deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into mdm-security-baseline-update

Browse Source
This commit is contained in:
Patti Short 2018-10-02 06:39:58 -07:00
commit 0a6b02a22c
46 changed files with 633 additions and 937 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
devices/hololens/hololens-insider.md
View File

@ -82,9 +82,9 @@ In order to switch to the Chinese or Japanese version of HoloLens, youll need
6. The tool will automatically detect your HoloLens. Select the Microsoft HoloLens tile.
7. On the next screen, select**Manual package selection**and choose the installation file contained in the folder you unzipped in step 4. (Look for a file with the extension “.ffu”.)
8. Select**Install software** and follow the instructions to finish installing.
9. Once the build is installed, HoloLens setup will start automatically. Put on the device and follow the setup directions.
9. Once the build is installed, HoloLens setup will start automatically. Put on the device and follow the setup directions.
10. After you complete setup, go to **Settings -> Update & Security -> Windows Insider Program** and select **Get started**. Link the account you used to register as a Windows Insider. Then, select **Active development of Windows**, choose whether youd like to receive **Fast** or **Slow** builds, and review the program terms. Select **Confirm -> Restart Now** to finish up. After your device has rebooted, go to **Settings -> Update & Security -> Check for updates** to get the latest build.
When youre done with setup, go to **Settings -> Update & Security -> Windows Insider Program** and check that youre configured to receive the latest preview builds. The Chinese/Japanese version of HoloLens will be kept up-to-date with the latest preview builds via the Windows Insider Program the same way the English version is.
## Note for language support

11
devices/surface/microsoft-surface-data-eraser.md
View File

@ -26,6 +26,7 @@ Find out how the Microsoft Surface Data Eraser tool can help you securely wipe d
Compatible Surface devices include:
* Surface Go
* Surface Book 2
* Surface Pro with LTE Advanced (Model 1807)
* Surface Pro (Model 1796)
@ -60,7 +61,7 @@ Some scenarios where Microsoft Surface Data Eraser can be helpful include:
To create a Microsoft Surface Data Eraser USB stick, first install the Microsoft Surface Data Eraser setup tool from the Microsoft Download Center using the link provided at the beginning of this article. You do not need a Surface device to *create* the USB stick. After you have downloaded the installation file to your computer, follow these steps to install the Microsoft Surface Data Eraser creation tool:
1. Run the DataEraserSetup.msi installation file that you downloaded from the Microsoft Download Center.
1. Run the DataEraserSetup.msi installation file that you downloaded from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=46703).
2. Select the check box to accept the terms of the license agreement, and then click **Install**.
@ -147,10 +148,16 @@ After you create a Microsoft Surface Data Eraser USB stick, you can boot a suppo
Microsoft Surface Data Eraser is periodically updated by Microsoft. For information about the changes provided in each new version, see the following:
### Version 3.2.68.0
This version of Microsoft Surface Data Eraser adds support for the following:
- Surface Go
### Version 3.2.58.0
This version of Microsoft Surface Data Eraser adds support for the following:
- • Additional storage devices (drives) for Surface Pro and Surface Laptop devices
- Additional storage devices (drives) for Surface Pro and Surface Laptop devices
### Version 3.2.46.0

6
devices/surface/microsoft-surface-deployment-accelerator.md
View File

@ -94,6 +94,12 @@ SDA is periodically updated by Microsoft. For instructions on how these features
>[!NOTE]
>To install a newer version of SDA on a server with a previous version of SDA installed, you only need to run the installation file for the new version of SDA. The installer will handle the upgrade process automatically. If you used SDA to create a deployment share prior to the upgrade and want to use new features of the new version of SDA, you will need to create a new deployment share. SDA does not support upgrades of an existing deployment share.
### Version 2.8.136.0
This version of SDA supports deployment of the following:
* Surface Book 2
* Surface Laptop
* Surface Pro LTE
### Version 2.0.8.0
This version of SDA supports deployment of the following:
* Surface Pro

19
devices/surface/step-by-step-surface-deployment-accelerator.md
View File

@ -126,7 +126,26 @@ The following steps show you how to create a deployment share for Windows 10 th
![The installatin progress window](images/sdasteps-fig5-installwindow.png "The installatin progress window")
*Figure 5. The Installation Progress window*
>[!NOTE]
>The following error message may be hit while Installing the latest ADK or MDT: "An exception occurred during a WebClient request.". This is due to incompatibility between SDA and BITS. Here is the workaround for this:
```
In the following two PowerShell scripts:
%ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\Install-MDT.ps1
%ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\INSTALL-WindowsADK.ps1
Edit the $BITSTransfer variable in the input parameters to $False as shown below:
Param(
[Parameter(
Position=0,
Mandatory=$False,
HelpMessage="Download via BITS bool true/false"
)]
[string]$BITSTransfer = $False
)
```
8. When the SDA process completes the creation of your deployment share, a **Success** window is displayed. Click **Finish** to close the window. At this point your deployment share is now ready to perform a Windows deployment to Surface devices.
### Optional: Create a deployment share without an Internet connection

17
devices/surface/surface-enterprise-management-mode.md
View File

@ -189,8 +189,23 @@ For use with SEMM and Microsoft Surface UEFI Configurator, the certificate must
>[!NOTE]
>For organizations that use an offline root in their PKI infrastructure, Microsoft Surface UEFI Configurator must be run in an environment connected to the root CA to authenticate the SEMM certificate. The packages generated by Microsoft Surface UEFI Configurator can be transferred as files and therefore can be transferred outside the offline network environment with removable storage, such as a USB stick.
## Version History
### Version 2.14.136.0
* Add support to Surface Go
### Version 2.9.136.0
* Add support to Surface Book 2
* Add support to Surface Pro LTE
* Accessibility improvements
### Version 1.0.74.0
* Add support to Surface Laptop
* Add support to Surface Pro
* Bug fixes and general improvement
## Related topics
[Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md)
[Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md)
[Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md)

26
windows/application-management/app-v/appv-delete-a-connection-group.md
View File

@ -1,34 +1,30 @@
---
title: How to Delete a Connection Group (Windows 10)
description: How to Delete a Connection Group
title: How to delete a connection group (Windows 10)
description: How to delete a connection group.
author: MaggiePucciEvans
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.date: 09/27/2018
---
# How to delete a connection group
# How to Delete a Connection Group
**Applies to**
- Windows 10, version 1607
>Applies to: Windows 10, version 1607
Use the following procedure to delete an existing App-V connection group.
**To delete a connection group**
## Delete a connection group
1. Open the App-V Management Console and select **CONNECTION GROUPS**.
1. Open the App-V Management Console and select **CONNECTION GROUPS**.
2. Right-click the connection group to be removed, and select **delete**.
2. Right-click the connection group to be removed and select **delete**.
## Have a suggestion for App-V?
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
[Operations for App-V](appv-operations.md)
[Managing Connection Groups](appv-managing-connection-groups.md)
- [Operations for App-V](appv-operations.md)
- [Managing connection groups](appv-managing-connection-groups.md)

