-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathSet-EdgePolicy.ps1
818 lines (553 loc) · 42.5 KB
/
Set-EdgePolicy.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
# Set-EdgePolicy
# Keys are fully documentated here:
# https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies
# This policy configruation is based on the following two resources:
# https://www.microsoft.com/en-us/download/details.aspx?id=55319
# https://static.open-scap.org/ssg-guides/ssg-chromium-guide-stig.html
# Why syntactically correct scripts won't run:
# https://docs.microsoft.com/en-us/powershell/scripting/learn/ps101/10-script-modules?view=powershell-7.1
# Dot Sourcing: to load this script into the `Function PSDrive`:
# . .\Set-EdgePolicy.ps1
# Check your own syntax once the function is loaded into memory:
# PS > Get-Command -Name Set-EdgePolicy -Syntax
# Additional references:
# https://devblogs.microsoft.com/scripting/powertip-use-positional-parameters/
# https://docs.microsoft.com/en-us/powershell/scripting/developer/cmdlet/approved-verbs-for-windows-powershell-commands?view=powershell-7.1
# https://docs.microsoft.com/en-us/powershell/scripting/learn/ps101/09-functions?view=powershell-7.1
# https://docs.microsoft.com/en-us/powershell/scripting/learn/deep-dives/everything-about-if?view=powershell-7.1
# Filter Format
# [scheme://][.]host[:port][/path][@query]
# Examples:
# "contoso.com"
# "https://ssl.server.com"
# "hosting.com/good_path"
# "https://server:8080/path"
# ".exact.hostname.com"
# Reset all admx values to 'Not configured' before running
# Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name *
function Set-EdgePolicy {
[CmdletBinding()]
Param(
[Parameter(Position = 0)]
[string]$Action
)
if ("$Action" -like "Apply")
{
# Apply settings
Write-Output "Setting Edge policy via registry..."
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Force | Out-Null
}
# Required for conferencing
If (Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy\LetAppsAccessMicrophone") {
Write-Output "Enabling microphone access..."
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessMicrophone"
}
If (Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy\LetAppsAccessCamera") {
Write-Output "Enabling camera access..."
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" -Name "LetAppsAccessCamera"
}
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AddressBarMicrosoftSearchInBingProviderEnabled -Type Dword -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AdsSettingForIntrusiveAdsSites -Type DWord -Value 0x00000002
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AlwaysOpenPDFExternally -Type DWord -Value 0x00000001
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AlternateErrorPagesEnabled -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ApplicationGuardTrafficIdentificationEnabled -Type DWord -Value 0x00000001
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AudioSandboxEnabled -Type DWord -Value 0x00000001
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AutofillAddressEnabled -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AutofillCreditCardEnabled -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AutoImportAtFirstRun -Type DWord -Value 0x00000004
# Review this
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AuthSchemes -Type String -Value "ntlm,negotiate"
# 0 = Disabled
# 1 = Upgrade when capable
# 2 = Always upgrade to https
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AutomaticHttpsDefault -Type DWord -Value 0x00000002
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AutoplayAllowed -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name BasicAuthOverHttpEnabled -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name BackgroundModeEnabled -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name BingAdsSuppression -Type DWord -Value 0x00000001
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name BlockExternalExtensions -Type DWord -Value 0x00000001
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name BlockThirdPartyCookies -Type DWord -Value 0x00000001
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name BrowserLegacyExtensionPointsBlockingEnabled -Type DWord -Value 0x00000001
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name BrowserSignin -Type DWord -Value 0x00000000
# BuiltInDnsClientEnabled does not control if DNS-over-HTTPS is used; Microsoft Edge always uses its built-in resolver for DNS-over-HTTPS requests.
