| Status Code | -Count of EventResult | Mapping | User-Friendly Message | Action admin should take | @@ -467,21 +465,18 @@ This section liss status codes, mapping, user messages, and actions an admin can
|---|---|---|---|---|
-2063532030 |
-3849 |
E_HTTP_DENIED |
The password must be updated. |
Update the password. |
-2147012867 |
-1234 |
WININET_E_CANNOT_CONNECT |
Can’t connect to the server right now. Wait a while and try again, or check the account settings. |
Verify that the server name is correct and reachable. Verify that the device is connected to the network. |
-2046817239 |
-316 |
E_NEXUS_STATUS_DEVICE_NOTPROVISIONED (policies don’t match) |
The account is configured with policies not compatible with Surface Hub . |
@@ -490,105 +485,90 @@ This section liss status codes, mapping, user messages, and actions an admin can
|
-2046817204 |
-145 |
E_NEXUS_STATUS_MAXIMUMDEVICESREACHED |
The account has too many device partnerships. |
Delete one or more partnerships on the server. |
-2046817270 |
-93 |
E_NEXUS_STATUS_SERVERERROR_RETRYLATER |
Can’t connect to the server right now. |
Wait until the server comes back online. If the issue persists, re-provision the account. |
-2063269885 |
-28 | E_CREDENTIALS_EXPIRED (Credentials have expired and need to be updated) |
The password must be updated. |
Update the password. |
-2063269875 |
-14 | E_AIRSYNC_RESET_RETRY |
Can’t connect to the server right now. Wait a while or check the account’s settings. |
This is normally a transient error but if the issue persists check the number of devices associated with the account and delete some of them if the number is large. |
-2046817258 |
-14 | E_NEXUS_STATUS_USER_HASNOMAILBOX |
The mailbox was migrated to a different server. |
You should never see this error. If the issue persists, re-provision the account. |
-2063532028 |
-12 | E_HTTP_FORBIDDEN |
Can’t connect to the server right now. Wait a while and try again, or check the account’s settings. |
Verify the server name to make sure it is correct. If the account is using cert based authentication make sure the certificate is still valid and update it if not. |
-2063400920 |
-12 | E_ACTIVESYNC_PASSWORD_OR_GETCERT |
The account’s password or client certificate are missing or invalid. |
Update the password and/or deploy the client certificate. |
-2046817238 |
-12 | E_NEXUS_STATUS_DEVICE_POLICYREFRESH |
The account is configured with policies not compatible with Surface Hub. |
Disable the PasswordEnabled policy for this account. |
-2063269886 |
-7 | E_CREDENTIALS_UNAVAILABLE |
The password must be updated. |
Update the password. |
-2147012894 |
-6 | WININET_E_TIMEOUT |
The network doesn’t support the minimum idle timeout required to receive server notification, or the server is offline. |
Verify that the server is running. Verify the NAT settings. |
-2063589372 |
-6 | E_FAIL_ABORT |
This error is used to interrupt the hanging sync, and will not be exposed to users. It will be shown in the telemetry if you force an interactive sync, delete the account, or update its settings. |
Nothing. |
-2063532009 |
-5 | E_HTTP_SERVICE_UNAVAIL |
Can’t connect to the server right now. Wait a while or check the account’s settings. |
Verify the server name to make sure it is correct. Wait until the server comes back online. If the issue persists, re-provision the account. |
-2046817267 |
-4 | E_NEXUS_STATUS_MAILBOX_SERVEROFFLINE |
Can’t connect to the server right now. Wait a while or check the account’s settings. |
Verify the server name to make sure it is correct. Wait until the server comes back online. If the issue persists, re-provision the account. |
-2063400921 |
-3 | E_ACTIVESYNC_GETCERT |
The Exchange server requires a certificate. |
Import the appropriate EAS certificate on the Surface Hub. |
-2046817237 |
-2 | E_NEXUS_STATUS_INVALID_POLICYKEY |
The account is configured with policies not compatible with Surface Hub. |
Disable the PasswordEnabled policy for this account. @@ -596,14 +576,12 @@ This section liss status codes, mapping, user messages, and actions an admin can |