23
windows/application-management/app-v/appv-delete-a-package-with-the-management-console.md
View File

@ -1,32 +1,29 @@
---
title: How to Delete a Package in the Management Console (Windows 10)
description: How to Delete a Package in the Management Console
title: How to delete a package in the Management Console (Windows 10)
description: How to delete a package in the Management Console.
author: MaggiePucciEvans
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.date: 09/27/2018
---
# How to delete a package in the Management Console
# How to Delete a Package in the Management Console
**Applies to**
- Windows 10, version 1607
>Applies to: Windows 10, version 1607
Use the following procedure to delete an App-V package.
**To delete a package in the Management Console**
## Delete a package in the Management Console
1. To view the package you want to delete, open the App-V Management Console and select **Packages**. Select the package to be removed.
1. To view the package you want to delete, open the App-V Management Console and select **Packages**. Select the package to be removed.
2. Click or right-click the package. Select **Delete** to remove the package.
2. Select or right-click the package, then select **Delete** to remove the package.
## Have a suggestion for App-V?
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
[Operations for App-V](appv-operations.md)
- [Operations for App-V](appv-operations.md)

36
windows/application-management/app-v/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
View File

@ -1,45 +1,45 @@
---
title: How to deploy App-V Packages Using Electronic Software Distribution (Windows 10)
description: How to deploy App-V Packages Using Electronic Software Distribution
title: How to deploy App-V packages using electronic software distribution (Windows 10)
description: How to deploy App-V packages using electronic software distribution.
author: MaggiePucciEvans
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.date: 09/27/2018
---
# How to deploy App-V packages using electronic software distribution
**Applies to**
- Windows 10, version 1607
>Applies to: Windows 10, version 1607
You can use an electronic software distribution (ESD) system to deploy App-V virtual applications to App-V clients.
For component requirements and options for using an ESD to deploy App-V packages, see [Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md).
For component requirements and options for using an ESD to deploy App-V packages, see [Planning to deploy App-V with an electronic software distribution system](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md).
Use one of the following methods to publish packages to App-V client computers with an ESD:
- Use the functionality in a third-party ESD.
- Install the application on the target client computer with the associated Windows Installer (.msi) file that's created when you initially sequence the application. The .msi file contains the associated App-V package file information used to configure a package and copies the required package files to the client.
- Use Windows PowerShell cmdlets to deploy virtualized applications. For more information about using Windows PowerShell and App-V, see [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md).
| Method | Description |
| - | - |
| Functionality provided by a third-party ESD | Use the functionality in a third-party ESD.|
|---|---|
| Functionality provided by a third-party ESD | Use the functionality in a third-party ESD.|
| Stand-alone Windows Installer | Install the application on the target client computer by using the associated Windows Installer (.msi) file that is created when you initially sequence an application. The Windows Installer file contains the associated App-V package file information used to configure a package and copies the required package files to the client. |
| Windows PowerShell | Use Windows PowerShell cmdlets to deploy virtualized applications. For more information about using Windows PowerShell and App-V, see [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md).|
| Windows PowerShell | Use Windows PowerShell cmdlets to deploy virtualized applications. For more information about using Windows PowerShell and App-V, see [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md).|
 
## Deploy App-V packages with an ESD
**To deploy App-V packages by using an ESD**
1. Install the App-V Sequencer on a computer in your environment. For more information about installing the sequencer, see [How to install the Sequencer](appv-install-the-sequencer.md).
1. Install the App-V Sequencer on a computer in your environment. For more information about installing the sequencer, see [How to Install the Sequencer](appv-install-the-sequencer.md).
2. Use the App-V Sequencer to create a virtual application. To learn more about creating virtual applications, see [Creating and managing App-V virtualized applications](appv-creating-and-managing-virtualized-applications.md).
2. Use the App-V Sequencer to create virtual application. For information about creating a virtual application, see [Creating and Managing App-V Virtualized Applications](appv-creating-and-managing-virtualized-applications.md).
3. After you create the virtual application, deploy the package by using your ESD solution.
3. After you create the virtual application, deploy the package by using your ESD solution.
## Have a suggestion for App-V?
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
- [Operations for App-V](appv-operations.md)
- [Operations for App-V](appv-operations.md)

6
windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
View File

@ -1,6 +1,6 @@
---
title: Deploying Microsoft Office 2016 by Using App-V (Windows 10)
description: Deploying Microsoft Office 2016 by Using App-V
title: Deploying Microsoft Office 2016 by using App-V (Windows 10)
description: Deploying Microsoft Office 2016 by using App-V
author: MaggiePucciEvans
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
@ -8,7 +8,7 @@ ms.sitesec: library
ms.prod: w10
ms.date: 04/18/2018
---
# Deploying Microsoft Office 2016 by Using App-V
# Deploying Microsoft Office 2016 by using App-V
>Applies to: Windows 10, version 1607

49
windows/application-management/app-v/appv-deploying-packages-with-electronic-software-distribution-solutions.md
View File

@ -1,55 +1,34 @@
---
title: Deploying App-V Packages by Using Electronic Software Distribution (ESD)
description: Deploying App-V Packages by Using Electronic Software Distribution (ESD)
title: Deploying App-V packages by using electronic software distribution (ESD)
description: Deploying App-V packages by using electronic software distribution (ESD)
author: MaggiePucciEvans
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.date: 09/27/2018
---
# Deploying App-V packages by using electronic software distribution (ESD)
>Applies to: Windows 10, version 1607
# Deploying App-V Packages by Using Electronic Software Distribution (ESD)
You can deploy App-V packages using an electronic software distribution (ESD) solution. For information about planning to deploy App-V packages with an ESD, see [Planning to deploy App-V with an electronic software distribution system](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md).
**Applies to**
- Windows 10, version 1607
You can deploy App-V packages using an Electronic Software Distribution (ESD) solution. For information about planning to deploy App-V packages with an ESD, see [Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md).
To deploy App-V packages with Microsoft System Center 2012 Configuration Manager, see [Introduction to Application Management in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682125.aspx#BKMK_Appv)
To learn how to deploy App-V packages with Microsoft System Center 2012 Configuration Manager, see [Introduction to application management in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682125.aspx#BKMK_Appv)
## How to deploy virtualized packages using an ESD
To learn more about how to deploy virtualized packages using an ESD, see [How to deploy App-V packages using electronic software distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md).
Describes the methods you can use to deploy App-V packages by using an ESD.
## How to enable only administrators to publish packages by using an ESD
[How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md)
To learn how to configure the App-V client to enable only administrators to publish and unpublish packages when youre using an ESD, see [How to enable only administrators to publish packages by using an ESD](appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md).
## How to Enable Only Administrators to Publish Packages by Using an ESD
## Related topics
Explains how to configure the App-V client to enable only administrators to publish and unpublish packages when youre using an ESD.
[How to Enable Only Administrators to Publish Packages by Using an ESD](appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md)
- [App-V and Citrix integration](https://www.microsoft.com/en-us/download/details.aspx?id=40885)
- [Operations for App-V](appv-operations.md)
## Have a suggestion for App-V?
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Other resources for using an ESD and App-V
Use the following link for more information about [App-V and Citrix Integration](https://www.microsoft.com/en-us/download/details.aspx?id=40885).
[Operations for App-V](appv-operations.md)
 
 
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).