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name BuiltInDnsClientEnabled -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ClearBrowsingDataOnExit -Type DWord -Value 0x00000001
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ClearCachedImagesAndFilesOnExit -Type DWord -Value 0x00000001
# 1 = Plain text url only
# 3 = Rich text url only
# Previously this was incorrectly set to null, which caused Edge to crash on the latest update around 2024/07/26
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ConfigureFriendlyURLFormat -Type DWord -Value 0x00000001
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ConfigureShare -Type DWord -Value 0x00000001
# 1 = Allow all
# 2 = Deny all
# 4 = Clear all on exit
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultCookiesSetting -Type DWord -Value 0x00000004
# 2 = Deny all
# 3 = Ask
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultFileSystemReadGuardSetting -Type DWord -Value 0x00000002
# 2 = Deny all
# 3 = Ask
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultFileSystemWriteGuardSetting -Type DWord -Value 0x00000002
# 1 = Allow
# 2 = Deny
# 3 = Ask
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultGeolocationSetting -Type DWord -Value 0x00000002
# 2 = Deny all
# 3 = Allow exceptions
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultInsecureContentSetting -Type DWord -Value 0x00000002
# 1 = Allow all
# 2 = Deny all
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultJavaScriptSetting -Type DWord -Value 0x00000002
# 01 = Allow JIT
# 02 = Block JIT
# Disabling the JavaScript JIT will mean that Microsoft Edge may render web content more slowly, and may also disable parts of JavaScript
# including WebAssembly. Disabling the JavaScript JIT may allow Microsoft Edge to render web content in a more secure configuration.
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultJavaScriptJitSetting -Type DWord -Value 0x00000002
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\JavaScriptJitAllowedForSites")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\JavaScriptJitAllowedForSites" -Force | Out-Null
}
# Examples
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\JavaScriptAllowedForSites\" -Name "1" -Type String -Value "https://[*.]microsoft.com:443"
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\JavaScriptAllowedForSites\" -Name "2" -Type String -Value "https://[*.]google.com:443"
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\JavaScriptAllowedForSites\" -Name "3" -Type String -Value "https://[*.]duckduckgo.com:443"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultNotificationsSetting -Type DWord -Value 0x00000002
# 1 = Allow all
# 2 = Deny all
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultPopupsSetting -Type DWord -Value 0x00000002
# Default search settings only apply to Domain joined or MDM/MCX devices, see ManagedSearchEngines for this
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultSearchProviderContextMenuAccessAllowed -Type DWord -Value 0x00000000
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultSearchProviderEnabled -Type DWord -Value 0x00000001
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultSearchProviderSearchURL -Type String -Value "https://duckduckgo.com/?q={searchTerms}"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultSensorsSetting -Type DWord -Value 0x00000002
# 2 = Deny all
# 3 = Ask
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultWebBluetoothGuardSetting -Type DWord -Value 0x00000002
# 2 = Deny all
# 3 = Ask
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultWebUsbGuardSetting -Type DWord -Value 0x00000003
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name Disable3DAPIs -Type DWord -Value 0x00000001
# Obsolete as of verison 109
#Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DisplayCapturePermissionsPolicyEnabled -Type DWord -Value 0x00000001
# This will override the BuiltInDnsClientEnabled and use Edge's built-in DNS over HTTPS resolver
# off (off) = Disable DNS-over-HTTPS
# automatic (automatic) = Enable DNS-over-HTTPS with insecure fallback
# secure (secure) = Enable DNS-over-HTTPS without insecure fallback
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DnsOverHttpsMode -Type String -Value "secure"
# A list of separate providers is space-separated
# Use the following to check if you're using DoH:
# https://1.1.1.1/help
# https://on.quad9.net/
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DnsOverHttpsTemplates -Type String -Value "https://cloudflare-dns.com/dns-query{?dns} https://dns.quad9.net/dns-query{?dns}"
# Check value syntax
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DownloadDirectory -Type String -Value "C:\\Users\\${user_name}\\Downloads"
# 0 = No restrictions
# 1 = Block dangerous
# 2 = Block dangerous and unwanted
# 3 = Block all
# Note: 2 and 3 prevent many regular downloads from working
# Great in preventing accidentally clicked links from automatically downloading remote content
# But restricts usability of many sites
# Some sites can still get around this, but are likely allow-listed by Edge & Defender
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DownloadRestrictions -Type DWord -Value 0x00000001
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name EdgeCollectionsEnabled -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name EnableMediaRouter -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name EnableOnlineRevocationChecks -Type DWord -Value 0x00000001
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name EdgeShoppingAssistantEnabled -Type DWord -Value 0x00000000
# Setting a single value of "*" will prevent installation of any extensions not specified under "ExtensionInstallForcelist"
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallBlocklist")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallBlocklist" -Force | Out-Null
}
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallBlocklist" -Name "1" -Type String -Value "*"
