From 006322ffd1bc6cf3eae3cbc5e55ce7723771f717 Mon Sep 17 00:00:00 2001 From: Didier Roche Date: Wed, 15 Nov 2023 15:37:58 +0100 Subject: [PATCH 1/7] Rename policy generation workflow As this is going to do more than just admx and adml generation, but docs too. --- .github/workflows/adm-builds-fail.md | 5 ----- .github/workflows/policy-builds-fail.md | 5 +++++ .../{adm-builds.yaml => policy-builds.yaml} | 14 +++++++------- 3 files changed, 12 insertions(+), 12 deletions(-) delete mode 100644 .github/workflows/adm-builds-fail.md create mode 100644 .github/workflows/policy-builds-fail.md rename .github/workflows/{adm-builds.yaml => policy-builds.yaml} (95%) diff --git a/.github/workflows/adm-builds-fail.md b/.github/workflows/adm-builds-fail.md deleted file mode 100644 index c47312142..000000000 --- a/.github/workflows/adm-builds-fail.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: ADMX/L build failed -labels: bug, jira ---- -Failed to build ADMX/L files for adsys. Please take a look at the run output in {{ env.RUN_URL }}. diff --git a/.github/workflows/policy-builds-fail.md b/.github/workflows/policy-builds-fail.md new file mode 100644 index 000000000..badfd0bd6 --- /dev/null +++ b/.github/workflows/policy-builds-fail.md @@ -0,0 +1,5 @@ +--- +title: Update supported policies to ADMX/L and docs failed +labels: bug, jira +--- +Failed to update ADMX/L and docs files for ADSys. Please take a look at the run output in {{ env.RUN_URL }}. diff --git a/.github/workflows/adm-builds.yaml b/.github/workflows/policy-builds.yaml similarity index 95% rename from .github/workflows/adm-builds.yaml rename to .github/workflows/policy-builds.yaml index 95dc7c007..4adcb0c20 100644 --- a/.github/workflows/adm-builds.yaml +++ b/.github/workflows/policy-builds.yaml @@ -1,4 +1,4 @@ -name: Update admx and adml templates +name: Update supported policies to ADMX/L and docs on: push: branches: @@ -6,7 +6,7 @@ on: paths: - 'cmd/admxgen/**' - 'internal/ad/admxgen/**' - - '.github/workflows/adm-builds.yaml' + - '.github/workflows/policy-builds.yaml' schedule: - cron: '42 0 * * *' @@ -163,8 +163,8 @@ jobs: path: Ubuntu.adm* if-no-files-found: error - integrate-ad: - name: Integrate AD in current git tree + integrate: + name: Integrate policy changes in current git tree runs-on: ubuntu-latest needs: generate-ad steps: @@ -192,7 +192,7 @@ jobs: commit-message: Refresh policy definition files title: Refresh policy definition files labels: policies, automated pr - body: "[Auto-generated pull request](https://github.com/ubuntu/adsys/actions/workflows/adm-builds.yaml) by GitHub Action" + body: "[Auto-generated pull request](https://github.com/ubuntu/adsys/actions/workflows/policy-builds.yaml) by GitHub Action" branch: auto-update-policydefinitions-${{ steps.get-branch-name.outputs.branch }} token: ${{ secrets.GITHUB_TOKEN }} delete-branch: true @@ -200,7 +200,7 @@ jobs: open-issue-on-fail: name: Open issue on failure runs-on: ubuntu-latest - needs: integrate-ad + needs: integrate if: ${{ failure() }} steps: - uses: actions/checkout@v4 @@ -210,6 +210,6 @@ jobs: RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - filename: .github/workflows/adm-builds-fail.md + filename: .github/workflows/policy-builds-fail.md search_existing: open update_existing: true From 2cbc0e581021d99d43f1018bf8b847f7fa6b69ff Mon Sep 17 00:00:00 2001 From: Didier Roche Date: Wed, 15 Nov 2023 15:48:34 +0100 Subject: [PATCH 2/7] Add reference policies bootstrap in documentation This will be used when generating the documentation later on, as container directories. --- docs/reference/index.md | 10 ++++++++++ docs/reference/policies/index.md | 10 ++++++++++ 2 files changed, 20 insertions(+) create mode 100644 docs/reference/policies/index.md diff --git a/docs/reference/index.md b/docs/reference/index.md index 96069b536..86b2d881b 100644 --- a/docs/reference/index.md +++ b/docs/reference/index.md @@ -30,6 +30,16 @@ adsysd adwatchd ``` +```{grid-item} +## Supported policies + +```{toctree} +:titlesonly: +:maxdepth: 2 + +policies/index +``` + ```` ## Supported releases diff --git a/docs/reference/policies/index.md b/docs/reference/policies/index.md new file mode 100644 index 000000000..0f6fab335 --- /dev/null +++ b/docs/reference/policies/index.md @@ -0,0 +1,10 @@ +# Policies reference list + +Here is the list of each supported policies by ADSys. The categories and elements are under the same hierarchy you will find on your Active Directory controller. + +```{toctree} +:titlesonly: +:maxdepth: 99 +Computer Policies/index +User Policies/index +``` From fb34abe13074fce7cd032e7fc0680a2b8a3729cf Mon Sep 17 00:00:00 2001 From: Didier Roche Date: Wed, 15 Nov 2023 16:02:33 +0100 Subject: [PATCH 3/7] CI to generate documentation from supported policies Hook up in parallel to adm* generation, documentation generations under docs/ --- .github/workflows/policy-builds.yaml | 50 ++++++++++++++++++++++++++-- 1 file changed, 47 insertions(+), 3 deletions(-) diff --git a/.github/workflows/policy-builds.yaml b/.github/workflows/policy-builds.yaml index 4adcb0c20..f61632f11 100644 --- a/.github/workflows/policy-builds.yaml +++ b/.github/workflows/policy-builds.yaml @@ -163,10 +163,49 @@ jobs: path: Ubuntu.adm* if-no-files-found: error + generate-doc: + name: Merge keys to generated documentation + runs-on: ubuntu-latest + needs: collect-releases + steps: + - name: Install needed binaries + run: | + sudo apt-get update + sudo DEBIAN_FRONTEND=noninteractive apt-get install -y distro-info + - name: Download all available artifacts + uses: actions/download-artifact@v3 + with: + path: artifacts + - name: Display structure of downloaded files + run: | + set -eu + + target=$(ubuntu-distro-info -r --supported | cut -d" " -f1) + mkdir wanted/ + for f in $(find artifacts/policies-*/ -type f); do + for wanted in ${target}; do + if [ $(basename $f) != ${wanted}.yaml ]; then + continue + fi + cp $f wanted/ + done + done + chmod +x artifacts/admxgen/admxgen + artifacts/admxgen/admxgen doc artifacts/admxgen/cmd/admxgen/defs/categories.yaml wanted/ generated-docs/ + ls -R + - name: Upload adm template files + uses: actions/upload-artifact@v3 + with: + name: generated-docs + path: generated-docs/* + if-no-files-found: error + integrate: name: Integrate policy changes in current git tree runs-on: ubuntu-latest - needs: generate-ad + needs: + - generate-ad + - generate-doc steps: - uses: actions/checkout@v4 - name: Download adm template files for "all" @@ -179,9 +218,14 @@ jobs: with: name: adm-LTS path: policies/Ubuntu/lts-only - - name: Copy admx and adml to git + - name: Download generated documentation + uses: actions/download-artifact@v3 + with: + name: generated-docs + path: docs/reference/policies/ + - name: Add generated files to git run: | - git add policies/ + git add policies/ docs/reference/policies/ - name: Get output branch for branch name id: get-branch-name shell: bash From 60d9097256f5554ae74264fc6dd7514862e0dbe5 Mon Sep 17 00:00:00 2001 From: didrocks Date: Thu, 16 Nov 2023 09:17:25 +0000 Subject: [PATCH 4/7] Refresh policy definition files --- .../Computer Scripts/shutdown.md | 30 ++++++++++++ .../Computer Scripts/startup.md | 30 ++++++++++++ .../Power Management/ambient-enabled.md | 22 +++++++++ .../Power Management/idle-brightness.md | 22 +++++++++ .../Power Management/idle-dim.md | 22 +++++++++ .../Power Management/lid-close-ac-action.md | 31 ++++++++++++ .../lid-close-battery-action.md | 31 ++++++++++++ ...lid-close-suspend-with-external-monitor.md | 22 +++++++++ .../Power Management/power-button-action.md | 28 +++++++++++ .../power-saver-profile-on-low-battery.md | 22 +++++++++ .../sleep-inactive-ac-timeout.md | 22 +++++++++ .../sleep-inactive-ac-type.md | 31 ++++++++++++ .../sleep-inactive-battery-timeout.md | 25 ++++++++++ .../sleep-inactive-battery-type.md | 31 ++++++++++++ .../allow-local-admins.md | 25 ++++++++++ .../Privilege Authorization/client-admins.md | 26 ++++++++++ .../System Drive Mapping/system-mounts.md | 46 +++++++++++++++++ .../System proxy configuration/auto.md | 30 ++++++++++++ .../System proxy configuration/ftp.md | 32 ++++++++++++ .../System proxy configuration/http.md | 32 ++++++++++++ .../System proxy configuration/https.md | 32 ++++++++++++ .../System proxy configuration/no-proxy.md | 32 ++++++++++++ .../System proxy configuration/socks.md | 32 ++++++++++++ .../apparmor-machine.md | 32 ++++++++++++ .../Authentication/allowed-failures.md | 22 +++++++++ .../enable-fingerprint-authentication.md | 22 +++++++++ .../enable-password-authentication.md | 22 +++++++++ .../enable-smartcard-authentication.md | 22 +++++++++ .../Interface/background-color.md | 22 +++++++++ .../Interface/background-picture-uri.md | 22 +++++++++ .../Interface/background-repeat.md | 31 ++++++++++++ .../Login Screen/Interface/background-size.md | 28 +++++++++++ .../Interface/banner-message-enable.md | 22 +++++++++ .../Interface/banner-message-text.md | 22 +++++++++ .../Login Screen/Interface/clock-format.md | 26 ++++++++++ .../Login Screen/Interface/clock-show-date.md | 22 +++++++++ .../Interface/clock-show-weekday.md | 22 +++++++++ .../Ubuntu/Login Screen/Interface/logo.md | 22 +++++++++ .../Login Screen/disable-restart-buttons.md | 22 +++++++++ .../Ubuntu/Login Screen/disable-user-list.md | 22 +++++++++ .../Ubuntu/Login Screen/show-banners.md | 22 +++++++++ .../Login Screen/show-in-lock-screen.md | 22 +++++++++ .../Login Screen/toolkit-accessibility.md | 22 +++++++++ .../Accessibility/screen-keyboard-enabled.md | 22 +++++++++ .../Accessibility/screen-magnifier-enabled.md | 22 +++++++++ .../Accessibility/screen-reader-enabled.md | 22 +++++++++ .../Accessibility/toolkit-accessibility.md | 22 +++++++++ .../Desktop/Background/picture-options.md | 31 ++++++++++++ .../Desktop/Background/picture-uri-dark.md | 24 +++++++++ .../Ubuntu/Desktop/Background/picture-uri.md | 22 +++++++++ .../Keyboard shortcuts/control-center.md | 22 +++++++++ .../Desktop/Keyboard shortcuts/overlay-key.md | 22 +++++++++ .../Keyboard shortcuts/panel-main-menu.md | 20 ++++++++ .../Desktop/Keyboard shortcuts/terminal.md | 22 +++++++++ .../toggle-application-view.md | 22 +++++++++ .../Keyboard shortcuts/toggle-overview.md | 25 ++++++++++ .../Screensaver/disable-lock-screen.md | 22 +++++++++ .../Desktop/Screensaver/picture-options.md | 31 ++++++++++++ .../Ubuntu/Desktop/Screensaver/picture-uri.md | 22 +++++++++ .../Screensaver/show-in-lock-screen.md | 22 +++++++++ .../Desktop/Shell/Clock/clock-format.md | 26 ++++++++++ .../Desktop/Shell/Clock/clock-show-date.md | 22 +++++++++ .../Desktop/Shell/Clock/clock-show-weekday.md | 22 +++++++++ .../Shell/LockDown/disable-command-line.md | 22 +++++++++ .../Desktop/Shell/LockDown/disable-log-out.md | 22 +++++++++ .../Shell/LockDown/disable-print-setup.md | 22 +++++++++ .../Shell/LockDown/disable-printing.md | 22 +++++++++ .../Shell/LockDown/disable-save-to-disk.md | 22 +++++++++ .../Shell/LockDown/disable-user-switching.md | 22 +++++++++ .../LockDown/user-administration-disabled.md | 22 +++++++++ .../Shell/Notifications/show-banners.md | 22 +++++++++ .../Ubuntu/Desktop/Shell/favorite-apps.md | 25 ++++++++++ .../Desktop/Shell/show-desktop-icons.md | 22 +++++++++ .../Desktop/Shell/show-show-apps-button.md | 22 +++++++++ .../Ubuntu/Peripherals/automount.md | 22 +++++++++ .../User Drive Mapping/user-mounts.md | 46 +++++++++++++++++ .../Session management/User Scripts/logoff.md | 30 ++++++++++++ .../Session management/User Scripts/logon.md | 30 ++++++++++++ .../apparmor-users.md | 49 +++++++++++++++++++ 79 files changed, 2012 insertions(+) create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/Computer Scripts/shutdown.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/Computer Scripts/startup.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/ambient-enabled.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/idle-brightness.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/idle-dim.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/lid-close-ac-action.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/lid-close-battery-action.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/lid-close-suspend-with-external-monitor.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/power-button-action.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/power-saver-profile-on-low-battery.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/sleep-inactive-ac-timeout.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/sleep-inactive-ac-type.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/sleep-inactive-battery-timeout.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/sleep-inactive-battery-type.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/Privilege Authorization/allow-local-admins.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/Privilege Authorization/client-admins.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/System Drive Mapping/system-mounts.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/auto.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/ftp.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/http.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/https.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/no-proxy.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/socks.