4
windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
View File

@ -1,6 +1,6 @@
---
title: Deploying the App-V Sequencer and Configuring the Client (Windows 10)
description: Deploying the App-V Sequencer and Configuring the Client
title: Deploying the App-V Sequencer and configuring the client (Windows 10)
description: Deploying the App-V Sequencer and configuring the client
author: MaggiePucciEvans
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy

501
windows/application-management/app-v/appv-dynamic-configuration.md
View File

@ -6,110 +6,84 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.date: 09/27/2018
---
# About App-V dynamic configuration
>Applies to: Windows 10, version 1607
# About App-V Dynamic Configuration
You can use dynamic configuration to customize an App-V package for a user. This article will tell you how to create or edit an existing dynamic configuration file.
**Applies to**
- Windows 10, version 1607
You can use the dynamic configuration to customize an App-V package for a user. Use the following information to create or edit an existing dynamic configuration file.
When you edit the dynamic configuration file it customizes how an App-V package will run for a user or group. This helps to provide a more convenient method for package customization by removing the need to re-sequence packages using the desired settings, and provides a way to keep package content and custom settings independent.
## Advanced: Dynamic Configuration
When you edit the Dynamic Configuration file, it customizes how an App-V package will run for a user or group. This makes package customization more convenient by removing the need to resequence packages using the desired settings and provides a way to keep package content and custom settings independent.
## Advanced: dynamic configuration
Virtual application packages contain a manifest that provides all the core information for the package. This information includes the defaults for the package settings and determines settings in the most basic form (with no additional customization). If you want to adjust these defaults for a particular user or group, you can create and edit the following files:
- User Configuration file
- User Configuration file
- Deployment Configuration file
- Deployment configuration file
These .xml files specify package settings let you customize packages without directly affecting the packages. When a package is created, the sequencer automatically generates default deployment and user configuration .xml files using the package manifest data. These automatically generated configuration files reflect the package's default settings that were configured during sequencing. If you apply these configuration files to a package in the form generated by the sequencer, the packages will have the same default settings that came from their manifest. This provides you with a package-specific template to get started if any of the defaults must be changed.
The previous .xml files specify package settings and allow for packages to be customized without directly affecting the packages. When a package is created, the sequencer automatically generates default deployment and user configuration .xml files using the package manifest data. Therefore, these automatically generated configuration files simply reflect the default settings that the package innately as from how things were configured during sequencing. If you apply these configuration files to a package in the form generated by the sequencer, the packages will have the same default settings that came from their manifest. This provides you with a package-specific template to get started if any of the defaults must be changed.
>[!NOTE]
>The following information can only be used to modify sequencer generated configuration files to customize packages to meet specific user or group requirements.
**Note**  
The following information can only be used to modify sequencer generated configuration files to customize packages to meet specific user or group requirements.
## Dynamic Configuration file contents
 
All of the additions, deletions, and updates in the configuration files need to be made in relation to the default values specified by the package's manifest information. The following list represents the relationship between these files in how they'll be read, from most to least precedence:
### Dynamic Configuration file contents
- User Configuration .xml file
- Deployment Configuration .xml file
- Package Manifest
All of the additions, deletions, and updates in the configuration files need to be made in relation to the default values specified by the package's manifest information. Review the following table:
The first item represents what will be read last. Therefore, its content takes precedence. All packages inherently contain and provide default settings from the Package Manifest, but it also has the least precedence. If you apply a Deployment Configuration .xml file with customized settings, it will override the Package Manifest's defaults. If you apply a User Configuration .xml file with customized settings prior to that, it will override both the deployment configuration and the Package Manifest's defaults.
<table>
<colgroup>
<col width="100%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p>User Configuration .xml file</p></td>
</tr>
<tr class="even">
<td align="left"><p>Deployment Configuration .xml file</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Package Manifest</p></td>
</tr>
</tbody>
</table>
There are two types of configuration files:
 
