| title | description | ms.date |
|---|---|---|
AttachmentManager Policy CSP |
Learn more about the AttachmentManager Area in Policy CSP. |
11/26/2024 |
[!INCLUDE ADMX-backed CSP tip]
| Scope | Editions | Applicable OS |
|---|---|---|
| ❌ Device ✅ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1703 [10.0.15063] and later |
./User/Vendor/MSFT/Policy/Config/AttachmentManager/DoNotPreserveZoneInformation
This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information, Windows can't make proper risk assessments.
-
If you enable this policy setting, Windows doesn't mark file attachments with their zone information.
-
If you disable this policy setting, Windows marks file attachments with their zone information.
-
If you don't configure this policy setting, Windows marks file attachments with their zone information.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
[!INCLUDE ADMX-backed policy note]
ADMX mapping:
| Name | Value |
|---|---|
| Name | AM_MarkZoneOnSavedAtttachments |
| Friendly Name | Do not preserve zone information in file attachments |
| Location | User Configuration |
| Path | Windows Components > Attachment Manager |
| Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\Attachments |
| Registry Value Name | SaveZoneInformation |
| ADMX File Name | AttachmentManager.admx |
| Scope | Editions | Applicable OS |
|---|---|---|
| ❌ Device ✅ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1703 [10.0.15063] and later |
./User/Vendor/MSFT/Policy/Config/AttachmentManager/HideZoneInfoMechanism
This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening.
-
If you enable this policy setting, Windows hides the check box and Unblock button.
-
If you disable this policy setting, Windows shows the check box and Unblock button.
-
If you don't configure this policy setting, Windows hides the check box and Unblock button.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
[!INCLUDE ADMX-backed policy note]
ADMX mapping:
| Name | Value |
|---|---|
| Name | AM_RemoveZoneInfo |
| Friendly Name | Hide mechanisms to remove zone information |
| Location | User Configuration |
| Path | Windows Components > Attachment Manager |
| Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\Attachments |
| Registry Value Name | HideZoneInfoOnProperties |
| ADMX File Name | AttachmentManager.admx |
| Scope | Editions | Applicable OS |
|---|---|---|
| ❌ Device ✅ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 1703 [10.0.15063] and later |
./User/Vendor/MSFT/Policy/Config/AttachmentManager/NotifyAntivirusPrograms
This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they'll all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer's email server, additional calls would be redundant.
-
If you enable this policy setting, Windows tells the registered antivirus program to scan the file when a user opens a file attachment. If the antivirus program fails, the attachment is blocked from being opened.
-
If you disable this policy setting, Windows doesn't call the registered antivirus programs when file attachments are opened.
-
If you don't configure this policy setting, Windows doesn't call the registered antivirus programs when file attachments are opened.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
[!INCLUDE ADMX-backed policy note]
ADMX mapping:
| Name | Value |
|---|---|
| Name | AM_CallIOfficeAntiVirus |
| Friendly Name | Notify antivirus programs when opening attachments |
| Location | User Configuration |
| Path | Windows Components > Attachment Manager |
| Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\Attachments |
| Registry Value Name | ScanWithAntiVirus |
| ADMX File Name | AttachmentManager.admx |