Translation: GPO 'Tracking Protection' missing information

[htcfreek]

GPO: Tracking protection (moved)
Translation language: de-de

Missing: The phrase (moved).

This gpo movement is a bit confusing. Could you describe where it is moved to or remove the old definition because it makes the reports strange.

[htcfreek]

And the readme is missing the entire tracking protection group and a hint about the movement

[mkaply]

The readme doesn't need to be changed when things are moved in the Windows GPO. The content is in the same place as it always was:

https://github.com/mozilla/policy-templates/#enabletrackingprotection

All that changes is where it is located in the GPO UI and the Intune URLS.

Again, I'm unclear as to what you mean by "reports"

[htcfreek]

Again, I'm unclear as to what you mean by "reports"

This page/overview (example image from web): https://images.app.goo.gl/78ZWrJ8KDcrhvh5b9

[htcfreek]

@mkaply
I think the first step here is fixing the translation and add the movement note. (Can do this too.)

The second step is to evaluate how the code has to be improved that the overview/report is correct: Only the configured policies shows as configured. (Screenshot about the current behavior come tomorrow.)

[htcfreek]

Here is a screenshot of the problem with the incorrect report/configuration overview:

[mkaply]

This seems like a Microsoft bug when something is duplicated in two places in the GPO.

What's the command you run to generate this specific report? My report doesn't show the Firefox items.

[htcfreek]

This seems like a Microsoft bug when something is duplicated in two places in the GPO.

Yes. Seen today that some settings from ms templates are affected too. There is a conflict between printer.admx and ms-securityguid admx templates. 😅

What's the command you run to generate this specific report? My report doesn't show the Firefox items.

There is no command. The report is generated by the "Group Policy Management Application".

But you can try to reproduce it locally with the following steps:

1. Copy the admx and adml-folder to c:\windows\policy definition
2. set gpo via gpedit.msc
3. run gpresult /h c:\mypath.html in cmd
4. open html file and see if it contains the ff policies

[htcfreek]

A small description how gpos work:

The admx/adml files define which settings are existing.

If you set one, then the registry path is written in a file called registry.pol and the comments are written into the comments.cmtx file. For each gpo object there is one file set for user context and one for machine context.

Client configuration
The registry.pol files will be synced to the client and the client reads them and sets the reg values in its registry. (There a program can read them.)

Reports
The report reads the registry.pol file and assigns the reg values to the values in the admx/adml files. So if there are two definitions for a reg key it makes sense that you get incorrect things in the reports as the 1:1 assignment isn't working anymore.

Mapping of report comments
The comments are mapped based on the admx file name and the policy file name/id. (For example "firefox.admx" and "E_TrackingProtection_Locked".)

[mkaply]

So I guess the real question is then do I need to have them in two places? Or if I move a policy and then remove the old one, will the new setting be set?

[htcfreek]

So I guess the real question is then do I need to have them in two places? Or if I move a policy and then remove the old one, will the new setting be set?

You don't need two place (Except when the regkey path/value changes.)

Then only thing that will happen is that the comments created by the admin will be lost/can't be assigned to show in the management ui anymore. (The comments are mapped based on the admx file name and the policy file name/id. For example "firefox.admx" and "E_TrackingProtection_Locked".)

But if you write a hint in the release notes admins can export a report/makes screenshot and create the comments again. So I think it won't be a problem to remove the old entries in the admx.