deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into Ashok-Lobo-5358843-files251to275

Browse Source
This commit is contained in:
Gary Moore 2021-09-21 18:21:11 -07:00 committed by GitHub
commit 026fd5025c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
183 changed files with 1260 additions and 874 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
View File

@ -428,6 +428,7 @@ ms.date: 10/08/2020
- [ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy](./policy-csp-admx-leakdiagnostic.md#admx-leakdiagnostic-wdiscenarioexecutionpolicy)
- [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablelltdio)
- [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablerspndr)
- [ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1](./policy-csp-admx-locationprovideradm.md#admx-locationprovideradm-disablewindowslocationprovider_1)
- [ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin](./policy-csp-admx-logon.md#admx-logon-blockuserfromshowingaccountdetailsonsignin)
- [ADMX_Logon/DisableAcrylicBackgroundOnLogon](./policy-csp-admx-logon.md#admx-logon-disableacrylicbackgroundonlogon)
- [ADMX_Logon/DisableExplorerRunLegacy_1](./policy-csp-admx-logon.md#admx-logon-disableexplorerrunlegacy-1)

15
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -1676,6 +1676,14 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
</dd>
</dl>
### ADMX_LocationProviderAdm policies
<dl>
<dd>
<a href="./policy-csp-admx-locationprovideradm.md#admx-locationprovideradm-disablewindowslocationprovider_1" id="admx-locationprovideradm-disablewindowslocationprovider_1">ADMX_LocationProviderAdm/BlockUserFromShowingAccountDetailsOnSignin</a>
</dd>
<dl>
### ADMX_Logon policies
<dl>
@ -6065,6 +6073,13 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
</dd>
</dl>
### Feeds policies
<dl>
<dd>
<a href="./policy-csp-feeds.md#feeds-feedsenabled" id="feeds-feedsenabled">Feeds/FeedsEnabled</a>
</dd>
</dl>
### FileExplorer policies
<dl>

112
windows/client-management/mdm/policy-csp-admx-locationprovideradm.md Normal file
View File

@ -0,0 +1,112 @@
---
title: Policy CSP - ADMX_LocationProviderAdm
description: Policy CSP - ADMX_LocationProviderAdm
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nimishasatapathy
ms.date: 09/20/2021
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_LocationProviderAdm
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_LocationProviderAdm policies
<dl>
<dd>
<a href="#admx-locationprovideradm-disablewindowslocationprovider_1">ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-locationprovideradm-disablewindowslocationprovider_1"></a>**ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1**
<!--SupportedSKUs-->
<table>
<tr>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Machine
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting turns off the Windows Location Provider feature for this computer.
- If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer will not be able to use the Windows Location Provider feature.
- If you disable or do not configure this policy setting, all programs on this computer can use the Windows Location Provider feature.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Turn off Windows Location Provider*
- GP name: *DisableWindowsLocationProvider_1*
- GP path: *Windows Components\Location and Sensors\Windows Location Provider*
- GP ADMX file name: *LocationProviderAdm.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
> [!NOTE]
> These policies are currently only available as part of a Windows Insider release.
<!--/Policies-->

484
windows/client-management/mdm/policy-csp-experience.md
View File

@ -37,9 +37,6 @@ manager: dansimp
<dd>
<a href="#experience-allowmanualmdmunenrollment">Experience/AllowManualMDMUnenrollment</a>
</dd>
<dd>
<a href="#experience-allownewsandinterestsonthetaskbar">Experience/AllowNewsAndInterestsOnTheTaskbar</a>
</dd>
<dd>
<a href="#experience-allowsaveasofofficefiles">Experience/AllowSaveAsOfOfficeFiles</a>
</dd>
@ -105,28 +102,34 @@ manager: dansimp
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -184,28 +187,34 @@ ADMX Info:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -252,28 +261,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -314,28 +329,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -384,28 +405,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -442,65 +469,6 @@ The following list shows the supported values:
<hr/>
<!--Policy-->
<a href="" id="experience-allownewsandinterestsonthetaskbar"></a>**Experience/AllowNewsAndInterestsOnTheTaskbar**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Machine
<hr/>
<!--/Scope-->
<!--Description-->
Specifies whether to allow "News and interests" on the Taskbar.
<!--/Description-->
<!--SupportedValues-->
The values for this policy are 1 and 0. This policy defaults to 1.
- 1 - Default - News and interests feature will be allowed on the taskbar. The settings UI will be present in Taskbar context menu, and users will be able to turn off or switch mode.
- 0 - News and interests feature will be turned off completely, and the settings UI in Taskbar context menu will be removed.
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="experience-allowsaveasofofficefiles"></a><b>Experience/AllowSaveAsOfOfficeFiles</b>
@ -531,28 +499,34 @@ This policy is deprecated.
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -589,28 +563,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -665,28 +645,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -735,28 +721,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -808,28 +800,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -880,28 +878,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -951,28 +955,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -1021,28 +1031,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -1093,28 +1109,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -1159,28 +1181,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>No</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>No</td>
<td>Yes</td>
</tr>
</table>
@ -1217,28 +1245,34 @@ The values for this policy are 0, 1, 2, and 3. This policy defaults to 0 if not
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -1286,28 +1320,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -1356,28 +1396,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -1426,28 +1472,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -1512,36 +1564,40 @@ _**Turn syncing off by default but dont disable**_
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="experience-preventusersfromturningonbrowsersyncing"></a>**Experience/PreventUsersFromTurningOnBrowserSyncing**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -1615,28 +1671,34 @@ Validation procedure:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>

103
windows/client-management/mdm/policy-csp-feeds.md Normal file
View File

@ -0,0 +1,103 @@
---
title: Policy CSP - Feeds
description: Use the Policy CSP - Feeds setting policy specifies whether news and interests is allowed on the device.
ms.author: v-nsatapathy
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nimishasatapathy
ms.localizationpriority: medium
ms.date: 09/17/2021
ms.reviewer:
manager: dansimp
---
# Policy CSP - Feeds
<hr/>
<!--Policies-->
## Feeds policies
<dl>
<dd>
<a href="#feeds-feedsenabled">Feeds/FeedsEnabled</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="feeds-feedsenabled"></a>**Feeds/FeedsEnabled**
<!--SupportedSKUs-->
<table>
<tr>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td>Yes</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td>Yes</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td>Yes</td>
<td>No</td>
</tr>
<tr>
<td>Education</td>
<td>Yes</td>
<td>No</td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Machine
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting specifies whether news and interests is allowed on the device.
The values for this policy are 1 and 0. This policy defaults to 1.
- 1 - Default - News and interests feature will be allowed on the taskbar. The settings UI will be present in Taskbar context menu, and users will be able to turn off or switch mode.
- 0 - News and interests feature will be turned off completely, and the settings UI in Taskbar context menu will be removed.
<!--/Description-->
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Enable news and interests on the taskbar*
- GP name: *FeedsEnabled*
- GP path: *Windows Components\News and interests*
- GP ADMX file name: *Feeds.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<!--/Policies-->

6
windows/client-management/mdm/toc.yml
View File

@ -480,7 +480,7 @@ items:
- name: ADMX_Explorer
href: policy-csp-admx-explorer.md
- name: ADMX_ExternalBoot
href: policy-csp-admx-externalboot.md
href: policy-csp-admx-externalboot.md
- name: ADMX_FileRecovery
href: policy-csp-admx-filerecovery.md
- name: ADMX_FileRevocation
@ -519,6 +519,8 @@ items:
href: policy-csp-admx-leakdiagnostic.md
- name: ADMX_LinkLayerTopologyDiscovery
href: policy-csp-admx-linklayertopologydiscovery.md
- name: ADMX_LocationProviderAdm
href: policy-csp-admx-locationprovideradm.md
- name: ADMX_Logon
href: policy-csp-admx-logon.md
- name: ADMX_MicrosoftDefenderAntivirus
@ -713,6 +715,8 @@ items:
href: policy-csp-experience.md
- name: ExploitGuard
href: policy-csp-exploitguard.md
- name: Feeds
href: policy-csp-feeds.md
- name: FileExplorer
href: policy-csp-fileexplorer.md
- name: Games