- **User Configuration file (UserConfig)**: Allows you to specify or modify custom settings for a package. These settings will be applied for a specific user when the package is deployed to a computer running the App-V client.
- **Deployment Configuration file (DeploymentConfig)**: Allows you to specify or modify the default settings for a package. These settings will be applied for all users when a package is deployed to a computer running the App-V client.
The previous table represents how the files will be read. The first entry represents what will be read last, therefore, its content takes precedence. Therefore, all packages inherently contain and provide default settings from the package manifest. If a deployment configuration .xml file with customized settings is applied, it will override the package manifest defaults. If a user configuration .xml file with customized settings is applied prior to that, it will override both the deployment configuration and the package manifest defaults.
You can use the UserConfig file to customize the settings for a package for a specific set of users on a computer or make changes that will be applied to local user locations such as HKCU. You can use the DeploymentConfig file to modify the default settings of a package for all users on a machine or make changes that will be applied to global locations such as HKEY\_LOCAL\_MACHINE and the All Users folder.
The following list displays more information about the two file types:
The UserConfig file provides configuration settings that you can apply to a single user without affecting any other users on a client:
- **User Configuration File (UserConfig)** Allows you to specify or modify custom settings for a package. These settings will be applied for a specific user when the package is deployed to a computer running the App-V client.
- Extensions that will be integrated into the native system per user: shortcuts, File-Type associations, URL Protocols, AppPaths, Software Clients, and COM.
- Virtual Subsystems: Application Objects, Environment variables, Registry modifications, Services, and Fonts.
- Scripts (user context only).
- **Deployment Configuration File (DeploymentConfig)** Allows you to specify or modify the default settings for a package. These settings will be applied for all users when a package is deployed to a computer running the App-V client.
The DeploymentConfig file provides configuration settings in two sections, one relative to the machine context and one relative to the user context providing the same capabilities listed in the preceding UserConfig list:
To customize the settings for a package for a specific set of users on a computer or to make changes that will be applied to local user locations such as HKCU, the UserConfig file should be used. To modify the default settings of a package for all users on a machine or to make changes that will be applied to global locations such as HKEY\_LOCAL\_MACHINE and the all users folder, the DeploymentConfig file should be used.
- All UserConfig settings from the preceding section in this topic
- Extensions that can only be applied globally for all users
- Virtual Subsystems that can be configured for global machine locations, such as the registry
- Product Source URL
- Scripts (Machine context only)
- Controls to terminate child processes
The UserConfig file provides configuration settings that can be applied to a single user without affecting any other users on a client:
- Extensions that will be integrated into the native system per user:- shortcuts, File-Type associations, URL Protocols, AppPaths, Software Clients and COM
- Virtual Subsystems:- Application Objects, Environment variables, Registry modifications, Services and Fonts
- Scripts (User context only)
The DeploymentConfig file provides configuration settings in two sections, one relative to the machine context and one relative to the user context providing the same capabilities listed in the UserConfig list above:
- All UserConfig settings above
- Extensions that can only be applied globally for all users
- Virtual Subsystems that can be configured for global machine locations e.g. registry
- Product Source URL
- Scripts (Machine context only)
- Controls to Terminate Child Processes
### File structure
## File structure
The structure of the App-V Dynamic Configuration file is explained in the following section.
### Dynamic User Configuration file
## Dynamic User Configuration file
**Header** - the header of a dynamic user configuration file is as follows:
### Header
```
The following is an example of a Dynamic User Configuration file's header:
```xml
<?xml version="1.0" encoding="utf-8"?>
<UserConfiguration PackageId="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns="http://schemas.microsoft.com/appv/2010/userconfiguration">
```
The **PackageId** is the same value as exists in the Manifest file.
The **PackageId** is the same value that exists in the Manifest file.
**Body** - the body of the Dynamic User Configuration file can include all the app extension points that are defined in the Manifest file, as well as information to configure virtual applications. There are four subsections allowed in the body:
### Dynamic User Configuration file body
**Applications** - All app-extensions that are contained in the Manifest file within a package are assigned with an Application ID, which is also defined in the manifest file. This allows you to enable or disable all the extensions for a given application within a package. The **Application ID** must exist in the Manifest file or it will be ignored.
The Dynamic User Configuration file's body can include all app extension points defined in the Manifest file, as well as information to configure virtual applications. There are four subsections allowed in the body:
```
**Applications**: All app-extensions contained in the Manifest file within a package are assigned with an Application ID, which is also defined in the manifest file. This allows you to enable or disable all the extensions for a given application within a package. The **Application ID** must exist in the Manifest file or it will be ignored.
```xml
<UserConfiguration PackageId="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns="http://schemas.microsoft.com/appv/2010/userconfiguration">
<Applications>
<!-- No new application can be defined in policy. AppV Client will ignore any application ID that is not also in the Manifest file -->
@ -120,9 +94,9 @@ The **PackageId** is the same value as exists in the Manifest file.
</UserConfiguration>
```
**Subsystems** - AppExtensions and other subsystems are arranged as subnodes under the <Subsystems>:
**Subsystems**: AppExtensions and other subsystems are arranged as subnodes under `<Subsystems>`, as shown in the following example.
```
```xml
<UserConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns="http://schemas.microsoft.com/appv/2010/userconfiguration">
<Subsystems>
..
@ -131,19 +105,21 @@ The **PackageId** is the same value as exists in the Manifest file.
</UserConfiguration>
```
Each subsystem can be enabled/disabled using the “**Enabled**” attribute. Below are the various subsystems and usage samples.
Each subsystem can be enabled/disabled using the **Enabled** attribute. The following sections describe the various subsystems and usage samples.
**Extensions:**
### Dynamic User Configuration file extensions
Some subsystems (Extension Subsystems) control Extensions. Those subsystems are:- shortcuts, File-Type associations, URL Protocols, AppPaths, Software Clients and COM
Extension Subsystems control extensions. These subsystems are Shortcuts, File-Type associations, URL Protocols, AppPaths, Software Clients, and COM.
Extension Subsystems can be enabled and disabled independently of the content.  Thus if Shortcuts are enabled, The client will use the shortcuts contained within the manifest by default. Each Extension Subsystem can contain an <Extensions> node. If this child element is present, the client will ignore the content in the Manifest file for that subsystem and only use the content in the configuration file.
Extension Subsystems can be enabled and disabled independently of the content.  Therefore, if Shortcuts are enabled, the client will use the shortcuts contained within the manifest by default. Each Extension Subsystem can contain an `<Extensions>` node. If this child element is present, the client will ignore the content in the Manifest file for that subsystem and only use the content in the configuration file.
Example using the shortcuts subsystem:
### Examples of the shortcuts subsystem
**Example 1**<br>If the user defined this in either the dynamic or deployment config file:
#### Example 1
```
Content will be ignored if the user defined the following in either the dynamic or deployment config file:
```xml
                             <Shortcuts  Enabled="true">
                                         <Extensions
                                          ...
@ -151,29 +127,30 @@ Example using the shortcuts subsystem:
                             </Shortcuts>
```
Content in the manifest will be ignored.   
#### Example 2
**Example 2**<br>If the user defined only the following:
Content in the manifest will be integrated during publishing if the user defined only the following:
```xml
                            `<Shortcuts  Enabled="true"/>`
Then the content in the Manifest will be integrated during publishing.
**Example 3**<br>If the user defines the following
```
#### Example 3
All shortcuts in the manifest will be ignored and no shortcuts will be integrated if the user defines the following:
```xml
                           <Shortcuts  Enabled="true">
                                         <Extensions/>
                             </Shortcuts>
```
Then all the shortcuts within the manifest will still be ignored. There will be no shortcuts integrated.
### Supported Extension Subsystems
The supported Extension Subsystems are:
**Shortcuts**: This controls shortcuts that will be integrated into the local system. The following example has two shortcuts:
**Shortcuts:** This controls shortcuts that will be integrated into the local system. Below is a sample with 2 shortcuts:
```
```xml
<Subsystems>
<Shortcuts Enabled="true">
  <Extensions>
@ -209,9 +186,9 @@ The supported Extension Subsystems are:
</Shortcuts>
```
**File-Type Associations:** Associates File-types with programs to open by default as well as setup the context menu. (MIME types can also be setup using this susbsystem). Sample File-type Association is below:
**File Type Associations**: Associates file types with programs to open by default as well as setup the context menu. (MIME types can also be set up with this susbsystem). The following is an example of a FileType association:
```
```xml
<FileTypeAssociations Enabled="true">
<Extensions>
<Extension Category="AppV.FileTypeAssociation">
@ -275,9 +252,9 @@ The supported Extension Subsystems are:
</FileTypeAssociations>
```
**URL Protocols**: This controls the URL Protocols that are integrated into the local registry of the client machine e.g. “mailto:”.
**URL Protocols**: This controls the URL Protocols integrated into the local registry of the client machine. The following example illustrates the “mailto:” ptrotocol.
```
```xml
<URLProtocols Enabled="true">
<Extensions>
<Extension Category="AppV.URLProtocol">
@ -322,17 +299,17 @@ The supported Extension Subsystems are:
  </URLProtocols>
```
**Software Clients**: Allows the app to register as an Email client, news reader, media player and makes the app visible in the Set Program Access and Computer Defaults UI. In most cases you should only need to enable and disable it. There is also a control to enable and disable the email client specifically if you want the other clients still enabled except for that client.
**Software Clients**: Allows the app to register as an email client, news reader, or media player and makes the app visible in the Set Program Access and Computer Defaults UI. In most cases, you only need to enable and disable it. There's also a control that lets you enable or disable the email client only in case you want all the other clients to remain as they are.
```
```xml
<SoftwareClients Enabled="true">
  <ClientConfiguration EmailEnabled="false" />
</SoftwareClients>
```
**AppPaths**: If an application for example contoso.exe is registered with an apppath name of “myapp”, it allows you type “myapp” under the run menu and it will open contoso.exe.
**AppPaths**: If an application, such as contoso.exe, is registered with an apppath name of “myapp”, this subsystem lets you open the app by entering “myapp” into the run menu.
```
```xml
<AppPaths Enabled="true">
<Extensions>
<Extension Category="AppV.AppPath">
@ -349,21 +326,25 @@ The supported Extension Subsystems are:
</AppPaths>
```
**COM**: Allows an Application register Local COM servers. Mode can be Integration, Isolated or Off. When Isol.
` <COM Mode="Isolated"/>`
**Other Settings**:
In addition to Extensions, other subsystems can be enabled/disabled and edited:
**Virtual Kernel Objects**:
` <Objects Enabled="false" />`
**Virtual Registry**: Used if you want to set a registry in the Virtual Registry within HKCU
**COM**: Allows an Application to register Local COM servers. Mode can be Integration, Isolated or Off. When Isol.
```xml
<COM Mode="Isolated"/>
```
### Other settings for Dynamic User Configuration file
In addition to Extensions, the following other subsystems can be enabled/disabled and edited.
#### Virtual Kernel Objects
```xml
<Objects Enabled="false" />
```xml
**Virtual Registry**: use this if you want to set a registry in the Virtual Registry within HKCU.
```xml
<Registry Enabled="true">
<Include>
<Key Path="\\REGISTRY\\USER\\\[{AppVCurrentUserSID}\]\\Software\\ABC">
@ -375,17 +356,21 @@ In addition to Extensions, other subsystems can be enabled/disabled and edited:
  </Registry>
```
**Virtual File System**
`       <FileSystem Enabled="true" />`
**Virtual Fonts**
`       <Fonts Enabled="false" />`
**Virtual Environment Variables**
#### Virtual File System
```xml
      <FileSystem Enabled="true" />
```
#### Virtual Fonts
```xml
      <Fonts Enabled="false" />
```
#### Virtual Environment Variables
```xml
<EnvironmentVariables Enabled="true">
<Include>
       <Variable Name="UserPath" Value="%path%;%UserProfile%" />
@ -397,32 +382,39 @@ In addition to Extensions, other subsystems can be enabled/disabled and edited:
        </EnvironmentVariables>
```
**Virtual services**
`       <Services Enabled="false" />`
**UserScripts** Scripts can be used to setup or alter the virtual environment as well as execute scripts at time of deployment or removal, before an application executes, or they can be used to “clean up” the environment after the application terminates. Please reference a sample User configuration file that is output by the sequencer to see a sample script. The Scripts section below provides more information on the various triggers that can be used.
### Dynamic Deployment Configuration file
**Header** - The header of a Deployment Configuration file is as follows:
#### Virtual services
```xml
