Updated EMET.admx file to enable disabled settings for Default sets

 

An EMET customer pointed out that for the Default Sets in the .admx GPO’s the “Disabled” setting wasn’t actually doing anything. 

image

After some review of it appeared that these 3 settings have an <enabledList> however no <disabledList> in the GPO to control them which in turn meant the Disabled button didn’t perform a removal of the registry keys.  Setting to Not Configured would remove them however in a tiered GPO situation an Enabled would take precedence over a Not Configured Setting.

I’ve attached an updated emet.admx file to this post that contains settings that will make the Disabled setting properly work.  If you use emet.admx in your environment I recommend replacing the copy you currently have in your SYSVOL Policy Definitions folder (the emet.adml doesn’t need any changes).

Here is the link to get an updated copy.  https://1drv.ms/1wl5EN6