37
windows/deployment/update/deployment-service-overview.md
View File

@ -16,7 +16,10 @@ ms.topic: article
# Windows Update for Business deployment service
> Applies to: Windows 10
**Applies to**
- Windows 10
- Windows 11
The Windows Update for Business deployment service is a cloud service within the Windows Update for Business product family. It provides control over the approval, scheduling, and safeguarding of updates delivered from Windows Update. It's designed to work in harmony with your existing Windows Update for Business policies.
@ -56,18 +59,18 @@ The deployment service exposes these capabilities through Microsoft [Graph REST
To work with the deployment service, devices must meet all these requirements:
- Be running Windows 10, version 1709 or later
- Be running Windows 10, version 1709 or later (or Windows 11)
- Be joined to Azure Active Directory (AD) or Hybrid AD
- Have one of the following Windows 10 editions installed:
- Windows 10 Pro
- Windows 10 Enterprise
- Windows 10 Education
- Windows 10 Pro Education
- Windows 10 Pro for Workstations
- Have one of the following Windows 10 or Windows 11 editions installed:
- Pro
- Enterprise
- Education
- Pro Education
- Pro for Workstations
Additionally, your organization must have one of the following subscriptions:
- Windows 10 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
- Windows 10 Education A3 or A5 (included in Microsoft 365 A3 or A5)
- Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
- Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
- Windows Virtual Desktop Access E3 or E5
- Microsoft 365 Business Premium
@ -78,7 +81,7 @@ To use the deployment service, you use a management tool built on the platform,
### Using Microsoft Endpoint Manager
Microsoft Endpoint Manager integrates with the deployment service to provide Windows 10 update management capabilities. For more information, see [Windows 10 feature updates policy in Intune](/mem/intune/protect/windows-10-feature-updates).
Microsoft Endpoint Manager integrates with the deployment service to provide Windows client update management capabilities. For more information, see [Windows 10 feature updates policy in Intune](/mem/intune/protect/windows-10-feature-updates).
### Scripting common actions using PowerShell
@ -141,18 +144,27 @@ To enroll devices in Windows Update for Business cloud processing, set the **All
Following is an example of setting the policy using Microsoft Endpoint Manager:
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Select **Devices** > **Configuration profiles** > **Create profile**.
3. Select **Windows 10 and later** in **Platform**, select **Templates** in **Profile type**, select **Custom** in **Template name**, and then select **Create**.
4. In **Basics**, enter a meaningful name and a description for the policy, and then select **Next**.
5. In **Configuration settings**, select **Add**, enter the following settings, select **Save**, and then select **Next**.
- Name: **AllowWUfBCloudProcessing**
- Description: Enter a description.
- OMA-URI: `./Vendor/MSFT/Policy/Config/System/AllowWUfBCloudProcessing`
- Data type: **Integer**
- Value: **8**
6. In **Assignments**, select the groups that will receive the profile, and then select **Next**.
7. In **Review + create**, review your settings, and then select **Create**.
8. (Optional) To verify that the policy reached the client, check the value of the following registry entry: **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager \\default\\System\\AllowWUfBCloudProcessing**.
8. (Optional) To verify that the policy reached the client, check the value of the following registry entry:
**HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager \\default\\System\\AllowWUfBCloudProcessing**
## Best practices
Follow these suggestions for the best results with the service.
@ -160,6 +172,7 @@ Follow these suggestions for the best results with the service.
### Device onboarding
- Wait until devices finish provisioning before managing with the service. If a device is being provisioned by Autopilot, it can only be managed by the deployment service after it finishes provisioning (typically one day).
- Use the deployment service for feature update management without feature update deferral policy. If you want to use the deployment service to manage feature updates on a device that previously used a feature update deferral policy, it's best to set the feature update deferral policy to **0** days to avoid having multiple conditions governing feature updates. You should only change the feature update deferral policy value to 0 days after you've confirmed that the device was enrolled in the service with no errors.
### General

9
windows/deployment/update/safeguard-holds.md
View File

@ -12,9 +12,14 @@ ms.topic: article
# Safeguard holds
Microsoft uses quality and compatibility data to identify issues that might cause a Windows 10 feature update to fail or roll back. When we find such an issue, we might apply holds to the updating service to prevent affected devices from installing the update in order to safeguard them from these experiences. We also use holds when a customer, a partner, or Microsoft internal validation finds an issue that would cause severe impact (for example, rollback of the update, data loss, loss of connectivity, or loss of key functionality) and when a workaround is not immediately available.
**Applies to**
Safeguard holds prevent a device with a known issue from being offered a new operating system version. We renew the offering once a fix is found and verified. We use holds to ensure customers have a successful experience as their device moves to a new version of Windows 10.
- Windows 10
- Windows 11
Microsoft uses quality and compatibility data to identify issues that might cause a Windows client feature update to fail or roll back. When we find such an issue, we might apply holds to the updating service to prevent affected devices from installing the update in order to safeguard them from these experiences. We also use holds when a customer, a partner, or Microsoft internal validation finds an issue that would cause severe impact (for example, rollback of the update, data loss, loss of connectivity, or loss of key functionality) and when a workaround is not immediately available.
Safeguard holds prevent a device with a known issue from being offered a new operating system version. We renew the offering once a fix is found and verified. We use holds to ensure customers have a successful experience as their device moves to a new version of Windows client.
The lifespan of holds varies depending on the time required to investigate and fix an issue. During this time Microsoft works diligently to procure, develop, and validate a fix and then offer it to affected devices. We monitor quality and compatibility data to confirm that a fix is complete before releasing the hold. Once we release the hold, Windows Update will resume offering new operating system versions to devices.

