I worked really, really hard to learn to play the piano accompaniment at mass. It took me a whole year to be able to play the entire mass. I started by playing just 1 song for each mass because 1 song was all that I was comfortable learning and then playing within a single week. Thankfully, the music director was extremely supportive; she would play the rest of the songs each week to make this scenario possible. I doubt that there are very many music directors out there that would be willing to do that.
Over time, I became comfortable learning and playing 2 songs in a week; then finally 3 songs. Eventually, I was able to play 4 songs in a week not because I could learn 4 songs in a week, but rather it was because I already knew 1 of the songs. Over time, I knew so many songs that I could play the whole mass each week!
That same music director suggested to me that I could earn extra money playing wedding and funeral masses if I had a playlist that I could provide to people of songs that I could play. I never did monetize my piano skills, but I did create the playlist that she suggested. By the time that I stopped playing at mass, I had more than 100 songs in my playlist 🙂
This is a long-winded way of telling you where this playlist concept came from and how it applies to Microsoft CSPs. I’m not sure what people out there want to know about how to successfully apply the policies, so I figured that if I posted my playlist, then people could send me a note or comment and tell me which policies they are having issues with so that I can share my experience on how to successfully apply them.
It is probably obvious from my posts so far that I strongly perfer using custom XML to configure Windows 10 devices because of the level of control that you have over the application and removal of each individual setting.
That said, here is my Playlist – please do let me know which ones you are having trouble with!! I will include links to any posts that I have written on these topics.
Every CSP I Have Ever Used
Custom ADMX Policies
AboveLock\AllowCortanaAboveLock
AboveLock\AllowToasts
Accounts\AllowAddingNonMicrosoftAccountsManually
Accounts\AllowMicrosoftAccountConnection
Accounts\Domain
Accounts\Users
ApplicationManagement\AllowAllTrustedApps
ApplicationManagement\AllowDeveloperUnlock
ApplicationManagement\AllowGameDVR
ApplicationManagement\MSIAllowUserControlOverInstall
Applocker\ApplicationLaunchRestrictions
AppRuntime\AllowMicrosoftAccountsToBeOptional
Autoplay\DisallowAutoplayForNonVolumeDevices
Autoplay\SetDefaultAutoRunBehavior
Autoplay\TurnOffAutoPlay
Bitlocker\EncryptionMethodByDriveType
Browser\AllowPasswordManager
Browser\AllowPopups
Browser\ConfigureHomeButton
Browser\ConfigureOpenMicrosoftEdgeWith
Browser\DisableLockdownOfStartPages
Browser\EnterpriseModeSiteList
Browser\HomePages
Browser\PreventCertErrorOverrides
Browser\PreventFirstRunPage
Browser\SetHomeButtonURL
Browser\SyncFavoritesBetweenIEAndMicrosoftEdge
Connectivity\DisableDownloadingOfPrintDriversOverHTTP
Connectivity\DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards
Connectivity\HardenedUNCPaths
ControlPolicyConflict\MDMWinsOverGP
CredentialProviders\BlockPicturePassword
CredentialsDelegation\RemoteHostAllowsDelegationOfNonExportableCredentials
CredentialsUI\EnumerateAdministrators
DataProtection\AllowAzureRMSForEDP
DataProtection\AllowDirectMemoryAccess
DataProtection\EDPShowIcons
DataProtection\RevokeOnMDMHandoff
DataProtection\RevokeOnUnenroll
DeliveryOptimization\DODownloadMode
DeviceGuard\ConfigureSystemGuardLaunch
DeviceGuard\EnableVirtualizationBasedSecurity
DeviceGuard\LsaCfgFlags
DeviceGuard\RequirePlatformSecurityFeatures
DeviceLock\AllowSimpleDevicePassword
DeviceLock\AlphanumericDevicePasswordRequired