      <Services Enabled="false" />
```
#### UserScripts
Scripts can be used to set up or alter the virtual environment and execute scripts on deployment or removal, before an application executes, or they can clean up the environment after the application terminates. Please refer to a sample User Configuration file output by the sequencer to see a sample script. See the [Scripts](appv-dynamic-configuration.md#scripts) section for more information about the various triggers you can use to set up scripts.
## Dynamic Deployment Configuration file
### Dynamic Deployment Configuration file header
The header of a Deployment Configuration file should look something like this:
```xml
<?xml version="1.0" encoding="utf-8"?><DeploymentConfiguration PackageId="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns="http://schemas.microsoft.com/appv/2010/deploymentconfiguration">
```
The **PackageId** is the same value as exists in the manifest file.
The **PackageId** is the same value as the one that exists in the Manifest file.
**Body** - The body of the deployment configuration file includes two sections:
### Dynamic Deployment Configuration file body
- User Configuration section allows the same content as the User Configuration file described in the previous section. When the package is published to a user, any appextensions configuration settings in this section will override corresponding settings in the Manifest within the package unless a user configuration file is also provided. If a UserConfig file is also provided, it will be used instead of the User settings in the deployment configuration file. If the package is published globally, then only the contents of the deployment configuration file will be used in combination with the manifest.
The body of the deployment configuration file includes two sections:
- Machine Configuration sectioncontains information that can be configured only for an entire machine, not for a specific user on the machine. For example, HKEY\_LOCAL\_MACHINE registry keys in the VFS.
- The User Configuration section allows the same content as the User Configuration file described in the previous section. When the package is published to a user, any appextensions configuration settings in this section will override corresponding settings in the Manifest within the package unless a user configuration file is also provided. If a UserConfig file is also provided, it will be used instead of the User settings in the deployment configuration file. If the package is published globally, then only the contents of the deployment configuration file will be used in combination with the manifest.
- The Machine Configuration section contains information that can only be configured for an entire machine, not for a specific user on the machine. For example, HKEY\_LOCAL\_MACHINE registry keys in the VFS.
```
```xml
<DeploymentConfiguration PackageId="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns="http://schemas.microsoft.com/appv/2010/deploymentconfiguration">
<UserConfiguration>
  ..
..
</UserConfiguration>
<MachineConfiguration>
..
@ -432,13 +424,15 @@ The **PackageId** is the same value as exists in the manifest file.
</DeploymentConfiguration>
```
**User Configuration** - use the previous **Dynamic User Configuration file** section for information on settings that are provided in the user configuration section of the Deployment Configuration file.
User Configuration: see [Dynamic User Configuration](appv-dynamic-configuration.md#dynamic-user-configuration) for more information about this section.
Machine Configuration - the Machine configuration section of the Deployment Configuration File is used to configure information that can be set only for an entire machine, not for a specific user on the computer. For example, HKEY\_LOCAL\_MACHINE registry keys in the Virtual Registry. There are four subsections allowed in under this element
Machine Configuration: The Machine Configuration section of the Deployment Configuration File configures information that can only be set for an entire machine, not a specific user on the computer, like the HKEY\_LOCAL\_MACHINE registry keys in the Virtual Registry. This element can have the following four subsections.
1. **Subsystems** - AppExtensions and other subsystems are arranged as subnodes under <Subsystems>:
#### Subsystems
```
AppExtensions and other subsystems are arranged as subnodes under `<Subsystems>`:
```xml
<MachineConfiguration>
  <Subsystems>
  ..
@ -447,15 +441,17 @@ Machine Configuration - the Machine configuration section of the Deployment Conf
</MachineConfiguration>
```
The following section displays the various subsystems and usage samples.
The following section describes the various subsystems and usage samples.
**Extensions**:
#### Extensions
Some subsystems (Extension Subsystems) control Extensions which can only apply to all users. The subsystem is application capabilities. Because this can only apply to all users, the package must be published globally in order for this type of extension to be integrated into the local system. The same rules for controls and settings that apply to the Extensions in the User Configuration also apply to those in the MachineConfiguration section.
Some subsystems (Extension Subsystems) control extensions that can only apply to all users. The subsystem is application capabilities. Because this can only apply to all users, the package must be published globally in order for this type of extension to be integrated into the local system. The rules for User Configuration extension controls and settings also apply to the ones in Machine Configuration.
**Application Capabilities**: Used by default programs in windows operating system Interface. Allows an application to register itself as capable of opening certain file extensions, as a contender for the start menu internet browser slot, as capable of opening certain windows MIME types.  This extension also makes the virtual application visible in the Set Default Programs UI.:
#### Application Capabilities
```
Used by default programs in the Windows OS interface, the Application Capabilities extension allows an application to register itself as capable of opening certain file extensions, as a contender for the Start menu's internet browser slot, and as capable of opening certain Windows MIME types. This extension also makes the virtual application visible in the Set Default Programs UI.
```xml
<ApplicationCapabilities Enabled="true">
  <Extensions>
   <Extension Category="AppV.ApplicationCapabilities">
@ -491,13 +487,13 @@ Some subsystems (Extension Subsystems) control Extensions which can only apply t
</ApplicationCapabilities>
```
**Other Settings**:
#### Other settings for Dynamic Deployment Configuration file
In addition to Extensions, other subsystems can be edited:
You can edit other subsystems in addition to extensions:
**Machine Wide Virtual Registry**: Used when you want to set a registry key in the virtual registry within HKEY\_Local\_Machine
- Machine-wide Virtual Registry: use this when you want to set a registry key in the virtual registry within HKEY\_Local\_Machine.
```
```xml
<Registry>
<Include>
  <Key Path="\\REGISTRY\\Machine\\Software\\ABC">
@ -509,9 +505,9 @@ In addition to Extensions, other subsystems can be edited:
</Registry>
```
**Machine Wide Virtual Kernel Objects**
- Machine-wide Virtual Kernel Objects
```
```xml
<Objects>
<NotIsolate>
   <Object Name="testObject" />
@ -519,23 +515,23 @@ In addition to Extensions, other subsystems can be edited:
</Objects>
```
**ProductSourceURLOptOut**: Indicates whether the URL for the package can be modified globally through PackageSourceRoot (to support branch office scenarios). Default is false and the setting change takes effect on the next launch.
- ProductSourceURLOptOut: Indicates whether the URL for the package can be modified globally through PackageSourceRoot to support branch office scenarios. It's set to False by default. Changes to the value take effect on the next launch.
```
```xml
<MachineConfiguration>
  .. 
  ..
  <ProductSourceURLOptOut Enabled="true" />
  ..
</MachineConfiguration>
```
**MachineScripts** Package can be configured to execute scripts at time of deployment, publishing or removal. Please reference a sample deployment configuration file that is generated by the sequencer to see a sample script. The Scripts section below provides more information on the various triggers that can be used
- MachineScripts: The package can be configured to execute scripts upon deployment, publishing, or removal. To see an example script, please see a sample deployment configuration file generated by the sequencer. The following section provides more information about the various triggers you can use to set up scripts.
**TerminateChildProcess**:- An application executable can be specified, whose child processes will be terminated when the application exe process is terminated.
- TerminateChildProcess: you can use this to specify that an application executable's child processes will be terminated when the application.exe process is terminated.
```
```xml
<MachineConfiguration>
  ..   
  ..
  <TerminateChildProcesses>
    <Application Path="\[{PackageRoot}\]\\Contoso\\ContosoApp.EXE" />
    <Application Path="\[{PackageRoot}\]\\LitView\\LitViewBrowser.exe" />
@ -549,113 +545,33 @@ In addition to Extensions, other subsystems can be edited:
The following table describes the various script events and the context under which they can be run.
<table style="width:100%;">
<colgroup>
<col width="16%" />
<col width="16%" />
<col width="16%" />
<col width="16%" />
<col width="16%" />
<col width="16%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Script Execution Time</th>
<th align="left">Can be specified in Deployment Configuration</th>
<th align="left">Can be specified in User Configuration</th>
<th align="left">Can run in the Virtual Environment of the package</th>
<th align="left">Can be run in the context of a specific application</th>
<th align="left">Runs in system/user context: (Deployment Configuration, User Configuration)</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>AddPackage</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p></p></td>
<td align="left"><p></p></td>
<td align="left"><p></p></td>
<td align="left"><p>(SYSTEM, N/A)</p></td>
</tr>
<tr class="even">
<td align="left"><p>PublishPackage</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p></p></td>
<td align="left"><p></p></td>
<td align="left"><p>(SYSTEM, User)</p></td>
</tr>
<tr class="odd">
<td align="left"><p>UnpublishPackage</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p></p></td>
<td align="left"><p></p></td>
<td align="left"><p>(SYSTEM, User)</p></td>
</tr>
<tr class="even">
<td align="left"><p>RemovePackage</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p></p></td>
<td align="left"><p></p></td>
<td align="left"><p></p></td>
<td align="left"><p>(SYSTEM, N/A)</p></td>
</tr>
<tr class="odd">
<td align="left"><p>StartProcess</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>(User, User)</p></td>
</tr>
<tr class="even">
<td align="left"><p>ExitProcess</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p></p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>(User, User)</p></td>
</tr>
<tr class="odd">
<td align="left"><p>StartVirtualEnvironment</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p></p></td>
<td align="left"><p>(User, User)</p></td>
</tr>
<tr class="even">
<td align="left"><p>TerminateVirtualEnvironment</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p>X</p></td>
<td align="left"><p></p></td>
<td align="left"><p></p></td>
<td align="left"><p>(User, User)</p></td>
</tr>
</tbody>
</table>
 
|Script execution time|Can be specified in Deployment Configuration|Can be specified in User Configuration|Can run in the package's virtual environment|Can be run in the context of a specific application|Runs in system/user context: (Deployment Configuration, User Configuration)|
|---|:---:|:---:|:---:|:---:|:---:|
|AddPackage|X||||(SYSTEM, N/A)|
|PublishPackage|X|X|||(SYSTEM, User)|
|UnpublishPackage|X|X|||(SYSTEM, User)|
|RemovePackage|X||||(SYSTEM, N/A)|
|StartProcess|X|X|X|X|(User, User)|
|ExitProcess|X|X||X|(User, User)|
|StartVirtualEnvironment|X|X|X||(User, User)|
|TerminateVirtualEnvironment|X|X|||(User, User)|
### Using multiple scripts on a single event trigger
App-V supports the use of multiple scripts on a single event trigger for App-V packages, including packages that you convert from App-V 4.6 to App-V for Windows 10. To enable the use of multiple scripts, App-V uses a script launcher application, named ScriptRunner.exe, which is included in the App-V client.
**How to use multiple scripts on a single event trigger:**
#### How to use multiple scripts on a single event trigger
For each script that you want to run, pass that script as an argument to the ScriptRunner.exe application. The application then runs each script separately, along with the arguments that you specify for each script. Use only one script (ScriptRunner.exe) per trigger.
For each script that you want to run, pass that script as an argument to the ScriptRunner.exe application. The application will run each script separately, along with the arguments that you specify for each script. Use only one script (ScriptRunner.exe) per trigger.
**Note**  
We recommended that you run the multi-script line from a command prompt first to make sure that all arguments are built correctly before adding them to the deployment configuration file.
>[!NOTE]
>We recommended you first run the multi-script line from a command prompt to make sure all arguments are built correctly before adding them to the deployment configuration file.
 
**Example script and parameter descriptions**
#### Example script and parameter descriptions
Using the following example file and table, modify the deployment or user configuration file to add the scripts that you want to run.
``` syntax
```xml
<MachineScripts>
<AddPackage>
<Path>ScriptRunner.exe</Path>
@ -669,78 +585,29 @@ Using the following example file and table, modify the deployment or user config
</MachineScripts>
```
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Parameter in the example file</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p><code><AddPackage></code></p></td>
<td align="left"><p>Name of the event trigger for which you are running a script, such as adding a package or publishing a package.</p></td>
</tr>
<tr class="even">
<td align="left"><p><code><Path>ScriptRunner.exe</Path></code></p></td>
<td align="left"><p>The script launcher application that is included in the App-V client.</p>
<div class="alert">
<strong>Note</strong>  
<p>Although ScriptRunner.exe is included in the App-V client, the location of the App-V client must be in %path% or ScriptRunner will not run. ScriptRunner.exe is typically located in the C:\Program Files\Microsoft Application Virtualization\Client folder.</p>
</div>
<div>
 
