Customize message for Access Denied errors
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
System > Access-Denied Assistance
Supported on
At least Windows Server 2012, Windows 8 or Windows RT

Supported OS tags: Windows10, Windows10RT, Windows11, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2012, WindowsServer2012R2, WindowsServer2016

This policy setting specifies the message that users see when they are denied access to a file or folder. You can customize the Access Denied message to include additional text and links. You can also provide users with the ability to send an email to request access to the file or folder to which they were denied access. If you enable this policy setting, users receive a customized Access Denied message from the file servers on which this policy setting is applied. If you disable this policy setting, users see a standard Access Denied message that doesn't provide any of the functionality controlled by this policy setting, regardless of the file server configuration. If you do not configure this policy setting, users see a standard Access Denied message unless the file server is configured to display the customized Access Denied message. By default, users see the standard Access Denied message.

Internal name
AccessDeniedConfiguration
Policy ID
04a6789b2165
Elements
9

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
Computer
Path
SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied
Value name
Enabled
REG_DWORD
HKLM
1
HKLM
0
Registry location
Type REG_DWORD · Computer
Path
SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied
Value name
Enabled
Hive
HKLM
Enabled value
1
Disabled value
0

Policy elements

Inputs and configuration options exposed by this policy.

ScopeElementTypeRegistry mappingConstraints & behaviorCopy
Computer
Additional recipients:
ID AdditonalEmailToText
text
Path
SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied
Value name
AdditonalEmailTo
Type
REG_SZ
None
Computer
ErrorMessageText
ID ErrorMessageText
list
Path
SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied
Value name
ErrorMessage
Type
REG_MULTI_SZ
None
Computer
EmailMessageText
ID EmailMessageText
list
Path
SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied
Value name
EmailMessage
Type
REG_MULTI_SZ
None
Computer
Enable users to request assistance
ID AllowEmailRequestsCheck
boolean
Path
SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied
Value name
AllowEmailRequests
Type
REG_DWORD
Options: true (), false ()
True: None · False: None
Computer
Folder owner
ID PutDataOwnerOnToCheck
boolean
Path
SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied
Value name
PutDataOwnerOnTo
Type
REG_DWORD
Options: true (), false ()
True: None · False: None
Computer
File server administrator
ID PutAdminOnToCheck
boolean
Path
SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied
Value name
PutAdminOnTo
Type
REG_DWORD
Options: true (), false ()
True: None · False: None
Computer
Include device claims
ID IncludeDeviceClaimsCheck
boolean
Path
SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied
Value name
IncludeDeviceClaims
Type
REG_DWORD
Options: true (), false ()
True: None · False: None
Computer
Include user claims
ID IncludeUserClaimsCheck
boolean
Path
SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied
Value name
IncludeUserClaims
Type
REG_DWORD
Options: true (), false ()
True: None · False: None
Computer
Log emails in Application and Services event log
ID GenerateLogCheck
boolean
Path
SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied
Value name
GenerateLog
Type
REG_DWORD
Options: true (), false ()
True: None · False: None
Additional recipients:
Computer · Type text
Registry mapping
Path
SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied
Value name
AdditonalEmailTo
Type
REG_SZ
DetailsNone
ErrorMessageText
Computer · Type list
Registry mapping
Path
SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied
Value name
ErrorMessage
Type
REG_MULTI_SZ
DetailsNone
EmailMessageText
Computer · Type list
Registry mapping
Path
SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied
Value name
EmailMessage
Type
REG_MULTI_SZ
DetailsNone
Enable users to request assistance
Computer · Type boolean
Registry mapping
Path
SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied
Value name
AllowEmailRequests
Type
REG_DWORD
Details
Options: true (), false ()
True: None · False: None
Folder owner
Computer · Type boolean
Registry mapping
Path
SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied
Value name
PutDataOwnerOnTo
Type
REG_DWORD
Details
Options: true (), false ()
True: None · False: None
File server administrator
Computer · Type boolean
Registry mapping
Path
SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied
Value name
PutAdminOnTo
Type
REG_DWORD
Details
Options: true (), false ()
True: None · False: None
Include device claims
Computer · Type boolean
Registry mapping
Path
SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied
Value name
IncludeDeviceClaims
Type
REG_DWORD
Details
Options: true (), false ()
True: None · False: None
Include user claims
Computer · Type boolean
Registry mapping
Path
SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied
Value name
IncludeUserClaims
Type
REG_DWORD
Details
Options: true (), false ()
True: None · False: None
Log emails in Application and Services event log
Computer · Type boolean
Registry mapping
Path
SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied
Value name
GenerateLog
Type
REG_DWORD
Details
Options: true (), false ()
True: None · False: None