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Client management/System-wide application confinement/apparmor-machine.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Authentication/allowed-failures.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Authentication/enable-fingerprint-authentication.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Authentication/enable-password-authentication.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Authentication/enable-smartcard-authentication.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/background-color.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/background-picture-uri.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/background-repeat.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/background-size.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/banner-message-enable.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/banner-message-text.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/clock-format.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/clock-show-date.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/clock-show-weekday.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/logo.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Login Screen/disable-restart-buttons.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Login Screen/disable-user-list.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Login Screen/show-banners.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Login Screen/show-in-lock-screen.md create mode 100644 docs/reference/policies/Computer Policies/Ubuntu/Login Screen/toolkit-accessibility.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Accessibility/screen-keyboard-enabled.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Accessibility/screen-magnifier-enabled.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Accessibility/screen-reader-enabled.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Accessibility/toolkit-accessibility.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Background/picture-options.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Background/picture-uri-dark.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Background/picture-uri.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/control-center.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/overlay-key.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/panel-main-menu.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/terminal.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/toggle-application-view.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/toggle-overview.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Screensaver/disable-lock-screen.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Screensaver/picture-options.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Screensaver/picture-uri.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Screensaver/show-in-lock-screen.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/Clock/clock-format.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/Clock/clock-show-date.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/Clock/clock-show-weekday.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-command-line.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-log-out.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-print-setup.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-printing.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-save-to-disk.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-user-switching.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/user-administration-disabled.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/Notifications/show-banners.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/favorite-apps.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/show-desktop-icons.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/show-show-apps-button.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Peripherals/automount.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Session management/User Drive Mapping/user-mounts.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Session management/User Scripts/logoff.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Session management/User Scripts/logon.md create mode 100644 docs/reference/policies/User Policies/Ubuntu/Session management/User application confinement/apparmor-users.md diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/Computer Scripts/shutdown.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Computer Scripts/shutdown.md new file mode 100644 index 000000000..5c0db48e0 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Computer Scripts/shutdown.md @@ -0,0 +1,30 @@ +# Shutdown scripts + +Define scripts that are executed on machine poweroff. +Those scripts are ordered, one by line, and relative to SYSVOL/ubuntu/scripts/ directory. +Scripts from this GPO will be appended to the list of scripts referenced higher in the GPO hierarchy. + + +- Type: scripts +- Key: /shutdown + +Note: - + * Enabled: The scripts in the text entry are executed at shutdown time. + * Disabled: The scripts will be skipped. + The set of scripts are per boot, and refreshed only on new boot of the machine. + + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +An Ubuntu Pro subscription on the client is required to apply this policy. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> Computer Scripts -> Shutdown scripts | +| Registry Key | Software\Policies\Ubuntu\scripts\shutdown | +| Element type | multiText | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/Computer Scripts/startup.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Computer Scripts/startup.md new file mode 100644 index 000000000..c97131b42 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Computer Scripts/startup.md @@ -0,0 +1,30 @@ +# Startup scripts + +Define scripts that are executed on machine boot, once the GPO is downloaded. +Those scripts are ordered, one by line, and relative to SYSVOL/ubuntu/scripts/ directory. +Scripts from this GPO will be appended to the list of scripts referenced higher in the GPO hierarchy. + + +- Type: scripts +- Key: /startup + +Note: - + * Enabled: The scripts in the text entry are executed at startup time. + * Disabled: The scripts will be skipped. + The set of scripts are per boot, and refreshed only on new boot of the machine. + + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +An Ubuntu Pro subscription on the client is required to apply this policy. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> Computer Scripts -> Startup scripts | +| Registry Key | Software\Policies\Ubuntu\scripts\startup | +| Element type | multiText | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/ambient-enabled.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/ambient-enabled.md new file mode 100644 index 000000000..3667f61c3 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/ambient-enabled.md @@ -0,0 +1,22 @@ +# Enable the ALS sensor + +If the ambient light sensor functionality is enabled. + +- Type: dconf +- Key: /org/gnome/settings-daemon/plugins/power/ambient-enabled +- Default: true + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> Power Management -> Enable the ALS sensor | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\settings-daemon\plugins\power\ambient-enabled | +| Element type | boolean | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/idle-brightness.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/idle-brightness.md new file mode 100644 index 000000000..1589cdcdf --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/idle-brightness.md @@ -0,0 +1,22 @@ +# The brightness of the screen when idle + +This is the laptop panel screen brightness used when the session is idle. + +- Type: dconf +- Key: /org/gnome/settings-daemon/plugins/power/idle-brightness +- Default: 30 + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> Power Management -> The brightness of the screen when idle | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\settings-daemon\plugins\power\idle-brightness | +| Element type | decimal | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/idle-dim.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/idle-dim.md new file mode 100644 index 000000000..b9118abd2 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/idle-dim.md @@ -0,0 +1,22 @@ +# Dim the screen after a period of inactivity + +If the screen should be dimmed to save power when the computer is idle. + +- Type: dconf +- Key: /org/gnome/settings-daemon/plugins/power/idle-dim +- Default: true + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> Power Management -> Dim the screen after a period of inactivity | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\settings-daemon\plugins\power\idle-dim | +| Element type | boolean | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/lid-close-ac-action.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/lid-close-ac-action.md new file mode 100644 index 000000000..a381253c2 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/lid-close-ac-action.md @@ -0,0 +1,31 @@ +# Laptop lid close action when on AC + +The action to take when the laptop lid is closed and the laptop is on AC power. + +- Type: dconf +- Key: /org/gnome/settings-daemon/plugins/power/lid-close-ac-action +- Default: 'suspend' + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +**Valid values** + +* blank +* suspend +* shutdown +* hibernate +* interactive +* nothing +* logout + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> Power Management -> Laptop lid close action when on AC | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\settings-daemon\plugins\power\lid-close-ac-action | +| Element type | dropdownList | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/lid-close-battery-action.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/lid-close-battery-action.md new file mode 100644 index 000000000..30a566e45 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/lid-close-battery-action.md @@ -0,0 +1,31 @@ +# Laptop lid close action on battery + +The action to take when the laptop lid is closed and the laptop is on battery power. + +- Type: dconf +- Key: /org/gnome/settings-daemon/plugins/power/lid-close-battery-action +- Default: 'suspend' + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +**Valid values** + +* blank +* suspend +* shutdown +* hibernate +* interactive +* nothing +* logout + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> Power Management -> Laptop lid close action on battery | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\settings-daemon\plugins\power\lid-close-battery-action | +| Element type | dropdownList | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/lid-close-suspend-with-external-monitor.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/lid-close-suspend-with-external-monitor.md new file mode 100644 index 000000000..43189b8d6 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/lid-close-suspend-with-external-monitor.md @@ -0,0 +1,22 @@ +# Laptop lid, when closed, will suspend even if there is an external monitor plugged in + +With no external monitors plugged in, closing a laptop's lid will suspend the machine (as set by the lid-close-battery-action and lid-close-ac-action keys). By default, however, closing the lid when an external monitor is present will not suspend the machine, so that one can keep working on that monitor (e.g. for docking stations or media viewers). Set this key to False to keep the default behavior, or to True to suspend the laptop whenever the lid is closed and regardless of external monitors. + +- Type: dconf +- Key: /org/gnome/settings-daemon/plugins/power/lid-close-suspend-with-external-monitor +- Default: false + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> Power Management -> Laptop lid, when closed, will suspend even if there is an external monitor plugged in | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\settings-daemon\plugins\power\lid-close-suspend-with-external-monitor | +| Element type | boolean | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/power-button-action.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/power-button-action.md new file mode 100644 index 000000000..deff0e023 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/power-button-action.md @@ -0,0 +1,28 @@ +# Power button action + +The action to take when the system power button is pressed. Virtual machines only honor the 'nothing' action, and will shutdown otherwise. Tablets always suspend, ignoring all the other action options. + +- Type: dconf +- Key: /org/gnome/settings-daemon/plugins/power/power-button-action +- Default: 'interactive' + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +**Valid values** + +* nothing +* suspend +* hibernate +* interactive + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> Power Management -> Power button action | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\settings-daemon\plugins\power\power-button-action | +| Element type | dropdownList | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/power-saver-profile-on-low-battery.