-2063532027 |
-1 | E_HTTP_NOT_FOUND |
The server name is invalid. |
Verify the server name to make sure it is correct. If the issue persists, re-provision the account. |
-2063532012 |
-1 | E_HTTP_SERVER_ERROR |
Can’t connect to the server. |
Verify the server name to make sure it is correct. Trigger a sync and, if the issue persists, re-provision the account. |
@@ -611,34 +589,29 @@ This section liss status codes, mapping, user messages, and actions an admin can
0x80072ee7 |
- | The server name or address could not be resolved. |
Make sure the server name is entered correctly. |
|
0x8007052f |
- | While auto-discovering the Exchange server, a policy is applied that prevents the logged-in user from logging in to the server. |
This is a timing issue. Re-verify the account's credentials. Try to re-provision when they're correct. |
|
0x800c0019 |
- | Security certificate required to access this resource is invalid. |
Install the correct ActiveSync certificate needed for the provided device account. |
|
0x80072f0d |
- | The certificate authority is invalid or is incorrect. Could not auto-discover the Exchange server because a certificate is missing. |
Install the correct ActiveSync certificate needed for the provided device account. |
|
0x80004005 |
-E_FAIL |
The domain provided couldn't be found. The Exchange server could not be auto-discovered and was not provided in the settings. |
Make sure that the domain entered is the FQDN, and that there is an Exchange server entered in the Exchange server text box. |
@@ -646,7 +619,6 @@ This section liss status codes, mapping, user messages, and actions an admin can
|
0x80072efd |
- | Fail to connect to Exchange server as a result of a networking issue. It's possible the server was misspelled or it just couldn't be found. |
Make sure that the Exchange server ID is entered correctly, and that the device is connected to the right network. |
|
| Windows Settings > Security Settings > Local Policies > Security Options |
||||
Accounts: Block Microsoft accounts | Enabled | |||
| Interactive logon: Do not display last user name | Enabled |
|||
| Interactive logon: Sign-in last interactive user automatically after a system-initiated restart | Disabled |
diff --git a/education/windows/teacher-get-minecraft.md b/education/windows/teacher-get-minecraft.md
index d5e4592eb6..c9c386545b 100644
--- a/education/windows/teacher-get-minecraft.md
+++ b/education/windows/teacher-get-minecraft.md
@@ -102,11 +102,11 @@ Download for others allows teachers or IT admins to download a packages that the
- You want to install this app on each of your student's Windows 10 (at least version 1511) PCs.
- Your students share Windows 10 computers, but sign in with their own Windows account.
-**Requirements**
+#### Requirements
- Administrative permissions are required on the PC. If you don't have the correct permissions, you won't be able to install the app.
- Windows 10 (at least version 1511) is required for PCs running Minecraft: Education Edition.
-**Check for updates**
+#### Check for updates
Minecraft: Education Edition will not install if there are updates pending for other apps on the PC. Before installing Minecraft, check to see if there are pending updates for Windows Store apps.
**To check for app updates**
@@ -121,7 +121,7 @@ Minecraft: Education Edition will not install if there are updates pending for o
4. Restart the computer before installing Minecraft: Education Edition.
-**To download for others**
+#### To download for others
You'll download a .zip file, extract the files, and then use one of the files to install Minecraft: Education Edition on each PC.
1. **Download Minecraft Education Edition.zip**. From the **Minecraft: Education Edition** page, click **Download for others** tab, and then click **Download**.
@@ -135,8 +135,20 @@ You'll download a .zip file, extract the files, and then use one of the files to
5. **Quick check**. The install program checks the PC to make sure it can run Minecraft: Education Edition. If your PC passes this test, the app will automatically install.
