diff --git a/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md b/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md index 8e62ff36b5..9ce1e76918 100644 --- a/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md +++ b/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md @@ -12,13 +12,17 @@ author: brianlic-msft # AD DS schema extensions to support TPM backup **Applies to** -- Windows 10 +- Windows 10, version 1511 +- Windows 10, version 1507 + +**Does not apply to** +- Windows 10, version 1607 or later This topic provides more details about this change and provides template schema extensions that you can incorporate into your organization. ## Why a schema extension is needed -The TPM owner authorization value is now stored in a separate object which is linked to the Computer object. This value was stored as a property in the Computer object itself for the default Windows Server 2008 R2 schemas. Windows Server 2012 domain controllers have the default schema to backup TPM owner authorization information in the separate object. If you are not upgrading your domain controller to Windows Server 2012 you need to extend the schema to support this change. If Active Directory backup of the TPM owner authorization value is enabled in a Windows Server 2008 R2 environment without extending the schema, the TPM provisioning will fail and the TPM will remain in a Not Ready state for computers running Windows 8. The following are the two schema extensions that you can use to bring your Windows Server 2008 R2 domain to parity with Windows Server 2012: +The TPM owner authorization value is now stored in a separate object which is linked to the Computer object. This value was stored as a property in the Computer object itself for the default Windows Server 2008 R2 schema. Windows Server 2012 domain controllers have the default schema to backup TPM owner authorization information in the separate object. If you are not upgrading your domain controller to Windows Server 2012, you need to extend the schema to support this change. If Active Directory backup of the TPM owner authorization value is enabled in a Windows Server 2008 R2 environment without extending the schema, the TPM provisioning will fail and the TPM will remain in a Not Ready state for computers running Windows 8. The following are the two schema extensions that you can use to bring your Windows Server 2008 R2 domain to parity with Windows Server 2012: ### TpmSchemaExtension.ldf diff --git a/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md b/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md index aee1050952..0beb5a8932 100644 --- a/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md +++ b/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md @@ -12,7 +12,11 @@ author: brianlic-msft # Backup the TPM recovery Information to AD DS **Applies to** -- Windows 10 +- Windows 10, version 1511 +- Windows 10, version 1507 + +**Does not apply to** +- Windows 10, version 1607 or later This topic for the IT professional describes how to back up a computer’s Trusted Platform Module (TPM) information to Active Directory Domain Services (AD DS) so that you can use AD DS to administer the TPM from a remote computer. diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md index c8012d34ec..db3058b317 100644 --- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md +++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md @@ -13,6 +13,8 @@ author: brianlic-msft This topic lists new and updated topics in the [Keep Windows 10 secure](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md). ## August 2016 +- [Testing scenarios for Windows Information Protection (WIP)](testing-scenarios-for-wip.md) |Updated and added additional scenarios for testing. | +- [Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) |Updated to include info from the original What's New and Overview topics. | - [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) |New | ## RELEASE: Windows 10, version 1607 diff --git a/windows/keep-secure/change-the-tpm-owner-password.md b/windows/keep-secure/change-the-tpm-owner-password.md index ba11bc7a8c..50d9175eb2 100644 --- a/windows/keep-secure/change-the-tpm-owner-password.md +++ b/windows/keep-secure/change-the-tpm-owner-password.md @@ -17,11 +17,13 @@ author: brianlic-msft This topic for the IT professional describes how to change the password or PIN for the owner of the Trusted Platform Module (TPM) that is installed on your system. ## About the TPM owner password -The owner of the TPM is the user who possesses the owner password and is able to set it and change it. Only one owner password exists per TPM. The owner of the TPM can make full use of TPM capabilities. When an owner is set, no other user or software can claim ownership of the TPM. Only the TPM owner can enable, disable, or clear the TPM without having physical access to the computer, for example, by using the command-line tools remotely. Taking ownership of the TPM can be performed as part of the initialization process. Ownership can change when you share the password or clear your ownership of the TPM so someone else can initialize it. +Starting with Windows 10, version 1607 , Windows will not retain the TPM owner password when provisioning the TPM. The password will be set to a random high entropy value and then discarded. -Applications, including BitLocker Drive Encryption, can automatically start the initialization process. If you enable BitLocker without manually initializing the TPM, the TPM owner password is automatically created and saved in the same location as the BitLocker recovery password. -The TPM owner password can be saved as a file on a removable storage device, or on another computer. The password can also be printed. The TPM MMC gives the TPM owner the sole ability to choose the appropriate option to type the password or to use the saved password. -As with any password, you should change your TPM owner password if you suspect that it has become compromised and is no longer a secret. +In order to retain the TPM owner password, you will need to set the registry key 'HKLM\Software\Policies\Microsoft\TPM' [REG_DWORD] 'OSManagedAuthLevel' to 4. The default value for this key is 2, and unless it is changed to 4 before the TPM is provisioned, the owner password will not be saved. Microsoft strongly recommends that you do not change the default value of this registry key in order to retain the owner password. + +Only one owner password exists for each TPM. The TPM owner password allows the ability to enable, disable, or clear the TPM without having physical access to the computer, for example, by using the command-line tools remotely. The TPM owner password also allows manipulation of the TPM dictionary attack logic. Taking ownership of the TPM is performed by Windows as part of the provisioning process on each boot. Ownership can change when you share the password or clear your ownership of the TPM so someone else can initialize it. + +Without the owner password you can still perform all the preceding actions by means of a physical presence confirmation from UEFI. **Other TPM management options** @@ -31,7 +33,7 @@ Instead of changing your owner password, you can also use the following options >**Important:**  Clearing the TPM can result in the loss of data. To avoid data loss, make sure you have a backup or recovery method for any data protected or encrypted by the TPM.   -- **Turn off the TPM**   If you want to keep all existing keys and data intact, and you want to disable the services that are provided by the TPM, you can turn it off. For more info, see [Initialize and Configure Ownership of the TPM](initialize-and-configure-ownership-of-the-tpm.md#bkmk-onoff). +- **Turn off the TPM**   If you want to keep all existing keys and data intact, and you want to disable the services that are provided by the TPM, you can turn it off. For more info, see [Initialize and Configure Ownership of the TPM](initialize-and-configure-ownership-of-the-tpm.md#bkmk-onoff). This option is only available for TPM 1.2. ## Change the TPM owner password @@ -39,6 +41,8 @@ The following procedure provides the steps that are necessary to change the TPM **To change the TPM owner password** +If you have opted specifically to preserve the TPM owner password, you can use the saved password to change to a new password. + 1. Open the TPM MMC (tpm.msc). If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then click **Yes**. 2. In the **Actions** pane, click **Change Owner Password**. 3. In the **Manage the TPM security hardware** dialog box, select a method to enter your current TPM owner password. diff --git a/windows/keep-secure/enable-pua-windows-defender-for-windows-10.md b/windows/keep-secure/enable-pua-windows-defender-for-windows-10.md index cb3814d58e..82a3908d87 100644 --- a/windows/keep-secure/enable-pua-windows-defender-for-windows-10.md +++ b/windows/keep-secure/enable-pua-windows-defender-for-windows-10.md @@ -31,13 +31,13 @@ These applications can increase the risk of your network being infected with mal Since the stakes are higher in an enterprise environment, the potential disaster and potential productivity and performance disruptions that PUA brings can be a cause of concern. Hence, it is important to deliver trusted protection in this field. -##Enable PUA protection in SCCM and Intune +##Enable PUA protection in System Center Configuration Manager and Intune -The PUA feature is available for enterprise users who are running System Center Configuration Manager (SCCM) or Intune in their infrastructure. +The PUA feature is available for enterprise users who are running System Center Configuration Manager or Intune in their infrastructure. -###Configure PUA in SCCM +###Configure PUA in System Center Configuration Manager -For SCCM users, PUA is enabled by default. See the following topics for configuration details: +For System Center Configuration Manager users, PUA is enabled by default. See the following topics for configuration details: If you are using these versions | See these topics :---|:--- @@ -45,7 +45,7 @@ System Center Configuration Manager (current branch) version 1606 | [Create a ne System Center 2012 R2 Endpoint Protection
System Center 2012 Configuration Manager
System Center 2012 Configuration Manager SP1
System Center 2012 Configuration Manager SP2
System Center 2012 R2 Configuration Manager
System Center 2012 Endpoint Protection SP1
System Center 2012 Endpoint Protection
System Center 2012 R2 Configuration Manager SP1| [How to Deploy Potentially Unwanted Application Protection Policy for Endpoint Protection in Configuration Manager](https://technet.microsoft.com/library/hh508770.aspx#BKMK_PUA)
-###Use PUA audit mode in SCCM +###Use PUA audit mode in System Center Configuration Manager You can use PowerShell to detect PUA without blocking them. In fact, you can run audit mode on individual machines. This feature is useful if your company is conducting an internal software security compliance check and you’d like to avoid any false positives. @@ -62,7 +62,7 @@ You can use PowerShell to detect PUA without blocking them. In fact, you can run set-mpPreference -puaprotection 2 ``` > [!NOTE] -> PUA events are reported in the Windows Event Viewer and not in SCCM. +> PUA events are reported in the Windows Event Viewer and not in System Center Configuration Manager. ###Configure PUA in Intune @@ -91,7 +91,7 @@ You can use PowerShell to detect PUA without blocking them. In fact, you can run ##View PUA events -PUA events are reported in the Windows Event Viewer and not in SCCM or Intune. To view PUA events: +PUA events are reported in the Windows Event Viewer and not in System Center Configuration Manager or Intune. To view PUA events: 1. Open **Event Viewer**. 2. In the console tree, expand **Applications and Services Logs**, then **Microsoft**, then **Windows**, then **Windows Defender**. diff --git a/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md b/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md index a1d2220641..8670def085 100644 --- a/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md +++ b/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md @@ -106,13 +106,13 @@ Some systems may have multiple TPMs and the active TPM may be toggled in the BIO ## Turn on or turn off the TPM -Normally, the TPM is turned on as part of the TPM initialization process. You do not normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC. +Normally, the TPM is turned on as part of the TPM initialization process. You do not normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC. This option is only available with TPM 1.2 and does not apply to TPM 2.0. ### Turn on the TPM If the TPM has been initialized but has never been used, or if you want to use the TPM after you have turned it off, you can use the following procedure to turn on the TPM. -**To turn on the TPM** +**To turn on the TPM (TPM 1.2 Only)** 1. Open the TPM MMC (tpm.msc). 2. In the **Action** pane, click **Turn TPM On** to display the **Turn on the TPM Security Hardware** page. Read the instructions on this page. @@ -125,7 +125,7 @@ If the TPM has been initialized but has never been used, or if you want to use t If you want to stop using the services that are provided by the TPM, you can use the TPM MMC to turn off the TPM. If you have the TPM owner password, physical access to the computer is not required to turn off the TPM. If you do not have the TPM owner password, you must have physical access to the computer to turn off the TPM. -**To turn off the TPM** +**To turn off the TPM (TPM 1.2 only)** 1. Open the TPM MMC (tpm.msc). 2. In the **Action** pane, click **Turn TPM Off** to display the **Turn off the TPM security hardware** page. @@ -156,13 +156,7 @@ Membership in the local Administrators group, or equivalent, is the minimum requ Clearing the TPM resets it to factory defaults and turns it off. You will lose all created keys and data that is protected by those keys.   -4. In the **Clear the TPM security hardware** dialog box, select one of the following methods to enter your password and clear the TPM: - - If you have the removable storage device with your saved TPM owner password, insert it, and click **I have the owner password file**. In the **Select backup file with the TPM owner password** dialog box, use **Browse** to navigate to the .tpm file that is saved on your removable storage device. Click **Open**, and then click **Clear TPM**. - - If you do not have the removable storage device with your saved password, click **I want to enter the owner password**. In the **Type your TPM owner password** dialog box, type your password (including hyphens), and click **Clear TPM**. - - If you do not know your TPM owner password, click **I don't have the TPM owner password**, and follow the instructions that are provided to clear the TPM without entering the password. - >**Note:**  If you have physical access to the computer, you can clear the TPM and perform a limited number of management tasks without entering the TPM owner password. -   - The status of your TPM is displayed under **Status** in TPM MMC. +4. You will be prompted to restart the computer. During the restart, you will be prompted by the BIOS or UEFI to press a button to confirm you wish to clear the TPM. ## Use the TPM cmdlets diff --git a/windows/keep-secure/manage-tpm-lockout.md b/windows/keep-secure/manage-tpm-lockout.md index 61c94cc77e..d7b997538c 100644 --- a/windows/keep-secure/manage-tpm-lockout.md +++ b/windows/keep-secure/manage-tpm-lockout.md @@ -19,17 +19,21 @@ This topic for the IT professional describes how to manage the lockout feature f The TPM will lock itself to prevent tampering or malicious attacks. TPM lockout often lasts for a variable amount of time or until the computer is turned off. While the TPM is in lockout mode, it generally returns an error message when it receives commands that require an authorization value. One exception is that the TPM always allows the owner at least one attempt to reset the TPM lockout when it is in lockout mode. -TPM ownership is commonly taken the first time BitLocker Drive Encryption is turned on for the computer. In this case, the TPM owner authorization password is saved with the BitLocker recovery key. When the BitLocker recovery key is saved to a file, BitLocker also saves a TPM owner password file (.tpm) with the TPM owner password hash value. When the BitLocker recovery key is printed, the TPM owner password is printed at the same time. You can also save your TPM owner password hash value to Active Directory Domain Services (AD DS) if your organization's Group Policy settings are configured to do so. +TPM ownership is taken upon first boot by Windows. By default, Windows does not retain the TPM owner password. In some cases, encryption keys are protected by a TPM by requiring a valid authorization value to access the key. A common example is configuring BitLocker Drive Encryption to use the TPM plus PIN key protector. In this scenario, the user must type the correct PIN during the boot process to access the volume encryption key protected by the TPM. To prevent malicious users or software from discovering authorization values, TPMs implement protection logic. The protection logic is designed to slow or stop responses from the TPM if it detects that an entity might be trying to guess authorization values. -The industry standards from the Trusted Computing Group (TCG) specify that TPM manufacturers must implement some form of protection logic in TPM 1.2 and TPM 2.0 chips. TPM manufacturers implement different protection mechanisms and behavior. The general guidance is for the TPM chip to take exponentially longer to respond if incorrect authorization values are sent to the TPM. Some TPM chips may not store failed attempts over time. Other TPM chips may store every failed attempt indefinitely. Therefore, some users may experience increasingly longer delays when they mistype an authorization value that is sent to the TPM. This can prevent them from using the TPM for a period of time. +**TPM 1.2** +The industry standards from the Trusted Computing Group (TCG) specify that TPM manufacturers must implement some form of protection logic in TPM 1.2 and TPM 2.0 chips. TPM 1.2 devices implement different protection mechanisms and behavior. In general, the TPM chip takes exponentially longer to respond if incorrect authorization values are sent to the TPM. Some TPM chips may not store failed attempts over time. Other TPM chips may store every failed attempt indefinitely. Therefore, some users may experience increasingly longer delays when they mistype an authorization value that is sent to the TPM. This can prevent them from using the TPM for a period of time. + +**TPM 2.0** + TPM 2.0 devices have standardized lockout behavior which is configured by Windows. TPM 2.0 devices have a maximum count threshold and a healing time. Windows configures the maximum count to be 32 and the healing time to be 2 hours. This means that every continuous two hours of powered on operation without an event which increases the counter will cause the counter to decrease by 1. If your TPM has entered lockout mode or is responding slowly to commands, you can reset the lockout value by using the following procedures. Resetting the TPM lockout requires the TPM owner’s authorization. ## Reset the TPM lockout by using the TPM MMC -The following procedure explains the steps to reset the TPM lockout by using the TPM MMC. +The following procedure explains the steps to reset the TPM lockout by using the TPM MMC. Note that this procedure is only available if you have configured Windows to retain the TPM owner password. By default, this behavior is not available in Windows 10. **To reset the TPM lockout** @@ -71,4 +75,4 @@ For details about the individual cmdlets, see [TPM Cmdlets in Windows PowerShell ## Additional resources -For more info about TPM, see [TPM technology overview](trusted-platform-module-overview.md#bkmk-additionalresources). \ No newline at end of file +For more info about TPM, see [TPM technology overview](trusted-platform-module-overview.md#bkmk-additionalresources). diff --git a/windows/keep-secure/protect-enterprise-data-using-wip.md b/windows/keep-secure/protect-enterprise-data-using-wip.md index 8956fd4ae8..235a704411 100644 --- a/windows/keep-secure/protect-enterprise-data-using-wip.md +++ b/windows/keep-secure/protect-enterprise-data-using-wip.md @@ -16,6 +16,7 @@ localizationpriority: high - Windows 10, version 1607 - Windows 10 Mobile +>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare). With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage. @@ -28,6 +29,31 @@ You’ll need this software to run WIP in your enterprise: |-----------------|---------------------| |Windows 10, version 1607 | Microsoft Intune
-OR-
System Center Configuration Manager
-OR-
Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product. If your 3rd party MDM does not have UI support for the policies, refer to the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt697634.aspx) documentation.| +## What is enterprise data control? +Effective collaboration means that you need to share data with others in your enterprise. This sharing can be from one extreme where everyone has access to everything without any security, all the way to the other extreme where people can’t share anything and it’s all highly secured. Most enterprises fall somewhere in between the two extremes, where success is balanced between providing the necessary access with the potential for improper data disclosure. + +As an admin, you can address the question of who gets access to your data by using access controls, such as employee credentials. However, just because someone has the right to access your data doesn’t guarantee that the data will remain within the secured locations of the enterprise. This means that while access controls are a great start, they’re not enough. + +In the end, all of these security measures have one thing in common: employees will tolerate only so much inconvenience before looking for ways around the security restrictions. For example, if you don’t allow employees to share files through a protected system, employees will turn to an outside app that more than likely lacks security controls. + +### Using data loss prevention systems +To help address this security insufficiency, company’s developed data loss prevention (also known as DLP) systems. Data loss prevention systems require: +- **A set of rules about how the system can identify and categorize the data that needs to be protected.** For example, a rule set might contain a rule that identifies credit card numbers and another rule that identifies Social Security numbers. + +- **A way to scan company data to see whether it matches any of your defined rules.** Currently, Microsoft Exchange Server and Exchange Online provide this service for email in transit, while Microsoft SharePoint and SharePoint Online provide this service for content stored in document libraries. + +- **The ability to specify what happens when data matches a rule, including whether employees can bypass enforcement.** For example, in Microsoft SharePoint and SharePoint Online, the Microsoft data loss prevention system lets you warn your employees that shared data includes sensitive info, and to share it anyway (with an optional audit log entry). + +Unfortunately, data loss prevention systems have their own problems. For example, the more detailed the rule set, the more false positives are created, leading employees to believe that the rules slow down their work and need to be bypassed in order to remain productive, potentially leading to data being incorrectly blocked or improperly released. Another major problem is that data loss prevention systems must be widely implemented to be effective. For example, if your company uses a data loss prevention system for email, but not for file shares or document storage, you might find that your data leaks through the unprotected channels. But perhaps the biggest problem with data loss preventions systems is that it provides a jarring experience that interrupts the employees’ natural workflow by blocking some operations (such as sending a message with an attachment that the system tags as sensitive) while allowing others, often according to subtle rules that the employee doesn’t see and can’t understand. + +### Using information rights management systems +To help address the potential data loss prevention system problems, company’s developed information rights management (also known as IRM) systems. Information rights management systems embed protection directly into documents, so that when an employee creates a document, he or she determines what kind of protection to apply. For example, an employee can choose to stop the document from being forwarded, printed, shared outside of the organization, and so on. + +After the type of protection is set, the creating app encrypts the document so that only authorized people can open it, and even then, only in compatible apps. After an employee opens the document, the app becomes responsible for enforcing the specified protections. Because protection travels with the document, if an authorized person sends it to an unauthorized person, the unauthorized person won’t be able to read or change it. However, for this to work effectively information rights management systems require you to deploy and set up both a server and client environment. And, because only compatible clients can work with protected documents, an employees’ work might be unexpectedly interrupted if he or she attempts to use a non-compatible app. + +### And what about when an employee leaves the company or unenrolls a device? +Finally, there’s the risk of data leaking from your company when an employee leaves or unenrolls a device. Previously, you would simply erase all of the corporate data from the device, along with any other personal data on the device. + ## Benefits of WIP WIP provides: - Obvious separation between personal and corporate data, without requiring employees to switch environments or apps. @@ -62,7 +88,11 @@ WIP currently addresses these enterprise scenarios: - Your employees won't have their work otherwise interrupted while switching between personal and enterprise apps while the enterprise policies are in place. Switching environments or signing in multiple times isn’t required. ### WIP-protection modes -You can set WIP to 1 of 4 protection and management modes: +Enterprise data is automatically encrypted after it’s loaded on a device from an enterprise source or if an employee marks the data as corporate. Then, when the enterprise data is written to disk, WIP uses the Windows-provided Encrypting File System (EFS) to protect it and associate it with your enterprise identity. + +Your WIP policy includes a list of trusted apps that are allowed to access and process corporate data. This list of apps is implemented through the [AppLocker](applocker-overview.md) functionality, controlling what apps are allowed to run and letting the Windows operating system know that the apps can edit corporate data. Apps included on this list don’t have to be modified to open corporate data because their presence on the list allows Windows to determine whether to grant them access. However, new for Windows 10, app developers can use a new set of application programming interfaces (APIs) to create *enlightened* apps that can use and edit both enterprise and personal data. A huge benefit to working with enlightened apps is that dual-use apps, like Microsoft Word, can be used with less concern about encrypting personal data by mistake because the APIs allow the app to determine whether data is owned by the enterprise or if it’s personally owned. + +You can set your WIP policy to use 1 of 4 protection and management modes: |Mode|Description| |----|-----------| @@ -96,7 +126,8 @@ WIP gives you a new way to manage data policy enforcement for apps and documents - **Helping prevent accidental data disclosure to removable media.** WIP helps prevent enterprise data from leaking when it's copied or transferred to removable media. For example, if an employee puts enterprise data on a Universal Serial Bus (USB) drive that also has personal data, the enterprise data remains encrypted while the personal data doesn’t. -- **Remove access to enterprise data from enterprise-protected devices.** WIP gives admins the ability to revoke enterprise data from one or many MDM-enrolled devices, while leaving personal data alone. This is a benefit when an employee leaves your company, or in the case of a stolen device. After determining that the data access needs to be removed, you can use Microsoft Intune to unenroll the device so when it connects to the network, the user's encryption key for the device is revoked and the enterprise data becomes unreadable.