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/power-saver-profile-on-low-battery.md new file mode 100644 index 000000000..9bf7b1188 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/power-saver-profile-on-low-battery.md @@ -0,0 +1,22 @@ +# Enable power-saver profile when battery is low + +Automatically enable the "power-saver" profile using power-profiles-daemon if the battery is low. + +- Type: dconf +- Key: /org/gnome/settings-daemon/plugins/power/power-saver-profile-on-low-battery +- Default: true + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> Power Management -> Enable power-saver profile when battery is low | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\settings-daemon\plugins\power\power-saver-profile-on-low-battery | +| Element type | boolean | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/sleep-inactive-ac-timeout.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/sleep-inactive-ac-timeout.md new file mode 100644 index 000000000..9c59b5c4d --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/sleep-inactive-ac-timeout.md @@ -0,0 +1,22 @@ +# Sleep timeout computer when on AC + +The amount of time in seconds the computer on AC power needs to be inactive before it goes to sleep. A value of 0 means never. + +- Type: dconf +- Key: /org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-timeout +- Default: 0 + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> Power Management -> Sleep timeout computer when on AC | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\settings-daemon\plugins\power\sleep-inactive-ac-timeout | +| Element type | decimal | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/sleep-inactive-ac-type.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/sleep-inactive-ac-type.md new file mode 100644 index 000000000..0ca366ff8 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/sleep-inactive-ac-type.md @@ -0,0 +1,31 @@ +# Whether to hibernate, suspend or do nothing when inactive + +The type of sleeping that should be performed when the computer is inactive. + +- Type: dconf +- Key: /org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-type +- Default: 'suspend' + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +**Valid values** + +* blank +* suspend +* shutdown +* hibernate +* interactive +* nothing +* logout + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> Power Management -> Whether to hibernate, suspend or do nothing when inactive | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\settings-daemon\plugins\power\sleep-inactive-ac-type | +| Element type | dropdownList | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/sleep-inactive-battery-timeout.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/sleep-inactive-battery-timeout.md new file mode 100644 index 000000000..1176963da --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/sleep-inactive-battery-timeout.md @@ -0,0 +1,25 @@ +# Sleep timeout computer when on battery + +The amount of time in seconds the computer on battery power needs to be inactive before it goes to sleep. A value of 0 means never. + +- Type: dconf +- Key: /org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-timeout +- Default for 20.04: 1200 +- Default for 22.04: 1200 +- Default for 23.04: 900 +- Default for 23.10: 900 + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> Power Management -> Sleep timeout computer when on battery | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\settings-daemon\plugins\power\sleep-inactive-battery-timeout | +| Element type | decimal | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/sleep-inactive-battery-type.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/sleep-inactive-battery-type.md new file mode 100644 index 000000000..7a2b74440 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Power Management/sleep-inactive-battery-type.md @@ -0,0 +1,31 @@ +# Whether to hibernate, suspend or do nothing when inactive + +The type of sleeping that should be performed when the computer is inactive. + +- Type: dconf +- Key: /org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-type +- Default: 'suspend' + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +**Valid values** + +* blank +* suspend +* shutdown +* hibernate +* interactive +* nothing +* logout + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> Power Management -> Whether to hibernate, suspend or do nothing when inactive | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\settings-daemon\plugins\power\sleep-inactive-battery-type | +| Element type | dropdownList | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/Privilege Authorization/allow-local-admins.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Privilege Authorization/allow-local-admins.md new file mode 100644 index 000000000..e09e28aeb --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Privilege Authorization/allow-local-admins.md @@ -0,0 +1,25 @@ +# Allow local administrators + +This allows or prevents client machine to have local users gaining administrators privilege on the machine. + + +- Type: privilege +- Key: /allow-local-admins + +Note: - + * Enabled: This leaves the default rules for the “sudo” and “admin” rule intact. + * Disabled: This denies root privileges to the predefined administrator groups (sudo and admin). + + +An Ubuntu Pro subscription on the client is required to apply this policy. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> Privilege Authorization -> Allow local administrators | +| Registry Key | Software\Policies\Ubuntu\privilege\allow-local-admins | +| Element type | | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/Privilege Authorization/client-admins.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Privilege Authorization/client-admins.md new file mode 100644 index 000000000..1dc7aff4f --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Privilege Authorization/client-admins.md @@ -0,0 +1,26 @@ +# Client administrators + +Define users and groups from AD allowed to administer client machines. +It must be of the form user@domain or %group@domain. One per line. + + +- Type: privilege +- Key: /client-admins + +Note: - + * Enabled: This allows defining Active Directory groups and users with administrative privileges in the box entry. + * Disabled: This disallows any Active Directory group or user to become an administrator of the client even if it is defined in a parent GPO of the hierarchy tree. + + +An Ubuntu Pro subscription on the client is required to apply this policy. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> Privilege Authorization -> Client administrators | +| Registry Key | Software\Policies\Ubuntu\privilege\client-admins | +| Element type | multiText | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/System Drive Mapping/system-mounts.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/System Drive Mapping/system-mounts.md new file mode 100644 index 000000000..aee98ed2b --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/System Drive Mapping/system-mounts.md @@ -0,0 +1,46 @@ +# System mounts + +Define network shares that will be mounted for the system. +If more shares are defined higher in the GPO hierarchy, the entries listed here will be appended to the list and duplicates will be removed. + +Values should be in the format: + :/// +e.g. + nfs://example_nfs.com/nfs_shared_dir + smb://example_smb.com/smb_shared_dir + ftp://ftp_share_server.com + +This pattern must be followed, otherwise the policy will not be applied. + +By default, the mounts will be done in anonymous mode. In case of authentication needed, a krb5 tag can be added to the value, e.g. + `[krb5]`:/// + +If the tag is added, the mount will require Kerberos authentication in order to occur. + +The supported protocols / filsystems are the same as the ones supported by the mount command. +They are listed on the mount man page on https://man7.org/linux/man-pages/man8/mount.8.html +It's up to the user to ensure that the requested protocols are valid and supported and that the shared directories have the correct configuration for the requested connection. + + +- Type: mount +- Key: /system-mounts + +Note: + * Enabled: The value(s) referenced in the entry are applied on the client machine. + * Disabled: The value(s) are removed from the target machine. + * Not configured: Value(s) declared higher in the GPO hierarchy will be used if available. + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +An Ubuntu Pro subscription on the client is required to apply this policy. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> System Drive Mapping -> System mounts | +| Registry Key | Software\Policies\Ubuntu\mount\system-mounts | +| Element type | multiText | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/auto.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/auto.md new file mode 100644 index 000000000..501a583d5 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/auto.md @@ -0,0 +1,30 @@ +# Autoconfiguration URL + +Declare system-wide proxy autoconfiguration URL. + +Autoconfiguration URLs are always prioritzed over manual proxy settings, meaning that if all proxy options are set, the GPO client will enable automatic proxy configuration for supported backends. An empty value will remove previously set settings of the same type. + + +- Type: proxy +- Key: /proxy/auto + +Note: - + * Enabled: The setting in the text entry is applied on the client machine. + * Disabled: The setting is removed from the target machine. + * Not configured: A setting declared higher in the GPO hierarchy will be used if available. + + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +An Ubuntu Pro subscription on the client is required to apply this policy. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> System proxy configuration -> Autoconfiguration URL | +| Registry Key | Software\Policies\Ubuntu\proxy\proxy\auto | +| Element type | text | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/ftp.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/ftp.md new file mode 100644 index 000000000..645f1be20 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/ftp.md @@ -0,0 +1,32 @@ +# FTP Proxy + +Declare system-wide HTTPS proxy setting. The value must be in the form of: + + protocol://username:password@host:port + +It is not mandatory to escape special characters in the username or password. The GPO client will escape any unescaped special character before applying the proxy settings, and will take care not to double-escape already escaped characters. An empty value will remove previously set settings of the same type. + + +- Type: proxy +- Key: /proxy/ftp + +Note: - + * Enabled: The setting in the text entry is applied on the client machine. + * Disabled: The setting is removed from the target machine. + * Not configured: A setting declared higher in the GPO hierarchy will be used if available. + + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +An Ubuntu Pro subscription on the client is required to apply this policy. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> System proxy configuration -> FTP Proxy | +| Registry Key | Software\Policies\Ubuntu\proxy\proxy\ftp | +| Element type | text | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/http.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/http.md new file mode 100644 index 000000000..87a7fbeb7 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/http.md @@ -0,0 +1,32 @@ +# HTTP Proxy + +Declare system-wide HTTP proxy setting. The value must be in the form of: + + protocol://username:password@host:port + +It is not mandatory to escape special characters in the username or password. The GPO client will escape any unescaped special character before applying the proxy settings, and will take care not to double-escape already escaped characters. An empty value will remove previously set settings of the same type. + + +- Type: proxy +- Key: /proxy/http + +Note: - + * Enabled: The setting in the text entry is applied on the client machine. + * Disabled: The setting is removed from the target machine. + * Not configured: A setting declared higher in the GPO hierarchy will be used if available. + + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +An Ubuntu Pro subscription on the client is required to apply this policy. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> System proxy configuration -> HTTP Proxy | +| Registry Key | Software\Policies\Ubuntu\proxy\proxy\http | +| Element type | text | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/https.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/https.md new file mode 100644 index 000000000..b298f48fe --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/https.md @@ -0,0 +1,32 @@ +# HTTPS Proxy + +Declare system-wide HTTPS proxy setting. The value must be in the form of: + + protocol://username:password@host:port + +It is not mandatory to escape special characters in the username or password. The GPO client will escape any unescaped special character before applying the proxy settings, and will take care not to double-escape already escaped characters. An empty value will remove previously set settings of the same type. + + +- Type: proxy +- Key: /proxy/https + +Note: - + * Enabled: The setting in the text entry is applied on the client machine. + * Disabled: The setting is removed from the target machine. + * Not configured: A setting declared higher in the GPO hierarchy will be used if available. + + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +An Ubuntu Pro subscription on the client is required to apply this policy. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> System proxy configuration -> HTTPS Proxy | +| Registry Key | Software\Policies\Ubuntu\proxy\proxy\https | +| Element type | text | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/no-proxy.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/no-proxy.md new file mode 100644 index 000000000..400716933 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/no-proxy.md @@ -0,0 +1,32 @@ +# Ignored hosts + +An array of hosts allowed to bypass the proxy settings. The host exclusion setting must be in the form of: + +localhost,127.0.0.1,::1 + +Hosts can be individually wrapped in single (') or double quotes ("), or separated by spaces. An empty value will remove previously set settings of the same type. + + +- Type: proxy +- Key: /proxy/no-proxy + +Note: - + * Enabled: The setting in the text entry is applied on the client machine. + * Disabled: The setting is removed from the target machine. + * Not configured: A setting declared higher in the GPO hierarchy will be used if available. + + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +An Ubuntu Pro subscription on the client is required to apply this policy. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> System proxy configuration -> Ignored hosts | +| Registry Key | Software\Policies\Ubuntu\proxy\proxy\no-proxy | +| Element type | text | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/socks.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/socks.md new file mode 100644 index 000000000..14dca605d --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/socks.md @@ -0,0 +1,32 @@ +# SOCKS Proxy + +Declare system-wide HTTPS proxy setting. The value must be in the form of: + + protocol://username:password@host:port + +It is not mandatory to escape special characters in the username or password. The GPO client will escape any unescaped special character before applying the proxy settings, and will take care not to double-escape already escaped characters. An empty value will remove previously set settings of the same type. + + +- Type: proxy +- Key: /proxy/socks + +Note: - + * Enabled: The setting in the text entry is applied on the client machine. + * Disabled: The setting is removed from the target machine. + * Not configured: A setting declared higher in the GPO hierarchy will be used if available. + + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +An Ubuntu Pro subscription on the client is required to apply this policy. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> System proxy configuration -> SOCKS Proxy | +| Registry Key | Software\Policies\Ubuntu\proxy\proxy\socks | +| Element type | text | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/System-wide application confinement/apparmor-machine.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/System-wide application confinement/apparmor-machine.md new file mode 100644 index 000000000..784a3bceb --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/System-wide application confinement/apparmor-machine.md @@ -0,0 +1,32 @@ +# AppArmor + +Define AppArmor profiles to be parsed and loaded on client machines. +These profiles are ordered, one by line, and relative to the SYSVOL/ubuntu/apparmor/ directory. +On the client machine, computer profiles are stored in /etc/apparmor.d/adsys/machine, thus the administrator can reference abstractions and tunables shipped with the client distribution of AppArmor. +Files can be included in each other either using a path relative to the current directory of the profile (include "path/to/profile"), or relying on the include path of AppArmor (include ). + +Profiles from this GPO will be appended to the list of profiles referenced higher in the GPO hierarchy. + + +- Type: apparmor +- Key: /apparmor-machine + +Note: - + * Enabled: The profiles in the text entry are applied on the client machine. + * Disabled: The profiles are removed from the target machine, and any related rules are unloaded. + + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +An Ubuntu Pro subscription on the client is required to apply this policy. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Client management -> System-wide application confinement -> AppArmor | +| Registry Key | Software\Policies\Ubuntu\apparmor\apparmor-machine | +| Element type | multiText | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Authentication/allowed-failures.md b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Authentication/allowed-failures.md new file mode 100644 index 000000000..13c89c827 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Authentication/allowed-failures.md @@ -0,0 +1,22 @@ +# Number of allowed authentication failures + +The number of times a user is allowed to attempt authentication, before giving up and going back to user selection. + +- Type: dconf +- Key: /org/gnome/login-screen/allowed-failures +- Default: 3 + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Login Screen -> Authentication -> Number of allowed authentication failures | +| Registry Key | Software\Policies\Ubuntu\gdm\dconf\org\gnome\login-screen\allowed-failures | +| Element type | decimal | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Authentication/enable-fingerprint-authentication.md b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Authentication/enable-fingerprint-authentication.md new file mode 100644 index 000000000..e097e9d7e --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Authentication/enable-fingerprint-authentication.md @@ -0,0 +1,22 @@ +# Whether or not to allow fingerprint readers for login + +The login screen can optionally allow users who have enrolled their fingerprints to log in using those prints. + +- Type: dconf +- Key: /org/gnome/login-screen/enable-fingerprint-authentication +- Default: true + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Login Screen -> Authentication -> Whether or not to allow fingerprint readers for login | +| Registry Key | Software\Policies\Ubuntu\gdm\dconf\org\gnome\login-screen\enable-fingerprint-authentication | +| Element type | boolean | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Authentication/enable-password-authentication.md b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Authentication/enable-password-authentication.md new file mode 100644 index 000000000..38142e020 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Authentication/enable-password-authentication.md @@ -0,0 +1,22 @@ +# Whether or not to allow passwords for login + +The login screen can be configured to disallow password authentication, forcing the user to use smartcard or fingerprint authentication. + +- Type: dconf +- Key: /org/gnome/login-screen/enable-password-authentication +- Default: true + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Login Screen -> Authentication -> Whether or not to allow passwords for login | +| Registry Key | Software\Policies\Ubuntu\gdm\dconf\org\gnome\login-screen\enable-password-authentication | +| Element type | boolean | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Authentication/enable-smartcard-authentication.md b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Authentication/enable-smartcard-authentication.md new file mode 100644 index 000000000..1a310d4b6 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Authentication/enable-smartcard-authentication.md @@ -0,0 +1,22 @@ +# Whether or not to allow smartcard readers for login + +The login screen can optionally allow users who have smartcards to log in using those smartcards. + +- Type: dconf +- Key: /org/gnome/login-screen/enable-smartcard-authentication +- Default: true + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Login Screen -> Authentication -> Whether or not to allow smartcard readers for login | +| Registry Key | Software\Policies\Ubuntu\gdm\dconf\org\gnome\login-screen\enable-smartcard-authentication | +| Element type | boolean | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/background-color.md b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/background-color.md new file mode 100644 index 000000000..9443a3727 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/background-color.md @@ -0,0 +1,22 @@ +# The background-color property sets the background color. + +The background-color property sets the background color to use when the background picture URI is missing or when it doesn't cover the whole background. It overrides the value defined in the default style sheet. + +- Type: dconf +- Key: /com/ubuntu/login-screen/background-color +- Default: '' + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Login Screen -> Interface -> The background-color property sets the background color. | +| Registry Key | Software\Policies\Ubuntu\gdm\dconf\com\ubuntu\login-screen\background-color | +| Element type | text | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/background-picture-uri.md b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/background-picture-uri.md new file mode 100644 index 000000000..0e417ac71 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/background-picture-uri.md @@ -0,0 +1,22 @@ +# Sets the background image for the login screen. + +URI to use for the background image. Note that the backend only supports local (file://) URIs. It overrides the value defined in the default style sheet. + +- Type: dconf +- Key: /com/ubuntu/login-screen/background-picture-uri +- Default: '' + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Login Screen -> Interface -> Sets the background image for the login screen. | +| Registry Key | Software\Policies\Ubuntu\gdm\dconf\com\ubuntu\login-screen\background-picture-uri | +| Element type | text | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/background-repeat.md b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/background-repeat.md new file mode 100644 index 000000000..d07e39625 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/background-repeat.md @@ -0,0 +1,31 @@ +# The background-repeat property sets if/how the background image will be repeated. + +The background-repeat property sets if/how a background image will be repeated. By default, a background-image is repeated both vertically and horizontally. It overrides the value defined in the default style sheet. + +- Type: dconf +- Key: /com/ubuntu/login-screen/background-repeat +- Default: 'default' + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +**Valid values** + +* default +* repeat +* repeat-x +* repeat-y +* no-repeat +* space +* round + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Login Screen -> Interface -> how the background image will be repeated. | +| Registry Key | Software\Policies\Ubuntu\gdm\dconf\com\ubuntu\login-screen\background-repeat | +| Element type | dropdownList | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/background-size.md b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/background-size.md new file mode 100644 index 000000000..37a8a4d03 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/background-size.md @@ -0,0 +1,28 @@ +# The background-size property specifies the size of the background image. + +The background-size property specifies the size of the background images. There are three keywords you can use with this property: auto: The background image is displayed in its original size; cover: Resize the background image to cover the entire container, even if it has to stretch the image or cut a little bit off one of the edges; contain: Resize the background image to make sure the image is fully visible. It overrides the value defined in the default style sheet. + +- Type: dconf +- Key: /com/ubuntu/login-screen/background-size +- Default: 'default' + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +**Valid values** + +* default +* auto +* cover +* contain + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Login Screen -> Interface -> The background-size property specifies the size of the background image. | +| Registry Key | Software\Policies\Ubuntu\gdm\dconf\com\ubuntu\login-screen\background-size | +| Element type | dropdownList | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/banner-message-enable.md b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/banner-message-enable.md new file mode 100644 index 000000000..9e1c22bec --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/banner-message-enable.md @@ -0,0 +1,22 @@ +# Enable showing the banner message + +Set to true to show the banner message text. + +- Type: dconf +- Key: /org/gnome/login-screen/banner-message-enable +- Default: false + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Login Screen -> Interface -> Enable showing the banner message | +| Registry Key | Software\Policies\Ubuntu\gdm\dconf\org\gnome\login-screen\banner-message-enable | +| Element type | boolean | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/banner-message-text.md