</div></td>
</tr>
<tr class="odd">
<td align="left"><pre class="syntax" space="preserve"><code><Arguments>
-appvscript script1.exe arg1 arg2 appvscriptrunnerparameters wait timeout=10
|Parameter in the example file|Description|
|---|---|
|`<AddPackage>`|Name of the event trigger you're running a script for, such as when adding or publishing a package.|
|`ScriptRunner.exe`|The script launcher application included in the App-V client.<br><br>Although ScriptRunner.exe is included in the App-V client, the App-V client's location must be in %path% or ScriptRunner won't run. `ScriptRunner.exe` is typically located in the C:\Program Files\Microsoft Application Virtualization\Client folder.|
|`-appvscript script1.exe arg1 arg2 appvscriptrunnerparameters wait timeout=10`<br><br>`-appvscript script2.vbs arg1 arg2`<br><br>`-appvscript script3.bat arg1 arg2 appvscriptrunnerparameters wait timeout=30 -rollbackonerror`|`-appvscript`—token that represents the actual script you want to run.<br>`script1.exe`—name of the script you want to run.<br>`arg1 arg2`—arguments for the script you want to run.<br>`-appvscriptrunnerparameters`—token that represents the execution options for script1.exe.<br>`-wait`—token that tells ScriptRunner to wait for execution of script1.exe to finish before proceeding to the next script.<br>`-timeout=x`—token that informs ScriptRunner to stop running the current script after *x* number of seconds. All other specified scripts will still run.<br>`-rollbackonerror`—token that tells ScriptRunner to stop running all scripts that haven't yet run and roll back an error to the App-V client.|
|`<Wait timeout=”40” RollbackOnError=”true”/>`|Waits for overall completion of ScriptRunner.exe.<br><br>Set the timeout value for the overall runner to be greater than or equal to the sum of the timeout values on the individual scripts.<br><br>If any individual script reported an error and rollbackonerror was set to True, then ScriptRunner should report the error to App-V client.|
-appvscript script2.vbs arg1 arg2
-appvscript script3.bat arg1 arg2 appvscriptrunnerparameters wait timeout=30 -rollbackonerror
</Arguments></code></pre></td>
<td align="left"><p><code>-appvscript</code> - Token that represents the actual script that you want to run.</p>
<p><code>script1.exe</code> Name of the script that you want to run.</p>
<p><code>arg1 arg2</code> Arguments for the script that you want to run.</p>
<p><code>-appvscriptrunnerparameters</code> Token that represents the execution options for <code>script1.exe</code></p>
<p><code>-wait</code> Token that informs ScriptRunner to wait for execution of <code>script1.exe</code> to complete before proceeding to the next script.</p>
<p><code>-timeout=x</code> Token that informs ScriptRunner to stop running the current script after <code>x</code> number of seconds. All other specified scripts will still run.</p>
<p><code>-rollbackonerror</code> Token that informs ScriptRunner to stop running all scripts that haven't yet run and to roll back an error to the App-V client.</p></td>
</tr>
<tr class="even">
<td align="left"><p><code><Wait timeout=”40” RollbackOnError=”true”/></code></p></td>
<td align="left"><p>Waits for overall completion of ScriptRunner.exe.</p>
<p>Set the timeout value for the overall runner to be greater than or equal to the sum of the timeout values on the individual scripts.</p>
<p>If any individual script reported an error and rollbackonerror was set to <code>true</code>, then ScriptRunner would report the error to App-V client.</p></td>
</tr>
</tbody>
</table>
 