**Note**
System Center Configuration Manager also allows you to revoke enterprise data. However, it does it by performing a factory reset of the device. +- **Remove access to enterprise data from enterprise-protected devices.** WIP gives admins the ability to revoke enterprise data from one or many MDM-enrolled devices, while leaving personal data alone. This is a benefit when an employee leaves your company, or in the case of a stolen device. After determining that the data access needs to be removed, you can use Microsoft Intune to unenroll the device so when it connects to the network, the user's encryption key for the device is revoked and the enterprise data becomes unreadable. + > **Note**
System Center Configuration Manager also allows you to revoke enterprise data. However, it does it by performing a factory reset of the device. ## Turn off WIP You can turn off all Windows Information Protection and restrictions, reverting to where you were pre-WIP, with no data loss. However, turning off WIP isn't recommended. If you choose to turn it off, you can always turn it back on, but WIP won't retain your decryption and policies info. @@ -104,4 +135,4 @@ You can turn off all Windows Information Protection and restrictions, reverting ## Next steps After deciding to use WIP in your enterprise, you need to: -- [Create a Windows Information Protection (WIP) policy](overview-create-wip-policy.md) \ No newline at end of file +- [Create a Windows Information Protection (WIP) policy](overview-create-wip-policy.md) diff --git a/windows/keep-secure/testing-scenarios-for-wip.md b/windows/keep-secure/testing-scenarios-for-wip.md index e74a83cfad..45737291cf 100644 --- a/windows/keep-secure/testing-scenarios-for-wip.md +++ b/windows/keep-secure/testing-scenarios-for-wip.md @@ -1,6 +1,6 @@ --- title: Testing scenarios for Windows Information Protection (WIP) (Windows 10) -description: We've come up with a list of suggested testing scenarios that you can use to test Windows Information Protection (WIP) in your company. +description: A list of suggested testing scenarios that you can use to test Windows Information Protection (WIP) in your company. ms.assetid: 53db29d2-d99d-4db6-b494-90e2b3962ca2 keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection ms.prod: w10 @@ -22,16 +22,145 @@ We've come up with a list of suggested testing scenarios that you can use to tes ## Testing scenarios You can try any of the processes included in these scenarios, but you should focus on the ones that you might encounter in your organization. -|Scenario |Processes | -|---------|----------| -|Automatically encrypt files from enterprise apps |

  1. Start an unmodified (for example, WIP-unaware) line-of-business app that's on your allowed apps list and then create, edit, write, and save files.
  2. Make sure that all of the files you worked with from the WIP-unaware app are encrypted to your configured Enterprise Identity. In some cases, you might need to close the file and wait a few moments for it to be automatically encrypted.
  3. Open File Explorer and make sure your modified files are appearing with a **Lock** icon.

    **Note**
    Some file types, like .exe and .dll, along with some file paths, like `%windir%` and `%programfiles%`, are excluded from automatic encryption.

| -|Block enterprise data from non-enterprise apps |
  1. Start an app that doesn't appear on your allowed apps list, and then try to open an enterprise-encrypted file.

    The app shouldn't be able to access the file.

  2. Try double-clicking or tapping on the enterprise-encrypted file.

    If your default app association is an app not on your allowed apps list, you should get an **Access Denied** error message.

| -|Copy and paste from enterprise apps to non-enterprise apps |
  1. Copy (CTRL+C) content from an app on your allowed apps list, and then try to paste (CTRL+V) the content into an app that doesn't appear on your allowed apps list.

    You should see a WIP-related warning box, asking you to click either **Got it** or **Cancel**.

  2. Click **Cancel**.

    The content isn't pasted into the non-enterprise app.

  3. Repeat Step 1, but this time click **Got it**, and try to paste the content again.

    The content is pasted into the non-enterprise app.

  4. Try copying and pasting content between apps on your allowed apps list.

    The content should copy and paste between apps without any warning messages.

| -|Drag and drop from enterprise apps to non-enterprise apps |
  1. Drag content from an app on your allowed apps list, and then try to drop the content into an app that doesn't appear on your allowed apps list.

    You should see a WIP-related warning box, asking you to click either **Drag Anyway** or **Cancel**.

  2. Click **Cancel**.

    The content isn't dropped into the non-enterprise app.

  3. Repeat Step 1, but this time click **Drag Anyway**, and try to drop the content again.

    The content is dropped into the non-enterprise app.

  4. Try dragging and dropping content between apps on your allowed apps list.

    The content should move between the apps without any warning messages.

| -|Share between enterprise apps and non-enterprise apps |
  1. Open an app on your allowed apps list, like Microsoft Photos, and try to share content with an app that doesn't appear on your allowed apps list, like Facebook.

    You should see a WIP-related warning box, asking you to click either **Share Anyway** or **Cancel**.

  2. Click **Cancel**.

    The content isn't shared into Facebook.

  3. Repeat Step 1, but this time click **Share Anyway**, and try to share the content again.

    The content is shared into Facebook.

  4. Try sharing content between apps on your allowed apps list.

    The content should share between the apps without any warning messages.

| -|Use the **Encrypt to** functionality |
  1. Open File Explorer on the desktop, right-click a decrypted file, and then click **Encrypt to** from the **Encrypt to** menu.

    WIP should encrypt the file to your Enterprise Identity.

  2. Make sure that the newly encrypted file has a **Lock** icon.
  3. In the **Encrypted to** column of File Explorer on the desktop, look for the enterprise ID value.
  4. Right-click the encrypted file, and then click **Not encrypted** from the **Encrypt to** menu.

    The file should be decrypted and the **Lock** icon should disappear.

| -|Verify that Windows system components can use WIP |
  1. Start Windows Journal and Internet Explorer 11, creating, editing, and saving files in both apps.
  2. Make sure that all of the files you worked with are encrypted to your configured Enterprise Identity. In some cases, you might need to close the file and wait a few moments for it to be automatically encrypted.
  3. Open File Explorer and make sure your modified files are appearing with a **Lock** icon
  4. Try copying and pasting, dragging and dropping, and sharing using these apps with other apps that appear both on and off the allowed apps list.

    **Note**
    Most Windows-signed components like Windows Explorer (when running in the user’s context), should have access to enterprise data.

    A few notable exceptions include some of the user-facing in-box apps, like Wordpad, Notepad, and Microsoft Paint. These apps don't have access by default, but can be added to your allowed apps list.

| -|Use WIP on FAT/exFAT systems |
  1. Start an app that uses the FAT or exFAT file system and appears on your allowed apps list.
  2. Create, edit, write, save, and move files.

    Basic file and folder operations like copy, move, rename, delete, and so on, should work properly on encrypted files.

  3. Try copying and moving files or folders between apps that use NTFS, FAT and exFAT file systems.
| -|Use WIP on NTFS systems |
  1. Start an app that uses the NTFS file system and appears on your allowed apps list.
  2. Create, edit, write, save, and move files.

    Basic file and folder operations like copy, move, rename, delete, and so on, should work properly on encrypted files.

  3. Try copying and moving files or folders between apps that use NTFS, FAT and exFAT file systems.
| -|Unenroll client devices from WIP | | -|Verify that app content is protected when a Windows 10 Mobile phone is locked | | \ No newline at end of file + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ScenarioProcesses
Encrypt and decrypt files using File Explorer.For desktop:

+

    +
  1. Open File Explorer, right-click a work document, and then click Work from the File Ownership menu.
    Make sure the file is encrypted by right-clicking the file again, clicking Advanced from the General tab, and then clicking Details from the Compress or Encrypt attributes area. The file should show up under the heading, This enterprise domain can remove or revoke access: <your_enterprise_identity>. For example, contoso.com.
    2. +
  2. In File Explorer, right-click the same document, and then click Personal from the File Ownership menu.
    Make sure the file is decrypted by right-clicking the file again, clicking Advanced from the General tab, and then verifying that the Details button is unavailable.
    3. +
+ For mobile:

+

    +
  1. Open the File Explorer app, browse to a file location, click the elipsis (...), and then click Select to mark at least one file as work-related.
    2. +
  2. Click the elipsis (...) again, click File ownership from the drop down menu, and then click Work.
    Make sure the file is encrypted, by locating the Briefcase icon next to the file name.
    3. +
  3. Select the same file, click File ownership from the drop down menu, and then click Personal.
    Make sure the file is decrypted and that you're no longer seeing the Briefcase icon next to file name.
    4. +
+
Create work documents in enterprise-allowed apps.For desktop:

+

    +
  • Start an unenlightened but allowed app, such as a line-of-business app, and then create a new document, saving your changes.
    Make sure the document is encrypted to your Enterprise Identity. This might take a few minutes and require you to close and re-open the file.

    Important
    Certain file types like .exe and .dll, along with certain file paths, such as %windir% and %programfiles% are excluded from automatic encryption.

    For more info about your Enterprise Identity and adding apps to your allowed apps list, see either [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) or [Create a Windows Information Protection (WIP) policy using Microsoft System Center Configuration Manager](create-wip-policy-using-sccm.md), based on your deployment system.

    • +
+ For mobile:

+

    +
  1. Start an allowed mobile app, such as Word Mobile, create a new document, and then save your changes as Work to a local, work-related location.
    Make sure the document is encrypted, by locating the Briefcase icon next to the file name.
    2. +
  2. Open the same document and attempt to save it to a non-work-related location.
    WIP should stop you from saving the file to this location.
    3. +
  3. Open the same document one last time, make a change to the contents, and then save it again using the Personal option.
    Make sure the file is decrypted and that you're no longer seeing the Briefcase icon next to file name.
    4. +
+
Block enterprise data from non-enterprise apps. +
    +
  1. Start an app that doesn't appear on your allowed apps list, and then try to open a work-encrypted file.
    The app shouldn't be able to access the file.
    2. +
  2. Try double-clicking or tapping on the work-encrypted file.
    If your default app association is an app not on your allowed apps list, you should get an Access Denied error message.
    3. +
+
Copy and paste from enterprise apps to non-enterprise apps. +
    +
  1. Copy (CTRL+C) content from an app on your allowed apps list, and then try to paste (CTRL+V) the content into an app that doesn't appear on your allowed apps list.
    You should see a WIP-related warning box, asking you to click either Change to personal or Keep at work.
    2. +
  2. Click Keep at work.
    The content isn't pasted into the non-enterprise app.
    3. +
  3. Repeat Step 1, but this time click Change to personal, and try to paste the content again.
    The content is pasted into the non-enterprise app.
    4. +
  4. Try copying and pasting content between apps on your allowed apps list.
    The content should copy and paste between apps without any warning messages.
    5. +
+
Drag and drop from enterprise apps to non-enterprise apps. +
    +
  1. Drag content from an app on your allowed apps list, and then try to drop the content into an app that doesn't appear on your allowed apps list.
    You should see a WIP-related warning box, asking you to click either Keep at work or Change to personal.
    2. +
  2. Click Keep at work.
    The content isn't dropped into the non-enterprise app.
    3. +
  3. Repeat Step 1, but this time click Change to personal, and try to drop the content again.
    The content is dropped into the non-enterprise app.
    4. +
  4. Try dragging and dropping content between apps on your allowed apps list.
    The content should move between the apps without any warning messages.
    5. +
+
Share between enterprise apps and non-enterprise apps. +
    +
  1. Open an app on your allowed apps list, like Microsoft Photos, and try to share content with an app that doesn't appear on your allowed apps list, like Facebook.
    You should see a WIP-related warning box, asking you to click either Keep at work or Change to personal.
    2. +
  2. Click Keep at work.
    The content isn't shared into Facebook.
    3. +
  3. Repeat Step 1, but this time click Change to personal, and try to share the content again.
    The content is shared into Facebook.
    4. +
  4. Try sharing content between apps on your allowed apps list.
    The content should share between the apps without any warning messages.
    5. +
+
Verify that Windows system components can use WIP. +
    +
  1. Start Windows Journal and Internet Explorer 11, creating, editing, and saving files in both apps.
    Make sure that all of the files you worked with are encrypted to your configured Enterprise Identity. In some cases, you might need to close the file and wait a few moments for it to be automatically encrypted.
    2. +
  2. Open File Explorer and make sure your modified files are appearing with a Lock icon.
    3. +
  3. Try copying and pasting, dragging and dropping, and sharing using these apps with other apps that appear both on and off the allowed apps list.