b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/banner-message-text.md new file mode 100644 index 000000000..51cb91efa --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/banner-message-text.md @@ -0,0 +1,22 @@ +# Banner message text + +Text banner message to show in the login window. + +- Type: dconf +- Key: /org/gnome/login-screen/banner-message-text +- Default: '' + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Login Screen -> Interface -> Banner message text | +| Registry Key | Software\Policies\Ubuntu\gdm\dconf\org\gnome\login-screen\banner-message-text | +| Element type | text | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/clock-format.md b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/clock-format.md new file mode 100644 index 000000000..cbc657a1d --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/clock-format.md @@ -0,0 +1,26 @@ +# Whether the clock displays in 24h or 12h format + +Whether the clock displays in 24h or 12h format + +- Type: dconf +- Key: /org/gnome/desktop/interface/clock-format +- Default: '24h' + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +**Valid values** + +* 24h +* 12h + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Login Screen -> Interface -> Whether the clock displays in 24h or 12h format | +| Registry Key | Software\Policies\Ubuntu\gdm\dconf\org\gnome\desktop\interface\clock-format | +| Element type | dropdownList | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/clock-show-date.md b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/clock-show-date.md new file mode 100644 index 000000000..6bf06387f --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/clock-show-date.md @@ -0,0 +1,22 @@ +# Show date in clock + +If true, display date in the clock, in addition to time. + +- Type: dconf +- Key: /org/gnome/desktop/interface/clock-show-date +- Default: true + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Login Screen -> Interface -> Show date in clock | +| Registry Key | Software\Policies\Ubuntu\gdm\dconf\org\gnome\desktop\interface\clock-show-date | +| Element type | boolean | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/clock-show-weekday.md b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/clock-show-weekday.md new file mode 100644 index 000000000..c412029f5 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/clock-show-weekday.md @@ -0,0 +1,22 @@ +# Show weekday in clock + +If true, display weekday in the clock, in addition to time. + +- Type: dconf +- Key: /org/gnome/desktop/interface/clock-show-weekday +- Default: false + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Login Screen -> Interface -> Show weekday in clock | +| Registry Key | Software\Policies\Ubuntu\gdm\dconf\org\gnome\desktop\interface\clock-show-weekday | +| Element type | boolean | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/logo.md b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/logo.md new file mode 100644 index 000000000..cf223281b --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/Interface/logo.md @@ -0,0 +1,22 @@ +# Path to small image at top of user list + +The login screen can optionally show a small image to provide site administrators and distributions a way to display branding. + +- Type: dconf +- Key: /org/gnome/login-screen/logo +- Default: '/usr/share/plymouth/ubuntu-logo.png' + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Login Screen -> Interface -> Path to small image at top of user list | +| Registry Key | Software\Policies\Ubuntu\gdm\dconf\org\gnome\login-screen\logo | +| Element type | text | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/disable-restart-buttons.md b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/disable-restart-buttons.md new file mode 100644 index 000000000..bf6bc78c8 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/disable-restart-buttons.md @@ -0,0 +1,22 @@ +# Disable showing the restart buttons + +Set to true to disable showing the restart buttons in the login window. + +- Type: dconf +- Key: /org/gnome/login-screen/disable-restart-buttons +- Default: false + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Login Screen -> Disable showing the restart buttons | +| Registry Key | Software\Policies\Ubuntu\gdm\dconf\org\gnome\login-screen\disable-restart-buttons | +| Element type | boolean | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/disable-user-list.md b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/disable-user-list.md new file mode 100644 index 000000000..ae097f73c --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/disable-user-list.md @@ -0,0 +1,22 @@ +# Avoid showing user list + +The login screen normally shows a list of available users to log in as. This setting can be toggled to disable showing the user list. + +- Type: dconf +- Key: /org/gnome/login-screen/disable-user-list +- Default: false + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Login Screen -> Avoid showing user list | +| Registry Key | Software\Policies\Ubuntu\gdm\dconf\org\gnome\login-screen\disable-user-list | +| Element type | boolean | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/show-banners.md b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/show-banners.md new file mode 100644 index 000000000..7539ab55d --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/show-banners.md @@ -0,0 +1,22 @@ +# Show notification banners + +Whether notification banners are visible for application notifications. + +- Type: dconf +- Key: /org/gnome/desktop/notifications/show-banners +- Default: true + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Login Screen -> Show notification banners | +| Registry Key | Software\Policies\Ubuntu\gdm\dconf\org\gnome\desktop\notifications\show-banners | +| Element type | boolean | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/show-in-lock-screen.md b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/show-in-lock-screen.md new file mode 100644 index 000000000..21450ce72 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/show-in-lock-screen.md @@ -0,0 +1,22 @@ +# Show notifications in the lock screen + +Whether notifications are shown in the lock screen or not. + +- Type: dconf +- Key: /org/gnome/desktop/notifications/show-in-lock-screen +- Default: true + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Login Screen -> Show notifications in the lock screen | +| Registry Key | Software\Policies\Ubuntu\gdm\dconf\org\gnome\desktop\notifications\show-in-lock-screen | +| Element type | boolean | +| Class: | Machine | diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/toolkit-accessibility.md b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/toolkit-accessibility.md new file mode 100644 index 000000000..37f0686c6 --- /dev/null +++ b/docs/reference/policies/Computer Policies/Ubuntu/Login Screen/toolkit-accessibility.md @@ -0,0 +1,22 @@ +# Enable Toolkit Accessibility + +Whether toolkits should load accessibility related modules. + +- Type: dconf +- Key: /org/gnome/desktop/interface/toolkit-accessibility +- Default: false + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | Computer Policies -> Ubuntu -> Login Screen -> Enable Toolkit Accessibility | +| Registry Key | Software\Policies\Ubuntu\gdm\dconf\org\gnome\desktop\interface\toolkit-accessibility | +| Element type | boolean | +| Class: | Machine | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Accessibility/screen-keyboard-enabled.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Accessibility/screen-keyboard-enabled.md new file mode 100644 index 000000000..6b80e77c2 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Accessibility/screen-keyboard-enabled.md @@ -0,0 +1,22 @@ +# On-screen keyboard + +Whether the on-screen keyboard is turned on. + +- Type: dconf +- Key: /org/gnome/desktop/a11y/applications/screen-keyboard-enabled +- Default: false + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Accessibility -> On-screen keyboard | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\a11y\applications\screen-keyboard-enabled | +| Element type | boolean | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Accessibility/screen-magnifier-enabled.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Accessibility/screen-magnifier-enabled.md new file mode 100644 index 000000000..4dd1bfa24 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Accessibility/screen-magnifier-enabled.md @@ -0,0 +1,22 @@ +# Screen magnifier + +Whether the screen magnifier is turned on. + +- Type: dconf +- Key: /org/gnome/desktop/a11y/applications/screen-magnifier-enabled +- Default: false + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Accessibility -> Screen magnifier | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\a11y\applications\screen-magnifier-enabled | +| Element type | boolean | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Accessibility/screen-reader-enabled.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Accessibility/screen-reader-enabled.md new file mode 100644 index 000000000..f381ceb93 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Accessibility/screen-reader-enabled.md @@ -0,0 +1,22 @@ +# Screen reader + +Whether the screen reader is turned on. + +- Type: dconf +- Key: /org/gnome/desktop/a11y/applications/screen-reader-enabled +- Default: false + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Accessibility -> Screen reader | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\a11y\applications\screen-reader-enabled | +| Element type | boolean | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Accessibility/toolkit-accessibility.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Accessibility/toolkit-accessibility.md new file mode 100644 index 000000000..502c0460d --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Accessibility/toolkit-accessibility.md @@ -0,0 +1,22 @@ +# Enable Toolkit Accessibility + +Whether toolkits should load accessibility related modules. + +- Type: dconf +- Key: /org/gnome/desktop/interface/toolkit-accessibility +- Default: false + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Accessibility -> Enable Toolkit Accessibility | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\interface\toolkit-accessibility | +| Element type | boolean | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Background/picture-options.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Background/picture-options.md new file mode 100644 index 000000000..047a9a243 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Background/picture-options.md @@ -0,0 +1,31 @@ +# Picture Options + +Determines how the image set by wallpaper_filename is rendered. Possible values are “none”, “wallpaper”, “centered”, “scaled”, “stretched”, “zoom”, “spanned”. + +- Type: dconf +- Key: /org/gnome/desktop/background/picture-options +- Default: 'zoom' + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +**Valid values** + +* none +* wallpaper +* centered +* scaled +* stretched +* zoom +* spanned + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Background -> Picture Options | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\background\picture-options | +| Element type | dropdownList | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Background/picture-uri-dark.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Background/picture-uri-dark.md new file mode 100644 index 000000000..906ba60f3 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Background/picture-uri-dark.md @@ -0,0 +1,24 @@ +# Picture URI (dark) + +URI to use for the background image. Note that the backend only supports local (file://) URIs. + +- Type: dconf +- Key: /org/gnome/desktop/background/picture-uri-dark +- Default for 22.04: 'file:///usr/share/backgrounds/warty-final-ubuntu.png' +- Default for 23.04: 'file:///usr/share/backgrounds/warty-final-ubuntu.png' +- Default for 23.10: 'file:///usr/share/backgrounds/ubuntu-wallpaper-d.png' + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Background -> Picture URI (dark) | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\background\picture-uri-dark | +| Element type | text | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Background/picture-uri.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Background/picture-uri.md new file mode 100644 index 000000000..72c5f64b3 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Background/picture-uri.md @@ -0,0 +1,22 @@ +# Picture URI + +URI to use for the background image. Note that the backend only supports local (file://) URIs. + +- Type: dconf +- Key: /org/gnome/desktop/background/picture-uri +- Default: 'file:///usr/share/backgrounds/warty-final-ubuntu.png' + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Background -> Picture URI | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\background\picture-uri | +| Element type | text | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/control-center.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/control-center.md new file mode 100644 index 000000000..300fe7ee6 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/control-center.md @@ -0,0 +1,22 @@ +# Launch settings + +Binding to launch GNOME Settings. + +- Type: dconf +- Key: /org/gnome/settings-daemon/plugins/media-keys/control-center +- Default: `['']` + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Keyboard shortcuts -> Launch settings | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\settings-daemon\plugins\media-keys\control-center | +| Element type | multiText | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/overlay-key.