery

Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS).

Description framework properties:

Property name	Property value
Format	`chr` (string)
Access Type	Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name	Value
Name	Pol_MSS_PerformRouterDiscovery
ADMX File Name	MSS-legacy.admx

Pol_MSS_SafeDllSearchMode

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later

./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_SafeDllSearchMode

Enable Safe DLL search mode (recommended).

Description framework properties:

Property name	Property value
Format	`chr` (string)
Access Type	Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name	Value
Name	Pol_MSS_SafeDllSearchMode
ADMX File Name	MSS-legacy.admx

Pol_MSS_ScreenSaverGracePeriod

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later

./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_ScreenSaverGracePeriod

he time in seconds before the screen saver grace period expires (0 recommended).

Description framework properties:

Property name	Property value
Format	`chr` (string)
Access Type	Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name	Value
Name	Pol_MSS_ScreenSaverGracePeriod
ADMX File Name	MSS-legacy.admx

Pol_MSS_SynAttackProtect

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later

./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_SynAttackProtect

Syn attack protection level (protects against DoS).

Description framework properties:

Property name	Property value
Format	`chr` (string)
Access Type	Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name	Value
Name	Pol_MSS_SynAttackProtect
ADMX File Name	MSS-legacy.admx

Pol_MSS_TcpMaxConnectResponseRetransmissions

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later

./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_TcpMaxConnectResponseRetransmissions

SYN-ACK retransmissions when a connection request is not acknowledged.

Description framework properties:

Property name	Property value
Format	`chr` (string)
Access Type	Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name	Value
Name	Pol_MSS_TcpMaxConnectResponseRetransmissions
ADMX File Name	MSS-legacy.admx

Pol_MSS_TcpMaxDataRetransmissions

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later

./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_TcpMaxDataRetransmissions

Define how many times unacknowledged data is retransmitted (3 recommended, 5 is default).

Description framework properties:

Property name	Property value
Format	`chr` (string)
Access Type	Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name	Value
Name	Pol_MSS_TcpMaxDataRetransmissions
ADMX File Name	MSS-legacy.admx

Pol_MSS_TcpMaxDataRetransmissionsIPv6

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later

./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_TcpMaxDataRetransmissionsIPv6

Define how many times unacknowledged data is retransmitted (3 recommended, 5 is default).

Description framework properties:

Property name	Property value
Format	`chr` (string)
Access Type	Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name	Value
Name	Pol_MSS_TcpMaxDataRetransmissionsIPv6
ADMX File Name	MSS-legacy.admx

Pol_MSS_WarningLevel

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later

./Device/Vendor/MSFT/Policy/Config/ADMX_MSS-legacy/Pol_MSS_WarningLevel

Percentage threshold for the security event log at which the system will generate a warning.

Description framework properties:

Property name	Property value
Format	`chr` (string)
Access Type	Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name	Value
Name	Pol_MSS_WarningLevel
ADMX File Name	MSS-legacy.admx

Policy configuration service provider

Share via

Policy CSP - ADMX_MSS-legacy

Pol_MSS_AutoAdminLogon

Pol_MSS_AutoReboot

Pol_MSS_AutoShareServer

Pol_MSS_AutoShareWks

Pol_MSS_DisableSavePassword

Pol_MSS_EnableDeadGWDetect

Pol_MSS_HideFromBrowseList

Pol_MSS_KeepAliveTime

Pol_MSS_NoDefaultExempt

Pol_MSS_NtfsDisable8dot3NameCreation

Pol_MSS_PerformRouterDiscovery

Pol_MSS_SafeDllSearchMode

Pol_MSS_ScreenSaverGracePeriod

Pol_MSS_SynAttackProtect

Pol_MSS_TcpMaxConnectResponseRetransmissions

Pol_MSS_TcpMaxDataRetransmissions

Pol_MSS_TcpMaxDataRetransmissionsIPv6

Pol_MSS_WarningLevel

Related articles

Feedback

Additional resources