question

97249451 avatar image
0 Votes"
97249451 asked 97249451 commented

Prohibition for employees from editing notification settings as they want

Hi,
Is there any way to prohibit domain users from editing notification settings and to fix them by IT department?
Namely, below:
1. Setting > System > Notification & actions > Notications
2. Setting > System > Focus assist
3. Windows Security > Settings > Notifications(> Virus & threat protection notifications)

I am hopefully wondering if we could distribute these notification settings and prohibit users from editing them at their will with group policy or MECM policy.

Mentioning a bit more details, forcing notification settings allowing Windows Defender notifications to show up at lower right on desktop screen is the essence.
In Addition, I figured, in order to do so, at least setting 2 is required to be off and 3 is on.
(If someone knows, is this correct?)

I would appreciate any advice or knowledge about this.
Thank you,

windows-10-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Reza-Ameri avatar image
0 Votes"
Reza-Ameri answered

You may navigate to:

User Configuration -> Administrative Templates -> Start Menu and Taskbar -> Notifications

and

Computer Configuration ->Administrative Templates->Windows Components->Windows Security->Notifications

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

jiayaozhu-MSFT avatar image
0 Votes"
jiayaozhu-MSFT answered 97249451 commented

Hi,

Thanks for posting on our forum!

There are a couple of things I need to check and clarify:
1) If you haven't set any policies for enabling Windows Defender notifications, you should follow @Reza-Ameri to set certain policies.
2) If you have set certain policies on your DC but your local users still can edit notification settings from their local GPO, then don't worry, normally DC's GPO have priority over local GPO. This means regularly, your DC GPO will overlap local group policy, and you users will be prohibited from using GPO to edit notifications.
3) if you manage your notifications from Windows Security>Settings, I need to check whether your policy works simultaneously with your settings from Windows security.

Thanks for your support!

BR,
Joan


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for trying to give me useful knowledge and thoughts about this problem.
Just Let me clarify that I know least three policies you should set on DC's GPO and distribute to clients as I pointed out above in my very first question.
And that I found out that with those policies applied with GPO, an user still can edit their settings via Windows Security and Settings.

Now please let me dig this problem from a different viewpoint and question if any of you have ideas how not to allow users to edit those notification settings by their own? (for example; user cannot edit those settings because they are invisible on Settings or Windows Security)

0 Votes 0 ·

Hi,

Thanks for your reply!

After my research, if you want to hide "edit" option from your clients' consoles, I may suggest you to create a custom script. Basically, GPO is used to assign permissions to guest servers or to manage the servers' operation, but it cannot change the features built-in the guest servers. In your case, for instance, your DC GPO will overlap local group policy, and you users will be prohibited from using GPO to edit notifications; however, you cannot change the settings already existing in the guest servers. In this sense, you can go to Github.com to look for any suitable custom scripts to achieve your goal.

Thanks for your support and understanding! Besides, if you think my work is a little bit of help, would you please help me Accept Answer. An accepted blog can be put on top of our forum, so that people who have a similar issue can get access to their solution more quickly.

BR,
Joan

0 Votes 0 ·

Hi,
Thank you for giving me more of useful information that said that creating a custom script in Github could help me achieve my goal.
I am afraid that I am not familiar about using Github.
If possible could you guide me how to find a custom script which might be a solution to my goal, please?

BR,
Masa

0 Votes 0 ·