216
windows/deployment/update/windows-update-errors.md
View File

@ -7,9 +7,9 @@ audience: itpro
itproauthor: jaimeo
ms.audience: itpro
author: jaimeo
ms.reviewer:
ms.reviewer: kaushika
manager: laurawi
ms.topic: article
ms.topic: troubleshooting
ms.custom: seo-marvel-apr2020
---
@ -22,22 +22,198 @@ ms.custom: seo-marvel-apr2020
The following table provides information about common errors you might run into with Windows Update, as well as steps to help you mitigate them.
## 0x8024402F
| Error Code | Message | Description | Mitigation |
|------------------------------------------|-----------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 0x8024402F | WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS | External cab file processing completed with some errors | One of the reasons we see this issue is due to the design of a software called Lightspeed Rocket for Web filtering. <br>Add the IP addresses of devices you want to get updates to the exceptions list of Lightspeed |
| 0x80242006 | WU_E_UH_INVALIDMETADATA | A handler operation could not be completed because the update contains invalid metadata. | Rename Software Redistribution Folder and attempt to download the updates again: <br>Rename the following folders to \*.BAK: <br>- %systemroot%\system32\catroot2 <br><br>Type the following commands at a command prompt. Press ENTER after you type each command.<br>- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak<br>- Ren %systemroot%\SoftwareDistribution\Download \*.bak<br>Ren %systemroot%\system32\catroot2 \*.bak |
| 0x80070BC9 | ERROR_FAIL_REBOOT_REQUIRED | The requested operation failed. A system reboot is required to roll back changes made. | Ensure that you don't have any policies that control the start behavior for the Windows Module Installer. This service should be managed by the operating system. |
| 0x80200053 | BG_E_VALIDATION_FAILED | NA | Ensure that there are no firewalls that filter downloads. Such filtering could lead to incorrect responses being received by the Windows Update Client.<br><br>If the issue still persists, run the [Windows Update reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc). |
| 0x80072EE2 | WININET_E_TIMEOUT | The operation timed out | This error message can be caused if the computer isn't connected to the Internet. To fix this issue, follow these steps: make sure these URLs are not blocked: <br> http://<em>.update.microsoft.com<br>https://</em>.update.microsoft.com <br><http://download.windowsupdate.com> <br><br>You can also take a network trace to check what is timing out. \<Refer to Firewall Troubleshooting scenario> |
| 0x80072EFD <br>0x80072EFE<br>0x80D02002 | TIME_OUT_ERRORS | The operation timed out | Make sure there are no firewall rules or proxy to block Microsoft download URLs. <br>Take a network monitor trace to understand better. \<Refer to Firewall Troubleshooting scenario> |
| 0X8007000D | ERROR_INVALID_DATA | Indicates invalid data downloaded or corruption occurred. | Attempt to re-download the update and initiate installation. |
| 0x8024A10A | USO_E_SERVICE_SHUTTING_DOWN | Indicates that the Windows Update Service is shutting down. | This can occur after a very long period of time of inactivity, the system failing to respond leading to the service being idle and causing the service to shut down. Ensure that the system remains active and the connections remain established to complete the upgrade. |
| 0x80240020 | WU_E_NO_INTERACTIVE_USER | Operation did not complete because there is no logged-on interactive user. | Sign in to the device to start the installation and allow the device to restart. |
| 0x80242014 | WU_E_UH_POSTREBOOTSTILLPENDING | The post-restart operation for the update is still in progress. | Some Windows Updates require the device to be restarted. Restart the device to complete update installation. |
| 0x80246017 | WU_E_DM_UNAUTHORIZED_LOCAL_USER | The download failed because the local user was denied authorization to download the content. | Ensure that the user attempting to download and install updates has been provided with sufficient privileges to install updates (Local Administrator). |
| 0x8024000B | WU_E_CALL_CANCELLED | Operation was canceled. | The operation was canceled by the user or service. You might also receive this error when we are unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete. |
| 0x8024000E | WU_E_XML_INVALID | Windows Update Agent found invalid information in the update's XML data. | Certain drivers contain additional metadata information in the update.xml, which could lead Orchestrator to understand it as invalid data. Ensure that you have the latest Windows Update Agent installed on the machine. |
| 0x8024D009 | WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the wuident.cab file. | You may encounter this error when WSUS is not sending the Self-update to the clients.<br><br>Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue. |
| 0x80244007 | WU_E_PT_SOAPCLIENT_SOAPFAULT | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. | This issue occurs because Windows cannot renew the cookies for Windows Update. <br><br>Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue. |
| 0x80070422 | | This issue occurs when the Windows Update service stops working or is not running. | Check if the Windows Update service is running.<br> |
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS | External .cab file processing completed with some errors | This can be caused by the Lightspeed Rocket for web filtering software. <br>Add the IP addresses of devices you want to get updates to the exceptions list of Lightspeed Rocket. |
## 0x80242006
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_UH_INVALIDMETADATA | A handler operation could not be completed because the update contains invalid metadata. | Rename the software redistribution folder and try to download the updates again: <br>Rename the following folders to \*.BAK: <br>- %systemroot%\system32\catroot2 <br><br>Type the following commands at a command prompt. Press ENTER after you type each command.<br>- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak<br>- Ren %systemroot%\SoftwareDistribution\Download \*.bak<br>- Ren %systemroot%\system32\catroot2 \*.bak |
## 0x80070BC9
| Message | Description | Mitigation |
|---------|-------------|------------|
| ERROR_FAIL_REBOOT_REQUIRED | The requested operation failed. Restart the system to roll back changes made. | Ensure that you don't have any policies that control the start behavior for the Windows Module Installer. This service should be managed by the operating system. |
## 0x80200053
| Message | Description | Mitigation |
|---------|-------------|------------|
| BG_E_VALIDATION_FAILED | NA | Ensure that there are no firewalls that filter downloads. Such filtering could lead to incorrect responses being received by the Windows Update client.<br><br>If the issue still persists, run the [Windows Update reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc).|
## 0x80072EFD or 0x80072EFEor 0x80D02002
| Message | Description | Mitigation |
|---------|-------------|------------|
| TIME_OUT_ERRORS | The operation timed out | Make sure there are no firewall rules or proxies that block Microsoft download URLs. <br>Take a network monitor trace to understand better. \<Refer to Firewall Troubleshooting scenario> |
## 0X8007000D
| Message | Description | Mitigation |
|---------|-------------|------------|
| ERROR_INVALID_DATA | Indicates data that isn't valid was downloaded or corruption occurred.| Attempt to re-download the update and start installation. |
## 0x8024A10A
| Message | Description | Mitigation |
|---------|-------------|------------|
| USO_E_SERVICE_SHUTTING_DOWN | Indicates that the Windows Update Service is shutting down. | This can occur after a very long period of time of inactivity. The system fails to respond, leading to the service being idle and causing the service to shut down. Ensure that the system remains active and the connections remain established to complete the installation. |
## 0x80240020
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_NO_INTERACTIVE_USER | Operation did not complete because no interactive user is signed in. | Sign in to the device to start the installation and allow the device to restart. |
## 0x80242014
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_UH_POSTREBOOTSTILLPENDING | The post-restart operation for the update is still in progress. | Some Windows updates require the device to be restarted. Restart the device to complete update installation. |
## 0x80246017
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_DM_UNAUTHORIZED_LOCAL_USER | The download failed because the local user was denied authorization to download the content. | Ensure that the user attempting to download and install updates has been provided with sufficient privileges to install updates (Local Administrator).|
## 0x8024000B
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_CALL_CANCELLED | Operation was canceled. | The operation was canceled by the user or service. You might also receive this error when we're unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete. |
## 0x8024000E
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_XML_INVALID | Windows Update Agent found information in the update's XML data that isn't valid. | Certain drivers contain additional metadata information in Update.xml, which Orchestrator can interpret as data that isn't valid. Ensure that you have the latest Windows Update Agent installed on the device. |
## 0x8024D009
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the Wuident.cab file. | You might encounter this error when WSUS is not sending the self-update to the clients.<br><br>Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue. |
## 0x80244007
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_PT_SOAPCLIENT_SOAPFAULT | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. | This issue occurs because Windows can't renew the cookies for Windows Update. <br><br>Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue. |
## 0x80070422
| Message | Description | Mitigation |
|---------|-------------|------------|
| NA | This issue occurs when the Windows Update service stops working or isn't running. | Check if the Windows Update service is running.<br> |
## 0x800f0821
| Message | Description | Mitigation |
|---------|-------------|------------|
| CBS_E_ABORT; client abort, IDABORT returned by ICbsUIHandler method except Error() | CBS transaction timeout exceeded. | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires. Extending the timeout will mitigate the issue. Increase the resources on the device. If a virtual machine, increase virtual CPU and memory to speed up operations. Make sure the has installed the update in KB4493473 or later.|
## 0x800f0825
| Message | Description | Mitigation |
|---------|-------------|------------|
| CBS_E_CANNOT_UNINSTALL; Package cannot be uninstalled. | Typically this is due component store corruption caused when a component is in a partially installed state. | Repair the component store with the **Dism RestoreHealth** command or manually repair with a payload from the partially installed component. From an elevated command prompt, run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. |
## 0x800F0920
| Message | Description | Mitigation |
|---------|-------------|------------|
| CBS_E_HANG_DETECTED; A failure to respond was detected while processing the operation. | Subsequent error logged after getting 0x800f0821 | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires and assumes the system has stopped responding. Extending the timeout will mitigate the issue. Increase the resources on the device. If a virtual machine, increase virtual CPU and memory to speed up operations. Make sure the device has installed the update in KB4493473 or later.|
## 0x800f081f
| Message | Description | Mitigation |
|---------|-------------|------------|
| CBS_E_SOURCE_MISSING; source for package or file not found, ResolveSource() unsuccessful | Component Store corruption | Repair the component store with the **Dism RestoreHealth** command or manually repair with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. |
## 0x800f0831
| Message | Description | Mitigation |
|---------|-------------|------------|
| CBS_E_STORE_CORRUPTION; CBS store is corrupted. | Corruption in the Windows Component Store. | Repair the component store with **Dism RestoreHealth** or manually repair with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. |
## 0x80070005
| Message | Description | Mitigation |
|---------|-------------|------------|
| E_ACCESSDENIED; General access denied error | File system or registry key permissions have been changed and the servicing stack doesn't have the required level of access. | This error generally means an access was denied.<br> Go to %Windir%\logs\CBS, open the last CBS.log and search for “, error” and match with the timestamp. After finding the error, scroll up and try to determine what caused the access denial. It could be acess denied to a file, registry key. Determine what object needs the right permissions and change the permissions as needed. |
## 0x80070570
| Message | Description | Mitigation |
|---------|-------------|------------|
| ERROR_FILE_CORRUPT; The file or directory is corrupted and unreadable. | Component Store corruption | Repair the component store with **Dism RestoreHealth** or manually repair with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device.|
## 0x80070003
| Message | Description | Mitigation |
|---------|-------------|------------|
| ERROR_PATH_NOT_FOUND; The system cannot find the path specified. | The servicing stack cannot access a specific path. | Indicates an invalid path to an executable. Go to %Windir%\logs\CBS, open the last CBS.log, and search for “, error” and match with the timestamp. |
## 0x80070020
| Message | Description | Mitigation |
|---------|-------------|------------|
| ERROR_SHARING_VIOLATION | Numerous causes. CBS log analysis required. | This error is usually caused by non-Microsoft filter drivers like antivirus. <br> 1. [Perform a clean boot and retry the installation](https://support.microsoft.com/help/929135/) <br> 2. Download the sysinternal tool [Process Monitor](/sysinternals/downloads/procmon). <br> 3. Run Procmon.exe. It will start data capture automatically. <br> 4. Install the update package again <br> 5. With the Process Monitor main window in focus, press CTRL + E or select the magnifying glass to stop data capture. <br> 6. Select **File > Save > All Events > PML**, and choose a path to save the .PML file <br> 7. Go to %windir%\logs\cbs, open the last Cbs.log file, and search for the error. After finding the error line a bit above, you should have the file being accessed during the installation that is giving the sharing violation error <br> 8. In Process Monitor, filter for path and insert the file name (it should be something like “path” “contains” “filename from CBS”). <br> 9. Try to stop it or uninstall the process causing the error. |
## 0x80073701
| Message | Description | Mitigation |
|---------|-------------|------------|
| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically, a component store corruption caused when a component is in a partially installed state. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. |
## 0x8007371b
| Message | Description | Mitigation |
|---------|-------------|------------|
| ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE; One or more required members of the transaction are not present. | Component Store corruption. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. |
## 0x80072EFE
| Message | Description | Mitigation |
|---------|-------------|------------|
| WININET_E_CONNECTION_ABORTED; The connection with the server was closed abnormally | BITS is unable to transfer the file successfully. | Encountered if BITS is broken or if the file being transferred can't be written to the destination folder on the client. This error is usually caused by connection errors while checking or downloading updates.<br> From a cmd prompt run: *BITSADMIN /LIST /ALLUSERS /VERBOSE* <br> Search for the 0x80072EFE error code. You should see a reference to an HTTP code with a specific file. Using a browser, try to download it manually, making sure youre using your organization's proxy settings. If the download fails, check with your proxy manager to allow for the communication to be sucesfull. Also check with your network team for this specific URL access. |
## 0x80072F8F
| Message | Description | Mitigation |
|---------|-------------|------------|
| WININET_E_DECODING_FAILED; Content decoding has failed | TLS 1.2 is not configured correctly on the client. | This error generally means that the Windows Update Agent was unable to decode the received content. Install and configure TLS 1.2 by installing the update in [KB3140245](https://support.microsoft.com/help/3140245/).
## 0x80072EE2
| Message | Description | Mitigation |
|---------|-------------|------------|
| WININET_E_TIMEOUT; The operation timed out | Unable to scan for updates due to a connectivity issue to Windows Update, Configuration Manager, or WSUS. | This error generally means that the Windows Update Agent was unable to connect to the update servers or your own source, such as WSUS, Configuration Manager, or Microsoft Endpoint Manager. <br> Check with your network team to ensure that the device can reach the update sources. For more info, see [Troubleshoot software update scan failures in Configuration Manager](/mem/configmgr/troubleshoot-software-update-scan-failures). <br> If youre using the public Microsoft update servers, check that your device can access the following Windows Update endpoints: <br> `http://windowsupdate.microsoft.com` <br> https://*.windowsupdate.microsoft.com <br> https://*.windowsupdate.microsoft.com <br> https://*.update.microsoft.com <br> https://*.update.microsoft.com <br> https://*.windowsupdate.com <br> https://download.windowsupdate.com <br> https://download.microsoft.com <br> https://*.download.windowsupdate.com <br> https://wustat.windows.com <br> https://ntservicepack.microsoft.com |
## 0x80240022
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_ALL_UPDATES_FAILED; Operation failed for all the updates. | Multiple root causes for this error.| Most common issue is that antivirus software is blocking access to certain folders (like SoftwareDistribution). CBS.log analysis needed to determine the file or folder being protected. |
## 0x8024401B
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_PT_HTTP_STATUS_PROXY_AUTH_REQ; Same as HTTP status 407 - proxy authentication is required. | Unable to authenticate through a proxy server. | Either the Winhttp proxy or WinInet proxy settings are not configured correctly. This error generally means that the Windows Update Agent was unable to connect to the update servers or your own update source, such as WSUS, Configuration Manager, or Microsoft Endpoint Manager, due to a proxy error. <br> Verify the proxy settings on the client. The Windows Update Agent uses WinHTTP to scan for available updates. When there is a proxy server between the client and the update source, the proxy settings must be configured correctly on the clients to enable them to communicate by using the source's FQDN. <br> Check with your network and proxy teams to confirm that the device can the update source without the proxy requiring user authentication. |
## 0x80244022
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_PT_HTTP_STATUS_SERVICE_UNAVAILABLE; Same as HTTP status 503 - the service is temporarily overloaded. | Unable to connect to the configured update source. | Network troubleshooting needed to resolve the connectivity issue. Check with your network and proxy teams to confirm that the device can the update source without the proxy requiring user authentication. |

