docs/windows/policy: add ADMX policy definition for AllowTailscaledRestart

Updates tailscale/corp#32675 Signed-off-by: Nick Khyl <nickk@tailscale.com>
2025-10-27 03:32:03 +00:00 · 2025-09-25 18:15:58 -05:00
parent f715ee2be9
commit 0b994ef2fe
2 changed files with 23 additions and 0 deletions
--- a/docs/windows/policy/en-US/tailscale.adml
+++ b/docs/windows/policy/en-US/tailscale.adml
@@ -20,6 +20,7 @@
            <string id="SINCE_V1_82">Tailscale version 1.82.0 and later</string>
            <string id="SINCE_V1_84">Tailscale version 1.84.0 and later</string>
            <string id="SINCE_V1_86">Tailscale version 1.86.0 and later</string>
+            <string id="SINCE_V1_90">Tailscale version 1.90.0 and later</string>
            <string id="Tailscale_Category">Tailscale</string>
            <string id="UI_Category">UI customization</string>
            <string id="Settings_Category">Settings</string>
@@ -121,6 +122,14 @@ If you enable this policy setting, you can specify how long Tailscale will wait
 If you disable or don't configure this policy setting, Tailscale will only reconnect if a user chooses to or if required by a different policy setting.

 Refer to https://pkg.go.dev/time#ParseDuration for information about the supported duration strings.]]></string>
+            <string id="AllowTailscaledRestart">Allow users to restart tailscaled</string>
+            <string id="AllowTailscaledRestart_Help"><![CDATA[This policy setting controls whether users are allowed to fully reset the connection by restarting tailscaled. This can be useful for troubleshooting certain connectivity issues.
+
+If you enable this policy setting, the "Restart Connection" menu item will be shown in the Tailscale menu.
+
+If you disable this policy setting, the "Restart Connection" menu item is hidden and restarting tailscaled isn't allowed.
+
+If you do not configure this policy setting, the behavior may vary depending on the Tailscale version and other factors, such as user access rights on the device.]]></string>
            <string id="ExitNodeAllowLANAccess">Allow Local Network Access when an Exit Node is in use</string>
            <string id="ExitNodeAllowLANAccess_Help"><![CDATA[This policy can be used to require that the Allow Local Network Access setting is configured a certain way.

--- a/docs/windows/policy/tailscale.admx
+++ b/docs/windows/policy/tailscale.admx
@@ -70,6 +70,10 @@
                  displayName="$(string.SINCE_V1_86)">
        <and><reference ref="TAILSCALE_PRODUCT"/></and>
      </definition>
+      <definition name="SINCE_V1_90"
+                  displayName="$(string.SINCE_V1_90)">
+        <and><reference ref="TAILSCALE_PRODUCT"/></and>
+      </definition>
    </definitions>
  </supportedOn>
  <categories>
@@ -187,6 +191,16 @@
        <text id="ReconnectAfterDelay" valueName="ReconnectAfter" required="true" />
      </elements>
    </policy>
+    <policy name="AllowTailscaledRestart" class="Machine" displayName="$(string.AllowTailscaledRestart)" explainText="$(string.AllowTailscaledRestart_Help)" key="Software\Policies\Tailscale" valueName="AllowTailscaledRestart">
+      <parentCategory ref="Settings_Category" />
+      <supportedOn ref="SINCE_V1_90" />
+      <enabledValue>
+        <decimal value="1" />
+      </enabledValue>
+      <disabledValue>
+        <decimal value="0" />
+      </disabledValue>
+    </policy>
    <policy name="ExitNodeAllowLANAccess" class="Machine" displayName="$(string.ExitNodeAllowLANAccess)" explainText="$(string.ExitNodeAllowLANAccess_Help)" key="Software\Policies\Tailscale" valueName="ExitNodeAllowLANAccess">
      <parentCategory ref="Settings_Category" />
      <supportedOn ref="PARTIAL_FULL_SINCE_V1_56" />