ScriptRunner will run any script whose file type is associated with an application installed on the computer. If the associated application is missing, or the scripts file type is not associated with any application on the computer, the script will not run.
ScriptRunner will run any script whose file type is associated with an application installed on the computer. If the associated application is missing, or the scripts file type isn't associated with any of the computer's applications, the script won't run.
### Create a Dynamic Configuration file using an App-V Manifest file
You can create the Dynamic Configuration file using one of three methods: either manually, using the App-V Management Console or sequencing a package, which will be generated with 2 sample files.
You can create the Dynamic Configuration file using one of three methods: manually, using the App-V Management Console, or by sequencing a package, which will generate a package with two sample files.
For more information about how to create the file using the App-V Management Console see, [How to Create a Custom Configuration File by Using the App-V Management Console](appv-create-a-custom-configuration-file-with-the-management-console.md).
For more information about how to create the file using the App-V Management Console, see [How to create a Custom Configuration file by using the App-V Management Console](appv-create-a-custom-configuration-file-with-the-management-console.md).
To create the file manually, the information above in previous sections can be combined into a single file. We recommend you use files generated by the sequencer.
To create the file manually, you can combine the components listed in the previous sections into a single file. However, we recommend you use files generated by the sequencer instead of manually created ones.
## Have a suggestion for App-V?
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
[How to Apply the Deployment Configuration File by Using Windows PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md)
[How to Apply the User Configuration File by Using Windows PowerShell](appv-apply-the-user-configuration-file-with-powershell.md)
[Operations for App-V](appv-operations.md)
- [How to Apply the Deployment Configuration File by Using Windows PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md)
- [How to Apply the User Configuration File by Using Windows PowerShell](appv-apply-the-user-configuration-file-with-powershell.md)
- [Operations for App-V](appv-operations.md)