    Note
    Most Windows-signed components like File Explorer (when running in the user’s context), should have access to enterprise data.

    A few notable exceptions include some of the user-facing in-box apps, like Wordpad, Notepad, and Microsoft Paint. These apps don't have access by default, but can be added to your allowed apps list.

    4. +
+
Use WIP on NTFS, FAT, and exFAT systems. +
    +
  1. Start an app that uses the FAT or exFAT file system (for example a SD card or USB flash drive), and appears on your allowed apps list.
    2. +
  2. Create, edit, write, save, copy, and move files.
    Basic file and folder operations like copy, move, rename, delete, and so on, should work properly on encrypted files.
    3. +
+
Verify your shared files can use WIP. +
    +
  1. Download a file from a protected file share, making sure the file is encrypted by locating the Briefcase icon next to the file name.
    2. +
  2. Open the same file, make a change, save it and then try to upload it back to the file share. Again, this should work without any warnings.
    3. +
  3. Open an app that doesn't appear on your allowed apps list and attempt to access a file on the WIP-enabled file share.
    The app shouldn't be able to access the file share.
    4. +
+
Verify your cloud resources can use WIP. +
    +
  1. Add both Internet Explorer 11 and Microsoft Edge to your allowed apps list.
    2. +
  2. Open SharePoint (or another cloud resource that's part of your policy) and access a WIP-enabled resource by using both IE11 and Microsoft Edge.
    Both browsers should respect the enterprise and personal boundary.
    3. +
  3. Remove Internet Explorer 11 from your allowed app list and then try to access an intranet site or enterprise-related cloud resource.
    IE11 shouldn't be able to access the sites.

    Note
    Any file downloaded from your work SharePoint site, or any other WIP-enabled cloud resource, is automatically marked as Work.

    4. +
+
Verify your Virtual Private Network (VPN) can be auto-triggered. +
    +
  1. Set up your VPN network to start based on the WIPModeID setting.
    For specific info about how to do this, see the [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-wip-policy-using-intune.md) topic.
    2. +
  2. Start an app from your allowed apps list.
    The VPN network should automatically start.
    3. +
  3. Disconnect from your network and then start an app that isn't on your allowed apps list.
    The VPN shouldn't start and the app shouldn't be able to access your enterprise network.
    4. +
+
Unenroll client devices from WIP. +
    +
  • Unenroll a device from WIP by going to Settings, click Accounts, click Work, click the name of the device you want to unenroll, and then click Remove.
    The device should be removed and all of the enterprise content for that managed account should be gone.

    Important
    On desktop devices, the data isn't removed and can be recovered, so you must make sure they content is marked as Revoked and that access is denied for the employee. On mobile devices, the data is removed.

    • +
+
Verify that app content is protected when a Windows 10 Mobile phone is locked. +
    +
  • Check that protected app data doesn't appear on the Lock screen of a Windows 10 Mobile phone.
    • +
+
\ No newline at end of file diff --git a/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md b/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md index ff626bb1de..c60ccfbea9 100644 --- a/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md +++ b/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md @@ -22,16 +22,16 @@ The TPM Services Group Policy settings are located at: **Computer Configuration\\Administrative Templates\\System\\Trusted Platform Module Services\\** -| Setting | Windows 10 | Windows Server 2012 R2, Windows 8.1 and Windows RT | Windows Server 2012, Windows 8 and Windows RT | Windows Server 2008 R2 and Windows 7 | Windows Server 2008 and Windows Vista | +| Setting | Windows 10, version 1607 | Windows 10, version 1511 and Windows 10, version 1507 | Windows Server 2012 R2, Windows 8.1 and Windows RT | Windows Server 2012, Windows 8 and Windows RT | Windows Server 2008 R2 and Windows 7 | Windows Server 2008 and Windows Vista | | - | - | - | - | - | - | -| [Turn on TPM backup to Active Directory Domain Services](#bkmk-tpmgp-addsbu) | X| X| X| X| X| -| [Configure the list of blocked TPM commands](#bkmk-tpmgp-clbtc)| X| X| X| X| X| -| [Ignore the default list of blocked TPM commands](#bkmk-tpmgp-idlb) | X| X| X| X| X| -| [Ignore the local list of blocked TPM commands](#bkmk-tpmgp-illb) | X| X| X| X| X| -| [Configure the level of TPM owner authorization information available to the operating system](#bkmk-tpmgp-oauthos)| X| X| X||| -| [Standard User Lockout Duration](#bkmk-tpmgp-suld)| X| X| X||| -| [Standard User Individual Lockout Threshold](#bkmk-tpmgp-suilt)| X| X| X||| -| [Standard User Total Lockout Threshold](#bkmk-tpmgpsutlt)| X| X| X|||| +| [Turn on TPM backup to Active Directory Domain Services](#bkmk-tpmgp-addsbu) | | X| X| X| X| X| +| [Configure the list of blocked TPM commands](#bkmk-tpmgp-clbtc)| X| X| X| X| X| X| +| [Ignore the default list of blocked TPM commands](#bkmk-tpmgp-idlb) | X| X| X| X| X| X| +| [Ignore the local list of blocked TPM commands](#bkmk-tpmgp-illb) | X| X| X| X| X| X| +| [Configure the level of TPM owner authorization information available to the operating system](#bkmk-tpmgp-oauthos)| | X| X| X||| +| [Standard User Lockout Duration](#bkmk-tpmgp-suld)| X| X| X| X||| +| [Standard User Individual Lockout Threshold](#bkmk-tpmgp-suilt)| X| X| X| X||| +| [Standard User Total Lockout Threshold](#bkmk-tpmgpsutlt)| X| X| X| X||||   ### Turn on TPM backup to Active Directory Domain Services @@ -41,9 +41,7 @@ This policy setting allows you to manage the Active Directory Domain Services (A   TPM owner information includes a cryptographic hash of the TPM owner password. Certain TPM commands can be run only by the TPM owner. This hash authorizes the TPM to run these commands. ->**Important:**  To back up TPM owner information from a computer running Windows 10, Windows 8.1, or Windows 8, you might need to first set up appropriate schema extensions and access control settings on the domain so that the AD DS backup can succeed. Windows Server 2012 R2 and Windows Server 2012 include the required schema extensions by default. For more information, see [AD DS schema extensions to support TPM backup](ad-ds-schema-extensions-to-support-tpm-backup.md). -  -The TPM cannot be used to provide enhanced security features for BitLocker Drive Encryption and other applications without first setting an owner. To take ownership of the TPM with an owner password, on a local computer at the command prompt, type **tpm.msc** to open the TPM Management Console and select the action to **Initialize TPM**. If the TPM owner information is lost or is not available, limited TPM management is possible by running **tpm.msc**. +>**Important:**  To back up TPM owner information from a computer running Windows 10, Windows 8.1, or Windows 8, you might need to first set up appropriate schema extensions and access control settings on the domain so that the AD DS backup can succeed. Windows Server 2012 R2 and Windows Server 2012 include the required schema extensions by default. For more information, see [AD DS schema extensions to support TPM backup](ad-ds-schema-extensions-to-support-tpm-backup.md). This functionality is discontinued starting with Windows 10, version 1607. If you enable this policy setting, TPM owner information will be automatically and silently backed up to AD DS when you use Windows to set or change a TPM owner password. When this policy setting is enabled, a TPM owner password cannot be set or changed unless the computer is connected to the domain and the AD DS backup succeeds. @@ -99,10 +97,10 @@ This policy setting configures how much of the TPM owner authorization informati There are three TPM owner authentication settings that are managed by the Windows operating system. You can choose a value of **Full**, **Delegate**, or **None**. - **Full**   This setting stores the full TPM owner authorization, the TPM administrative delegation blob, and the TPM user delegation blob in the local registry. With this setting, you can use the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios that do not require you to reset the TPM anti-hammering logic or change the TPM owner authorization value. Some TPM-based applications may require that this setting is changed before features that depend on the TPM anti-hammering logic can be used. -- **Delegated**   This setting stores only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM antihammering logic. When you use this setting, we recommend using external or remote storage for the full TPM owner authorization value—for example, backing up the value in Active Directory Domain Services (AD DS). +- **Delegated**   This setting stores only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM antihammering logic. This is the default setting in Windows. - **None**   This setting provides compatibility with previous operating systems and applications. You can also use it for scenarios when TPM owner authorization cannot be stored locally. Using this setting might cause issues with some TPM-based applications. ->**Note:**  If the operating system managed TPM authentication setting is changed from **Full** to **Delegated**, the full TPM owner authorization value will be regenerated, and any copies of the previously set TPM owner authorization value will be invalid. If you are backing up the TPM owner authorization value to AD DS, the new owner authorization value is automatically backed up to AD DS when it is changed. +>**Note:**  If the operating system managed TPM authentication setting is changed from **Full** to **Delegated**, the full TPM owner authorization value will be regenerated, and any copies of the previously set TPM owner authorization value will be invalid.   **Registry information** @@ -132,8 +130,6 @@ authorization to the TPM.   The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode, it is global for all users (including administrators) and for Windows features such as BitLocker Drive Encryption. -The number of authorization failures that a TPM allows and how long it stays locked vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time, with fewer authorization failures, depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require that the system is on so enough clock cycles elapse before the TPM exits the lockout mode. - This setting helps administrators prevent the TPM hardware from entering a lockout mode by slowing the speed at which standard users can send commands that require authorization to the TPM. For each standard user, two thresholds apply. Exceeding either threshold prevents the user from sending a command that requires authorization to the TPM. Use the following policy settings to set the lockout duration: @@ -176,8 +172,6 @@ For each standard user two thresholds apply. Exceeding either threshold will pre The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode, it is global for all users (including administrators) and for Windows features such as BitLocker Drive Encryption.. -The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode. - An administrator with the TPM owner password can fully reset the TPM's hardware lockout logic by using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic, all prior standard user TPM authorization failures are ignored. This allows standard users to immediately use the TPM normally. If you do not configure this policy setting, a default value of 9 is used. A value of zero means that the operating system will not allow standard users to send commands to the TPM, which might cause an authorization failure. diff --git a/windows/keep-secure/windows-defender-advanced-threat-protection.md b/windows/keep-secure/windows-defender-advanced-threat-protection.md index 01fccfad1a..bf62da150c 100644 --- a/windows/keep-secure/windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/windows-defender-advanced-threat-protection.md @@ -15,7 +15,7 @@ localizationpriority: high **Applies to:** -- Windows 10 Enterprise +- Windows 10 Enterprise, let's change back - Windows 10 Enterprise for Education - Windows 10 Pro - Windows 10 Pro Education diff --git a/windows/manage/appv-allow-administrators-to-enable-connection-groups.md b/windows/manage/appv-allow-administrators-to-enable-connection-groups.md index ac4a20e8a1..8241c5edef 100644 --- a/windows/manage/appv-allow-administrators-to-enable-connection-groups.md +++ b/windows/manage/appv-allow-administrators-to-enable-connection-groups.md @@ -23,8 +23,8 @@ Use one of the following methods to allow only administrators to enable or disab --++ diff --git a/windows/manage/appv-application-publishing-and-client-interaction.md b/windows/manage/appv-application-publishing-and-client-interaction.md index 494ffc80ab..31ace970ff 100644 --- a/windows/manage/appv-application-publishing-and-client-interaction.md +++ b/windows/manage/appv-application-publishing-and-client-interaction.md @@ -67,9 +67,7 @@ The Sequencer creates App-V packages and produces a virtualized application. The
-  - -For information about sequencing, see [How to Sequence a New Application with App-V](https://technet.microsoft.com/itpro/windows/manage/appv-sequence-a-new-application). +For information about sequencing, see [How to Sequence a New Application with App-V](appv-sequence-a-new-application.md). ## What’s in the appv file? @@ -234,7 +232,7 @@ The Package Store contains a pristine copy of the package files that have been s ### COW roaming -The COW Roaming location described above stores changes to files and directories that are targeted to the typical %AppData% location or \\Users\\**\\AppData\\Roaming location. These directories and files are then roamed based on the operating system settings. +The COW Roaming location described above stores changes to files and directories that are targeted to the typical %AppData% location or \\Users\\*<username>*\\AppData\\Roaming location. These directories and files are then roamed based on the operating system settings. ### COW local diff --git a/windows/manage/appv-capacity-planning.md b/windows/manage/appv-capacity-planning.md index d0e054caa1..bf7e512509 100644 --- a/windows/manage/appv-capacity-planning.md +++ b/windows/manage/appv-capacity-planning.md @@ -28,8 +28,8 @@ Before you design the App-V infrastructure, determine the project’s scope. The --++ diff --git a/windows/manage/appv-client-configuration-settings.md b/windows/manage/appv-client-configuration-settings.md index 7fe953302b..59e07c520f 100644 --- a/windows/manage/appv-client-configuration-settings.md +++ b/windows/manage/appv-client-configuration-settings.md @@ -21,45 +21,45 @@ You can use Group Policy to configure App-V client settings by using the Group P The following table provides information about App-V client configuration settings that can be configured through Windows PowerShell cmdlets: -| **Name of option in Windows PowerShell**
Type | Description | Cmdlet or cmdlets for setting | Disabled Policy State Keys and Values | +| Windows PowerShell cmdlet or cmdlets,
**Option**
Type | Description | Disabled Policy State Keys and Values | |------------|------------|------------|------------| -| **PackageInstallationRoot**
String | Specifies directory where all new applications and updates will be installed. | Set-AppvClientConfiguration,
Set-AppvPublishingServer | Policy value not written (same as Not Configured) | -| **PackageSourceRoot**
String | Overrides source location for downloading package content. | Set-AppvClientConfiguration,
Set-AppvPublishingServer | Policy value not written (same as Not Configured) | -| **AllowHighCostLaunch**
True (enabled); False (Disabled state) | This setting controls whether virtualized applications are launched on Windows 10 machines connected via a metered network connection (For example, 4G). | Set-AppvClientConfiguration,
Set-AppvPublishingServer | 0 | -| **ReestablishmentRetries**
Integer (0-99) | Specifies the number of times to retry a dropped session. | Set-AppvClientConfiguration,
Set-AppvPublishingServer | Policy value not written (same as Not Configured) | -| **ReestablishmentInterval**
Integer (0-3600) | Specifies the number of seconds between attempts to reestablish a dropped session. | Set-AppvClientConfiguration,
Set-AppvPublishingServer | Policy value not written (same as Not Configured) | -| **LocationProvider**
String | Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface. | Set-AppvClientConfiguration,
Set-AppvPublishingServer | Policy value not written (same as Not Configured) | -| **CertFilterForClientSsl**
String | Specifies the path to a valid certificate in the certificate store. | Set-AppvClientConfiguration,
Set-AppvPublishingServer | Policy value not written (same as Not Configured) | -| **VerifyCertificateRevocationList**
True(enabled); False(Disabled state) | Verifies Server certificate revocation status before steaming using HTTPS. | Set-AppvClientConfiguration,
Set-AppvPublishingServer | 0 | -| **SharedContentStoreMode**
True(enabled); False(Disabled state) | Specifies that streamed package contents will be not be saved to the local hard disk. | Set-AppvClientConfiguration,
Set-AppvPublishingServer | 0 | -| **Name**
String | Displays the name of publishing server. | Set-AppvPublishingServer | Policy value not written (same as Not Configured) | -| **URL**
String | Displays the URL of publishing server. | Set-AppvPublishingServer | Policy value not written (same as Not Configured) | -| **GlobalRefreshEnabled**
True(enabled); False(Disabled state) | Enables global publishing refresh (Boolean) | Set-AppvPublishingServer | False | -| **GlobalRefreshOnLogon**
True(enabled); False(Disabled state) | Triggers a global publishing refresh on logon. ( Boolean) | Set-AppvPublishingServer | False | -| **GlobalRefreshInterval**
Integer (0-744) | Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0. | Set-AppvPublishingServer | 0 | -| **GlobalRefreshIntervalUnit**
0 for hour, 1 for day | Specifies the interval unit (Hour 0-23, Day 0-31). | Set-AppvPublishingServer | 1 | -| **UserRefreshEnabled**
True(enabled); False(Disabled state) | Enables user publishing refresh (Boolean) | Set-AppvPublishingServer | False | -| **UserRefreshOnLogon**
True(enabled); False(Disabled state) | Triggers a user publishing refresh onlogon. ( Boolean)Word count (with spaces): 60 | Set-AppvPublishingServer | False | -| **UserRefreshInterval**
Word count (with spaces): 85Integer (0-744 Hours) | Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. | Set-AppvPublishingServer | 0 | -| **UserRefreshIntervalUnit**
0 for hour, 1 for day | Specifies the interval unit (Hour 0-23, Day 0-31). | Set-AppvPublishingServer | 1 | -| **MigrationMode**
True(enabled state); False (disabled state) | Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created using a previous version of App-V. | Set-AppvClientConfiguration,
Set-AppvPublishingServer | | -| **EnablePackageScripts**
True(enabled); False(Disabled state) | Enables scripts defined in the package manifest of configuration files that should run. | Set-AppvClientConfiguration,
Set-AppvPublishingServer | | -| **RoamingFileExclusions**
String | Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /ROAMINGFILEEXCLUSIONS='desktop;my pictures' | Set-AppvClientConfiguration | | -| **RoamingRegistryExclusions**
String | Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients | Set-AppvClientConfiguration,
Set-AppvPublishingServer | Policy value not written (same as Not Configured) | -| **IntegrationRootUser**
String | Specifies the location to create symbolic links associated with the current version of a per-user published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %localappdata%\\Microsoft\\AppV\\Client\\Integration. | Set-AppvClientConfiguration,
Set-AppvPublishingServer | Policy value not written (same as Not Configured) | -| **IntegrationRootGlobal**
String | Specifies the location to create symbolic links associated with the current version of a globally published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %allusersprofile%\\Microsoft\\AppV\\Client\\Integration | Set-AppvClientConfiguration,
Set-AppvPublishingServer | Policy value not written (same as Not Configured) | -| **VirtualizableExtensions**
String | A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment. When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the **RunVirtual** command line parameter will be added, and the application will run virtually. For more information about the **RunVirtual** parameter, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md). | Set-AppvClientConfiguration,
Set-AppvPublishingServer | Policy value not written | -| **ReportingEnabled**
True (enabled); False (Disabled state) | Enables the client to return information to a reporting server. | Set-AppvClientConfiguration,
Set-AppvPublishingServer | False | -| **ReportingServerURL**
String | Specifies the location on the reporting server where client information is saved. | Set-AppvClientConfiguration,
Set-AppvPublishingServer | Policy value not written (same as Not Configured) | -| **ReportingDataCacheLimit**
Integer \[0-1024\] | Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024. | Set-AppvClientConfiguration,
Set-AppvPublishingServer | Policy value not written (same as Not Configured) | -| **ReportingDataBlockSize**
Integer \[1024 - Unlimited\] | Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited. | Set-AppvClientConfiguration,
Set-AppvPublishingServer | Policy value not written (same as Not Configured) | -| **ReportingStartTime**
Integer (0 – 23) | Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0-23 corresponding to the hour of the day. By default the **ReportingStartTime** will start on the current day at 10 P.M.or 22.
**Note** You should configure this setting to a time when computers running the App-V client are least likely to be offline. | Set-AppvClientConfiguration,
Set-AppvPublishingServer | Policy value not written (same as Not Configured) | -| **ReportingInterval**
Integer | Specifies the retry interval that the client will use to resend data to the reporting server. | Set-AppvClientConfiguration,
Set-AppvPublishingServer | Policy value not written (same as Not Configured) | -| **ReportingRandomDelay**
Integer \[0 - ReportingRandomDelay\] | Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and **ReportingRandomDelay** and will wait the specified duration before sending data. This can help to prevent collisions on the server. | Set-AppvClientConfiguration,
Set-AppvPublishingServer | Policy value not written (same as Not Configured) | -| **EnableDynamicVirtualization
**1 (Enabled), 0 (Disabled) | Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications. | Set-AppvClientConfiguration,
Set-AppvPublishingServer | | -| **EnablePublishingRefreshUI**
1 (Enabled), 0 (Disabled) | Enables the publishing refresh progress bar for the computer running the App-V Client. | Set-AppvClientConfiguration,
Set-AppvPublishingServer | | -| **HidePublishingRefreshUI**
1 (Enabled), 0 (Disabled) | Hides the publishing refresh progress bar. | Sync-AppvPublishingServer | | -| **ProcessesUsingVirtualComponents**
String | Specifies a list of process paths (that may contain wildcards), which are candidates for using dynamic virtualization (supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization. | Set-AppvClientConfiguration,
Set-AppvPublishingServer | Empty string. | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-PackageInstallationRoot**
String | Specifies directory where all new applications and updates will be installed. | Policy value not written (same as Not Configured) | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-PackageSourceRoot**
String | Overrides source location for downloading package content. | Policy value not written (same as Not Configured) | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-AllowHighCostLaunch**
True (enabled); False (Disabled state) | This setting controls whether virtualized applications are launched on Windows 10 machines connected via a metered network connection (For example, 4G). | 0 | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-ReestablishmentRetries**
Integer (0-99) | Specifies the number of times to retry a dropped session. | Policy value not written (same as Not Configured) | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-ReestablishmentInterval**
Integer (0-3600) | Specifies the number of seconds between attempts to reestablish a dropped session. | Policy value not written (same as Not Configured) | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-LocationProvider**
String | Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface. | Policy value not written (same as Not Configured) | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-CertFilterForClientSsl**
String | Specifies the path to a valid certificate in the certificate store. | Policy value not written (same as Not Configured) | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-VerifyCertificateRevocationList**
True(enabled); False(Disabled state) | Verifies Server certificate revocation status before steaming using HTTPS. | 0 | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-SharedContentStoreMode**
True(enabled); False(Disabled state) | Specifies that streamed package contents will be not be saved to the local hard disk. | 0 | +| Set-AppvPublishingServer