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist" -Force | Out-Null
}
# Example Value:
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist" -Name "1" -Type String -Value "abcdefghijklmnopabcdefghijklmnop"
# uBlock Origin:
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist" -Name "2" -Type String -Value "odfafepnkmbhccpbejgmiehpchacaeak"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name FavoritesBarEnabled -Type DWord -Value 0x00000000
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ForceEphemeralProfiles -Type DWord -Value 0x00000001
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name HideFirstRunExperience -Type DWord -Value 0x00000001
# NewTabPageLocation settings only apply to Domain joined or MDM/MCX devices
# 0 = false
# 1 = true
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name HomepageIsNewTabPage -Type DWord -Value 0x00000001
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportAutofillFormData -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportBrowserSettings -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportCookies -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportExtensions -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportFavorites -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportHistory -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportHomepage -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportOpenTabs -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportPaymentInfo -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportSavedPasswords -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportSearchEngine -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportShortcuts -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportStartupPageSettings -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name InPrivateModeAvailability -Type DWord -Value 0x00000001
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name InsecurePrivateNetworkRequestsAllowed -Type DWord -Value 0x00000000
# 0 = None
# 1 = IE Edge mode
# 2 = IE Stand-alone mode
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name InternetExplorerIntegrationLevel -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name InternetExplorerIntegrationReloadInIEModeAllowed -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name LocalProvidersEnabled -Type Dword -Value 0x00000000
# Dictionary of default search providers
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\" -Name ManagedSearchEngines -Type String -Value '[{"allow_search_engine_discovery": false},{"is_default": true,"keyword": "duckduckgo.com","name": "DuckDuckGo","search_url": "https://duckduckgo.com?q={searchTerms}"},{"keyword": "google.com","name": "Google","search_url": "{google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}ie={inputEncoding}"},]'
# Obsolete after Edge 88
# MetricsReportingEnabled
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name NativeMessagingUserLevelHosts -Type DWord -Value 0x00000000
# NetworkPredictionAlways (0) = Predict network actions on any network connection
# NetworkPredictionWifiOnly (1) = Not supported, if this value is used it will be treated as if 'Predict network actions on any network connection' (0) was set
# NetworkPredictionNever (2) = Don't predict network actions on any network connection
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name NetworkPredictionOptions -Type DWord -Value 0x00000002
# 1 = Disable image of the day
# 2 = Disable custom image
# 3 = Disable all
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name NewTabPageAllowedBackgroundTypes -Type DWord -Value 0x00000003
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name NewTabPageContentEnabled -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name NewTabPageHideDefaultTopSites -Type DWord -Value 0x00000001
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name NewTabPageQuickLinksEnabled -Type Dword -Value 0x00000000
# NewTabPageLocation settings only apply to Domain joined or MDM/MCX devices
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name NewTabPageLocation -Type String -Value "about:blank"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name NewTabPageSearchBox -Type String -Value "redirect"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name PasswordManagerEnabled -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name PaymentMethodQueryEnabled -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name PersonalizationReportingEnabled -Type DWord -Value 0x00000000
# SmartScreen settings only apply to Domain joined or MDM/MCX devices
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name PreventSmartScreenPromptOverride -Type DWord -Value 0x00000001
# SmartScreen settings only apply to Domain joined or MDM/MCX devices
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name PreventSmartScreenPromptOverrideForFiles -Type DWord -Value 0x00000001
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\" -Name PromotionalTabsEnabled -Type DWord -Value 0x00000000
# Need to confirm what this is doing
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\" -Name QuicAllowed -Type DWord -Value 0x00000000
# Not available
# RemoteAccessHostFirewallTraversal
# Need to confirm what this is doing
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\" -Name ResolveNavigationErrorsUseWebService -Type DWord -Value 0x00000000
# RestoreOnStartup settings only apply to Domain joined or MDM/MCX devices
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\" -Name RestoreOnStartup -Type DWord -Value 0x00000005
# Allows sessions and logins to persist when DefaultCookiesSetting = 4 (clear on exit)
# "RestoreOnStartup" only works on managed devices (AD joined), to configure this manually: Settings > Start, home, and new tabs > Open tabs from the previous session
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\SaveCookiesOnExit")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\SaveCookiesOnExit" -Force | Out-Null