DeviceLock\DevicePasswordEnabled
DeviceLock\DevicePasswordExpiration
DeviceLock\DevicePasswordHistory
DeviceLock\MaxDevicePasswordFailedAttempts
DeviceLock\MaxInactivityTimeDeviceLock
DeviceLock\MinDevicePasswordComplexCharacters
DeviceLock\MinDevicePasswordLength
DeviceLock\MinimumPasswordAge
DeviceLock\PreventLockScreenSlideShow
EventLogService\SpecifyMaximumFileSizeApplicationLog
EventLogService\SpecifyMaximumFileSizeSecurityLog
EventLogService\SpecifyMaximumFileSizeSystemLog
Experience\AllowManualMDMUnenrollment
Experience\AllowWindowsConsumerFeatures
Experience\AllowThirdPartySuggestionsInWindowsSpotlight
FileExplorer\TurnOffDataExecutionPreventionForExplorer
FileExplorer\TurnOffHeapTerminationOnCorruption
Firewall
InternetExplorer\AllowAddonlist
InternetExplorer\AllowAutoComplete
InternetExplorer\AllowEnterpriseModeSiteList
InternetExplorer\AllowSiteToZoneAssignmentList
InternetExplorer\CheckServerCertificateRevocation
InternetExplorer\DisableFirstRunWizard
InternetExplorer\DisableHomePageChange
InternetExplorer\DisableSecondaryHomePageChange
InternetExplorer\DoNotAllowUsersToAddSites
InternetExplorer\DoNotAllowUsersToChangePolicies
InternetExplorer\DoNotBlockOutdatedActiveXControls
InternetExplorer\IncludeAllLocalSites
InternetExplorer\IncludeAllNetworkPaths
InternetExplorer\InternetZoneAllowAccessToDataSources
InternetExplorer\InternetZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer\InternetZoneAllowAutomaticPromptingForFileDownloads
InternetExplorer\InternetZoneAllowCopyPasteViaScript
InternetExplorer\InternetZoneAllowDragAndDropCopyAndPasteFiles
InternetExplorer\InternetZoneAllowFontDownloads
InternetExplorer\InternetZoneAllowLessPrivilegedSites
InternetExplorer\InternetZoneAllowScriptInitiatedWindows
InternetExplorer\InternetZoneAllowUserDataPersistence
InternetExplorer\InternetZoneDownloadSignedActiveXControls
InternetExplorer\InternetZoneDownloadUnsignedActiveXControls
InternetExplorer\InternetZoneEnableMIMESniffing
InternetExplorer\InternetZoneInitializeAndScriptActiveXControls
InternetExplorer\InternetZoneJavaPermissions
InternetExplorer\InternetZoneLaunchingApplicationsAndFilesInIFRAME
InternetExplorer\InternetZoneLogonOptions
InternetExplorer\InternetZoneNavigateWindowsAndFrames
InternetExplorer\InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
InternetExplorer\InternetZoneUsePopupBlocker
InternetExplorer\IntranetZoneJavaPermissions
InternetExplorer\TrustedSitesZoneAllowAccessToDataSources
InternetExplorer\TrustedSitesZoneAllowAutomaticPromptingForActiveXControls
InternetExplorer\TrustedSitesZoneAllowFontDownloads
InternetExplorer\TrustedSitesZoneAllowNETFrameworkReliantComponents
InternetExplorer\TrustedSitesZoneJavaPermissions
InternetExplorer\TrustedSitesZoneNavigateWindowsAndFrames
LanmanWorkstation\EnableInsecureGuestLogons
LocalPoliciesSecurityOptions\Accounts_BlockMicrosoftAccounts
LocalPoliciesSecurityOptions\Accounts_EnableAdministratorAccountStatus
LocalPoliciesSecurityOptions\Accounts_EnableGuestAccountStatus
LocalPoliciesSecurityOptions\Accounts\LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
LocalPoliciesSecurityOptions\Accounts_RenameAdministratorAccount
LocalPoliciesSecurityOptions\InteractiveLogon_DoNotDisplayLastSignedIn
LocalPoliciesSecurityOptions\InteractiveLogon_DoNotRequireCTRLALTDEL
LocalPoliciesSecurityOptions\InteractiveLogon_MachineInactivityLimit
LocalPoliciesSecurityOptions\InteractiveLogon_MessageTextForUsersAttemptingToLogOn
LocalPoliciesSecurityOptions\InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
LocalPoliciesSecurityOptions\MicrosoftNetworkClient_DigitallySignCommunicationsAlways
LocalPoliciesSecurityOptions\MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
LocalPoliciesSecurityOptions\MicrosoftNetworkServer_DigitallySignCommunicationsAlways