6
windows/security/threat-protection/auditing/event-5148.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 05/29/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5148(F): The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.
**Applies to**
- Windows 10
- Windows Server 2016
In most circumstances, this event occurs very rarely. It is designed to be generated when an ICMP DoS attack starts or was detected.

6
windows/security/threat-protection/auditing/event-5149.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 05/29/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5149(F): The DoS attack has subsided and normal processing is being resumed.
**Applies to**
- Windows 10
- Windows Server 2016
In most circumstances, this event occurs very rarely. It is designed to be generated when an ICMP DoS attack ended.

6
windows/security/threat-protection/auditing/event-5150.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5150(-): The Windows Filtering Platform blocked a packet.
**Applies to**
- Windows 10
- Windows Server 2016
This event is logged if the Windows Filtering Platform [MAC filter](/windows-hardware/drivers/network/using-layer-2-filtering) blocked a packet.

6
windows/security/threat-protection/auditing/event-5151.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5151(-): A more restrictive Windows Filtering Platform filter has blocked a packet.
**Applies to**
- Windows 10
- Windows Server 2016
This event is logged if a more restrictive Windows Filtering Platform [MAC filter](/windows-hardware/drivers/network/using-layer-2-filtering) has blocked a packet.

6
windows/security/threat-protection/auditing/event-5152.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5152(F): The Windows Filtering Platform blocked a packet.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-5152.png" alt="Event 5152 illustration" width="497" height="499" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-5153.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5153(S): A more restrictive Windows Filtering Platform filter has blocked a packet.
**Applies to**
- Windows 10
- Windows Server 2016
This event is logged if a more restrictive Windows Filtering Platform filter has blocked a packet.

6
windows/security/threat-protection/auditing/event-5154.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5154(S): The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-5154.png" alt="Event 5154 illustration" width="490" height="474" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-5155.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5155(F): The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.
**Applies to**
- Windows 10
- Windows Server 2016
By default Windows firewall won't prevent a port from being listened by an application. In the other word, Windows system will not generate Event 5155 by itself.

6
windows/security/threat-protection/auditing/event-5156.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5156(S): The Windows Filtering Platform has permitted a connection.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-5156.png" alt="Event 5156 illustration" width="491" height="506" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-5157.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5157(F): The Windows Filtering Platform has blocked a connection.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-5157.png" alt="Event 5157 illustration" width="491" height="503" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-5158.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5158(S): The Windows Filtering Platform has permitted a bind to a local port.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-5158.png" alt="Event 5158 illustration" width="491" height="466" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-5159.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5159(F): The Windows Filtering Platform has blocked a bind to a local port.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-5159.png" alt="Event 5159 illustration" width="491" height="466" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-5168.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5168(F): SPN check for SMB/SMB2 failed.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-5168.png" alt="Event 5168 illustration" width="575" height="474" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-5376.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5376(S): Credential Manager credentials were backed up.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-5376.png" alt="Event 5376 illustration" width="449" height="404" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-5377.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5377(S): Credential Manager credentials were restored from a backup.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-5377.png" alt="Event 5377 illustration" width="449" height="404" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-5378.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5378(F): The requested credentials delegation was disallowed by policy.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-5378.png" alt="Event 5378 illustration" width="449" height="438" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-5447.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5447(S): A Windows Filtering Platform filter has been changed.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-5447.png" alt="Event 5447 illustration" width="493" height="793" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-5632.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5632(S, F): A request was made to authenticate to a wireless network.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-5632.png" alt="Event 5632 illustration" width="419" height="417" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-5633.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5633(S, F): A request was made to authenticate to a wired network.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-5633.png" alt="Event 5633 illustration" width="528" height="449" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-5712.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5712(S): A Remote Procedure Call (RPC) was attempted.
**Applies to**
- Windows 10
- Windows Server 2016
It appears that this event never occurs.

6
windows/security/threat-protection/auditing/event-5888.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5888(S): An object in the COM+ Catalog was modified.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-5888.png" alt="Event 5888 illustration" width="457" height="489" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-5889.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5889(S): An object was deleted from the COM+ Catalog.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-5889.png" alt="Event 5889 illustration" width="472" height="653" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-5890.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 5890(S): An object was added to the COM+ Catalog.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-5890.png" alt="Event 5890 illustration" width="449" height="462" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-6144.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 6144(S): Security policy in the group policy objects has been applied successfully.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-6144.png" alt="Event 6144 illustration" width="449" height="347" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-6145.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/08/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 6145(F): One or more errors occurred while processing security policy in the group policy objects.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-6145.png" alt="Event 6145 illustration" width="464" height="361" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-6281.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 6281(F): Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.
**Applies to**
- Windows 10
- Windows Server 2016
The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.

6
windows/security/threat-protection/auditing/event-6400.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 6400(-): BranchCache: Received an incorrectly formatted response while discovering availability of content.
**Applies to**
- Windows 10
- Windows Server 2016
[BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.

6
windows/security/threat-protection/auditing/event-6401.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 6401(-): BranchCache: Received invalid data from a peer. Data discarded.
**Applies to**
- Windows 10
- Windows Server 2016
[BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.

6
windows/security/threat-protection/auditing/event-6402.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 6402(-): BranchCache: The message to the hosted cache offering it data is incorrectly formatted.
**Applies to**
- Windows 10
- Windows Server 2016
[BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.

6
windows/security/threat-protection/auditing/event-6403.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 6403(-): BranchCache: The hosted cache sent an incorrectly formatted response to the client.
**Applies to**
- Windows 10
- Windows Server 2016
[BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.