}
# Examples
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\SaveCookiesOnExit\" -Name "1" -Type String -Value "https://[*.]microsoft.com:443"
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\SaveCookiesOnExit\" -Name "2" -Type String -Value "https://[*.]google.com:443"
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\SaveCookiesOnExit\" -Name "3" -Type String -Value "https://[*.]duckduckgo.com:443"
# 0 = False
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SavingBrowserHistoryDisabled -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SearchSuggestEnabled -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SharedArrayBufferUnrestrictedAccessAllowed -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ShowMicrosoftRewards -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ShowRecommendationsEnabled -Type DWord -Value 0x00000000
# Not available
# ShowFullUrlsInAddressBar
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SitePerProcess -Type DWord -Value 0x00000001
# SmartScreen settings only apply to Domain joined or MDM/MCX devices
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SmartScreenEnabled -Type DWord -Value 0x00000001
# SmartScreen settings only apply to Domain joined or MDM/MCX devices
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SmartScreenForTrustedDownloadsEnabled -Type DWord -Value 0x00000001
# SmartScreen settings only apply to Domain joined or MDM/MCX devices
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SmartScreenPuaEnabled -Type DWord -Value 0x00000001
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SpellcheckEnabled -Type DWord -Value 0x00000000
# 0 = Disabled
# 1 = Enabled
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SpotlightExperiencesAndRecommendationsEnabled -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SSLErrorOverrideAllowed -Type DWord -Value 0x00000000
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\SSLErrorOverrideAllowedForOrigins")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\SSLErrorOverrideAllowedForOrigins" -Force | Out-Null
}
# Here you can define what pages users can proceed to when an HTTPS warning occurs, this should mainly be used for testing or internal self-signed certificates
# For example, you have a self-signed certificate on a SIEM WebUI that's only accessible through SSH tunneling. This would be fine to allow an exception for until
# you decide to import the cert or generate a valid one.
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\SSLErrorOverrideAllowedForOrigins\" -Name "1" -Type String -Value "https://www.example.com"
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\SSLErrorOverrideAllowedForOrigins\" -Name "2" -Type String -Value "[*.]example.edu"
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\SSLErrorOverrideAllowedForOrigins\" -Name "3" -Type String -Value "https://127.0.0.1"
# Will be removed in the future, still works until it's removed
# Obsolete as of version 97
#Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\" -Name SSLVersionMin -Type String -Value "tls1.2"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\" -Name StartupBoostEnabled -Type DWord -Value 0x00000000
# 0 = Disabled
# 1 = Enabled
# 2 = Force
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SyncDisabled -Type DWord -Value 0x00000001
# 0 = Off
# 1 = Basic
# 2 = Balanced
# 3 = Strict
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name TrackingPrevention -Type DWord -Value 0x00000003
# 3DES will be removed from Edge around Oct 2021, this policy will stop working then.
# Obsolete as of version 96
#Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name TripleDESEnabled -Type DWord -Value 0x00000000
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name TyposquattingCheckerEnabled -Type Dword -Value 0x00000001
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\JavaScriptAllowedForUrls")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\JavaScriptAllowedForUrls" -Force | Out-Null
}
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\JavaScriptAllowedForUrls\" -Name "1" -Type String -Value "https://microsoft.com:443"
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\JavaScriptAllowedForUrls\" -Name "2" -Type String -Value "https://google.com:443"
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\JavaScriptAllowedForUrls\" -Name "3" -Type String -Value "https://duckduckgo.com:443"
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\URLAllowlist")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\URLAllowlist" -Force | Out-Null
}
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\URLAllowlist" -Name "1" -Type String -Value "edge://*"
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\URLAllowlist" -Name "2" -Type String -Value "file://*"
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\URLAllowlist" -Name "3" -Type String -Value "https://[*.]microsoft.com"
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\URLAllowlist" -Name "4" -Type String -Value "https://[*.]google.com"
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\URLAllowlist" -Name "4" -Type String -Value "https://[*.]duckduckgo.com"
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\URLBlocklist")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\URLBlocklist" -Force | Out-Null
}
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\URLBlocklist" -Name "1" -Type String -Value "*"
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\URLBlocklist" -Name "1" -Type String -Value "javascript://*"
# Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\URLBlocklist" -Name "1" -Type String -Value "https://[*.]example.localhost"
Write-Output "Done."
}
elseif ("$Action" -like "Undo")
{
# Undo all settings; return to defaults
Write-Output "Reseting Edge policy to defaults; removing changes in the registry..."