**-Name**
String | Displays the name of publishing server. | Policy value not written (same as Not Configured) | +| Set-AppvPublishingServer

**-URL**
String | Displays the URL of publishing server. | Policy value not written (same as Not Configured) | +| Set-AppvPublishingServer

**-GlobalRefreshEnabled**
True(enabled); False(Disabled state) | Enables global publishing refresh (Boolean) | False | +| Set-AppvPublishingServer

**-GlobalRefreshOnLogon**
True(enabled); False(Disabled state) | Triggers a global publishing refresh on logon. ( Boolean) | False | +| Set-AppvPublishingServer

**-GlobalRefreshInterval**
Integer (0-744) | Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0. | 0 | +| Set-AppvPublishingServer

**-GlobalRefreshIntervalUnit**
0 for hour, 1 for day | Specifies the interval unit (Hour 0-23, Day 0-31). | 1 | +| Set-AppvPublishingServer

**-UserRefreshEnabled**
True(enabled); False(Disabled state) | Enables user publishing refresh (Boolean) | False | +| Set-AppvPublishingServer

**-UserRefreshOnLogon**
True(enabled); False(Disabled state) | Triggers a user publishing refresh onlogon. ( Boolean)Word count (with spaces): 60 | False | +| Set-AppvPublishingServer

**-UserRefreshInterval**
Word count (with spaces): 85Integer (0-744 Hours) | Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. | 0 | +| Set-AppvPublishingServer

**-UserRefreshIntervalUnit**
0 for hour, 1 for day | Specifies the interval unit (Hour 0-23, Day 0-31). | 1 | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-MigrationMode**
True(enabled state); False (disabled state) | Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created using a previous version of App-V. | | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-EnablePackageScripts**
True(enabled); False(Disabled state) | Enables scripts defined in the package manifest of configuration files that should run. | | +| Set-AppvClientConfiguration

**-RoamingFileExclusions**
String | Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /ROAMINGFILEEXCLUSIONS='desktop;my pictures' | | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-RoamingRegistryExclusions**
String | Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients | Policy value not written (same as Not Configured) | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-IntegrationRootUser**
String | Specifies the location to create symbolic links associated with the current version of a per-user published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %localappdata%\\Microsoft\\AppV\\Client\\Integration. | Policy value not written (same as Not Configured) | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-IntegrationRootGlobal**
String | Specifies the location to create symbolic links associated with the current version of a globally published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %allusersprofile%\\Microsoft\\AppV\\Client\\Integration | Policy value not written (same as Not Configured) | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-VirtualizableExtensions**
String | A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment. When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the **RunVirtual** command line parameter will be added, and the application will run virtually. For more information about the **RunVirtual** parameter, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md). | Policy value not written | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-ReportingEnabled**
True (enabled); False (Disabled state) | Enables the client to return information to a reporting server. | False | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-ReportingServerURL**
String | Specifies the location on the reporting server where client information is saved. | Policy value not written (same as Not Configured) | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-ReportingDataCacheLimit**
Integer \[0-1024\] | Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024. | Policy value not written (same as Not Configured) | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-ReportingDataBlockSize**
Integer \[1024 - Unlimited\] | Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited. | Policy value not written (same as Not Configured) | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-ReportingStartTime**
Integer (0 – 23) | Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0-23 corresponding to the hour of the day. By default the **ReportingStartTime** will start on the current day at 10 P.M.or 22.
**Note** You should configure this setting to a time when computers running the App-V client are least likely to be offline. | Policy value not written (same as Not Configured) | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-ReportingInterval**
Integer | Specifies the retry interval that the client will use to resend data to the reporting server. | Policy value not written (same as Not Configured) | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-ReportingRandomDelay**
Integer \[0 - ReportingRandomDelay\] | Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and **ReportingRandomDelay** and will wait the specified duration before sending data. This can help to prevent collisions on the server. | Policy value not written (same as Not Configured) | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-EnableDynamicVirtualization
**1 (Enabled), 0 (Disabled) | Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications. | | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-EnablePublishingRefreshUI**
1 (Enabled), 0 (Disabled) | Enables the publishing refresh progress bar for the computer running the App-V Client. | | +| Sync-AppvPublishingServer

**-HidePublishingRefreshUI**
1 (Enabled), 0 (Disabled) | Hides the publishing refresh progress bar. | | +| Set-AppvClientConfiguration,
Set-AppvPublishingServer

**-ProcessesUsingVirtualComponents**
String | Specifies a list of process paths (that may contain wildcards), which are candidates for using dynamic virtualization (supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization. | Empty string. | ## App-V Client Configuration Settings: Registry Keys diff --git a/windows/manage/appv-configure-connection-groups-to-ignore-the-package-version.md b/windows/manage/appv-configure-connection-groups-to-ignore-the-package-version.md index 9ef529d55a..d0dd6dc5b9 100644 --- a/windows/manage/appv-configure-connection-groups-to-ignore-the-package-version.md +++ b/windows/manage/appv-configure-connection-groups-to-ignore-the-package-version.md @@ -40,7 +40,7 @@ For more about adding or upgrading packages, see [How to Add or Upgrade Packages 1. Create the connection group XML document. -2. For the package to be upgraded, set the **Package** tag attribute **VersionID** to an asterisk (**\***). +2. For the package to be upgraded, set the **Package** tag attribute **VersionID** to an asterisk (*). 3. Use the following cmdlet to add the connection group, and include the path to the connection group XML document: diff --git a/windows/manage/appv-connect-to-the-management-console.md b/windows/manage/appv-connect-to-the-management-console.md index a83795a235..47da73bf11 100644 --- a/windows/manage/appv-connect-to-the-management-console.md +++ b/windows/manage/appv-connect-to-the-management-console.md @@ -17,7 +17,7 @@ Use the following procedure to connect to the App-V Management Console. **To connect to the App-V Management Console** -1. Open Internet Explorer browser and type the address for the App-V. For example, **http://\<_management server name_\>:\<_management service port number_\>/console.html**. +1. Open Internet Explorer browser and type the address for the App-V Management server. For example, **http://\<_management server name_\>:\<_management service port number_\>/console.html**. 2. To view different sections of the console, click the desired section in the navigation pane. diff --git a/windows/manage/appv-connection-group-file.md b/windows/manage/appv-connection-group-file.md index 9b8a08ae00..a523cd8c6d 100644 --- a/windows/manage/appv-connection-group-file.md +++ b/windows/manage/appv-connection-group-file.md @@ -203,87 +203,60 @@ The virtual application Microsoft Outlook is running in virtual environment **XY ## Supported virtual application connection configurations +The following application connection configurations are supported. -
---- - - - - - - - - - - - - - - - - - - - - -
ConfigurationExample scenario

An. exe file and plug-in (.dll)

    -

  • You want to distribute Microsoft Office to all users, but distribute a Microsoft Excel plug-in to only a subset of users.

    • -

  • Enable the connection group for the appropriate users.

    • -

  • Update each package individually as required.

    • -

An. exe file and a middleware application

    -

  • You have an application requires a middleware application, or several applications that all depend on the same middleware runtime version.

    • -

  • All computers that require one or more of the applications receive the connection groups with the application and middleware application runtime.

    • -

  • You can optionally combine multiple middleware applications into a single connection group.

    - ---- - - - - - - - - - - - - - - - - -
    ExampleExample description

    Virtual application connection group for the financial division

      -

    • Middleware application 1

      • -

    • Middleware application 2

      • -

    • Middleware application 3

      • -

    • Middleware application runtime

      • -

    Virtual application connection group for HR division

      -

    • Middleware application 5

      • -

    • Middleware application 6

      • -

    • Middleware application runtime

      • -
    -

     

    • -

An. exe file and an .exe file

You have an application that relies on another application, and you want to keep the packages separate for operational efficiencies, licensing restrictions, or rollout timelines.

-

Example:

-

If you are deploying Microsoft Lync 2010, you can use three packages:

-
    -

  • Microsoft Office 2010

    • -

  • Microsoft Communicator 2007

    • -

  • Microsoft Lync 2010

    • -
-

You can manage the deployment using the following connection groups:

-
    -

  • Microsoft Office 2010 and Microsoft Communicator 2007

    • -

  • Microsoft Office 2010 and Microsoft Lync 2010

    • -
-

When the deployment has completed, you can either create a single new Microsoft Office 2010 + Microsoft Lync 2010 package, or keep and maintain them as separate packages and deploy them by using a connection group.