6
windows/security/threat-protection/auditing/event-6404.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 6404(-): BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.
**Applies to**
- Windows 10
- Windows Server 2016
[BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.

6
windows/security/threat-protection/auditing/event-6405.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 6405(-): BranchCache: %2 instance(s) of event id %1 occurred.
**Applies to**
- Windows 10
- Windows Server 2016
[BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.

6
windows/security/threat-protection/auditing/event-6406.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 6406(-): %1 registered to Windows Firewall to control filtering for the following: %2.
**Applies to**
- Windows 10
- Windows Server 2016
[BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.

6
windows/security/threat-protection/auditing/event-6407.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 6407(-): 1%.
**Applies to**
- Windows 10
- Windows Server 2016
[BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.

6
windows/security/threat-protection/auditing/event-6408.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 6408(-): Registered product %1 failed and Windows Firewall is now controlling the filtering for %2.
**Applies to**
- Windows 10
- Windows Server 2016
[BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.

6
windows/security/threat-protection/auditing/event-6409.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 6409(-): BranchCache: A service connection point object could not be parsed.
**Applies to**
- Windows 10
- Windows Server 2016
[BranchCache](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127252(v=ws.11)) events are outside the scope of this document.

6
windows/security/threat-protection/auditing/event-6410.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 6410(F): Code integrity determined that a file does not meet the security requirements to load into a process.
**Applies to**
- Windows 10
- Windows Server 2016
[Code Integrity](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd348642(v=ws.10)) is a feature that improves the security of the operating system by validating the integrity of a driver or system file each time it is loaded into memory. Code Integrity detects whether an unsigned driver or system file is being loaded into the kernel, or whether a system file has been modified by malicious software that is being run by a user account with administrative permissions. On x64-based versions of the operating system, kernel-mode drivers must be digitally signed.

6
windows/security/threat-protection/auditing/event-6416.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 6416(S): A new external device was recognized by the System.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-6416.png" alt="Event 6416 illustration" width="438" height="598" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-6419.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 6419(S): A request was made to disable a device.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-6419.png" alt="Event 6419 illustration" width="526" height="682" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-6420.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 6420(S): A device was disabled.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-6420.png" alt="Event 6420 illustration" width="526" height="682" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-6421.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 6421(S): A request was made to enable a device.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-6421.png" alt="Event 6421 illustration" width="526" height="682" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-6422.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 6422(S): A device was enabled.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-6422.png" alt="Event 6422 illustration" width="526" height="682" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-6423.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 6423(S): The installation of this device is forbidden by system policy.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-6423.png" alt="Event 6423 illustration" width="526" height="680" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-6424.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 6424(S): The installation of this device was allowed, after having previously been forbidden by policy.
**Applies to**
- Windows 10
- Windows Server 2016
This event occurs rarely, and in some situations may be difficult to reproduce.

4
windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.technology: mde
---
# File System (Global Object Access Auditing)
**Applies to**
- Windows 10
This topic for the IT professional describes the Advanced Security Audit policy setting, **File System (Global Object Access Auditing)**, which enables you to configure a global system access control list (SACL) on the file system for an entire computer.

4
windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md
View File

@ -7,7 +7,7 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: dansimp
ms.date: 10/22/2018
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,8 +16,6 @@ ms.technology: mde
# How to get a list of XML data name elements in EventData
**Applies to**
- Windows 10
The Security log uses a manifest where you can get all of the event schema.

4
windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.technology: mde
---
# Monitor central access policy and rule definitions
**Applies to**
- Windows 10
This article for IT professionals describes how to monitor changes to central access policy and central access rule definitions when you use advanced security auditing options to monitor dynamic access control objects.

4
windows/security/threat-protection/auditing/monitor-claim-types.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.technology: mde
---
# Monitor claim types
**Applies to**
- Windows 10
This topic for the IT professional describes how to monitor changes to claim types that are associated with dynamic access control when you are using advanced security auditing options.

4
windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.technology: mde
---
# Monitor resource attribute definitions
**Applies to**
- Windows 10
This topic for the IT professional describes how to monitor changes to resource attribute definitions when you are using advanced security auditing options to monitor dynamic access control objects.
Resource attribute definitions define the basic properties of resource attributes, such as what it means for a resource to be defined as “high business value.” Resource attribute definitions are stored in AD DS under the Resource Properties container. Changes to these definitions could significantly change the protections that govern a resource, even if the resource attributes that apply to the resource remain unchanged. Changes can be monitored like any other AD DS object.

4
windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.technology: mde
---
# Monitor the central access policies associated with files and folders
**Applies to**
- Windows 10
This article for IT professionals describes how to monitor changes to the central access policies that are associated with files and folders when you're using advanced security auditing options to monitor dynamic access control objects.

4
windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.technology: mde
---
# Monitor the central access policies that apply on a file server
**Applies to**
- Windows 10
This article describes how to monitor changes to the central access policies (CAPs) that apply to a file server when using advanced security auditing options to monitor dynamic access control objects. CAPs are created on a domain controller and then applied to file servers through Group Policy management.

4
windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.technology: mde
---
# Monitor the resource attributes on files and folders
**Applies to**
- Windows 10
This topic for the IT professional describes how to monitor attempts to change settings to the resource attributes on files when you are using advanced security auditing options to monitor dynamic access control objects.

4
windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date:
ms.date: 09/09/2021
ms.technology: mde
---
# Monitor the use of removable storage devices
**Applies to**
- Windows 10
This topic for the IT professional describes how to monitor attempts to use removable storage devices to access network resources. It describes how to use advanced security auditing options to monitor dynamic access control objects.

4
windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.technology: mde
---
# Monitor user and device claims during sign-in
**Applies to**
- Windows 10
This topic for the IT professional describes how to monitor user and device claims that are associated with a users security token when you are using advanced security auditing options to monitor dynamic access control objects.

6
windows/security/threat-protection/auditing/other-events.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: medium
author: dansimp
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# Other Events
**Applies to**
- Windows 10
- Windows Server 2016
Events in this section generate automatically and are enabled by default.

4
windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.technology: mde
---
# Plan and deploy advanced security audit policies
**Applies to**
- Windows 10
This article for IT professionals explains the options that security policy planners should consider and the tasks they must complete to deploy an effective security audit policy in a network that includes advanced security audit policies.

4
windows/security/threat-protection/auditing/registry-global-object-access-auditing.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.technology: mde
---
# Registry (Global Object Access Auditing)
**Applies to**
- Windows 10
This topic for the IT professional describes the Advanced Security Audit policy setting, **Registry (Global Object Access Auditing)**, which enables you to configure a global system access control list (SACL) on the registry of a computer.

4
windows/security/threat-protection/auditing/security-auditing-overview.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.technology: mde
---
# Security auditing
**Applies to**
- Windows 10
Topics in this section are for IT professionals and describes the security auditing features in Windows and how your organization can benefit from using these technologies to enhance the security and manageability of your network.

4
windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.technology: mde
---
# Using advanced security auditing options to monitor dynamic access control objects
**Applies to**
- Windows 10
This guide explains the process of setting up advanced security auditing capabilities that are made possible through settings and events that were introduced in Windows 8 and Windows Server 2012.

4
windows/security/threat-protection/auditing/view-the-security-event-log.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.technology: mde
---
# View the security event log
**Applies to**
- Windows 10
The security log records each event as defined by the audit policies you set on each object.

4
windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/09/2021
ms.technology: mde
---
# Which editions of Windows support advanced audit policy configuration
**Applies to**
- Windows 10
Advanced audit policy configuration is supported on all versions of Windows since it was introduced in Windows Vista.
There is no difference in security auditing support between 32-bit and 64-bit versions.