6. **Restart**. Once installation is complete, restart each PC. Minecraft: Education Edition app is now ready for any student to use.
-**Note**:
-If Minecraft: Education Edition does not install, you may need to update other Windows Store apps on your computer before you can install Minecraft: Education Edition. To do this, open the Windows Store for Business and select the Account button in the top right corner of your screen (next to Search.) Select Check for updates and install all available updates. Now Minecraft should install.
+#### Troubleshoot
+
+If you ran **InstallMinecraftEducationEdition.bat** and Minecraft: Education Edition isn't available, there are a few things that might have happened.
+
+| Problem | Possible cause | Solution |
+|---------|----------------|----------|
+| Script ran, but it doesn't look like the app installed. | There might be pending app updates. | Check for app updates (see steps earlier in this topic). Install updates. Restart PC. Run **InstallMinecraftEducationEdition.bat** again. |
+| App won't install. | AppLocker is configured and preventing app installs. | Contact IT Admin. |
+| App won't install. | Policy prevents users from installing apps on the PC. | Contact IT Admin. |
+| Script starts, but stops quickly. | Policy prevents scripts from running on the PC. | Contact IT Admin. |
+| App isn't available for other users. | No restart after install. If you don't restart the PC, and just switch users the app will not be available.| Restart PC. Run **InstallMinecraftEducationEdition.bat** again. If a restart doesn't work, contact your IT Admin. |
+
+
+If you are still having trouble installing the app, you can get more help on our [Support page](http://go.microsoft.com/fwlink/?LinkID=799757).
## Related topics
diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
index 06485f9541..c415733140 100644
--- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md
+++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
@@ -29,6 +29,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
| [Microsoft Passport guide](microsoft-passport-guide.md) | Updated Roadmap section content |
|[Protect your enterprise data using enterprise data protection (EDP)](protect-enterprise-data-using-edp.md) |Updated info based on changes to the features and functionality.|
| [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Updated for Windows 10 and Windows Server 2016 Technical Preview |
+|[Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) (mutiple topics) | New |
## April 2016
@@ -88,4 +89,4 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
- [Change history for What's new in Windows 10](../whats-new/change-history-for-what-s-new-in-windows-10.md)
- [Change history for Plan for Windows 10 deployment](../plan/change-history-for-plan-for-windows-10-deployment.md)
- [Change history for Deploy Windows 10](../deploy/change-history-for-deploy-windows-10.md)
-- [Change history for Manage and update Windows 10](../manage/change-history-for-manage-and-update-windows-10.md)
\ No newline at end of file
+- [Change history for Manage and update Windows 10](../manage/change-history-for-manage-and-update-windows-10.md)
diff --git a/windows/manage/change-history-for-manage-and-update-windows-10.md b/windows/manage/change-history-for-manage-and-update-windows-10.md
index 5bdd320fd8..603af6fbde 100644
--- a/windows/manage/change-history-for-manage-and-update-windows-10.md
+++ b/windows/manage/change-history-for-manage-and-update-windows-10.md
@@ -12,6 +12,12 @@ author: jdeckerMS
This topic lists new and updated topics in the [Manage and update Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
+## June 2016
+
+| New or changed topic | Description |
+| ---|---|
+| [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Updated the sample script for Shell Launcher. |
+
## May 2016
| New or changed topic | Description |
diff --git a/windows/manage/device-guard-signing-portal.md b/windows/manage/device-guard-signing-portal.md
index cff094be8b..09c4d67158 100644
--- a/windows/manage/device-guard-signing-portal.md
+++ b/windows/manage/device-guard-signing-portal.md
@@ -54,9 +54,8 @@ Device Guard is a feature set that consists of both hardware and software system
When you're uploading files for Device Guard signing, there are a few limits for files and file size:
-| | |
-|-------------------------------------------------------|----------|
| Description | Limit |
+|-------------------------------------------------------|----------|
| Maximum size for a policy or catalog file | 3.5 MB |
| Maximum size for multiple files (uploaded in a group) | 4 MB |
| Maximum number of files per upload | 15 files |
@@ -68,9 +67,8 @@ When you're uploading files for Device Guard signing, there are a few limits for
Catalog and policy files have required files types.