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/overlay-key.md new file mode 100644 index 000000000..c3f0cc7b0 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/overlay-key.md @@ -0,0 +1,22 @@ +# Modifier to use for extended window management operations + +This key will initiate the “overlay”, which is a combination window overview and application launching system. The default is intended to be the “Windows key” on PC hardware. It’s expected that this binding either the default or set to the empty string. + +- Type: dconf +- Key: /org/gnome/mutter/overlay-key +- Default: 'Super_L' + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Keyboard shortcuts -> Modifier to use for extended window management operations | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\mutter\overlay-key | +| Element type | text | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/panel-main-menu.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/panel-main-menu.md new file mode 100644 index 000000000..7c11da54e --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/panel-main-menu.md @@ -0,0 +1,20 @@ +# Show the activities overview + +- Type: dconf +- Key: /org/gnome/desktop/wm/keybindings/panel-main-menu +- Default: `['F1']` + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Keyboard shortcuts -> Show the activities overview | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\wm\keybindings\panel-main-menu | +| Element type | multiText | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/terminal.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/terminal.md new file mode 100644 index 000000000..a7a28dff1 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/terminal.md @@ -0,0 +1,22 @@ +# Launch terminal + +Binding to launch the terminal. + +- Type: dconf +- Key: /org/gnome/settings-daemon/plugins/media-keys/terminal +- Default: `['t']` + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Keyboard shortcuts -> Launch terminal | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\settings-daemon\plugins\media-keys\terminal | +| Element type | multiText | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/toggle-application-view.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/toggle-application-view.md new file mode 100644 index 000000000..8b8b16edb --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/toggle-application-view.md @@ -0,0 +1,22 @@ +# Keybinding to open the “Show Applications” view + +Keybinding to open the “Show Applications” view of the Activities Overview. + +- Type: dconf +- Key: /org/gnome/shell/keybindings/toggle-application-view +- Default: `["a"]` + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Keyboard shortcuts -> Keybinding to open the “Show Applications” view | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\shell\keybindings\toggle-application-view | +| Element type | multiText | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/toggle-overview.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/toggle-overview.md new file mode 100644 index 000000000..aa6957cf9 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Keyboard shortcuts/toggle-overview.md @@ -0,0 +1,25 @@ +# Keybinding to open the overview + +Keybinding to open the Activities Overview. + +- Type: dconf +- Key: /org/gnome/shell/keybindings/toggle-overview +- Default for 20.04: `["s"]` +- Default for 22.04: `["s"]` +- Default for 23.04: `["s"]` +- Default for 23.10: `[]` + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Keyboard shortcuts -> Keybinding to open the overview | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\shell\keybindings\toggle-overview | +| Element type | multiText | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Screensaver/disable-lock-screen.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Screensaver/disable-lock-screen.md new file mode 100644 index 000000000..757fcf695 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Screensaver/disable-lock-screen.md @@ -0,0 +1,22 @@ +# Disable lock screen + +Prevent the user to lock his screen. + +- Type: dconf +- Key: /org/gnome/desktop/lockdown/disable-lock-screen +- Default: false + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Screensaver -> Disable lock screen | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\lockdown\disable-lock-screen | +| Element type | boolean | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Screensaver/picture-options.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Screensaver/picture-options.md new file mode 100644 index 000000000..348838047 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Screensaver/picture-options.md @@ -0,0 +1,31 @@ +# Picture Options + +Determines how the image set by wallpaper_filename is rendered. Possible values are “none”, “wallpaper”, “centered”, “scaled”, “stretched”, “zoom”, “spanned”. + +- Type: dconf +- Key: /org/gnome/desktop/screensaver/picture-options +- Default: 'zoom' + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +**Valid values** + +* none +* wallpaper +* centered +* scaled +* stretched +* zoom +* spanned + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Screensaver -> Picture Options | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\screensaver\picture-options | +| Element type | dropdownList | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Screensaver/picture-uri.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Screensaver/picture-uri.md new file mode 100644 index 000000000..47e468a83 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Screensaver/picture-uri.md @@ -0,0 +1,22 @@ +# Picture URI + +URI to use for the background image. Note that the backend only supports local (file://) URIs. + +- Type: dconf +- Key: /org/gnome/desktop/screensaver/picture-uri +- Default: 'file:///usr/share/backgrounds/warty-final-ubuntu.png' + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Screensaver -> Picture URI | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\screensaver\picture-uri | +| Element type | text | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Screensaver/show-in-lock-screen.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Screensaver/show-in-lock-screen.md new file mode 100644 index 000000000..67d2ffb5b --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Screensaver/show-in-lock-screen.md @@ -0,0 +1,22 @@ +# Show notifications in the lock screen + +Whether notifications are shown in the lock screen or not. + +- Type: dconf +- Key: /org/gnome/desktop/notifications/show-in-lock-screen +- Default: true + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Screensaver -> Show notifications in the lock screen | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\notifications\show-in-lock-screen | +| Element type | boolean | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/Clock/clock-format.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/Clock/clock-format.md new file mode 100644 index 000000000..b553b31a8 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/Clock/clock-format.md @@ -0,0 +1,26 @@ +# Whether the clock displays in 24h or 12h format + +Whether the clock displays in 24h or 12h format + +- Type: dconf +- Key: /org/gnome/desktop/interface/clock-format +- Default: '24h' + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +**Valid values** + +* 24h +* 12h + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Shell -> Clock -> Whether the clock displays in 24h or 12h format | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\interface\clock-format | +| Element type | dropdownList | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/Clock/clock-show-date.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/Clock/clock-show-date.md new file mode 100644 index 000000000..a488c5f44 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/Clock/clock-show-date.md @@ -0,0 +1,22 @@ +# Show date in clock + +If true, display date in the clock, in addition to time. + +- Type: dconf +- Key: /org/gnome/desktop/interface/clock-show-date +- Default: true + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Shell -> Clock -> Show date in clock | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\interface\clock-show-date | +| Element type | boolean | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/Clock/clock-show-weekday.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/Clock/clock-show-weekday.md new file mode 100644 index 000000000..f4981db39 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/Clock/clock-show-weekday.md @@ -0,0 +1,22 @@ +# Show weekday in clock + +If true, display weekday in the clock, in addition to time. + +- Type: dconf +- Key: /org/gnome/desktop/interface/clock-show-weekday +- Default: false + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Shell -> Clock -> Show weekday in clock | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\interface\clock-show-weekday | +| Element type | boolean | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-command-line.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-command-line.md new file mode 100644 index 000000000..4a0367b34 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-command-line.md @@ -0,0 +1,22 @@ +# Disable command line + +Prevent the user from accessing the terminal or specifying a command line to be executed. For example, this would disable access to the panel’s “Run Application” dialog. + +- Type: dconf +- Key: /org/gnome/desktop/lockdown/disable-command-line +- Default: false + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Shell -> LockDown -> Disable command line | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\lockdown\disable-command-line | +| Element type | boolean | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-log-out.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-log-out.md new file mode 100644 index 000000000..b9145d9ce --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-log-out.md @@ -0,0 +1,22 @@ +# Disable log out + +Prevent the user from logging out. + +- Type: dconf +- Key: /org/gnome/desktop/lockdown/disable-log-out +- Default: false + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Shell -> LockDown -> Disable log out | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\lockdown\disable-log-out | +| Element type | boolean | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-print-setup.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-print-setup.md new file mode 100644 index 000000000..5c7f57bfc --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-print-setup.md @@ -0,0 +1,22 @@ +# Disable print setup + +Prevent the user from modifying print settings. For example, this would disable access to all applications’ “Print Setup” dialogs. + +- Type: dconf +- Key: /org/gnome/desktop/lockdown/disable-print-setup +- Default: false + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Shell -> LockDown -> Disable print setup | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\lockdown\disable-print-setup | +| Element type | boolean | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-printing.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-printing.md new file mode 100644 index 000000000..17a284da3 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-printing.md @@ -0,0 +1,22 @@ +# Disable printing + +Prevent the user from printing. For example, this would disable access to all applications’ “Print” dialogs. + +- Type: dconf +- Key: /org/gnome/desktop/lockdown/disable-printing +- Default: false + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Shell -> LockDown -> Disable printing | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\lockdown\disable-printing | +| Element type | boolean | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-save-to-disk.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-save-to-disk.md new file mode 100644 index 000000000..eb5dbe2ad --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-save-to-disk.md @@ -0,0 +1,22 @@ +# Disable saving files to disk + +Prevent the user from saving files to disk. For example, this would disable access to all applications’ “Save as” dialogs. + +- Type: dconf +- Key: /org/gnome/desktop/lockdown/disable-save-to-disk +- Default: false + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Shell -> LockDown -> Disable saving files to disk | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\lockdown\disable-save-to-disk | +| Element type | boolean | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-user-switching.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-user-switching.md new file mode 100644 index 000000000..9634458e3 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/disable-user-switching.md @@ -0,0 +1,22 @@ +# Disable user switching + +Prevent the user from switching to another account while his session is active. + +- Type: dconf +- Key: /org/gnome/desktop/lockdown/disable-user-switching +- Default: false + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Shell -> LockDown -> Disable user switching | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\lockdown\disable-user-switching | +| Element type | boolean | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/user-administration-disabled.