4
windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
View File

@ -151,7 +151,7 @@ Select the correct version of each .dll for the Windows release you plan to supp
<Deny ID="ID_DENY_BGINFO" FriendlyName="bginfo.exe" FileName="BGINFO.Exe" MinimumFileVersion="4.21.0.0"/>
<Deny ID="ID_DENY_CBD" FriendlyName="cdb.exe" FileName="CDB.Exe" MinimumFileVersion="65535.65535.65535.65535"/>
<Deny ID="ID_DENY_CSI" FriendlyName="csi.exe" FileName="csi.Exe" MinimumFileVersion="65535.65535.65535.65535"/>
<Deny ID="ID_DENY_CSCRIPT" FriendlyName="cscript.exe" FileName="cscript.exe" MinimumFileVersion = "10.0.0.0" />
<Deny ID="ID_DENY_CSCRIPT" FriendlyName="cscript.exe" FileName="cscript.exe" MinimumFileVersion = "5.812.10240.0" />
<Deny ID="ID_DENY_DBGHOST" FriendlyName="dbghost.exe" FileName="DBGHOST.Exe" MinimumFileVersion="2.3.0.0"/>
<Deny ID="ID_DENY_DBGSVC" FriendlyName="dbgsvc.exe" FileName="DBGSVC.Exe" MinimumFileVersion="2.3.0.0"/>
<Deny ID="ID_DENY_DNX" FriendlyName="dnx.exe" FileName="dnx.Exe" MinimumFileVersion="65535.65535.65535.65535"/>
@ -181,7 +181,7 @@ Select the correct version of each .dll for the Windows release you plan to supp
<Deny ID="ID_DENY_WFC" FriendlyName="WFC.exe" FileName="wfc.exe" MinimumFileVersion="65535.65535.65535.65535" />
<Deny ID="ID_DENY_WINDBG" FriendlyName="windbg.exe" FileName="windbg.Exe" MinimumFileVersion="65535.65535.65535.65535"/>
<Deny ID="ID_DENY_WMIC" FriendlyName="wmic.exe" FileName="wmic.exe" MinimumFileVersion="65535.65535.65535.65535"/>
<Deny ID="ID_DENY_WSCRIPT" FriendlyName="wscript.exe" FileName="wscript.exe" MinimumFileVersion = "10.0.0.0" />
<Deny ID="ID_DENY_WSCRIPT" FriendlyName="wscript.exe" FileName="wscript.exe" MinimumFileVersion = "5.812.10240.0" />
<Deny ID="ID_DENY_WSL" FriendlyName="wsl.exe" FileName="wsl.exe" MinimumFileVersion="65535.65535.65535.65535"/>
<Deny ID="ID_DENY_WSLCONFIG" FriendlyName="wslconfig.exe" FileName="wslconfig.exe" MinimumFileVersion="65535.65535.65535.65535"/>
<Deny ID="ID_DENY_WSLHOST" FriendlyName="wslhost.exe" FileName="wslhost.exe" MinimumFileVersion="65535.65535.65535.65535"/>

7
windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
View File

@ -1,5 +1,5 @@
---
title: Add Production Devices to the Membership Group for a Zone (Windows 10)
title: Add Production Devices to the Membership Group for a Zone (Windows)
description: Learn how to add production devices to the membership group for a zone and refresh the group policy on the devices in the membership group.
ms.assetid: 7141de15-5840-4beb-aabe-21c1dd89eb23
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
After you test the GPOs for your design on a small set of devices, you can deploy them to the production devices.

7
windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
View File

@ -1,5 +1,5 @@
---
title: Add Test Devices to the Membership Group for a Zone (Windows 10)
title: Add Test Devices to the Membership Group for a Zone (Windows)
description: Learn how to add devices to the group for a zone to test whether your Windows Defender Firewall with Advanced Security implementation works as expected.
ms.assetid: 47057d90-b053-48a3-b881-4f2458d3e431
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
Before you deploy your rules to large numbers of devices, you must thoroughly test the rules to make sure that communications are working as expected. A misplaced WMI filter or an incorrectly typed IP address in a filter list can easily block communications between devices. Although we recommend that you set your rules to request mode until testing and deployment is complete, we also recommend that you initially deploy the rules to a small number of devices only to be sure that the correct GPOs are being processed by each device.

7
windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
View File

@ -1,5 +1,5 @@
---
title: Appendix A Sample GPO Template Files for Settings Used in this Guide (Windows 10)
title: Appendix A Sample GPO Template Files for Settings Used in this Guide (Windows)
description: Use sample template files import an XML file containing customized registry preferences into a Group Policy Object (GPO).
ms.assetid: 75930afd-ab1b-4e53-915b-a28787814b38
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
You can import an XML file containing customized registry preferences into a Group Policy Object (GPO) by using the Preferences feature of the Group Policy Management Console (GPMC).

7
windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md
View File

@ -1,5 +1,5 @@
---
title: Assign Security Group Filters to the GPO (Windows 10)
title: Assign Security Group Filters to the GPO (Windows)
description: Learn how to use Group Policy Management MMC to assign security group filters to a GPO to make sure that the GPO is applied to the correct computers.
ms.assetid: bcbe3299-8d87-4ec1-9e86-8e4a680fd7c8
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/02/2019
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
To make sure that your GPO is applied to the correct computers, use the Group Policy Management MMC snap-in to assign security group filters to the GPO.

9
windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md
View File

@ -1,5 +1,5 @@
---
title: Basic Firewall Policy Design (Windows 10)
title: Basic Firewall Policy Design (Windows)
description: Protect the devices in your organization from unwanted network traffic that gets through the perimeter defenses by using basic firewall policy design.
ms.assetid: 6f7af99e-6850-4522-b7f5-db98e6941418
ms.reviewer:
@ -20,8 +20,9 @@ ms.technology: mde
# Basic Firewall Policy Design
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 10
- Windows 11
- Windows Server 2016 and above
Many organizations have a network perimeter firewall that is designed to prevent the entry of malicious traffic in to the organization's network, but do not have a host-based firewall enabled on each device in the organization.
@ -37,7 +38,7 @@ Many network administrators do not want to tackle the difficult task of determin
For example, when you install a server role, the appropriate firewall rules are created and enabled automatically.
- For other standard network behavior, the predefined rules that are built into Windows 10, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, and Windows 7 can easily be configured in a GPO and deployed to the devices in your organization.
- For other standard network behavior, the predefined rules that are built into Windows 11, Windows 10, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, and Windows 7 can easily be configured in a GPO and deployed to the devices in your organization.
For example, by using the predefined groups for Core Networking and File and Printer Sharing you can easily configure GPOs with rules for those frequently used networking protocols.

5
windows/security/threat-protection/windows-firewall/best-practices-configuring.md
View File

@ -20,9 +20,10 @@ ms.technology: mde
**Applies to**
- Windows operating systems including Windows 10
- Windows 10
- Windows 11
- Windows Server 2016 and above
- Windows Server Operating Systems
Windows Defender Firewall with Advanced Security provides host-based, two-way
network traffic filtering and blocks unauthorized network traffic flowing into

7
windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md
View File

@ -1,5 +1,5 @@
---
title: Boundary Zone GPOs (Windows 10)
title: Boundary Zone GPOs (Windows)
description: Learn about GPOs to create that must align with the group you create for the boundary zone in Windows Defender Firewall with Advanced Security.
ms.assetid: 1ae66088-02c3-47e4-b7e8-74d0b8f8646e
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
All the devices in the boundary zone are added to the group CG\_DOMISO\_Boundary. You must create multiple GPOs to align with this group, one for each operating system that you have in your boundary zone. This group is granted Read and Apply permissions in Group Policy on the GPOs described in this section.

21
windows/security/threat-protection/windows-firewall/boundary-zone.md
View File