-| | |
-|---------------|--------------------|
| File | Required file type |
+|---------------|--------------------|
| catalog files | .cat |
| policy files | .bin |
diff --git a/windows/manage/distribute-apps-with-management-tool.md b/windows/manage/distribute-apps-with-management-tool.md
index 5677c4fd85..484fa6b93b 100644
--- a/windows/manage/distribute-apps-with-management-tool.md
+++ b/windows/manage/distribute-apps-with-management-tool.md
@@ -21,7 +21,7 @@ You can configure a mobile device management (MDM) tool to synchronize your Stor
Your MDM tool needs to be installed and configured in Azure AD, in the same Azure AD directory used with Windows Store for Business.
-In Azure AD management portal, find the MDM application, and then add it to your directory. Once the MDM has been configured in Azure AD, you can authorize the tool to work with the Store for Business. This allows the MDM tool to call Store for Business management tool services. For more information, see [Configure MDM provider](configure-mdm-provider-windows-store-for-business.md).
+In Azure AD management portal, find the MDM application, and then add it to your directory. Once the MDM has been configured in Azure AD, you can authorize the tool to work with the Store for Business. This allows the MDM tool to call Store for Business management tool services. For more information, see [Configure MDM provider](configure-mdm-provider-windows-store-for-business.md) and [Manage apps you purchased from the Windows Store for Business with Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune).
Store for Business services provide:
@@ -62,7 +62,7 @@ This diagram shows how you can use a management tool to distribute an online-lic
[Configure MDM Provider](../manage/configure-mdm-provider-windows-store-for-business.md)
-[Manage apps you purchased from the Windows Store for Business with Micosoft InTune](https://technet.microsoft.com/library/mt676514.aspx)
+[Manage apps you purchased from the Windows Store for Business with Microsoft InTune](https://technet.microsoft.com/library/mt676514.aspx)
diff --git a/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md b/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
index 9931128d47..50f2d43ad8 100644
--- a/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
+++ b/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
@@ -293,76 +293,84 @@ Alternatively, you can turn on Shell Launcher using the Deployment Image Servici
Modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you will want to change the script for your purposes. Save your script with the extension .ps1, open Windows PowerShell as administrator, and run the script on the kiosk device.
```
- $COMPUTER = “localhost”
- $NAMESPACE = “root\standardcimv2\embedded”
+$COMPUTER = "localhost"
+$NAMESPACE = "root\standardcimv2\embedded"
- # Create a handle to the class instance so we can call the static methods.
- $ShellLauncherClass = [wmiclass]”\\$COMPUTER\${NAMESPACE}:WESL_UserSetting”
+# Create a handle to the class instance so we can call the static methods.
+$ShellLauncherClass = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WESL_UserSetting"
- # This well-known security identifier (SID) corresponds to the BUILTIN\Administrators group.
+# This well-known security identifier (SID) corresponds to the BUILTIN\Administrators group.
- $Admins_SID = “S-1-5-32-544”
+$Admins_SID = "S-1-5-32-544"
- # Create a function to retrieve the SID for a user account on a machine.
+# Create a function to retrieve the SID for a user account on a machine.
- function Get-UsernameSID($AccountName) {
+function Get-UsernameSID($AccountName) {
- $NTUserObject = New-Object System.Security.Principal.NTAccount($AccountName)
- $NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier])
+ $NTUserObject = New-Object System.Security.Principal.NTAccount($AccountName)
+ $NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier])
- return $NTUserSID.Value
+ return $NTUserSID.Value
- }
+}
- # Get the SID for a user account named “Cashier”. Rename “Cashier” to an existing account on your system to test this script.