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/user-administration-disabled.md new file mode 100644 index 000000000..0d50572ef --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/user-administration-disabled.md @@ -0,0 +1,22 @@ +# Disable user administration + +Stop the user from modifying user accounts. By default, we allow adding and removing users, as well as changing other users settings. + +- Type: dconf +- Key: /org/gnome/desktop/lockdown/user-administration-disabled +- Default: false + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Shell -> LockDown -> Disable user administration | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\lockdown\user-administration-disabled | +| Element type | boolean | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/Notifications/show-banners.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/Notifications/show-banners.md new file mode 100644 index 000000000..d0e44d18c --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/Notifications/show-banners.md @@ -0,0 +1,22 @@ +# Show notification banners + +Whether notification banners are visible for application notifications. + +- Type: dconf +- Key: /org/gnome/desktop/notifications/show-banners +- Default: true + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Shell -> Notifications -> Show notification banners | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\notifications\show-banners | +| Element type | boolean | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/favorite-apps.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/favorite-apps.md new file mode 100644 index 000000000..3063c9164 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/favorite-apps.md @@ -0,0 +1,25 @@ +# List of desktop file IDs for favorite applications + +The applications corresponding to these identifiers will be displayed in the favorites area. + +- Type: dconf +- Key: /org/gnome/shell/favorite-apps +- Default for 20.04: `[ 'ubiquity.desktop', 'firefox.desktop', 'thunderbird.desktop', 'org.gnome.Nautilus.desktop', 'rhythmbox.desktop', 'libreoffice-writer.desktop', 'snap-store_ubuntu-software.desktop', 'yelp.desktop' ]` +- Default for 22.04: `[ 'ubuntu-desktop-installer_ubuntu-desktop-installer.desktop', 'ubiquity.desktop', 'firefox_firefox.desktop', 'thunderbird.desktop', 'org.gnome.Nautilus.desktop', 'rhythmbox.desktop', 'libreoffice-writer.desktop', 'snap-store_ubuntu-software.desktop', 'yelp.desktop' ]` +- Default for 23.04: `[ 'ubuntu-desktop-installer_ubuntu-desktop-installer.desktop', 'ubiquity.desktop', 'firefox_firefox.desktop', 'thunderbird.desktop', 'org.gnome.Nautilus.desktop', 'rhythmbox.desktop', 'libreoffice-writer.desktop', 'snap-store_ubuntu-software.desktop', 'yelp.desktop' ]` +- Default for 23.10: `[ 'ubuntu-desktop-installer_ubuntu-desktop-installer.desktop', 'ubiquity.desktop', 'firefox_firefox.desktop', 'thunderbird.desktop', 'org.gnome.Nautilus.desktop', 'rhythmbox.desktop', 'libreoffice-writer.desktop', 'snap-store_snap-store.desktop', 'yelp.desktop' ]` + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Shell -> List of desktop file IDs for favorite applications | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\shell\favorite-apps | +| Element type | multiText | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/show-desktop-icons.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/show-desktop-icons.md new file mode 100644 index 000000000..af76ad5af --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/show-desktop-icons.md @@ -0,0 +1,22 @@ +# Have file manager handle the desktop + +If set to true, then file manager will draw the icons on the desktop. + +- Type: dconf +- Key: /org/gnome/desktop/background/show-desktop-icons +- Default: true + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Shell -> Have file manager handle the desktop | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\background\show-desktop-icons | +| Element type | boolean | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/show-show-apps-button.md b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/show-show-apps-button.md new file mode 100644 index 000000000..7e9cb7cdd --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/show-show-apps-button.md @@ -0,0 +1,22 @@ +# Show applications button + +Show applications button in the dash + +- Type: dconf +- Key: /org/gnome/shell/extensions/dash-to-dock/show-show-apps-button +- Default: true + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Desktop -> Shell -> Show applications button | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\shell\extensions\dash-to-dock\show-show-apps-button | +| Element type | boolean | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Peripherals/automount.md b/docs/reference/policies/User Policies/Ubuntu/Peripherals/automount.md new file mode 100644 index 000000000..a4f886d38 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Peripherals/automount.md @@ -0,0 +1,22 @@ +# Whether to automatically mount media + +If set to true, then Nautilus will automatically mount media such as user-visible hard disks and removable media on start-up and media insertion. + +- Type: dconf +- Key: /org/gnome/desktop/media-handling/automount +- Default: true + +Note: default system value is used for "Not Configured" and enforced if "Disabled". + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Peripherals -> Whether to automatically mount media | +| Registry Key | Software\Policies\Ubuntu\dconf\org\gnome\desktop\media-handling\automount | +| Element type | boolean | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Session management/User Drive Mapping/user-mounts.md b/docs/reference/policies/User Policies/Ubuntu/Session management/User Drive Mapping/user-mounts.md new file mode 100644 index 000000000..11d04f7a9 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Session management/User Drive Mapping/user-mounts.md @@ -0,0 +1,46 @@ +# User mounts + +Define network shares that will be mounted for the client. +If more shares are defined higher the GPO hierarchy, the entries listed here will be appended to the list and duplicates will be removed. + +Values should be in the format: + :/// +e.g. + nfs://example_nfs.com/nfs_shared_dir + smb://example_smb.com/smb_shared_dir + ftp://ftp_share_server.com + +This pattern must be followed, otherwise the policy will not be applied. + +By the default, the mounts will be done in anonymous mode. In case of authentication needed, a krb5 tag can be added to the value, e.g. + `[krb5]`:/// + +If the tag is added, the mount will require Kerberos authentication in order to occur. + +The supported protocols are the same as the ones supported by gvfs. +They are listed on the man page of gvfs, under the gvfs-backends section: https://manpages.ubuntu.com/manpages/jammy/en/man7/gvfs.7.html +It's up to the user to ensure that the requested protocols are valid and supported and that the shared directories have the correct configuration for the requested connection. + + +- Type: mount +- Key: /user-mounts + +Note: + * Enabled: The value(s) referenced in the entry are applied on the client machine. + * Disabled: The value(s) are removed from the target machine. + * Not configured: Value(s) declared higher in the GPO hierarchy will be used if available. + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +An Ubuntu Pro subscription on the client is required to apply this policy. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Session management -> User Drive Mapping -> User mounts | +| Registry Key | Software\Policies\Ubuntu\mount\user-mounts | +| Element type | multiText | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Session management/User Scripts/logoff.md b/docs/reference/policies/User Policies/Ubuntu/Session management/User Scripts/logoff.md new file mode 100644 index 000000000..e35ef937a --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Session management/User Scripts/logoff.md @@ -0,0 +1,30 @@ +# Logoff scripts + +Define scripts that are executed when the user exits from last session. +Those scripts are ordered, one by line, and relative to SYSVOL/ubuntu/scripts/ directory. +Scripts from this GPO will be appended to the list of scripts referenced higher in the GPO hierarchy. + + +- Type: scripts +- Key: /logoff + +Note: - + * Enabled: The scripts in the text entry are executed at user logoff time. + * Disabled: The scripts will be skipped. + The set of scripts are per session, and refreshed only on new session creation. + + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +An Ubuntu Pro subscription on the client is required to apply this policy. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Session management -> User Scripts -> Logoff scripts | +| Registry Key | Software\Policies\Ubuntu\scripts\logoff | +| Element type | multiText | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Session management/User Scripts/logon.md b/docs/reference/policies/User Policies/Ubuntu/Session management/User Scripts/logon.md new file mode 100644 index 000000000..49fc07d15 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Session management/User Scripts/logon.md @@ -0,0 +1,30 @@ +# Logon scripts + +Define scripts that are executed the first time an user logon until it exits from all sessions. +Those scripts are ordered, one by line, and relative to SYSVOL/ubuntu/scripts/ directory. +Scripts from this GPO will be appended to the list of scripts referenced higher in the GPO hierarchy. + + +- Type: scripts +- Key: /logon + +Note: - + * Enabled: The scripts in the text entry are executed at user logon time. + * Disabled: The scripts will be skipped. + The set of scripts are per session, and refreshed only on new session creation. + + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +An Ubuntu Pro subscription on the client is required to apply this policy. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Session management -> User Scripts -> Logon scripts | +| Registry Key | Software\Policies\Ubuntu\scripts\logon | +| Element type | multiText | +| Class: | User | diff --git a/docs/reference/policies/User Policies/Ubuntu/Session management/User application confinement/apparmor-users.md b/docs/reference/policies/User Policies/Ubuntu/Session management/User application confinement/apparmor-users.md new file mode 100644 index 000000000..cfed3e758 --- /dev/null +++ b/docs/reference/policies/User Policies/Ubuntu/Session management/User application confinement/apparmor-users.md @@ -0,0 +1,49 @@ +# AppArmor + +Define an AppArmor user profile to be parsed and loaded on client machines. +The profile is specified as a file path relative to the SYSVOL/ubuntu/apparmor/ directory. +On the client machine, user profiles are stored in /etc/apparmor.d/adsys/users/, thus the administrator can reference abstractions and tunables shipped with the client distribution of AppArmor. + +The profile will ideally contain a mapping between a user and a role. Roles must be configured beforehand in the System-wide application confinement section. +Below is an example of a user profile declaration: + + include + include + + capability dac_override, + capability setgid, + capability setuid, + /etc/default/su r, + /etc/environment r, + @{HOMEDIRS}/.xauth* w, + /usr/bin/{,b,d,rb}ash Px -> default_user, + /usr/bin/{c,k,tc}sh Px -> default_user, + +The GPO client will wrap this into an apparmor block declaration containing the client username. The default_user role must be declared beforehand in the Machine section. More details and examples can be found in the apparmor section of the adsys documentation. + +The configured profile will override any profile referenced higher in the GPO hierarchy. + + +- Type: apparmor +- Key: /apparmor-users + +Note: - + * Enabled: The profile in the text entry is applied on the client machine. + * Disabled: The profile is removed from the target machine, and any related rules are unloaded. + * Not configured: A profile declared higher in the GPO hierarchy will be used if available. + + +Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. + +An Ubuntu Pro subscription on the client is required to apply this policy. + + + +**Metadata** + +| Element | Value | +| --- | --- | +| Location | User Policies -> Ubuntu -> Session management -> User application confinement -> AppArmor | +| Registry Key | Software\Policies\Ubuntu\apparmor\apparmor-users | +| Element type | text | +| Class: | User | From a640f07e906225b3e764005354bbf795bdc9b6c2 Mon Sep 17 00:00:00 2001 From: Didier Roche Date: Thu, 16 Nov 2023 11:01:50 +0100 Subject: [PATCH 5/7] Fix typos in our handcrafted policies --- cmd/admxgen/defs/mount.yaml | 2 +- cmd/admxgen/defs/proxy.yaml | 6 +++--- cmd/admxgen/defs/scripts.