+- **An. exe file and plug-in (.dll)**. For example, you might want to distribute Microsoft Office to all users, but distribute a Microsoft Excel plug-in to only a subset of users. + Enable the connection group for the appropriate users. Update each package individually as required. + +- **An. exe file and a middleware application**. You might have an application that requires a middleware application, or several applications that all depend on the same middleware runtime version. + + All computers that require one or more of the applications receive the connection groups with the application and middleware application runtime. You can optionally combine multiple middleware applications into a single connection group. + + + + + + + + + + + + + + + + + + + + + + +
ExampleExample description

Virtual application connection group for the financial division

    +

  • Middleware application 1

    • +

  • Middleware application 2

    • +

  • Middleware application 3

    • +

  • Middleware application runtime

    • +

Virtual application connection group for HR division

    +

  • Middleware application 5

    • +

  • Middleware application 6

    • +

  • Middleware application runtime

    • +
+ +- **An. exe file and an .exe file**. You might have an application that relies on another application, and you want to keep the packages separate for operational efficiencies, licensing restrictions, or rollout timelines. + + For example, if you are deploying Microsoft Lync 2010, you can use three packages: + - Microsoft Office 2010 + - Microsoft Communicator 2007 + - Microsoft Lync 2010

+ + You can manage the deployment using the following connection groups: + - Microsoft Office 2010 and Microsoft Communicator 2007 + - Microsoft Office 2010 and Microsoft Lync 2010

+ + When the deployment has completed, you can either create a single new Microsoft Office 2010 + Microsoft Lync 2010 package, or keep and maintain them as separate packages and deploy them by using a connection group. ## Have a suggestion for App-V? diff --git a/windows/manage/appv-create-a-virtual-application-package-package-accelerator.md b/windows/manage/appv-create-a-virtual-application-package-package-accelerator.md index 873f4f54c7..4cae334e5e 100644 --- a/windows/manage/appv-create-a-virtual-application-package-package-accelerator.md +++ b/windows/manage/appv-create-a-virtual-application-package-package-accelerator.md @@ -14,61 +14,44 @@ ms.prod: w10 **Applies to** - Windows 10, version 1607 -**Important**   -The App-V Sequencer does not grant any license rights to the software application that you use to create the Package Accelerator. You must abide by all end user license terms for the application that you use. It is your responsibility to make sure that the software application’s license terms allow you to create a Package Accelerator with the App-V Sequencer. - -  - Use the following procedure to create a virtual application package with the App-V Package Accelerator. -**Note**   -Before you start this procedure, copy the required Package Accelerator locally to the computer that runs the App-V Sequencer. You should also copy all required installation files for the package to a local directory on the computer that runs the Sequencer. This is the directory that you have to specify in step 5 of this procedure. - -  +> **Important**  The App-V Sequencer does not grant any license rights to the software application that you use to create the Package Accelerator. You must abide by all end user license terms for the application that you use. It is your responsibility to make sure that the software application’s license terms allow you to create a Package Accelerator with the App-V Sequencer. **To create a virtual application package with an App-V Package Accelerator** -1. To start the App-V Sequencer, on the computer that runs the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. +1. Be sure that the required Package Accelerator has been copied locally to the computer that runs the App-V Sequencer. Also copy all required installation files for the package to a local folder on the computer that runs the Sequencer. This is the folder that you have to specify in step 6 of this procedure. -2. To start the **Create New Package Wizard**, click **Create a New Virtual Application Package**. To create the package, select the **Create Package using a Package Accelerator** check box, and then click **Next**. +2. To start the App-V Sequencer, on the computer that runs the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. -3. To specify the package accelerator that will be used to create the new virtual application package, click **Browse** on the **Select Package Accelerator** page. Click **Next**. +3. To start the **Create New Package Wizard**, click **Create a New Virtual Application Package**. To create the package, select the **Create Package using a Package Accelerator** check box, and then click **Next**. - **Important**   - If the publisher of the package accelerator cannot be verified and does not contain a valid digital signature, then before you click **Run**, you must confirm that you trust the source of the package accelerator. Confirm your choice in the **Security Warning** dialog box. +4. To specify the package accelerator that will be used to create the new virtual application package, click **Browse** on the **Select Package Accelerator** page. Click **Next**. -   + > **Important**  If the publisher of the package accelerator cannot be verified and does not contain a valid digital signature, then before you click **Run**, you must confirm that you trust the source of the package accelerator. Confirm your choice in the **Security Warning** dialog box. -4. On the **Guidance** page, review the publishing guidance information that is displayed in the information pane. This information was added when the Package Accelerator was created and it contains guidance about how to create and publish the package. To export the guidance information to a text (.txt) file, click **Export** and specify the location where the file should be saved, and then click **Next**. +5. On the **Guidance** page, review the publishing guidance information that is displayed in the information pane. This information was added when the Package Accelerator was created and it contains guidance about how to create and publish the package. To export the guidance information to a text (.txt) file, click **Export** and specify the location where the file should be saved, and then click **Next**. -5. On the **Select Installation Files** page, click **Make New Folder** to create a local folder that contains all required installation files for the package, and specify where the folder should be saved. You must also specify a name to be assigned to the folder. You must then copy all required installation files to the location that you specified. If the folder that contains the installation files already exists on the computer that runs the Sequencer, click **Browse** to select the folder. +6. On the **Select Installation Files** page, click **Make New Folder** to create a local folder that contains all required installation files for the package, and specify where the folder should be saved. You must also specify a name to be assigned to the folder. You must then copy all required installation files to the location that you specified. If the folder that contains the installation files already exists on the computer that runs the Sequencer, click **Browse** to select the folder. Alternatively, if you have already copied the installation files to a directory on this computer, click **Make New Folder**, browse to the folder that contains the installation files, and then click **Next**. - **Note**   - You can specify the following types of supported installation files: + > **Note**  You can specify the following types of supported installation files: + > - Windows Installer files (**.msi**) + > - Cabinet files (.cab) + > - Compressed files with a .zip file name extension + > - The actual application files + > The following file types are not supported: **.msp** and **.exe** files. If you specify an **.exe** file, you must extract the installation files manually. - - Windows Installer files (**.msi**) +7. If the package accelerator requires an application to be installed before you apply the Package Accelerator, and if you have already installed the required application, select **I have installed all applications**, and then click **Next** on the **Local Installation** page. - - Cabinet files (.cab) +8. On the **Package Name** page, specify a name that will be associated with the package. The name that you specify identifies the package in the App-V Management Console. Click **Next**. - - Compressed files with a .zip file name extension +9. On the **Create Package** page, provide comments that will be associated with the package. The comments should contain identifying information about the package that you are creating. To confirm the location where the package is created, review the information that is displayed in **Save Location**. To compress the package, select **Compress Package**. Select the **Compress Package** check box if the package will be streamed across the network, or when the package size exceeds 4 GB. - - The actual application files +10. To create the package, click **Create**. After the package is created, click **Next**. - The following file types are not supported: **.msp** and **.exe** files. If you specify an **.exe** file, you must extract the installation files manually. - -   - - If the package accelerator requires an application to be installed before you apply the Package Accelerator, and if you have already installed the required application, select **I have installed all applications**, and then click **Next** on the **Local Installation** page. - -6. On the **Package Name** page, specify a name that will be associated with the package. The name that you specify identifies the package in the App-V Management Console. Click **Next**. - -7. On the **Create Package** page, provide comments that will be associated with the package. The comments should contain identifying information about the package that you are creating. To confirm the location where the package is created, review the information that is displayed in **Save Location**. To compress the package, select **Compress Package**. Select the **Compress Package** check box if the package will be streamed across the network, or when the package size exceeds 4 GB. - - To create the package, click **Create**. After the package is created, click **Next**. - -8. On the **Configure Software** page, to enable the Sequencer to configure the applications that are contained in the package, select **Configure Software**. In this step you can configure any associated tasks that must be completed in order to run the application on the target computers. For example, you can configure any associated license agreements. +11. On the **Configure Software** page, to enable the Sequencer to configure the applications that are contained in the package, select **Configure Software**. In this step you can configure any associated tasks that must be completed in order to run the application on the target computers. For example, you can configure any associated license agreements. If you select **Configure Software**, the following items can be configured using the Sequencer as part of this step: @@ -80,9 +63,9 @@ Before you start this procedure, copy the required Package Accelerator locally t - **Primary Feature Block**. The Sequencer optimizes the package for streaming by rebuilding the primary feature block. - If you do not want to configure the applications, click **Skip this step**, and to go to step 9 of this procedure, and then click **Next**. + If you do not want to configure the applications, click **Skip this step**, and then click **Next**. -9. On the **Completion** page, after you review the information that is displayed in the **Virtual Application Package Report** pane, click **Close**. +12. On the **Completion** page, after you review the information that is displayed in the **Virtual Application Package Report** pane, click **Close**. The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about how to modify a package, see [How to Modify an Existing Virtual Application Package](appv-modify-an-existing-virtual-application-package.md). diff --git a/windows/manage/appv-create-and-use-a-project-template.md b/windows/manage/appv-create-and-use-a-project-template.md index 09b14a9981..c6a0be63bb 100644 --- a/windows/manage/appv-create-and-use-a-project-template.md +++ b/windows/manage/appv-create-and-use-a-project-template.md @@ -16,10 +16,7 @@ ms.prod: w10 You can use an App-V project template to save commonly applied settings associated with an existing virtual application package. These settings can then be applied when you create new virtual application packages in your environment. Using a project template can streamline the process of creating virtual application packages. -**Note**   -You can, and often should apply an App-V project template during a package upgrade. For example, if you sequenced an application with a custom exclusion list, it is recommended that an associated template is created and saved for later use while upgrading the sequenced application. - -  +> **Note**  You can, and often should apply an App-V project template during a package upgrade. For example, if you sequenced an application with a custom exclusion list, it is recommended that an associated template is created and saved for later use while upgrading the sequenced application. App-V project templates differ from App-V Application Accelerators because App-V Application Accelerators are application-specific, and App-V project templates can be applied to multiple applications. @@ -29,25 +26,19 @@ Use the following procedures to create and apply a new template. 1. To start the App-V sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. -2. **Note**   - If the virtual application package is currently open in the App-V Sequencer console, skip to step 3 of this procedure. + > **Note**  If the virtual application package is currently open in the App-V Sequencer console, skip to step 3 of this procedure. -   - - To open the existing virtual application package that contains the settings you want to save with the App-V project template, click **File** / **Open**, and then click **Edit Package**. On the **Select Package** page, click **Browse** and locate the virtual application package that you want to open. Click **Edit**. +2. To open the existing virtual application package that contains the settings you want to save with the App-V project template, click **File** / **Open**, and then click **Edit Package**. On the **Select Package** page, click **Browse** and locate the virtual application package that you want to open. Click **Edit**. 3. In the App-V Sequencer console, to save the template file, click **File** / **Save As Template**. After you have reviewed the settings that will be saved with the new template, click **OK**. Specify a name that will be associated with the new App-V project template. Click Save. - The new App-V project template is saved in the directory specified in step 3 of this procedure. + The new App-V project template is saved in the folder you specified. **To apply a project template** -1. **Important**   - Creating a virtual application package using a project template in conjunction with a Package Accelerator is not supported. +> **Important**  Creating a virtual application package using a project template in conjunction with a Package Accelerator is not supported. -   - - To start the App-V sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. +1. To start the App-V sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. 2. To create or upgrade a new virtual application package by using an App-V project template, click **File** / **New From Template**. diff --git a/windows/manage/appv-deploy-the-appv-server-with-a-script.md b/windows/manage/appv-deploy-the-appv-server-with-a-script.md index a3e8b107ff..ddc30926a2 100644 --- a/windows/manage/appv-deploy-the-appv-server-with-a-script.md +++ b/windows/manage/appv-deploy-the-appv-server-with-a-script.md @@ -1,4 +1,4 @@ ---- +--- title: How to Deploy the App-V Server Using a Script (Windows 10) description: How to Deploy the App-V Server Using a Script author: MaggiePucciEvans @@ -16,723 +16,425 @@ ms.prod: w10 In order to complete the **appv\_server\_setup.exe** Server setup successfully using the command line, you must specify and combine multiple parameters. -**To Install the App-V server using a script** +**To install the App-V server using a script** -Use the following tables for more information about installing the App-V server using the command line. +Use the following lists and tables for more information about installing the App-V server using the command line. - **Note**   -The information in the following tables can also be accessed using the command line by typing the following command: **appv\_server\_setup.exe /?**. +> **Note**  The information in the following lists and tables can also be accessed using the command line by typing the following command: **appv\_server\_setup.exe /?**. -**Common parameters and Examples** +## How to use common parameters - ---- - - - - - - -

To Install the Management server and Management database on a local machine.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /MANAGEMENT_SERVER

    • -

  • /MANAGEMENT_ADMINACCOUNT

    • -

  • /MANAGEMENT_WEBSITE_NAME

    • -

  • /MANAGEMENT_WEBSITE_PORT

    • -

  • /DB_PREDEPLOY_MANAGEMENT

    • -

  • /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT

    • -

  • /MANAGEMENT_DB_NAME

    • -
-

To use a custom instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /MANAGEMENT_SERVER

    • -

  • /MANAGEMENT_ADMINACCOUNT

    • -

  • /MANAGEMENT_WEBSITE_NAME

    • -

  • /MANAGEMENT_WEBSITE_PORT

    • -

  • /DB_PREDEPLOY_MANAGEMENT

    • -

  • /MANAGEMENT_DB_CUSTOM_SQLINSTANCE

    • -

  • /MANAGEMENT_DB_NAME

    • -
-

Using a custom instance of Microsoft SQL Server example:

-

/appv_server_setup.exe /QUIET

-

/MANAGEMENT_SERVER

-

/MANAGEMENT_ADMINACCOUNT=”Domain\AdminGroup”

-

/MANAGEMENT_WEBSITE_NAME=”Microsoft AppV Management Service”

-

/MANAGEMENT_WEBSITE_PORT=”8080”

-

/DB_PREDEPLOY_MANAGEMENT

-

/MANAGEMENT_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

-

/MANAGEMENT_DB_NAME=”AppVManagement”

+## To install the Management server and Management database on a local machine - ---- - - - - - - -

To Install the Management server using an existing Management database on a local machine.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /MANAGEMENT_SERVER

    • -

  • /MANAGEMENT_ADMINACCOUNT

    • -

  • /MANAGEMENT_WEBSITE_NAME

    • -

  • /MANAGEMENT_WEBSITE_PORT

    • -

  • /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL

    • -

  • /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT

    • -

  • /EXISTING_MANAGEMENT_DB_NAME

    • -
-

To use a custom instance of Microsoft SQL Server, use these parameters:

-
    -

  • /MANAGEMENT_SERVER

    • -

  • /MANAGEMENT_ADMINACCOUNT

    • -

  • /MANAGEMENT_WEBSITE_NAME

    • -

  • /MANAGEMENT_WEBSITE_PORT

    • -

  • /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL

    • -

  • /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE

    • -

  • /EXISTING_MANAGEMENT_DB_NAME

    • -
-

Using a custom instance of Microsoft SQL Server example:

-

/appv_server_setup.exe /QUIET

-

/MANAGEMENT_SERVER

-

/MANAGEMENT_ADMINACCOUNT=”Domain\AdminGroup”

-

/MANAGEMENT_WEBSITE_NAME=”Microsoft AppV Management Service”

-

/MANAGEMENT_WEBSITE_PORT=”8080”

-

/EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL

-

/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE =”SqlInstanceName”

-

/EXISTING_MANAGEMENT_DB_NAME =”AppVManagement”

+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters: - ---- - - - - - - -

To install the Management server using an existing Management database on a remote machine.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /MANAGEMENT_SERVER

    • -

  • /MANAGEMENT_ADMINACCOUNT

    • -

  • /MANAGEMENT_WEBSITE_NAME

    • -

  • /MANAGEMENT_WEBSITE_PORT

    • -

  • /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME

    • -

  • /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT

    • -

  • /EXISTING_MANAGEMENT_DB_NAME

    • -
-

To use a custom instance of Microsoft SQL Server, use these parameters:

-
    -

  • /MANAGEMENT_SERVER

    • -

  • /MANAGEMENT_ADMINACCOUNT

    • -

  • /MANAGEMENT_WEBSITE_NAME

    • -

  • /MANAGEMENT_WEBSITE_PORT

    • -

  • /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME

    • -

  • /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE

    • -

  • /EXISTING_MANAGEMENT_DB_NAME

    • -
-

Using a custom instance of Microsoft SQL Server example:

-

/appv_server_setup.exe /QUIET

-

/MANAGEMENT_SERVER

-

/MANAGEMENT_ADMINACCOUNT=”Domain\AdminGroup”

-

/MANAGEMENT_WEBSITE_NAME=”Microsoft AppV Management Service”

-

/MANAGEMENT_WEBSITE_PORT=”8080”

-

/EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME=”SqlServermachine.domainName”

-

/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE =”SqlInstanceName”

-

/EXISTING_MANAGEMENT_DB_NAME =”AppVManagement”

+- /MANAGEMENT_SERVER +- /MANAGEMENT_ADMINACCOUNT +- /MANAGEMENT_WEBSITE_NAME +- /MANAGEMENT_WEBSITE_PORT +- /DB_PREDEPLOY_MANAGEMENT +- /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT +- /MANAGEMENT_DB_NAME - ---- - - - - - - -

To Install the Management database and the Management Server on the same computer.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /DB_PREDEPLOY_MANAGEMENT

    • -

  • /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT

    • -

  • /MANAGEMENT_DB_NAME

    • -

  • /MANAGEMENT_SERVER_MACHINE_USE_LOCAL

    • -

  • /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT

    • -
-

To use a custom instance of Microsoft SQL Server, use these parameters:

-
    -

  • /DB_PREDEPLOY_MANAGEMENT

    • -

  • /MANAGEMENT_DB_CUSTOM_SQLINSTANCE

    • -

  • /MANAGEMENT_DB_NAME

    • -

  • /MANAGEMENT_SERVER_MACHINE_USE_LOCAL

    • -

  • /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT

    • -
-

Using a custom instance of Microsoft SQL Server example:

-

/appv_server_setup.exe /QUIET

-

/DB_PREDEPLOY_MANAGEMENT

-

/MANAGEMENT_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

-

/MANAGEMENT_DB_NAME=”AppVManagement”

-

/MANAGEMENT_SERVER_MACHINE_USE_LOCAL

-

/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”

  +**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use the following parameters: - ---- - - - - - - -

To install the Management database on a different computer than the Management server.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /DB_PREDEPLOY_MANAGEMENT