# Replace `Set-ItemProperty` -> `Remove-ItemProperty`
# Replace ` -Type .*$` -> ``
# Mirror above policies below this line.
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AddressBarMicrosoftSearchInBingProviderEnabled
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AdsSettingForIntrusiveAdsSites
# Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AlwaysOpenPDFExternally
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AlternateErrorPagesEnabled
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ApplicationGuardTrafficIdentificationEnabled
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AudioSandboxEnabled
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AutofillAddressEnabled
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AutofillCreditCardEnabled
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AutoImportAtFirstRun
# Review this
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AuthSchemes
# 0 = Disabled
# 1 = Upgrade when capable
# 2 = Always upgrade to https
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AutomaticHttpsDefault
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name AutoplayAllowed
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name BasicAuthOverHttpEnabled
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name BackgroundModeEnabled
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name BingAdsSuppression
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name BlockExternalExtensions
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name BlockThirdPartyCookies
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name BrowserLegacyExtensionPointsBlockingEnabled
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name BrowserSignin
# BuiltInDnsClientEnabled does not control if DNS-over-HTTPS is used; Microsoft Edge always uses its built-in resolver for DNS-over-HTTPS requests.
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name BuiltInDnsClientEnabled
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ClearBrowsingDataOnExit
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ClearCachedImagesAndFilesOnExit
# 1 = Plain text url only
# 3 = Rich text url only
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ConfigureFriendlyURLFormat
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ConfigureShare
# 1 = Allow all
# 2 = Deny all
# 4 = Clear all on exit
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultCookiesSetting
# 2 = Deny all
# 3 = Ask
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultFileSystemReadGuardSetting
# 2 = Deny all
# 3 = Ask
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultFileSystemWriteGuardSetting
# 1 = Allow
# 2 = Deny
# 3 = Ask
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultGeolocationSetting
# 2 = Deny all
# 3 = Allow exceptions
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultInsecureContentSetting
# 1 = Allow all
# 2 = Deny all
# Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultJavaScriptSetting
# 01 = Allow JIT
# 02 = Block JIT
# Disabling the JavaScript JIT will mean that Microsoft Edge may render web content more slowly, and may also disable parts of JavaScript
# including WebAssembly. Disabling the JavaScript JIT may allow Microsoft Edge to render web content in a more secure configuration.
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultJavaScriptJitSetting
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\JavaScriptJitAllowedForSites"
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\JavaScriptJitAllowedForSites")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\JavaScriptJitAllowedForSites" -Force | Out-Null
}
# Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\JavaScriptAllowedForSites\" -Name "1"
# Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\JavaScriptAllowedForSites\" -Name "2"
# Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\JavaScriptAllowedForSites\" -Name "3"
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultNotificationsSetting
# 1 = Allow all
# 2 = Deny all
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultPopupsSetting
# Default search settings only apply to Domain joined or MDM/MCX devices, see ManagedSearchEngines for this
# Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultSearchProviderContextMenuAccessAllowed
# Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultSearchProviderEnabled
# Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultSearchProviderSearchURL
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultSensorsSetting
# 2 = Deny all
# 3 = Ask
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultWebBluetoothGuardSetting
# 2 = Deny all
# 3 = Ask
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DefaultWebUsbGuardSetting
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name Disable3DAPIs
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DisplayCapturePermissionsPolicyEnabled
# This will override the BuiltInDnsClientEnabled and use Edge's built-in DNS over HTTPS resolver
# off (off) = Disable DNS-over-HTTPS
# automatic (automatic) = Enable DNS-over-HTTPS with insecure fallback
# secure (secure) = Enable DNS-over-HTTPS without insecure fallback
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DnsOverHttpsMode
# A list of separate providers is space-separated
# Use the following to check if you're using DoH:
# https://1.1.1.1/help
# https://on.quad9.net/
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DnsOverHttpsTemplates
# Check value syntax
# Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DownloadDirectory
# 0 = No restrictions
# 1 = Block dangerous
# 2 = Block dangerous and unwanted
# 3 = Block all
# Note: 2 and 3 prevent many regular downloads from working
# Great in preventing accidentally clicked links from automatically downloading remote content
# But restricts usability of many sites
# Some sites can still get around this, but are likely allow-listed by Edge & Defender
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name DownloadRestrictions
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name EdgeCollectionsEnabled
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name EnableMediaRouter
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name EnableOnlineRevocationChecks
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name EdgeShoppingAssistantEnabled
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallBlocklist"
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallBlocklist")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallBlocklist" -Force | Out-Null
}
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist"
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist" -Force | Out-Null
}
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name FavoritesBarEnabled
# Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ForceEphemeralProfiles
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name HideFirstRunExperience
# NewTabPageLocation settings only apply to Domain joined or MDM/MCX devices
# 0 = false
# 1 = true
# #Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name HomepageIsNewTabPage
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportAutofillFormData
