Policy

Customize message for Access Denied errors

Windows 11 25H2

Back to categoryOpen picker

Policy overview

Key metadata and intent for this policy.

ClassComputer
CategorySystem > Access-Denied Assistance
Supported onAt least Windows Server 2012, Windows 8 or Windows RT

Supported OS tags: Windows10, Windows10RT, Windows11, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2012, WindowsServer2012R2, WindowsServer2016

This policy setting specifies the message that users see when they are denied access to a file or folder. You can customize the Access Denied message to include additional text and links. You can also provide users with the ability to send an email to request access to the file or folder to which they were denied access. If you enable this policy setting, users receive a customized Access Denied message from the file servers on which this policy setting is applied. If you disable this policy setting, users see a standard Access Denied message that doesn't provide any of the functionality controlled by this policy setting, regardless of the file server configuration. If you do not configure this policy setting, users see a standard Access Denied message unless the file server is configured to display the customized Access Denied message. By default, users see the standard Access Denied message.

Internal name
AccessDeniedConfiguration
Policy ID
04a6789b2165
Elements
9

Registry values

How enabled and disabled states update the registry.

Registry locationTypeEnabled valueDisabled value
HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied\EnabledREG_DWORD
1
0

Policy elements

Inputs and configuration options exposed by this policy.

ElementTypeRegistry mappingConstraints & behavior
Additional recipients:
ID AdditonalEmailToText
text
HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied\AdditonalEmailTo
Type REG_SZ
None
ErrorMessageText
ID ErrorMessageText
list
HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied\ErrorMessage
Type REG_MULTI_SZ
None
EmailMessageText
ID EmailMessageText
list
HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied\EmailMessage
Type REG_MULTI_SZ
None
Enable users to request assistance
ID AllowEmailRequestsCheck
boolean
HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied\AllowEmailRequests
Type REG_DWORD
Options: true (), false ()
True: None · False: None
Folder owner
ID PutDataOwnerOnToCheck
boolean
HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied\PutDataOwnerOnTo
Type REG_DWORD
Options: true (), false ()
True: None · False: None
File server administrator
ID PutAdminOnToCheck
boolean
HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied\PutAdminOnTo
Type REG_DWORD
Options: true (), false ()
True: None · False: None
Include device claims
ID IncludeDeviceClaimsCheck
boolean
HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied\IncludeDeviceClaims
Type REG_DWORD
Options: true (), false ()
True: None · False: None
Include user claims
ID IncludeUserClaimsCheck
boolean
HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied\IncludeUserClaims
Type REG_DWORD
Options: true (), false ()
True: None · False: None
Log emails in Application and Services event log
ID GenerateLogCheck
boolean
HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied\GenerateLog
Type REG_DWORD
Options: true (), false ()
True: None · False: None

Other policies in this category

Explore related policies at the same level.