    • -

  • /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT

    • -

  • /MANAGEMENT_DB_NAME

    • -

  • /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT

    • -

  • /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT

    • -
-

To use a custom instance of Microsoft SQL Server, use these parameters:

-
    -

  • /DB_PREDEPLOY_MANAGEMENT

    • -

  • /MANAGEMENT_DB_CUSTOM_SQLINSTANCE

    • -

  • /MANAGEMENT_DB_NAME

    • -

  • /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT

    • -

  • /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT

    • -
-

Using a custom instance of Microsoft SQL Server example:

-

/appv_server_setup.exe /QUIET

-

/DB_PREDEPLOY_MANAGEMENT

-

/MANAGEMENT_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

-

/MANAGEMENT_DB_NAME=”AppVManagement”

-

/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT=”Domain\MachineAccount”

-

/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”

+- /MANAGEMENT_SERVER +- /MANAGEMENT_ADMINACCOUNT +- /MANAGEMENT_WEBSITE_NAME +- /MANAGEMENT_WEBSITE_PORT +- /DB_PREDEPLOY_MANAGEMENT +- /MANAGEMENT_DB_CUSTOM_SQLINSTANCE +- /MANAGEMENT_DB_NAME - ---- - - - - - - -

To Install the publishing server.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /PUBLISHING_SERVER

    • -

  • /PUBLISHING_MGT_SERVER

    • -

  • /PUBLISHING_WEBSITE_NAME

    • -

  • /PUBLISHING_WEBSITE_PORT

    • -
-

Using a custom instance of Microsoft SQL Server example:

-

/appv_server_setup.exe /QUIET

-

/PUBLISHING_SERVER

-

/PUBLISHING_MGT_SERVER=”http://ManagementServerName:ManagementPort”

-

/PUBLISHING_WEBSITE_NAME=”Microsoft AppV Publishing Service”

-

/PUBLISHING_WEBSITE_PORT=”8081”

+### Example for using a custom instance of Microsoft SQL Server: - ---- - - - - - - -

To Install the Reporting server and Reporting database on a local machine.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /REPORTING _SERVER

    • -

  • /REPORTING _WEBSITE_NAME

    • -

  • /REPORTING _WEBSITE_PORT

    • -

  • /DB_PREDEPLOY_REPORTING

    • -

  • /REPORTING _DB_SQLINSTANCE_USE_DEFAULT

    • -

  • /REPORTING _DB_NAME

    • -
-

To use a custom instance of Microsoft SQL Server, use these parameters:

-
    -

  • /REPORTING _SERVER

    • -

  • /REPORTING _ADMINACCOUNT

    • -

  • /REPORTING _WEBSITE_NAME

    • -

  • /REPORTING _WEBSITE_PORT

    • -

  • /DB_PREDEPLOY_REPORTING

    • -

  • /REPORTING _DB_CUSTOM_SQLINSTANCE

    • -

  • /REPORTING _DB_NAME

    • -
-

Using a custom instance of Microsoft SQL Server example:

-
    -

  • /appv_server_setup.exe /QUIET

    • -

  • /REPORTING_SERVER

    • -

  • /REPORTING_WEBSITE_NAME=”Microsoft AppV Reporting Service”

    • -

  • /REPORTING_WEBSITE_PORT=”8082”

    • -

  • /DB_PREDEPLOY_REPORTING

    • -

  • /REPORTING_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

    • -

  • /REPORTING_DB_NAME=”AppVReporting”

    • -
+/appv_server_setup.exe /QUIET
+/MANAGEMENT_SERVER
+/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"
+/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"
+/MANAGEMENT_WEBSITE_PORT="8080"
+/DB_PREDEPLOY_MANAGEMENT
+/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+/MANAGEMENT_DB_NAME="AppVManagement" - ---- - - - - - - -

To Install the Reporting server and using an existing Reporting database on a local machine.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /REPORTING _SERVER

    • -

  • /REPORTING _WEBSITE_NAME

    • -

  • /REPORTING _WEBSITE_PORT

    • -

  • /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL

    • -

  • /EXISTING_REPORTING _DB_SQLINSTANCE_USE_DEFAULT

    • -

  • /EXISTING_REPORTING _DB_NAME

    • -
-

To use a custom instance of Microsoft SQL Server, use these parameters:

-
    -

  • /REPORTING _SERVER

    • -

  • /REPORTING _ADMINACCOUNT

    • -

  • /REPORTING _WEBSITE_NAME

    • -

  • /REPORTING _WEBSITE_PORT

    • -

  • /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL

    • -

  • /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE

    • -

  • /EXISTING_REPORTING _DB_NAME

    • -
-

Using a custom instance of Microsoft SQL Server example:

-

/appv_server_setup.exe /QUIET

-

/REPORTING_SERVER

-

/REPORTING_WEBSITE_NAME=”Microsoft AppV Reporting Service”

-

/REPORTING_WEBSITE_PORT=”8082”

-

/EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL

-

/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

-

/EXITING_REPORTING_DB_NAME=”AppVReporting”

  +## To install the Management server using an existing Management database on a local machine - ---- - - - - - - -

To Install the Reporting server using an existing Reporting database on a remote machine.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /REPORTING _SERVER

    • -

  • /REPORTING _WEBSITE_NAME

    • -

  • /REPORTING _WEBSITE_PORT

    • -

  • /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME

    • -

  • /EXISTING_REPORTING _DB_SQLINSTANCE_USE_DEFAULT

    • -

  • /EXISTING_REPORTING _DB_NAME

    • -
-

To use a custom instance of Microsoft SQL Server, use these parameters:

-
    -

  • /REPORTING _SERVER

    • -

  • /REPORTING _ADMINACCOUNT

    • -

  • /REPORTING _WEBSITE_NAME

    • -

  • /REPORTING _WEBSITE_PORT

    • -

  • /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME

    • -

  • /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE

    • -

  • /EXISTING_REPORTING _DB_NAME

    • -
-

Using a custom instance of Microsoft SQL Server example:

-

/appv_server_setup.exe /QUIET

-

/REPORTING_SERVER

-

/REPORTING_WEBSITE_NAME=”Microsoft AppV Reporting Service”

-

/REPORTING_WEBSITE_PORT=”8082”

-

/EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME=”SqlServerMachine.DomainName”

-

/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

-

/EXITING_REPORTING_DB_NAME=”AppVReporting”

+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters: - ---- - - - - - - -

To install the Reporting database on the same computer as the Reporting server.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /DB_PREDEPLOY_REPORTING

    • -

  • /REPORTING _DB_SQLINSTANCE_USE_DEFAULT

    • -

  • /REPORTING _DB_NAME

    • -

  • /REPORTING_SERVER_MACHINE_USE_LOCAL

    • -

  • /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT

    • -
-

To use a custom instance of Microsoft SQL Server, use these parameters:

-
    -

  • /DB_PREDEPLOY_REPORTING

    • -

  • /REPORTING _DB_CUSTOM_SQLINSTANCE

    • -

  • /REPORTING _DB_NAME

    • -

  • /REPORTING_SERVER_MACHINE_USE_LOCAL

    • -

  • /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT

    • -
-

Using a custom instance of Microsoft SQL Server example:

-

/appv_server_setup.exe /QUIET

-

/DB_PREDEPLOY_REPORTING

-

/REPORTING_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

-

/REPORTING_DB_NAME=”AppVReporting”

-

/REPORTING_SERVER_MACHINE_USE_LOCAL

-

/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”

+- /MANAGEMENT_SERVER +- /MANAGEMENT_ADMINACCOUNT +- /MANAGEMENT_WEBSITE_NAME +- /MANAGEMENT_WEBSITE_PORT +- /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL +- /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT +- /EXISTING_MANAGEMENT_DB_NAME - ---- - - - - - - -

To install the Reporting database on a different computer than the Reporting server.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /DB_PREDEPLOY_REPORTING

    • -

  • /REPORTING _DB_SQLINSTANCE_USE_DEFAULT

    • -

  • /REPORTING _DB_NAME

    • -

  • /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT

    • -

  • /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT

    • -
-

To use a custom instance of Microsoft SQL Server, use these parameters:

-
    -

  • /DB_PREDEPLOY_REPORTING

    • -

  • /REPORTING _DB_CUSTOM_SQLINSTANCE

    • -

  • /REPORTING _DB_NAME

    • -

  • /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT

    • -

  • /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT

    • -
-

Using a custom instance of Microsoft SQL Server example:

-

/appv_server_setup.exe /QUIET

-

/DB_PREDEPLOY_REPORTING

-

/REPORTING_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

-

/REPORTING_DB_NAME=”AppVReporting”

-

/REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT=”Domain\MachineAccount”

-

/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”

+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters: -**Parameter Definitions** +- /MANAGEMENT_SERVER +- /MANAGEMENT_ADMINACCOUNT +- /MANAGEMENT_WEBSITE_NAME +- /MANAGEMENT_WEBSITE_PORT +- /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL +- /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE +- /EXISTING_MANAGEMENT_DB_NAME -**General Parameters** +### Example for using a custom instance of Microsoft SQL Server: - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterInformation

/QUIET

Specifies silent install.

/UNINSTALL

Specifies an uninstall.

/LAYOUT

Specifies layout action. This extracts the MSIs and script files to a folder without actually installing the product. No value is expected.

/LAYOUTDIR

Specifies the layout directory. Takes a string. For example, /LAYOUTDIR=”C:\Application Virtualization Server”

/INSTALLDIR

Specifies the installation directory. Takes a string. E.g. /INSTALLDIR=”C:\Program Files\Application Virtualization\Server”

/MUOPTIN

Enables Microsoft Update. No value is expected

/ACCEPTEULA

Accepts the license agreement. This is required for an unattended installation. Example usage: /ACCEPTEULA or /ACCEPTEULA=1.

+/appv_server_setup.exe /QUIET
+/MANAGEMENT_SERVER
+/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"
+/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"
+/MANAGEMENT_WEBSITE_PORT="8080"
+/EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
+/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE ="SqlInstanceName"
+/EXISTING_MANAGEMENT_DB_NAME ="AppVManagement" -**Management Server Installation Parameters** +## To install the Management server using an existing Management database on a remote machine - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterInformation

/MANAGEMENT_SERVER

Specifies that the management server will be installed. No value is expected

/MANAGEMENT_ADMINACCOUNT

Specifies the account that will be allowed to Administrator access to the management server This account can be an individual user account or a group. Example usage: /MANAGEMENT_ADMINACCOUNT=”mydomain\admin”. If /MANAGEMENT_SERVER is not specified, this will be ignored. Specifies the account that will be allowed to Administrator access to the management server. This can be a user account or a group. For example, /MANAGEMENT_ADMINACCOUNT="mydomain\admin".

/MANAGEMENT_WEBSITE_NAME

Specifies name of the website that will be created for the management service. For example, /MANAGEMENT_WEBSITE_NAME=”Microsoft App-V Management Service”

MANAGEMENT_WEBSITE_PORT

Specifies the port number that will be used by the management service will use. For example, /MANAGEMENT_WEBSITE_PORT=82.

+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters: -**Parameters for the Management Server Database** +- /MANAGEMENT_SERVER +- /MANAGEMENT_ADMINACCOUNT +- /MANAGEMENT_WEBSITE_NAME +- /MANAGEMENT_WEBSITE_PORT +- /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME +- /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT +- /EXISTING_MANAGEMENT_DB_NAME - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterInformation

/DB_PREDEPLOY_MANAGEMENT

Specifies that the management database will be installed. You must have sufficient database permissions to complete this installation. No value is expected

/MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT

Indicates that the default SQL instance should be used. No value is expected.

/MANAGEMENT_DB_ CUSTOM_SQLINSTANCE

Specifies the name of the custom SQL instance that should be used to create a new database. Example usage: /MANAGEMENT_DB_ CUSTOM_SQLINSTANCE=”MYSQLSERVER”. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored.

/MANAGEMENT_DB_NAME

Specifies the name of the new management database that should be created. Example usage: /MANAGEMENT_DB_NAME=”AppVMgmtDB”. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored.

/MANAGEMENT_SERVER_MACHINE_USE_LOCAL

Indicates if the management server that will be accessing the database is installed on the local server. Switch parameter so no value is expected.

/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT

Specifies the machine account of the remote machine that the management server will be installed on. Example usage: /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT=”domain\computername”

/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT

Indicates the Administrator account that will be used to install the management server. Example usage: /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT =”domain\alias”

+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters: -**Parameters for Installing Publishing Server** +- /MANAGEMENT_SERVER +- /MANAGEMENT_ADMINACCOUNT +- /MANAGEMENT_WEBSITE_NAME +- /MANAGEMENT_WEBSITE_PORT +- /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME +- /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE +- /EXISTING_MANAGEMENT_DB_NAME - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterInformation

/PUBLISHING_SERVER

Specifies that the Publishing Server will be installed. No value is expected

/PUBLISHING_MGT_SERVER

Specifies the URL to Management Service the Publishing server will connect to. Example usage: http://<management server name>:<Management server port number>. If /PUBLISHING_SERVER is not used, this parameter will be ignored

/PUBLISHING_WEBSITE_NAME

Specifies name of the website that will be created for the publishing service. For example, /PUBLISHING_WEBSITE_NAME=”Microsoft App-V Publishing Service”

/PUBLISHING_WEBSITE_PORT

Specifies the port number used by the publishing service. For example, /PUBLISHING_WEBSITE_PORT=83