LocalPoliciesSecurityOptions\NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
LocalPoliciesSecurityOptions\NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
LocalPoliciesSecurityOptions\NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
LocalPoliciesSecurityOptions\NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
LocalPoliciesSecurityOptions\NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
LocalPoliciesSecurityOptions\NetworkSecurity_LANManagerAuthenticationLevel
LocalPoliciesSecurityOptions\NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients
LocalPoliciesSecurityOptions\NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
LocalPoliciesSecurityOptions\UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
LocalPoliciesSecurityOptions\UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
LocalPoliciesSecurityOptions\UserAccountControl_RunAllAdministratorsInAdminApprovalMode
LocalPoliciesSecurityOptions\UserAccountControl_UseAdminApprovalMode
LocalPoliciesSecurityOptions\UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
MSSecurityGuide\ApplyUACRestrictionsToLocalAccountsOnNetworkLogon
MSSecurityGuide\ConfigureSMBV1ClientDriver
MSSecurityGuide\ConfigureSMBV1Server
MSSecurityGuide\EnableStructuredExceptionHandlingOverwriteProtection
MSSecurityGuide\WDigestAuthentication
MSLegacy\AllowICMPRedirectsToOverrideOSPFGeneratedRoutes
MSLegacy\AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers
MSLegacy\IPSourceRoutingProtectionLevel
MSLegacy\IPv6SourceRoutingProtectionLevel
NetworkProxy
Office
PassportForWork
Personalization\DesktopImageUrl
Power\AllowStandbyStatesWhenSleepingOnBattery
Power\RequirePasswordWhenComputerWakesOnBattery
Power\RequirePasswordWhenComputerWakesPluggedIn
Power\StandbyTimeoutOnBattery
Power\StandbyTimeoutPluggedIn
Printers\PublishPrinters
Reboot\Schedule
RemoteAssitance\SolicitedRemoteAssistance
RemoteDesktopServices\ClientConnectionEncryptionLevel
RemoteDesktopServices\DoNotAllowDriveRedirection
RemoteDesktopServices\DoNotAllowPasswordSaving
RemoteDesktopServices\PromptForPasswordUponConnection
RemoteDesktopServices\RequireSecureRPCCommunication
RemoteManagement\AllowBasicAuthentication_Client
RemoteManagement\AllowBasicAuthentication_Service
RemoteManagement\AllowUnencryptedTraffic_Client
RemoteManagement\AllowUnencryptedTraffic_Service
RemoteManagement\DisallowDigestAuthentication
RemoteManagement\DisallowStoringOfRunAsCredentials
RemoteProcedureCall\RestrictUnauthenticatedRPCClients
Restricted Groups
Search\AllowIndexingEncryptedStoresOrItems
Security\AllowAutomaticDeviceEncryptionForAzureADJoinedDevices
Settings\AllowAutoPlay
Settings\PageVisibilityList
Start\ImportEdgeAssets
Start\StartLayout
Storage\RemovableDiskDenyWriteAccess
System\AllowStorageCard
System\AllowTelemetry
Update\AllowAutoUpdate
Update\AllowMUUpdateService
Update\AutoRestartDeadlinePeriodInDays
Update\AutoRestartNotificationSchedule
Update\AutoRestartRequiredNotificationDismissal
Update\BranchReadinessLevel
Update\DeferFeatureUpdatesPeriodInDays
Update\DeferQualityUpdatesPeriodInDays
Update\EngagedRestartDeadline
Update\EngagedRestartSnoozeSchedule
Update\EngagedRestartTransitionSchedule
Update\PauseFeatureUpdates
Update\PauseQualityUpdates
Wifi\AllowAutoConnectToWiFiSenseHotspots
Wifi\AllowInternetSharin
WiFi\Profile
WindowsConnectionManager\PohitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork
WindowsDefenderSecurityCenter\DisableEnhancedNotifications
WindowsDefenderSecurityCenter\DisableNotifications
WindowsInkWorkspace\AllowWindowsInkWorkspace
WindowsLogon\HideFastUserSwitching
WindowsLogon\SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart
WindowsPowerShell\TurnOnPowerShellScriptBlockLogging
WiredNetwork\LanXML