+# Get the SID for a user account named "Cashier". Rename "Cashier" to an existing account on your system to test this script.
- $Cashier_SID = Get-UsernameSID(“Cashier”)
+$Cashier_SID = Get-UsernameSID("Cashier")
- # Define actions to take when the shell program exits.
+# Define actions to take when the shell program exits.
- $restart_shell = 0
- $restart_device = 1
- $shutdown_device = 2
+$restart_shell = 0
+$restart_device = 1
+$shutdown_device = 2
- # Examples. You can change these examples to use the program that you want to use as the shell.
+# Examples. You can change these examples to use the program that you want to use as the shell.
- # This example sets the command prompt as the default shell, and restarts the device if the command prompt is closed.
+# This example sets the command prompt as the default shell, and restarts the device if the command prompt is closed.
- $ShellLauncherClass.SetDefaultShell(“cmd.exe”, $restart_device)
+$ShellLauncherClass.SetDefaultShell("cmd.exe", $restart_device)
- # Display the default shell to verify that it was added correctly.
+# Display the default shell to verify that it was added correctly.
- $DefaultShellObject = $ShellLauncherClass.GetDefaultShell()
+$DefaultShellObject = $ShellLauncherClass.GetDefaultShell()
- “`nDefault Shell is set to “ + $DefaultShellObject.Shell + “ and the default action is set to “ + $DefaultShellObject.defaultaction
+"`nDefault Shell is set to " + $DefaultShellObject.Shell + " and the default action is set to " + $DefaultShellObject.defaultaction
- # Set Internet Explorer as the shell for “Cashier”, and restart the machine if Internet Explorer is closed.
+# Set Internet Explorer as the shell for "Cashier", and restart the machine if Internet Explorer is closed.
- $ShellLauncherClass.SetCustomShell($Cashier_SID, “c:\program files\internet explorer\iexplore.exe www.microsoft.com”, ($null), ($null), $restart_shell)
+$ShellLauncherClass.SetCustomShell($Cashier_SID, "c:\program files\internet explorer\iexplore.exe www.microsoft.com", ($null), ($null), $restart_shell)
- # Set Explorer as the shell for administrators.
+# Set Explorer as the shell for administrators.
- $ShellLauncherClass.SetCustomShell($Admins_SID, “explorer.exe”)
+$ShellLauncherClass.SetCustomShell($Admins_SID, "explorer.exe")
- # View all the custom shells defined.
+# View all the custom shells defined.
- “`nCurrent settings for custom shells:”
- Get-WmiObject -namespace $NAMESPACE -computer $COMPUTER -class WESL_UserSetting | Select Sid, Shell, DefaultAction
+"`nCurrent settings for custom shells:"
+Get-WmiObject -namespace $NAMESPACE -computer $COMPUTER -class WESL_UserSetting | Select Sid, Shell, DefaultAction
- # Enable Shell Launcher
+# Enable Shell Launcher
- $ShellLauncherClass.SetEnabled($TRUE)
+$ShellLauncherClass.SetEnabled($TRUE)
- $IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled()
+$IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled()
- “`nEnabled is set to “ + $IsShellLauncherEnabled.Enabled
+"`nEnabled is set to " + $IsShellLauncherEnabled.Enabled
- # Remove the new custom shells.
+# Remove the new custom shells.
- $ShellLauncherClass.RemoveCustomShell($Admins_SID)
+$ShellLauncherClass.RemoveCustomShell($Admins_SID)
- $ShellLauncherClass.RemoveCustomShell($Cashier_SID)
+$ShellLauncherClass.RemoveCustomShell($Cashier_SID)
+
+# Disable Shell Launcher
+
+$ShellLauncherClass.SetEnabled($FALSE)
+
+$IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled()
+
+"`nEnabled is set to " + $IsShellLauncherEnabled.Enabled
```
## Related topics
|||