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportBrowserSettings
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportCookies
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportExtensions
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportFavorites
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportHistory
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportHomepage
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportOpenTabs
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportPaymentInfo
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportSavedPasswords
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportSearchEngine
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportShortcuts
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ImportStartupPageSettings
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name InPrivateModeAvailability
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name InsecurePrivateNetworkRequestsAllowed
# 0 = None
# 1 = IE Edge mode
# 2 = IE Stand-alone mode
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name InternetExplorerIntegrationLevel
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name InternetExplorerIntegrationReloadInIEModeAllowed
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name LocalProvidersEnabled
# Dictionary of default search providers
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\" -Name ManagedSearchEngines
# Obsolete after Edge 88
# MetricsReportingEnabled
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name NativeMessagingUserLevelHosts
# NetworkPredictionAlways (0) = Predict network actions on any network connection
# NetworkPredictionWifiOnly (1) = Not supported, if this value is used it will be treated as if 'Predict network actions on any network connection' (0) was set
# NetworkPredictionNever (2) = Don't predict network actions on any network connection
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name NetworkPredictionOptions
# 1 = Disable image of the day
# 2 = Disable custom image
# 3 = Disable all
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name NewTabPageAllowedBackgroundTypes
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name NewTabPageContentEnabled
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name NewTabPageHideDefaultTopSites
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name NewTabPageQuickLinksEnabled
# NewTabPageLocation settings only apply to Domain joined or MDM/MCX devices
# Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name NewTabPageLocation
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name NewTabPageSearchBox
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name PasswordManagerEnabled
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name PaymentMethodQueryEnabled
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name PersonalizationReportingEnabled
# SmartScreen settings only apply to Domain joined or MDM/MCX devices
# Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name PreventSmartScreenPromptOverride
# SmartScreen settings only apply to Domain joined or MDM/MCX devices
# Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name PreventSmartScreenPromptOverrideForFiles
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\" -Name PromotionalTabsEnabled
# Need to confirm what this is doing
# Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\" -Name QuicAllowed
# Not available
# RemoteAccessHostFirewallTraversal
# Need to confirm what this is doing
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\" -Name ResolveNavigationErrorsUseWebService
# RestoreOnStartup settings only apply to Domain joined or MDM/MCX devices
# Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\" -Name RestoreOnStartup
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\SaveCookiesOnExit"
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\SaveCookiesOnExit")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\SaveCookiesOnExit" -Force | Out-Null
}
# 0 = False
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SavingBrowserHistoryDisabled
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SearchSuggestEnabled
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SharedArrayBufferUnrestrictedAccessAllowed
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ShowMicrosoftRewards
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name ShowRecommendationsEnabled
# Not available
# ShowFullUrlsInAddressBar
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SitePerProcess
# SmartScreen settings only apply to Domain joined or MDM/MCX devices
# Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SmartScreenEnabled
# SmartScreen settings only apply to Domain joined or MDM/MCX devices
# Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SmartScreenForTrustedDownloadsEnabled
# SmartScreen settings only apply to Domain joined or MDM/MCX devices
# Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SmartScreenPuaEnabled
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SpellcheckEnabled
# 0 = Disabled
# 1 = Enabled
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SpotlightExperiencesAndRecommendationsEnabled
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SSLErrorOverrideAllowed
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SSLErrorOverrideAllowedForOrigins
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\SSLErrorOverrideAllowedForOrigins")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\SSLErrorOverrideAllowedForOrigins" -Force | Out-Null
}
# Will be removed in the future, still works until it's removed
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\" -Name SSLVersionMin
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\" -Name StartupBoostEnabled
# 0 = Disabled
# 1 = Enabled
# 2 = Force
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name SyncDisabled
# 0 = Off
# 1 = Basic
# 2 = Balanced
# 3 = Strict
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name TrackingPrevention
# 3DES will be removed from Edge around Oct 2021, this policy will stop working then.
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name TripleDESEnabled
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name TyposquattingCheckerEnabled
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\JavaScriptAllowedForUrls"
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\JavaScriptAllowedForUrls")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\JavaScriptAllowedForUrls" -Force | Out-Null
}
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\URLAllowlist"
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\URLAllowlist")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\URLAllowlist" -Force | Out-Null
}
Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\URLBlocklist"
If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\URLBlocklist")) {
New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge\URLBlocklist" -Force | Out-Null
}
Write-Output "Done."
}
else
{
Write-Output "Usage: Set-EdgePolicy [Apply|Undo]"
}
}