+### Example for using a custom instance of Microsoft SQL Server: -**Parameters for Reporting Server** +/appv_server_setup.exe /QUIET
+/MANAGEMENT_SERVER
+/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"
+/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"
+/MANAGEMENT_WEBSITE_PORT="8080"
+/EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME="SqlServermachine.domainName"
+/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE ="SqlInstanceName"
+/EXISTING_MANAGEMENT_DB_NAME ="AppVManagement" - ---- - - - - - - - - - - - - - - - - - - - +## To install the Management database and the Management Server on the same computer + +**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters: + +- /DB_PREDEPLOY_MANAGEMENT +- /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT +- /MANAGEMENT_DB_NAME +- /MANAGEMENT_SERVER_MACHINE_USE_LOCAL +- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT + +**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters: + +- /DB_PREDEPLOY_MANAGEMENT +- /MANAGEMENT_DB_CUSTOM_SQLINSTANCE +- /MANAGEMENT_DB_NAME +- /MANAGEMENT_SERVER_MACHINE_USE_LOCAL +- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT + +### Example for using a custom instance of Microsoft SQL Server: + +/appv_server_setup.exe /QUIET
+/DB_PREDEPLOY_MANAGEMENT
+/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+/MANAGEMENT_DB_NAME="AppVManagement"
+/MANAGEMENT_SERVER_MACHINE_USE_LOCAL
+/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount" + +## To install the Management database on a different computer than the Management server + +**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters: + +- /DB_PREDEPLOY_MANAGEMENT +- /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT +- /MANAGEMENT_DB_NAME +- /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT +- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT + +**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters: + +- /DB_PREDEPLOY_MANAGEMENT +- /MANAGEMENT_DB_CUSTOM_SQLINSTANCE +- /MANAGEMENT_DB_NAME +- /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT +- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT + +### Example for using a custom instance of Microsoft SQL Server: + +/appv_server_setup.exe /QUIET
+/DB_PREDEPLOY_MANAGEMENT
+/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+/MANAGEMENT_DB_NAME="AppVManagement"
+/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT="Domain\MachineAccount"
+/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount" + +## To install the Publishing server + +**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters: + +- /PUBLISHING_SERVER +- /PUBLISHING_MGT_SERVER +- /PUBLISHING_WEBSITE_NAME +- /PUBLISHING_WEBSITE_PORT + +### Example + +/appv_server_setup.exe /QUIET
+/PUBLISHING_SERVER
+/PUBLISHING_MGT_SERVER="http://ManagementServerName:ManagementPort"
+/PUBLISHING_WEBSITE_NAME="Microsoft AppV Publishing Service"
+/PUBLISHING_WEBSITE_PORT="8081" + +## To install the Reporting server and Reporting database on a local machine + +**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters: + +- /REPORTING _SERVER +- /REPORTING _WEBSITE_NAME +- /REPORTING _WEBSITE_PORT +- /DB_PREDEPLOY_REPORTING +- /REPORTING _DB_SQLINSTANCE_USE_DEFAULT +- /REPORTING _DB_NAME + +**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters: + +- /REPORTING _SERVER +- /REPORTING _ADMINACCOUNT +- /REPORTING _WEBSITE_NAME +- /REPORTING _WEBSITE_PORT +- /DB_PREDEPLOY_REPORTING +- /REPORTING _DB_CUSTOM_SQLINSTANCE +- /REPORTING _DB_NAME + +### Example for using a custom instance of Microsoft SQL Server: + +/appv_server_setup.exe /QUIET
+/REPORTING_SERVER
+/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"
+/REPORTING_WEBSITE_PORT="8082"
+/DB_PREDEPLOY_REPORTING
+/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+/REPORTING_DB_NAME="AppVReporting" + +## To install the Reporting server using an existing Reporting database on a local machine + +**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters: + +- /REPORTING _SERVER +- /REPORTING _WEBSITE_NAME +- /REPORTING _WEBSITE_PORT +- /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL +- /EXISTING_REPORTING_DB_SQLINSTANCE_USE_DEFAULT +- /EXISTING_REPORTING_DB_NAME + +**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters: + +- /REPORTING _SERVER +- /REPORTING _ADMINACCOUNT +- /REPORTING _WEBSITE_NAME +- /REPORTING _WEBSITE_PORT +- /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL +- /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE +- /EXISTING_REPORTING _DB_NAME + +### Example for using a custom instance of Microsoft SQL Server: + +/appv_server_setup.exe /QUIET
+/REPORTING_SERVER
+/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"
+/REPORTING_WEBSITE_PORT="8082"
+/EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
+/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+/EXITING_REPORTING_DB_NAME="AppVReporting" + +## To install the Reporting server using an existing Reporting database on a remote machine + +**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters: + +- /REPORTING _SERVER +- /REPORTING _WEBSITE_NAME +- /REPORTING _WEBSITE_PORT +- /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME +- /EXISTING_REPORTING _DB_SQLINSTANCE_USE_DEFAULT +- /EXISTING_REPORTING _DB_NAME + +**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters: + +- /REPORTING _SERVER +- /REPORTING _ADMINACCOUNT +- /REPORTING _WEBSITE_NAME +- /REPORTING _WEBSITE_PORT +- /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME +- /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE +- /EXISTING_REPORTING _DB_NAME + +### Example for using a custom instance of Microsoft SQL Server: + +/appv_server_setup.exe /QUIET
+/REPORTING_SERVER
+/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"
+/REPORTING_WEBSITE_PORT="8082"
+/EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME="SqlServerMachine.DomainName"
+/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+/EXITING_REPORTING_DB_NAME="AppVReporting" + +## To install the Reporting database on the same computer as the Reporting server + +**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters: + +- /DB_PREDEPLOY_REPORTING +- /REPORTING_DB_SQLINSTANCE_USE_DEFAULT +- /REPORTING_DB_NAME +- /REPORTING_SERVER_MACHINE_USE_LOCAL +- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT + +**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters: + +- /DB_PREDEPLOY_REPORTING +- /REPORTING _DB_CUSTOM_SQLINSTANCE +- /REPORTING _DB_NAME +- /REPORTING_SERVER_MACHINE_USE_LOCAL +- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT + +### Example for using a custom instance of Microsoft SQL Server: + +/appv_server_setup.exe /QUIET
+/DB_PREDEPLOY_REPORTING
+/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+/REPORTING_DB_NAME="AppVReporting"
+/REPORTING_SERVER_MACHINE_USE_LOCAL
+/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount" + +## To install the Reporting database on a different computer than the Reporting server + +**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters: + +- /DB_PREDEPLOY_REPORTING +- /REPORTING _DB_SQLINSTANCE_USE_DEFAULT +- /REPORTING _DB_NAME +- /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT +- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT + +**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters: + +- /DB_PREDEPLOY_REPORTING +- /REPORTING _DB_CUSTOM_SQLINSTANCE +- /REPORTING _DB_NAME +- /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT +- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT + +### Example for using a custom instance of Microsoft SQL Server: + +Using a custom instance of Microsoft SQL Server example:
+/appv_server_setup.exe /QUIET
+/DB_PREDEPLOY_REPORTING
+/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
+/REPORTING_DB_NAME="AppVReporting"
+/REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT="Domain\MachineAccount"
+/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount" + +## Parameter definitions + +- [General parameters](#parameter-definitions-for-general-parameters) +- [Management Server installation parameters](#parameter-definitions-for-management-server-installation-parameters) +- [Management Server Database parameters](#parameter-definitions-for-the-management-server-database) +- [Publishing Server installation parameters](#parameter-definitions-for-publishing-server-installation-parameters) +- [Reporting Server parameters](#parameter-definitions-for-reporting-server) +- [Parameters for using an existing Reporting Server database](#parameters-for-using-an-existing-reporting-server-database) +- [Reporting Server database installation parameters](#parameter-definitions-for-reporting-server-database-installation) +- [Parameters for using an existing Management Server database](#parameters-for-using-an-existing-management-server-database) + +### Parameter definitions for general parameters + +| Parameter | Description | +|-----------|-------------| +| /QUIET | Specifies silent install. | +| /UNINSTALL | Specifies an uninstall. | +| /LAYOUT | Specifies layout action. This extracts the MSIs and script files to a folder without actually installing the product. No value is expected. | +| /LAYOUTDIR | Specifies the layout directory. Takes a string. For example, /LAYOUTDIR="C:\Application Virtualization Server" | +| /INSTALLDIR | Specifies the installation directory. Takes a string. E.g. /INSTALLDIR="C:\Program Files\Application Virtualization\Server" | +| /MUOPTIN | Enables Microsoft Update. No value is expected | +| /ACCEPTEULA | Accepts the license agreement. This is required for an unattended installation. Example usage: **/ACCEPTEULA** or **/ACCEPTEULA=1**. | + +### Parameter definitions for Management Server installation parameters + +| Parameter | Description | +|-----------|-------------| +| /MANAGEMENT_SERVER | Specifies that the management server will be installed. No value is expected | +| /MANAGEMENT_ADMINACCOUNT | Specifies the account that will be allowed to Administrator access to the management server This account can be an individual user account or a group. Example usage: **/MANAGEMENT_ADMINACCOUNT="mydomain\admin"**. If **/MANAGEMENT_SERVER** is not specified, this will be ignored. Specifies the account that will be allowed to Administrator access to the management server. This can be a user account or a group. For example, **/MANAGEMENT_ADMINACCOUNT="mydomain\admin"**. | +| /MANAGEMENT_WEBSITE_NAME | Specifies name of the website that will be created for the management service. For example, /MANAGEMENT_WEBSITE_NAME="Microsoft App-V Management Service" | +| /MANAGEMENT_WEBSITE_PORT | Specifies the port number that will be used by the management service will use. For example, /MANAGEMENT_WEBSITE_PORT=82. | + +### Parameter definitions for the Management Server Database + +| Parameter | Description | +|-----------|-------------| +| /DB\_PREDEPLOY\_MANAGEMENT | Specifies that the management database will be installed. You must have sufficient database permissions to complete this installation. No value is expected | +| /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT | Indicates that the default SQL instance should be used. No value is expected. | +| /MANAGEMENT_DB_CUSTOM_SQLINSTANCE | Specifies the name of the custom SQL instance that should be used to create a new database. Example usage: **/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER"**. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored. | +| /MANAGEMENT_DB_NAME | Specifies the name of the new management database that should be created. Example usage: **/MANAGEMENT_DB_NAME="AppVMgmtDB"**. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored. | +| /MANAGEMENT_SERVER_MACHINE_USE_LOCAL | Indicates if the management server that will be accessing the database is installed on the local server. Switch parameter so no value is expected. | +| /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT | Specifies the machine account of the remote machine that the management server will be installed on. Example usage: **/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT="domain\computername"** | +| /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT | Indicates the Administrator account that will be used to install the management server. Example usage: **/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT ="domain\alias"** | + +### Parameter definitions for Publishing Server installation parameters + +| Parameter | Description | +|-----------|-------------| +| /PUBLISHING_SERVER | Specifies that the Publishing Server will be installed. No value is expected | +| /PUBLISHING_MGT_SERVER | Specifies the URL to Management Service the Publishing server will connect to. Example usage: **http://<management server name>:<Management server port number>**. If /PUBLISHING_SERVER is not used, this parameter will be ignored | +| /PUBLISHING_WEBSITE_NAME | Specifies name of the website that will be created for the publishing service. For example, /PUBLISHING_WEBSITE_NAME="Microsoft App-V Publishing Service" | +| /PUBLISHING_WEBSITE_PORT | Specifies the port number used by the publishing service. For example, /PUBLISHING_WEBSITE_PORT=83 | + +### Parameter definitions for Reporting Server + +| Parameter | Description | +|-----------|-------------| +| /REPORTING_SERVER | Specifies that the Reporting Server will be installed. No value is expected | +| /REPORTING_WEBSITE_NAME | Specifies name of the website that will be created for the Reporting Service. E.g. /REPORTING_WEBSITE_NAME="Microsoft App-V ReportingService" | +| /REPORTING_WEBSITE_PORT | Specifies the port number that the Reporting Service will use. E.g. /REPORTING_WEBSITE_PORT=82 |
ParameterInformation

/REPORTING_SERVER

Specifies that the Reporting Server will be installed. No value is expected

/REPORTING_WEBSITE_NAME

Specifies name of the website that will be created for the Reporting Service. E.g. /REPORTING_WEBSITE_NAME="Microsoft App-V ReportingService"

/REPORTING_WEBSITE_PORT

Specifies the port number that the Reporting Service will use. E.g. /REPORTING_WEBSITE_PORT=82
  -**Parameters for using an Existing Reporting Server Database** +### Parameters for using an existing Reporting Server database - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterInformation

/EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL

Indicates that the Microsoft SQL Server is installed on the local server. Switch parameter so no value is expected.

/EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME

Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_REPORTING_DB_ REMOTE_SQL_SERVER_NAME="mycomputer1"

/EXISTING_ REPORTING _DB_SQLINSTANCE_USE_DEFAULT

Indicates that the default SQL instance is to be used. Switch parameter so no value is expected.

/EXISTING_ REPORTING_DB_CUSTOM_SQLINSTANCE

Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /EXISTING_REPORTING_DB_ CUSTOM_SQLINSTANCE="MYSQLSERVER"

/EXISTING_ REPORTING _DB_NAME

Specifies the name of the existing Reporting database that should be used. Takes a string. E.g. /EXISITING_REPORTING_DB_NAME="AppVReporting"

  +| Parameter | Description | +|-----------|-------------| +| /EXISTING\_REPORTING\_DB_SQL_SERVER_USE_LOCAL | Indicates that the Microsoft SQL Server is installed on the local server. Switch parameter so no value is expected. | +| /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME | Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME="mycomputer1" | +| /EXISTING_REPORTING_DB_SQLINSTANCE_USE_DEFAULT | Indicates that the default SQL instance is to be used. Switch parameter so no value is expected. | +| /EXISTING_REPORTING_DB_CUSTOM_SQLINSTANCE | Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /EXISTING_REPORTING_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER" | +| /EXISTING_REPORTING_DB_NAME | Specifies the name of the existing Reporting database that should be used. Takes a string. E.g. /EXISTING_REPORTING_DB_NAME="AppVReporting" | -**Parameters for installing Reporting Server Database** +### Parameter definitions for Reporting Server database installation - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterInformation

/DB_PREDEPLOY_REPORTING

Specifies that the Reporting Database will be installed. DBA permissions are required for this installation. No value is expected

/REPORTING_DB_SQLINSTANCE_USE_DEFAULT

Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /REPORTING_DB_ CUSTOM_SQLINSTANCE="MYSQLSERVER"

/REPORTING_DB_NAME

Specifies the name of the new Reporting database that should be created. Takes a string. E.g. /REPORTING_DB_NAME="AppVMgmtDB"

/REPORTING_SERVER_MACHINE_USE_LOCAL

Indicates that the Reporting server that will be accessing the database is installed on the local server. Switch parameter so no value is expected.

/REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT

Specifies the machine account of the remote machine that the Reporting server will be installed on. Takes a string. E.g. /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT = "domain\computername"

/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT

Indicates the Administrator account that will be used to install the App-V Reporting Server. Takes a string. E.g. /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT = "domain\alias"

+| Parameter | Description | +|-----------|-------------| +| /DB\_PREDEPLOY\_REPORTING | Specifies that the Reporting Database will be installed. DBA permissions are required for this installation. No value is expected | +| /REPORTING_DB_SQLINSTANCE_USE_DEFAULT | Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /REPORTING_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER" | +| /REPORTING_DB_NAME | Specifies the name of the new Reporting database that should be created. Takes a string. E.g. /REPORTING_DB_NAME="AppVMgmtDB" | +| /REPORTING_SERVER_MACHINE_USE_LOCAL | Indicates that the Reporting server that will be accessing the database is installed on the local server. Switch parameter so no value is expected. | +| /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT | Specifies the machine account of the remote machine that the Reporting server will be installed on. Takes a string. E.g. /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT = "domain\computername" | +| /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT | Indicates the Administrator account that will be used to install the App-V Reporting Server. Takes a string. E.g. /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT = "domain\alias" | -**Parameters for using an existing Management Server Database** +### Parameters for using an existing Management Server database - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterInformation

/EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL

Indicates that the SQL Server is installed on the local server. Switch parameter so no value is expected.If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.

/EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME

Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_MANAGEMENT_DB_ REMOTE_SQL_SERVER_NAME="mycomputer1"

/EXISTING_ MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT

Indicates that the default SQL instance is to be used. Switch parameter so no value is expected. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.

/EXISTING_MANAGEMENT_DB_ CUSTOM_SQLINSTANCE

Specifies the name of the custom SQL instance that will be used. Example usage /EXISTING_MANAGEMENT_DB_ CUSTOM_SQLINSTANCE=”AppVManagement”. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.

/EXISTING_MANAGEMENT_DB_NAME

Specifies the name of the existing management database that should be used. Example usage: /EXISITING_MANAGEMENT_DB_NAME=”AppVMgmtDB”. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.

+| Parameter | Description | +|-----------|-------------| +| /EXISTING\_MANAGEMENT\_DB_SQL_SERVER_USE_LOCAL | Indicates that the SQL Server is installed on the local server. Switch parameter so no value is expected.If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored. | +| /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME | Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME="mycomputer1" | +| /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT | Indicates that the default SQL instance is to be used. Switch parameter so no value is expected. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored. | +| /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE | Specifies the name of the custom SQL instance that will be used. Example usage **/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE="AppVManagement"**. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored. | +| /EXISTING_MANAGEMENT_DB_NAME | Specifies the name of the existing management database that should be used. Example usage: **/EXISTING_MANAGEMENT_DB_NAME="AppVMgmtDB"**. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored. | ## Have a suggestion for App-V? diff --git a/windows/manage/appv-evaluating-appv.md b/windows/manage/appv-evaluating-appv.md index d1fbce40ed..c125dd8975 100644 --- a/windows/manage/appv-evaluating-appv.md +++ b/windows/manage/appv-evaluating-appv.md @@ -18,7 +18,7 @@ Before you deploy App-V into a production environment, you should evaluate it in ## Configure lab computers for App-V Evaluation -Use the following link for information about setting up the App-V sequencer on a computer in your lab environment. +Use the following links for information about setting up the App-V sequencer on a computer in your lab environment. ### Installing the App-V Sequencer and Creating Packages @@ -38,7 +38,7 @@ Use the following links for information about setting up the App-V server in you ### Enabling the App-V Client -Use the following link for more information about creating and managing virtualized packages in your lab environment. +Use the following links for more information about creating and managing virtualized packages in your lab environment. - [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md) diff --git a/windows/manage/appv-high-level-architecture.md b/windows/manage/appv-high-level-architecture.md index ac2a699fcb..b44b2ca181 100644 --- a/windows/manage/appv-high-level-architecture.md +++ b/windows/manage/appv-high-level-architecture.md @@ -23,8 +23,8 @@ A typical App-V implementation consists of the following elements. --++ diff --git a/windows/manage/appv-install-the-reporting-server-on-a-standalone-computer.md b/windows/manage/appv-install-the-reporting-server-on-a-standalone-computer.md index 584b535d4e..10915488b0 100644 --- a/windows/manage/appv-install-the-reporting-server-on-a-standalone-computer.md +++ b/windows/manage/appv-install-the-reporting-server-on-a-standalone-computer.md @@ -16,10 +16,7 @@ ms.prod: w10 Use the following procedure to install the reporting server on a standalone computer and connect it to the database. -**Important**   -Before performing the following procedure you should read and understand [About App-V Reporting](appv-reporting.md). - -  +> **Important**  Before performing the following procedure you should read and understand [About App-V Reporting](appv-reporting.md). **To install the reporting server on a standalone computer and connect it to the database** diff --git a/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md index eded7a3ee5..694708f484 100644 --- a/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md +++ b/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md @@ -69,8 +69,8 @@ Use the following information to publish a package that has been added to a spec
--++ @@ -176,18 +176,12 @@ App-V cmdlets have been assigned to variables for the previous examples for clar ## To enable only administrators to publish or unpublish packages - -**Note**   -**This feature is supported starting in App-V 5.0 SP3.** - -  - -Use the following cmdlet and parameter to enable only administrators (not end users) to publish or unpublish packages: +Starting in App-V 5.0 SP3, you can use the following cmdlet and parameter to enable only administrators (not end users) to publish or unpublish packages:
--++ @@ -218,8 +212,8 @@ To use the App-V Management console to set this configuration, see [How to Publi
--++ diff --git a/windows/manage/appv-managing-connection-groups.md b/windows/manage/appv-managing-connection-groups.md index 00e855b417..dad0496d45 100644 --- a/windows/manage/appv-managing-connection-groups.md +++ b/windows/manage/appv-managing-connection-groups.md @@ -19,9 +19,7 @@ Connection groups enable the applications within a package to interact with each **Note**   In some previous versions of App-V, connection groups were referred to as Dynamic Suite Composition. -  - -**In this topic:** +**In this section:**
@@ -53,7 +51,14 @@ In some previous versions of App-V, connection groups were referred to as Dynami - + + + + + + + +

[How to Publish a Connection Group](appv-publish-a-connection-group.md)

Explains how to publish a connection group.