@ -1,5 +1,5 @@
---
title: Boundary Zone (Windows 10)
title: Boundary Zone (Windows)
description: Learn how a boundary zone supports devices that must receive traffic from beyond an isolated domain in Windows Defender Firewall with Advanced Security.
ms.assetid: ed98b680-fd24-44bd-a7dd-26c522e45a20
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,15 +22,16 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
In most organizations, some devices must be able to receive network traffic from devices that are not part of the isolated domain, and therefore cannot authenticate. To accept communications from untrusted devices, create a boundary zone within your isolated domain.
In most organizations, some devices can receive network traffic from devices that aren't part of the isolated domain, and therefore can't authenticate. To accept communications from untrusted devices, create a boundary zone within your isolated domain.
Devices in the boundary zone are trusted devices that can accept communication requests both from other isolated domain member devices and from untrusted devices. Boundary zone devices try to authenticate any incoming request by using IPsec, initiating an IKE negotiation with the originating device.
The GPOs you build for the boundary zone include IPsec or connection security rules that request authentication for both inbound and outbound network connections, but do not require it.
The GPOs you build for the boundary zone include IPsec or connection security rules that request authentication for both inbound and outbound network connections, but don't require it.
Because these boundary zone devices can receive unsolicited inbound communications from untrusted devices that use plaintext, they must be carefully managed and secured in other ways. Mitigating this additional risk is an important part of deciding whether to add a device to the boundary zone. For example, completing a formal business justification process before adding each device to the boundary zone can help ensure that the additional risk is minimized. The following illustration shows a sample process that can help make such a decision.
These boundary zone devices might receive unsolicited inbound communications from untrusted devices that use plaintext and must be carefully managed and secured in other ways. Mitigating this extra risk is an important part of deciding whether to add a device to the boundary zone. For example, completing a formal business justification process before adding each device to the boundary zone minimizes the additional risk. The following illustration shows a sample process that can help make such a decision.
![design flowchart.](images/wfas-designflowchart1.gif)
@ -38,7 +39,7 @@ The goal of this process is to determine whether the risk of adding a device to
You must create a group in Active Directory to contain the members of the boundary zones. The settings and rules for the boundary zone are typically very similar to those for the isolated domain, and you can save time and effort by copying those GPOs to serve as a starting point. The primary difference is that the authentication connection security rule must be set to request authentication for both inbound and outbound traffic, instead of requiring inbound authentication and requesting outbound authentication as used by the isolated domain.
Creation of the group and how to link it to the GPOs that apply the rules to members of the group are discussed in the [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) section.
[Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) section discusses creation of the group and how to link it to the GPOs that apply the rules to members of the group.
## GPO settings for boundary zone servers running at least Windows Server 2008
@ -49,13 +50,13 @@ The boundary zone GPO for devices running at least Windows Server 2008 should i
1. Exempt all ICMP traffic from IPsec.
2. Key exchange (main mode) security methods and algorithm. We recommend that you use at least DH4, AES and SHA2 in your settings. Use the strongest algorithm combinations that are common to all your supported operating systems.
2. Key exchange (main mode) security methods and algorithm. We recommend that you use at least DH4, AES, and SHA2 in your settings. Use the strongest algorithm combinations that are common to all your supported operating systems.
3. Data protection (quick mode) algorithm combinations. We recommend that you do not include DES or MD5 in any setting. They are included only for compatibility with previous versions of Windows. Use the strongest algorithm combinations that are common to all your supported operating systems..
3. Data protection (quick mode) algorithm combinations. We recommend that you don't include DES or MD5 in any setting. They're included only for compatibility with previous versions of Windows. Use the strongest algorithm combinations that are common to all your supported operating systems.
If any NAT devices are present on your networks, use ESP encapsulation. If isolated domain members must communicate with hosts in the encryption zone, ensure that you include algorithms that are compatible with the requirements of the encryption mode policies.
4. Authentication methods. Include at least device-based Kerberos V5 authentication. If you want to use user-based access to isolated servers then you must also include user-based Kerberos V5 authentication as an optional authentication method. Likewise, if any of your domain isolation members cannot use Kerberos V5, you must include certificate-based authentication as an optional authentication method.
4. Authentication methods. Include at least device-based Kerberos V5 authentication. If you want to use user-based access to isolated servers, then you must also include user-based Kerberos V5 authentication as an optional authentication method. Likewise, if any of your domain isolation members can't use Kerberos V5, you must include certificate-based authentication as an optional authentication method.
- The following connection security rules:

7
windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md
View File

@ -1,5 +1,5 @@
---
title: Certificate-based Isolation Policy Design Example (Windows 10)
title: Certificate-based Isolation Policy Design Example (Windows)
description: This example uses a fictitious company to illustrate certificate-based isolation policy design in Windows Defender Firewall with Advanced Security.
ms.assetid: 509b513e-dd49-4234-99f9-636fd2f749e3
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/17/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
This design example continues to use the fictitious company Woodgrove Bank, as described in the sections [Firewall Policy Design Example](firewall-policy-design-example.md), [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md), and [Server Isolation Policy Design Example](server-isolation-policy-design-example.md).

7
windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
View File

@ -1,5 +1,5 @@
---
title: Certificate-based Isolation Policy Design (Windows 10)
title: Certificate-based Isolation Policy Design (Windows)
description: Explore the methodology behind Certificate-based Isolation Policy Design and how it defers from Domain Isolation and Server Isolation Policy Design.
ms.assetid: 63e01a60-9daa-4701-9472-096c85e0f862
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/17/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
In the certificate-based isolation policy design, you provide the same types of protections to your network traffic as described in the [Domain Isolation Policy Design](domain-isolation-policy-design.md) and [Server Isolation Policy Design](server-isolation-policy-design.md) sections. The only difference is the method used to share identification credentials during the authentication of your network traffic.

7
windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md
View File

@ -1,5 +1,5 @@
---
title: Change Rules from Request to Require Mode (Windows 10)
title: Change Rules from Request to Require Mode (Windows)
description: Learn how to convert a rule from request to require mode and apply the modified GPOs to the client devices.
ms.assetid: ad969eda-c681-48cb-a2c4-0b6cae5f4cff
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/17/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
After you confirm that network traffic is being correctly protected by using IPsec, you can change the rules for the domain isolation and encryption zones to require, instead of request, authentication. Do not change the rules for the boundary zone; they must stay in request mode so that devices in the boundary zone can continue to accept connections from devices that are not part of the isolated domain.

7
windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md
View File

@ -1,5 +1,5 @@
---
title: Checklist Configuring Basic Firewall Settings (Windows 10)
title: Checklist Configuring Basic Firewall Settings (Windows)
description: Configure Windows Firewall to set inbound and outbound behavior, display notifications, record log files and more of the necessary function for Firewall.
ms.assetid: 0d10cdae-da3d-4a33-b8a4-6b6656b6d1f9
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/17/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
This checklist includes tasks for configuring a GPO with firewall defaults and settings that are separate from the rules.

7
windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
View File

@ -1,5 +1,5 @@
---
title: Checklist Configuring Rules for an Isolated Server Zone (Windows 10)
title: Checklist Configuring Rules for an Isolated Server Zone (Windows)
description: Use these tasks to configure connection security rules and IPsec settings in GPOs for servers in an isolated server zone that are part of an isolated domain.
ms.assetid: 67c50a91-e71e-4f1e-a534-dad2582e311c
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs for servers in an isolated server zone that are part of an isolated domain. For information about creating a standalone isolated server zone that is not part of an isolated domain, see [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md).

7
windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
View File

@ -1,5 +1,5 @@
---
title: Checklist Configuring Rules for Servers in a Standalone Isolated Server Zone (Windows 10)
title: Checklist Configuring Rules for Servers in a Standalone Isolated Server Zone (Windows)
description: Checklist Configuring Rules for Servers in a Standalone Isolated Server Zone
ms.assetid: ccc09d06-ef75-43b0-9c77-db06f2940955
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
This checklist includes tasks for configuring connection security rules and IPsec settings in your GPOs for servers in a standalone isolated server zone that is not part of an isolated domain. In addition to requiring authentication and optionally encryption, servers in a server isolation zone are accessible only by users or devices that are authenticated as members of a network access group (NAG). The GPOs described here apply only to the isolated servers, not to the client devices that connect to them. For the GPOs for the client devices, see [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md).

7
windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
View File

@ -1,5 +1,5 @@
---
title: Checklist Configuring Rules for the Boundary Zone (Windows 10)
title: Checklist Configuring Rules for the Boundary Zone (Windows)
description: Use these tasks to configure connection security rules and IPsec settings in your GPOs to implement the boundary zone in an isolated domain.
ms.assetid: 25fe0197-de5a-4b4c-bc44-c6f0620ea94b
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs to implement the boundary zone in an isolated domain.

7
windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
View File

@ -1,5 +1,5 @@
---
title: Checklist Configuring Rules for the Encryption Zone (Windows 10)
title: Checklist Configuring Rules for the Encryption Zone (Windows)
description: Use these tasks to configure connection security rules and IPsec settings in your GPOs to implement the encryption zone in an isolated domain.
ms.assetid: 87b1787b-0c70-47a4-ae52-700bff505ea4
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
This checklist includes tasks for configuring connection security rules and IPsec settings in your GPOs to implement the encryption zone in an isolated domain.

7
windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
View File

@ -1,5 +1,5 @@
---
title: Checklist Configuring Rules for the Isolated Domain (Windows 10)
title: Checklist Configuring Rules for the Isolated Domain (Windows)
description: Use these tasks to configure connection security rules and IPsec settings in your GPOs to implement the main zone in the isolated domain.
ms.assetid: bfd2d29e-4011-40ec-a52e-a67d4af9748e
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs to implement the main zone in the isolated domain.

