Policy
User management of sharing user name, account picture, and domain information with apps (not desktop apps)
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2012, WindowsServer2012R2, WindowsServer2016
This setting prevents users from managing the ability to allow apps to access the user name, account picture, and domain information. If you enable this policy setting, sharing of user name, picture and domain information may be controlled by setting one of the following options: "Always on" - users will not be able to change this setting and the user's name and account picture will be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will also be able to retrieve the user's UPN, SIP/URI, and DNS. "Always off" - users will not be able to change this setting and the user's name and account picture will not be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will not be able to retrieve the user's UPN, SIP/URI, and DNS. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources. If you do not configure or disable this policy the user will have full control over this setting and can turn it off and on. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources if users choose to turn the setting off.
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
Action: ID AllowUserInfoAccess | enum | HKLM\Software\Policies\Microsoft\Windows\System\AllowUserInfoAccess Type REG_DWORD | Options: Always on (1), Always off (2) |
Other policies in this category
Explore related policies at the same level.
- ComputerAdd the Administrators security group to roaming user profilesAt least Windows Server 2003 operating systems or Windows XP Professional
- UserConnect home directory to root of the shareWindows Server 2003, Windows XP, and Windows 2000 only
- ComputerControl slow network connection timeout for user profilesAt least Windows 2000
- ComputerDelete cached copies of roaming profilesAt least Windows 2000
- ComputerDelete user profiles older than a specified number of days on system restartAt least Windows Vista
- ComputerDisable detection of slow network connectionsAt least Windows 2000
- ComputerDo not check for user ownership of Roaming Profile FoldersAt least Windows Server 2003 operating systems, Windows XP Professional Service Pack 1, or Windows 2000 Service Pack 4
- ComputerDo not forcefully unload the users registry at user logoffAt least Windows Vista
- ComputerDo not log users on with temporary profilesAt least Windows 2000
- ComputerDownload roaming profiles on primary computers onlyAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerEstablish timeout value for dialog boxesWindows Server 2003, Windows XP, and Windows 2000 only
- UserExclude directories in roaming profileAt least Windows 2000