[How to Make a Connection Group Ignore the Package Version](appv-configure-connection-groups-to-ignore-the-package-version.md)

Explains how to configure a connection group to accept any version of a package, which simplifies package upgrades and reduces the number of connection groups you need to create.

[How to Allow Only Administrators to Enable Connection Groups](appv-allow-administrators-to-enable-connection-groups.md)

Explains how to configure the App-V client so that only administrators (not end users) can enable or disable connection groups.
  diff --git a/windows/manage/appv-migrating-to-appv-from-a-previous-version.md b/windows/manage/appv-migrating-to-appv-from-a-previous-version.md index 4c4578b787..ff212a6b60 100644 --- a/windows/manage/appv-migrating-to-appv-from-a-previous-version.md +++ b/windows/manage/appv-migrating-to-appv-from-a-previous-version.md @@ -30,8 +30,8 @@ You can also use the `–OSDsToIncludeInPackage` parameter with the `ConvertFrom -New in App-V -Prior to App-V +New in App-V for Windows 10 +Prior to App-V for Windows 10 diff --git a/windows/manage/appv-performance-guidance.md b/windows/manage/appv-performance-guidance.md index f85fff2b25..f00ba32b3a 100644 --- a/windows/manage/appv-performance-guidance.md +++ b/windows/manage/appv-performance-guidance.md @@ -27,7 +27,7 @@ You should read and understand the following information before reading this doc - [App-V Sequencing Guide](https://www.microsoft.com/en-us/download/details.aspx?id=27760) **Note**   -Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk **\*** review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document. +Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk * review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document.   diff --git a/windows/manage/appv-planning-folder-redirection-with-appv.md b/windows/manage/appv-planning-folder-redirection-with-appv.md index 17065dcbbd..fbbe90799e 100644 --- a/windows/manage/appv-planning-folder-redirection-with-appv.md +++ b/windows/manage/appv-planning-folder-redirection-with-appv.md @@ -116,8 +116,8 @@ The following table describes how folder redirection works when %AppData% is red --++ diff --git a/windows/manage/appv-planning-for-using-appv-with-office.md b/windows/manage/appv-planning-for-using-appv-with-office.md index b156a41f4c..46907201bd 100644 --- a/windows/manage/appv-planning-for-using-appv-with-office.md +++ b/windows/manage/appv-planning-for-using-appv-with-office.md @@ -304,3 +304,9 @@ The Office 2013 App-V package supports the following integration points with the ## Have a suggestion for App-V? Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + +## Related topics + +- [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md) + +- [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md) diff --git a/windows/manage/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md b/windows/manage/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md index 81198bde84..fa9a2274ee 100644 --- a/windows/manage/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md +++ b/windows/manage/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md @@ -29,3 +29,8 @@ Add or vote on suggestions on the [Application Virtualization feedback site](htt ## Related topics - [Planning to deploy App-V](appv-planning-to-deploy-appv.md) + +- [How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md) + +- [How to Enable Only Administrators to Publish Packages by Using an ESD](appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md) + diff --git a/windows/manage/appv-reporting.md b/windows/manage/appv-reporting.md index 0aced8808d..69722473af 100644 --- a/windows/manage/appv-reporting.md +++ b/windows/manage/appv-reporting.md @@ -56,75 +56,47 @@ The following list displays the end–to-end high-level workflow for reporting i >**Note**   By default, the cache is cleared after the server confirms receipt of data. You can manually configure the client to save the data cache. - -   - + If the App-V client device does not receive a success notification from the server, it retains data in the cache and tries to resend data at the next configured interval. Clients continue to collect data and add it to the cache. ### App-V reporting server frequently asked questions -The following table displays answers to common questions about App-V reporting +The following list displays answers to common questions about App-V reporting. -
---- - - - - - - - - - - - - - - - - - - - - - - - - -
QuestionMore Information

What is the frequency that reporting information is sent to the reporting database?

The frequency depends on how the reporting task is configured on the computer running the App-V client. You must configure the frequency / interval for sending the reporting data. App-V Reporting is not enabled by default.

What information is stored in the reporting server database?

The following list displays what is stored in the reporting database:

-
    -

  • The operating system running on the computer running the App-V client: host name, version, service pack, type - client/server, processor architecture.

    • -

  • App-V Client information: version.

    • -

  • Published package list: GUID, version GUID, name.

    • -

  • Application usage information: name, version, streaming server, user (domain\alias), package version GUID, launch status and time, shutdown time.

    • -

What is the average volume of information that is sent to the reporting server?

It depends. The following list displays the three sets of the data sent to the reporting server:

-
    -

  1. Operating system, and App-V client information. ~150 Bytes, every time this data is sent.

    2. -

  2. Published package list. ~7 KB for 30 packages. This is sent only when the package list is updated with a publishing refresh, which is done infrequently; if there is no change, this information is not sent.

    3. -

  3. Virtual application usage information – about 0.25KB per event. Opening and closing count as one event if both occur before sending the information. When sending using a scheduled task, only the data since the last successful upload is sent to the server. If sending manually through the Windows PowerShell cmdlet, there is an optional argument that controls if the data needs to be re-sent next time around – that argument is DeleteOnSuccess.

    -

    -

    So for example, if twenty applications are opened and closed and reporting information is scheduled to be sent daily, the typical daily traffic should be about 0.15KB + 20 x 0.25KB, or about 5KB/user

    4. -

Can reporting be scheduled?

Yes. Besides manually sending reporting using Windows PowerShell cmdlets (Send-AppvClientReport), the task can be scheduled so it will happen automatically. There are two ways to schedule the reporting:

-
    -

  1. Using Windows PowerShell cmdlets - Set-AppvClientConfiguration. For example:

    -

    Set-AppvClientConfiguration -ReportingEnabled 1 -ReportingServerURL http://any.com/appv-reporting

    -

    -

    For a complete list of client configuration settings see [About Client Configuration Settings](appv-client-configuration-settings.md) and look for the following entries: ReportingEnabled, ReportingServerURL, ReportingDataCacheLimit, ReportingDataBlockSize, ReportingStartTime, ReportingRandomDelay, ReportingInterval.

    -

    2. -

  2. By using Group Policy. If distributed using the domain controller, the settings are the same as previously listed.

    -
    -Note   -

    Group Policy settings override local settings configured using Windows PowerShell.

    -
    -
    -  -
    3. -
+- **What is the frequency that reporting information is sent to the reporting database?** + + The frequency depends on how the reporting task is configured on the computer running the App-V client. You must configure the frequency / interval for sending the reporting data. App-V Reporting is not enabled by default. + +- **What information is stored in the reporting server database?** + + The following list displays what is stored in the reporting database: + - The operating system running on the computer running the App-V client: host name, version, service pack, type - client/server, processor architecture. + - App-V Client information: version. + - Published package list: GUID, version GUID, name. + - Application usage information: name, version, streaming server, user (domain\alias), package version GUID, launch status and time, shutdown time. + +- **What is the average volume of information that is sent to the reporting server?** + + It depends. The following list displays the three sets of the data sent to the reporting server: + - Operating system, and App-V client information. ~150 Bytes, every time this data is sent. + - Published package list. ~7 KB for 30 packages. This is sent only when the package list is updated with a publishing refresh, which is done infrequently; if there is no change, this information is not sent. + - Virtual application usage information – about 0.25KB per event. Opening and closing count as one event if both occur before sending the information. When sending using a scheduled task, only the data since the last successful upload is sent to the server. If sending manually through the Windows PowerShell cmdlet, there is an optional argument that controls if the data needs to be re-sent next time around – that argument is **DeleteOnSuccess**. + + So for example, if twenty applications are opened and closed and reporting information is scheduled to be sent daily, the typical daily traffic should be about 0.15KB + 20 x 0.25KB, or about 5KB/user. + +- **Can reporting be scheduled?** + + Yes. Besides manually sending reporting using Windows PowerShell cmdlets (**Send-AppvClientReport**), the task can be scheduled so it will happen automatically. There are two ways to schedule the reporting: + - Using a Windows PowerShell cmdlet: **Set-AppvClientConfiguration**. For example: + `Set-AppvClientConfiguration -ReportingEnabled 1 -ReportingServerURL http://any.com/appv-reporting` + + For a complete list of client configuration settings see [About Client Configuration Settings](appv-client-configuration-settings.md) and look for the following entries: **ReportingEnabled**, **ReportingServerURL**, **ReportingDataCacheLimit**, **ReportingDataBlockSize**, **ReportingStartTime**, **ReportingRandomDelay**, **ReportingInterval**. + + - By using Group Policy. If distributed using the domain controller, the settings are the same as previously listed. + + **Note**   + Group Policy settings override local settings configured using Windows PowerShell. -  ## App-V Client Reporting diff --git a/windows/manage/appv-running-locally-installed-applications-inside-a-virtual-environment.md b/windows/manage/appv-running-locally-installed-applications-inside-a-virtual-environment.md index 8bfe51f0c4..44c8051ac6 100644 --- a/windows/manage/appv-running-locally-installed-applications-inside-a-virtual-environment.md +++ b/windows/manage/appv-running-locally-installed-applications-inside-a-virtual-environment.md @@ -113,7 +113,7 @@ Use the following example syntax, and substitute the name of your package for ** `Start-AppvVirtualProcess -AppvClientObject $AppVName cmd.exe` -If you don’t know the exact name of your package, you can use the command line **Get-AppvClientPackage \*executable\***, where **executable** is the name of the application, for example: Get-AppvClientPackage \*Word\*. +If you don’t know the exact name of your package, you can use the command line Get-AppvClientPackage \*executable\*, where **executable** is the name of the application, for example:
Get-AppvClientPackage \*Word\* ## Command line switch /appvpid:<PID> @@ -143,7 +143,7 @@ To get the package GUID and version GUID of your application, run the **Get-Appv - Version ID of the desired package -If you don’t know the exact name of your package, use the command line **Get-AppvClientPackage \*executable\***, where **executable** is the name of the application, for example: Get-AppvClientPackage \*Word\*. +If you don’t know the exact name of your package, use the command line Get-AppvClientPackage \*executable\*, where **executable** is the name of the application, for example:
Get-AppvClientPackage \*Word\* This method lets you launch any command within the context of an App-V package, regardless of whether the package is currently running. diff --git a/windows/manage/appv-supported-configurations.md b/windows/manage/appv-supported-configurations.md index eb3e5fd340..e7a69f7b2a 100644 --- a/windows/manage/appv-supported-configurations.md +++ b/windows/manage/appv-supported-configurations.md @@ -14,7 +14,7 @@ ms.prod: w10 **Applies to** - Windows 10, version 1607; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; and Windows Server 2008 R2 -This topic specifies the requirements to install and run App-V in your Windows 10 environment. +This topic specifies the requirements to install and run App-V in your Windows 10 environment. For information about prerequisite software such as the .NET Framework, see [App-V Prerequisites](appv-prerequisites.md). ## App-V Server system requirements diff --git a/windows/manage/appv-using-the-client-management-console.md b/windows/manage/appv-using-the-client-management-console.md index ba054f03f1..c029733b1d 100644 --- a/windows/manage/appv-using-the-client-management-console.md +++ b/windows/manage/appv-using-the-client-management-console.md @@ -41,8 +41,8 @@ The client management console contains the following described main tabs. --++ diff --git a/windows/manage/find-and-acquire-apps-overview.md b/windows/manage/find-and-acquire-apps-overview.md index 8faea40ea2..30ca08ff48 100644 --- a/windows/manage/find-and-acquire-apps-overview.md +++ b/windows/manage/find-and-acquire-apps-overview.md @@ -40,6 +40,10 @@ Use the Windows Store for Business to find apps for your organization. You can a + + + + diff --git a/windows/manage/prerequisites-windows-store-for-business.md b/windows/manage/prerequisites-windows-store-for-business.md index 8c759e9d5d..5edc4a2cdb 100644 --- a/windows/manage/prerequisites-windows-store-for-business.md +++ b/windows/manage/prerequisites-windows-store-for-business.md @@ -28,15 +28,11 @@ You'll need this software to work with Store for Business. ### Required - IT Pros that are administering Store for Business need a browser compatible with Store for Business running on a PC or mobile device. Supported browsers include: Internet Explorer 10 or later, Microsoft Edge, or current versions of Chrome or Firefox. - -- Employees using apps from Store for Business need Windows 10, version 1511 running on a PC or mobile device. +- Employees using apps from Store for Business need at least Windows 10, version 1511 running on a PC or mobile device. Microsoft Azure Active Directory (AD) accounts for your employees: - - IT Pros need Azure AD accounts to sign up for Store for Business, and then to sign in, get apps, distribute apps, and manage app licenses. - - Employees need Azure AD accounts when they access Store for Business content from Windows-based devices. - - If you use a management tool to distribute and manage online-licensed apps, all employees will need an Azure AD account. For more information on Azure AD, see [About Office 365 and Azure Active Directory](http://go.microsoft.com/fwlink/p/?LinkId=708612), and [Intro to Azure: identity and access](http://go.microsoft.com/fwlink/p/?LinkId=708611). @@ -46,7 +42,6 @@ For more information on Azure AD, see [About Office 365 and Azure Active Directo While not required, you can use a management tool to distribute and manage apps. Using a management tool allows you to distribute content, scope app availability, and control when app updates are installed. This might make sense for larger organizations that already use a management tool. If you're considering using management tools, check with the management tool vendor to see if they support Store for Business. The management tool will need to: - Integrate with the Windows 10 management framework and Azure AD. - - Sync with the Store for Business inventory to distribute apps. ### Proxy configuration @@ -54,21 +49,15 @@ While not required, you can use a management tool to distribute and manage apps. If your organization restricts computers on your network from connecting to the Internet, there is a set of URLs that need to be available for devices to use Store for Business. Some of the Store for Business features use Windows Store app and Windows Store services. Devices using Store for Business – either to acquire, install, or update apps – will need access to these URLs. If you use a proxy server to block traffic, your configuration needs to allow these URLs: - login.live.com - - login.windows.net - - account.live.com - - clientconfig.passport.net - - windowsphone.com - - \*.wns.windows.com - - \*.microsoft.com - -- \*.msftncsi.com/ncsi.txt - +- www.msftncsi.com (prior to Windows 10, version 1607) +- www.msftconnecttest.com/connecttest.txt (replaces www.msftncsi.com +starting with Windows 10, version 1607)     diff --git a/windows/manage/uev-whats-new-in-uev-for-windows.md b/windows/manage/uev-whats-new-in-uev-for-windows.md index ad07498a47..a7759f623e 100644 --- a/windows/manage/uev-whats-new-in-uev-for-windows.md +++ b/windows/manage/uev-whats-new-in-uev-for-windows.md @@ -27,6 +27,8 @@ The changes in UE-V for Windows 10, version 1607 impact already existing impleme - The Company Settings Center was removed and is no longer available on user devices. Users can no longer manage their synchronized settings. +- The inbox templates such as Office 2016 and IE 10 are included as a part of Windows 10 and need to be manually registered with Powershell or Group policy before use. + For more information about how to configure an existing UE-V installation after upgrading user devices to Windows 10, see [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md). > **Important**  You can upgrade your existing UE-V installation to Windows 10 from UE-V versions 2.1 or 2.0 only. If you are using a previous version of UE-V, you’ll need to upgrade from that version to UE-V 2.x before you upgrade to Windows 10.

Store for Business has thousands of apps from many different categories.

[Acquire apps in the Windows Store for Business](acquire-apps-windows-store-for-business.md)

You can acquire apps from the Windows Store for Business for your employees.

[Working with line-of-business apps](working-with-line-of-business-apps.md)

Your company can make line-of-business (LOB) applications available through Store for Business. These apps are custom to your company – they might be internal business apps, or apps specific to your business or industry.