9
windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md
View File

@ -1,5 +1,5 @@
---
title: Checklist Creating Group Policy Objects (Windows 10)
title: Checklist Creating Group Policy Objects (Windows)
description: Learn to deploy firewall settings, IPsec settings, firewall rules, or connection security rules, by using Group Policy in AD DS.
ms.assetid: e99bd6a4-34a7-47b5-9791-ae819977a559
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/17/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
To deploy firewall or IPsec settings or firewall or connection security rules, we recommend that you use Group Policy in AD DS. This section describes a tested, efficient method that requires some up-front work, but serves an administrator well in the long run by making GPO assignments as easy as dropping a device into a membership group.
@ -30,7 +31,7 @@ The checklists for firewall, domain isolation, and server isolation include a li
## About membership groups
For most GPO deployment tasks, you must determine which devices must receive and apply which GPOs. Because different versions of Windows can support different settings and rules to achieve similar behavior, you might need multiple GPOs: one for each operating system that has settings different from the others to achieve the same result. For example, Windows 10, Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 use rules and settings that are incompatible with Windows 2000, Windows XP, and Windows Server 2003. Therefore, if your network included those older operating systems you would need to create a GPO for each set of operating systems that can share common settings. To deploy typical domain isolation settings and rules, you might have five different GPOs for the versions of Windows discussed in this guide. By following the procedures in this guide, you only need one membership group to manage all five GPOs. The membership group is identified in the security group filter for all five GPOs. To apply the settings to a device, you make that device's account a member of the membership group. WMI filters are used to ensure that the correct GPO is applied.
For most GPO deployment tasks, you must determine which devices must receive and apply which GPOs. Because different versions of Windows can support different settings and rules to achieve similar behavior, you might need multiple GPOs: one for each operating system that has settings different from the others to achieve the same result. For example, Windows 11, Windows 10, Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 use rules and settings that are incompatible with Windows 2000, Windows XP, and Windows Server 2003. Therefore, if your network included those older operating systems you would need to create a GPO for each set of operating systems that can share common settings. To deploy typical domain isolation settings and rules, you might have five different GPOs for the versions of Windows discussed in this guide. By following the procedures in this guide, you only need one membership group to manage all five GPOs. The membership group is identified in the security group filter for all five GPOs. To apply the settings to a device, you make that device's account a member of the membership group. WMI filters are used to ensure that the correct GPO is applied.
## About exclusion groups

7
windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md
View File

@ -1,5 +1,5 @@
---
title: Checklist Creating Inbound Firewall Rules (Windows 10)
title: Checklist Creating Inbound Firewall Rules (Windows)
description: Use these tasks for creating inbound firewall rules in your GPOs for Windows Defender Firewall with Advanced Security.
ms.assetid: 0520e14e-5c82-48da-8fbf-87cef36ce02f
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
This checklist includes tasks for creating firewall rules in your GPOs.

7
windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md
View File

@ -1,5 +1,5 @@
---
title: Checklist Creating Outbound Firewall Rules (Windows 10)
title: Checklist Creating Outbound Firewall Rules (Windows)
description: Use these tasks for creating outbound firewall rules in your GPOs for Windows Defender Firewall with Advanced Security.
ms.assetid: 611bb98f-4e97-411f-82bf-7a844a4130de
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
This checklist includes tasks for creating outbound firewall rules in your GPOs.

7
windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
View File

@ -1,5 +1,5 @@
---
title: Create Rules for Standalone Isolated Server Zone Clients (Windows 10)
title: Create Rules for Standalone Isolated Server Zone Clients (Windows)
description: Checklist for when creating rules for clients of a Standalone Isolated Server Zone
ms.assetid: 6a5e6478-add3-47e3-8221-972549e013f6
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
This checklist includes tasks for configuring connection security rules and IPsec settings in the GPOs for client devices that must connect to servers in an isolated server zone.

9
windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md
View File

@ -1,5 +1,5 @@
---
title: Checklist Implementing a Basic Firewall Policy Design (Windows 10)
title: Checklist Implementing a Basic Firewall Policy Design (Windows)
description: Follow this parent checklist for implementing a basic firewall policy design to ensure successful implementation.
ms.assetid: 6caf0c1e-ac72-4f9d-a986-978b77fbbaa3
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/17/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
This parent checklist includes cross-reference links to important concepts about the basic firewall policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
@ -35,7 +36,7 @@ The procedures in this section use the Group Policy MMC snap-in interfaces to co
| Task | Reference |
| - | - |
| Review important concepts and examples for the basic firewall policy design to determine if this design meets the needs of your organization. | [Identifying Your Windows Defender Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Basic Firewall Policy Design](basic-firewall-policy-design.md)<br/>[Firewall Policy Design Example](firewall-policy-design-example.md)<br/>[Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md)|
| Create the membership group and a GPO for each set of devices that require different firewall rules. Where GPOs will be similar, such as for Windows 10 and Windows Server 2016, create one GPO, configure it by using the tasks in this checklist, and then make a copy of the GPO for the other version of Windows. For example, create and configure the GPO for Windows 10, make a copy of it for Windows Server 2016, and then follow the steps in this checklist to make the few required changes to the copy. | [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)<br/>[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)|
| Create the membership group and a GPO for each set of devices that require different firewall rules. Where GPOs will be similar, such as for Windows 11, Windows 10, and Windows Server 2016, create one GPO, configure it by using the tasks in this checklist, and then make a copy of the GPO for the other version of Windows. For example, create and configure the GPO for Windows 10 or Windows 11, make a copy of it for Windows Server 2016, and then follow the steps in this checklist to make the few required changes to the copy. | [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)<br/>[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)|
| If you are working on a GPO that was copied from another, modify the group membership and WMI filters so that they are correct for the devices for which this GPO is intended.| [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)|
| Configure the GPO with firewall default settings appropriate for your design.| [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)|
| Create one or more inbound firewall rules to allow unsolicited inbound network traffic.| [Checklist: Creating Inbound Firewall Rules](checklist-creating-inbound-firewall-rules.md)|

7
windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
View File

@ -1,5 +1,5 @@
---
title: Checklist Implementing a Certificate-based Isolation Policy Design (Windows 10)
title: Checklist Implementing a Certificate-based Isolation Policy Design (Windows)
description: Use these references to learn about using certificates as an authentication option and configure a certificate-based isolation policy design.
ms.assetid: 1e34b5ea-2e77-4598-a765-550418d33894
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/17/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
This parent checklist includes cross-reference links to important concepts about using certificates as an authentication option in either a domain isolation or server isolation design.

7
windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
View File

@ -1,5 +1,5 @@
---
title: Checklist Implementing a Domain Isolation Policy Design (Windows 10)
title: Checklist Implementing a Domain Isolation Policy Design (Windows)
description: Use these references to learn about the domain isolation policy design and links to other checklists to complete tasks require to implement this design.
ms.assetid: 76586eb3-c13c-4d71-812f-76bff200fc20
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/17/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
This parent checklist includes cross-reference links to important concepts about the domain isolation policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.

7
windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
View File

@ -1,5 +1,5 @@
---
title: Checklist Implementing a Standalone Server Isolation Policy Design (Windows 10)
title: Checklist Implementing a Standalone Server Isolation Policy Design (Windows)
description: Use these tasks to create a server isolation policy design that is not part of an isolated domain. See references to concepts and links to other checklists.
ms.assetid: 50a997d8-f079-408c-8ac6-ecd02078ade3
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/17/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
This checklist contains procedures for creating a server isolation policy design that is not part of an isolated domain. For the steps required to create an isolated server zone within an isolated domain, see [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md).

7
windows/security/threat-protection/windows-firewall/configure-authentication-methods.md
View File

@ -1,5 +1,5 @@
---
title: Configure Authentication Methods (Windows 10)
title: Configure Authentication Methods (Windows)
description: Learn how to configure authentication methods for devices in an isolated domain or standalone server zone in Windows Defender Firewall with Advanced Security.
ms.assetid: 5fcdc523-617f-4233-9213-15fe19f4cd02
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/17/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
This procedure shows you how to configure the authentication methods that can be used by computers in an isolated domain or standalone isolated server zone.

7
windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md
View File

@ -1,5 +1,5 @@
---
title: Configure Data Protection (Quick Mode) Settings (Windows 10)
title: Configure Data Protection (Quick Mode) Settings (Windows)
description: Learn how to configure the data protection settings for connection security rules in an isolated domain or a standalone isolated server zone.
ms.assetid: fdcb1b36-e267-4be7-b842-5df9a067c9e0
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/17/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
This procedure shows you how to configure the data protection (quick mode) settings for connection security rules in an isolated domain or a standalone isolated server zone.

7
windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
View File

@ -1,5 +1,5 @@
---
title: Configure Group Policy to Autoenroll and Deploy Certificates (Windows 10)
title: Configure Group Policy to Autoenroll and Deploy Certificates (Windows)
description: Learn how to configure Group Policy to automatically enroll client computer certificates and deploy them to the workstations on your network.
ms.assetid: faeb62b5-2cc3-42f7-bee5-53ba45d05c09
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
You can use this procedure to configure Group Policy to automatically enroll client computer certificates and deploy them to the workstations on your network. Follow this procedure for each GPO that contains IPsec connection security rules that require this certificate.

7
windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md
View File

@ -1,5 +1,5 @@
---
title: Configure Key Exchange (Main Mode) Settings (Windows 10)
title: Configure Key Exchange (Main Mode) Settings (Windows)
description: Learn how to configure the main mode key exchange settings used to secure the IPsec authentication traffic in Windows Defender Firewall with Advanced Security.
ms.assetid: 5c593b6b-2cd9-43de-9b4e-95943fe82f52
ms.reviewer:
@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/17/2017
ms.date: 09/07/2021
ms.technology: mde
---
@ -22,7 +22,8 @@ ms.technology: mde
**Applies to**
- Windows 10
- Windows Server 2016
- Windows 11
- Windows Server 2016 and above
This procedure shows you how to configure the main mode key exchange settings used to secure the IPsec authentication traffic.

Some files were not shown because too many files have changed in this diff Show More