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/cmd/admxgen/defs/mount.yaml b/cmd/admxgen/defs/mount.yaml index 6f9347454..2de64c5a7 100644 --- a/cmd/admxgen/defs/mount.yaml +++ b/cmd/admxgen/defs/mount.yaml @@ -48,7 +48,7 @@ If the tag is added, the mount will require Kerberos authentication in order to occur. - The supported protocols / filsystems are the same as the ones supported by the mount command. + The supported protocols / file systems are the same as the ones supported by the mount command. They are listed on the mount man page on https://man7.org/linux/man-pages/man8/mount.8.html It's up to the user to ensure that the requested protocols are valid and supported and that the shared directories have the correct configuration for the requested connection. elementtype: "multiText" diff --git a/cmd/admxgen/defs/proxy.yaml b/cmd/admxgen/defs/proxy.yaml index a0ca3a218..ab725dec6 100644 --- a/cmd/admxgen/defs/proxy.yaml +++ b/cmd/admxgen/defs/proxy.yaml @@ -79,11 +79,11 @@ * Not configured: A setting declared higher in the GPO hierarchy will be used if available. type: "proxy" - key: "/proxy/auto" - displayname: "Autoconfiguration URL" + displayname: "Auto-configuration URL" explaintext: | - Declare system-wide proxy autoconfiguration URL. + Declare system-wide proxy auto-configuration URL. - Autoconfiguration URLs are always prioritzed over manual proxy settings, meaning that if all proxy options are set, the GPO client will enable automatic proxy configuration for supported backends. An empty value will remove previously set settings of the same type. + Auto-configuration URLs are always prioritized over manual proxy settings, meaning that if all proxy options are set, the GPO client will enable automatic proxy configuration for supported backends. An empty value will remove previously set settings of the same type. elementtype: "text" release: "any" note: | diff --git a/cmd/admxgen/defs/scripts.yaml b/cmd/admxgen/defs/scripts.yaml index 9a4ee1528..bbc5cde9e 100644 --- a/cmd/admxgen/defs/scripts.yaml +++ b/cmd/admxgen/defs/scripts.yaml @@ -18,7 +18,7 @@ - key: "/shutdown" displayname: "Shutdown scripts" explaintext: | - Define scripts that are executed on machine poweroff. + Define scripts that are executed on machine power off. Those scripts are ordered, one by line, and relative to SYSVOL/ubuntu/scripts/ directory. Scripts from this GPO will be appended to the list of scripts referenced higher in the GPO hierarchy. elementtype: "multiText" From 4286dce53bc8b9f6ad8420c4a7104482f52790a8 Mon Sep 17 00:00:00 2001 From: didrocks Date: Thu, 16 Nov 2023 10:08:01 +0000 Subject: [PATCH 6/7] Refresh policy definition files --- .../Computer Scripts/shutdown.md | 2 +- .../System Drive Mapping/system-mounts.md | 2 +- .../System proxy configuration/auto.md | 8 ++++---- policies/Ubuntu/all/Ubuntu.adml | 20 +++++++++---------- policies/Ubuntu/lts-only/Ubuntu.adml | 16 +++++++-------- 5 files changed, 24 insertions(+), 24 deletions(-) diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/Computer Scripts/shutdown.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Computer Scripts/shutdown.md index 5c0db48e0..a4201fd5c 100644 --- a/docs/reference/policies/Computer Policies/Ubuntu/Client management/Computer Scripts/shutdown.md +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/Computer Scripts/shutdown.md @@ -1,6 +1,6 @@ # Shutdown scripts -Define scripts that are executed on machine poweroff. +Define scripts that are executed on machine power off. Those scripts are ordered, one by line, and relative to SYSVOL/ubuntu/scripts/ directory. Scripts from this GPO will be appended to the list of scripts referenced higher in the GPO hierarchy. diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/System Drive Mapping/system-mounts.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/System Drive Mapping/system-mounts.md index aee98ed2b..ed599a789 100644 --- a/docs/reference/policies/Computer Policies/Ubuntu/Client management/System Drive Mapping/system-mounts.md +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/System Drive Mapping/system-mounts.md @@ -17,7 +17,7 @@ By default, the mounts will be done in anonymous mode. In case of authentication If the tag is added, the mount will require Kerberos authentication in order to occur. -The supported protocols / filsystems are the same as the ones supported by the mount command. +The supported protocols / file systems are the same as the ones supported by the mount command. They are listed on the mount man page on https://man7.org/linux/man-pages/man8/mount.8.html It's up to the user to ensure that the requested protocols are valid and supported and that the shared directories have the correct configuration for the requested connection. diff --git a/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/auto.md b/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/auto.md index 501a583d5..cee924c04 100644 --- a/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/auto.md +++ b/docs/reference/policies/Computer Policies/Ubuntu/Client management/System proxy configuration/auto.md @@ -1,8 +1,8 @@ -# Autoconfiguration URL +# Auto-configuration URL -Declare system-wide proxy autoconfiguration URL. +Declare system-wide proxy auto-configuration URL. -Autoconfiguration URLs are always prioritzed over manual proxy settings, meaning that if all proxy options are set, the GPO client will enable automatic proxy configuration for supported backends. An empty value will remove previously set settings of the same type. +Auto-configuration URLs are always prioritized over manual proxy settings, meaning that if all proxy options are set, the GPO client will enable automatic proxy configuration for supported backends. An empty value will remove previously set settings of the same type. - Type: proxy @@ -24,7 +24,7 @@ An Ubuntu Pro subscription on the client is required to apply this policy. | Element | Value | | --- | --- | -| Location | Computer Policies -> Ubuntu -> Client management -> System proxy configuration -> Autoconfiguration URL | +| Location | Computer Policies -> Ubuntu -> Client management -> System proxy configuration -> Auto-configuration URL | | Registry Key | Software\Policies\Ubuntu\proxy\proxy\auto | | Element type | text | | Class: | Machine | diff --git a/policies/Ubuntu/all/Ubuntu.adml b/policies/Ubuntu/all/Ubuntu.adml index 6c366e793..6198d12dd 100644 --- a/policies/Ubuntu/all/Ubuntu.adml +++ b/policies/Ubuntu/all/Ubuntu.adml @@ -942,7 +942,7 @@ An Ubuntu Pro subscription on the client is required to apply this policy.Startup scripts Startup scripts Startup scripts - Define scripts that are executed on machine poweroff. + Define scripts that are executed on machine power off. Those scripts are ordered, one by line, and relative to SYSVOL/ubuntu/scripts/ directory. Scripts from this GPO will be appended to the list of scripts referenced higher in the GPO hierarchy. @@ -1335,7 +1335,7 @@ By default, the mounts will be done in anonymous mode. In case of authentication If the tag is added, the mount will require Kerberos authentication in order to occur. -The supported protocols / filsystems are the same as the ones supported by the mount command. +The supported protocols / file systems are the same as the ones supported by the mount command. They are listed on the mount man page on https://man7.org/linux/man-pages/man8/mount.8.html It's up to the user to ensure that the requested protocols are valid and supported and that the shared directories have the correct configuration for the requested connection. @@ -1476,9 +1476,9 @@ An Ubuntu Pro subscription on the client is required to apply this policy.Ignored hosts Ignored hosts Ignored hosts - Declare system-wide proxy autoconfiguration URL. + Declare system-wide proxy auto-configuration URL. -Autoconfiguration URLs are always prioritzed over manual proxy settings, meaning that if all proxy options are set, the GPO client will enable automatic proxy configuration for supported backends. An empty value will remove previously set settings of the same type. +Auto-configuration URLs are always prioritized over manual proxy settings, meaning that if all proxy options are set, the GPO client will enable automatic proxy configuration for supported backends. An empty value will remove previously set settings of the same type. - Type: proxy @@ -1493,11 +1493,11 @@ Note: - Supported on Ubuntu 20.04, 22.04, 23.04, 23.10. An Ubuntu Pro subscription on the client is required to apply this policy. - Autoconfiguration URL - Autoconfiguration URL - Autoconfiguration URL - Autoconfiguration URL - Autoconfiguration URL + Auto-configuration URL + Auto-configuration URL + Auto-configuration URL + Auto-configuration URL + Auto-configuration URL Define scripts that are executed the first time an user logon until it exits from all sessions. Those scripts are ordered, one by line, and relative to SYSVOL/ubuntu/scripts/ directory. Scripts from this GPO will be appended to the list of scripts referenced higher in the GPO hierarchy. @@ -2932,7 +2932,7 @@ An Ubuntu Pro subscription on the client is required to apply this policy. - + diff --git a/policies/Ubuntu/lts-only/Ubuntu.adml b/policies/Ubuntu/lts-only/Ubuntu.adml index e87389546..241d93872 100644 --- a/policies/Ubuntu/lts-only/Ubuntu.adml +++ b/policies/Ubuntu/lts-only/Ubuntu.adml @@ -774,7 +774,7 @@ An Ubuntu Pro subscription on the client is required to apply this policy.Startup scripts Startup scripts Startup scripts - Define scripts that are executed on machine poweroff. + Define scripts that are executed on machine power off. Those scripts are ordered, one by line, and relative to SYSVOL/ubuntu/scripts/ directory. Scripts from this GPO will be appended to the list of scripts referenced higher in the GPO hierarchy. @@ -1071,7 +1071,7 @@ By default, the mounts will be done in anonymous mode. In case of authentication If the tag is added, the mount will require Kerberos authentication in order to occur. -The supported protocols / filsystems are the same as the ones supported by the mount command. +The supported protocols / file systems are the same as the ones supported by the mount command. They are listed on the mount man page on https://man7.org/linux/man-pages/man8/mount.8.html It's up to the user to ensure that the requested protocols are valid and supported and that the shared directories have the correct configuration for the requested connection. @@ -1200,9 +1200,9 @@ An Ubuntu Pro subscription on the client is required to apply this policy.Ignored hosts Ignored hosts Ignored hosts - Declare system-wide proxy autoconfiguration URL. + Declare system-wide proxy auto-configuration URL. -Autoconfiguration URLs are always prioritzed over manual proxy settings, meaning that if all proxy options are set, the GPO client will enable automatic proxy configuration for supported backends. An empty value will remove previously set settings of the same type. +Auto-configuration URLs are always prioritized over manual proxy settings, meaning that if all proxy options are set, the GPO client will enable automatic proxy configuration for supported backends. An empty value will remove previously set settings of the same type. - Type: proxy @@ -1217,9 +1217,9 @@ Note: - Supported on Ubuntu 20.04, 22.04. An Ubuntu Pro subscription on the client is required to apply this policy. - Autoconfiguration URL - Autoconfiguration URL - Autoconfiguration URL + Auto-configuration URL + Auto-configuration URL + Auto-configuration URL Define scripts that are executed the first time an user logon until it exits from all sessions. Those scripts are ordered, one by line, and relative to SYSVOL/ubuntu/scripts/ directory. Scripts from this GPO will be appended to the list of scripts referenced higher in the GPO hierarchy. @@ -2115,7 +2115,7 @@ An Ubuntu Pro subscription on the client is required to apply this policy. - + From 41bf7915293588dbf187dd875225f7a2bfdef67f Mon Sep 17 00:00:00 2001 From: Didier Roche Date: Thu, 16 Nov 2023 11:09:49 +0100 Subject: [PATCH 7/7] Additional words to exclude from check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some are coming from dconf keys, which we can’t patch out in the documentation. Most of them are comprehensible, so let’s ignore them. --- docs/.custom_wordlist.txt | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/docs/.custom_wordlist.txt b/docs/.custom_wordlist.txt index 0e2ad98dd..e7de94a84 100644 --- a/docs/.custom_wordlist.txt +++ b/docs/.custom_wordlist.txt @@ -8,6 +8,7 @@ ADSys adsysctl adsysd adwatchd +ALS apparmor AppArmor AppArmor's @@ -15,8 +16,10 @@ autocompletion autoenroll autoenrollment autoload +automount backend backends +boolean CAs CEP CES @@ -25,15 +28,19 @@ compinit config constructiveCAs CSR +dac dconf +dialogs dir Dropdown +dropdownList enrolment erroring executables fpath FQDN GDM +gdm GPL GPO gpolist @@ -41,7 +48,10 @@ GPOs GPT GSettings GVfs +gvfs +HOMEDIRS html +http https idempotency IIS @@ -53,20 +63,39 @@ ip Jira kerberos Kerberos +krb LDAP lifecycle +linux +localhost +lockdown +LockDown LTS MacOS macOS +manpages multiline +multiText +nameservice +nfs OpenLDAP OU OUs +plymouth +png polkit powershell PowerShell +Px +rb readthedocs runscripts +setgid +setuid +smartcard +smartcards +smb +su sss sssd SSSD @@ -79,10 +108,13 @@ syntaxes systemd systemd's sysvol +tc TDB TODO +toolkits toolset Transactional +tunables txt ubuntu Unix @@ -90,9 +122,16 @@ unmonitoring unmount unmounting Unmounting +unescaped +uri +URI +URIs +usr unticking vendoring Winbind +wm +xauth yaml zsh zshrc