19
windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
View File

@ -8,25 +8,22 @@ ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
---
# How to enable only administrators to publish packages by using an ESD
# How to Enable Only Administrators to Publish Packages by Using an ESD
**Applies to**
- Windows 10, version 1607
>Applies to: Windows 10, version 1607
Starting in App-V 5.0 SP3, you can configure the App-V client so that only administrators (not end users) can publish or unpublish packages. In earlier versions of App-V, you could not prevent end users from performing these tasks.
**To enable only administrators to publish or unpublish packages**
Here's how to enable only administrators to publish or unpublish packages:
1. Navigate to the following Group Policy Object node:
1. Navigate to the following Group Policy Object node:
**Computer Configuration &gt; Administrative Templates &gt; System &gt; App-V &gt; Publishing**.
**Computer Configuration** > **Administrative Templates** > **System** > **App-V** > **Publishing**.
2. Enable the **Require publish as administrator** Group Policy setting.
2. Enable the **Require publish as administrator** Group Policy setting.
To instead use Windows PowerShell to set this item, see [How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#bkmk-admins-pub-pkgs).
To instead use Windows PowerShell to set this item, see [Understanding pending packages: UserPending and GlobalPending](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#about-pending-packages-userpending-and-globalpending).
## Have a suggestion for App-V?
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).

2
windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
View File

@ -8,8 +8,6 @@ ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
---
# How to Enable Reporting on the App-V Client by Using Windows PowerShell
**Applies to**

2
windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
View File

@ -35,7 +35,7 @@ Check out these articles for more information about how to configure the App-V c
* [Deploying the App-V Sequencer and configuring the client](appv-deploying-the-appv-sequencer-and-client.md)
* [How to modify client configuration by using Windows PowerShell](appv-modify-client-configuration-with-powershell.md)
* [Using the client management console](appv-using-the-client-management-console.md)
* [How to configure the client to receive package and connection group updates From the Publishing server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md)
* [How to configure the client to receive package and connection group updates from the Publishing server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md)
## Have a suggestion for App-V?

59
windows/application-management/app-v/appv-for-windows.md
View File

@ -6,64 +6,61 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.date: 09/27/2018
---
# Application Virtualization (App-V) for Windows 10 overview
**Applies to**
- Windows 10, version 1607
>Applies to: Windows 10, version 1607
The topics in this section provide information and step-by-step procedures to help you administer App-V and its components. This information will be valuable for system administrators who manage large installations with many servers and clients and for support personnel who interact directly with the computers or the end users.
The topics in this section provide information and instructions to help you administer App-V and its components. This information is for system administrators who manage large installations with many servers and clients, and for support personnel who interact directly with the computers or users.
[Getting Started with App-V](appv-getting-started.md)
[Getting started with App-V](appv-getting-started.md)
- [What's new in App-V](appv-about-appv.md)
- [Evaluating App-V](appv-evaluating-appv.md)
- [High Level Architecture for App-V](appv-high-level-architecture.md)
- [High-level architecture for App-V](appv-high-level-architecture.md)
[Planning for App-V](appv-planning-for-appv.md)
- [Preparing Your Environment for App-V](appv-preparing-your-environment.md)
- [App-V Prerequisites](appv-prerequisites.md)
- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
- [App-V Supported Configurations](appv-supported-configurations.md)
- [App-V Planning Checklist](appv-planning-checklist.md)
- [Preparing your environment for App-V](appv-preparing-your-environment.md)
- [App-V prerequisites](appv-prerequisites.md)
- [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
- [App-V supported configurations](appv-supported-configurations.md)
- [App-V planning checklist](appv-planning-checklist.md)
[Deploying App-V](appv-deploying-appv.md)
- [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
- [Deploying the App-V Sequencer and configuring the client](appv-deploying-the-appv-sequencer-and-client.md)
- [Deploying the App-V Server](appv-deploying-the-appv-server.md)
- [App-V Deployment Checklist](appv-deployment-checklist.md)
- [Deploying Microsoft Office 2016 by Using App-V](appv-deploying-microsoft-office-2016-with-appv.md)
- [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
- [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
- [App-V deployment checklist](appv-deployment-checklist.md)
- [Deploying Microsoft Office 2016 by using App-V](appv-deploying-microsoft-office-2016-with-appv.md)
- [Deploying Microsoft Office 2013 by using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
- [Deploying Microsoft Office 2010 by using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
[Operations for App-V](appv-operations.md)
- [Creating and Managing App-V Virtualized Applications](appv-creating-and-managing-virtualized-applications.md)
- [Creating and managing App-V virtualized applications](appv-creating-and-managing-virtualized-applications.md)
- [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-provision-a-vm.md)
- [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md)
- [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md)
- [Administering App-V Virtual Applications by Using the Management Console](appv-administering-virtual-applications-with-the-management-console.md)
- [Managing Connection Groups](appv-managing-connection-groups.md)
- [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md)
- [Administering App-V Virtual Applications by using the Management Console](appv-administering-virtual-applications-with-the-management-console.md)
- [Managing connection groups](appv-managing-connection-groups.md)
- [Deploying App-V packages by using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md)
- [Using the App-V Client Management Console](appv-using-the-client-management-console.md)
- [Automatically cleanup unpublished packages on the App-V client](appv-auto-clean-unpublished-packages.md)
- [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)
- [Automatically clean up unpublished packages on the App-V client](appv-auto-clean-unpublished-packages.md)
- [Migrating to App-V from a previous version](appv-migrating-to-appv-from-a-previous-version.md)
- [Maintaining App-V](appv-maintaining-appv.md)
- [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
- [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md)
[Troubleshooting App-V](appv-troubleshooting.md)
[Technical Reference for App-V](appv-technical-reference.md)
[Technical reference for App-V](appv-technical-reference.md)
- [Performance Guidance for Application Virtualization](appv-performance-guidance.md)
- [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md)
- [Viewing App-V Server Publishing Metadata](appv-viewing-appv-server-publishing-metadata.md)
- [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md)
- [Performance guidance for Application Virtualization](appv-performance-guidance.md)
- [Application publishing and client interaction](appv-application-publishing-and-client-interaction.md)
- [Viewing App-V Server publishing metadata](appv-viewing-appv-server-publishing-metadata.md)
- [Running a locally installed application inside a virtual environment with virtualized applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md)
## Have a suggestion for App-V?
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).

190
windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
View File

@ -6,172 +6,90 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.date: 09/27/2018
---
# How to load the Windows PowerShell cmdlets for App-V and get cmdlet help
>Applies to: Windows 10, version 1607
# How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help
## Requirements for using Windows PowerShell cmdlets
**Applies to**
- Windows 10, version 1607
This section will tell you what you'll need to use the PowerShell cmdlets.
What this topic covers:
### How to let users access PowerShell cmdlets
- [Requirements for using Windows PowerShell cmdlets](#bkmk-reqs-using-posh)
You can grant your users access to PowerShell cmdlets through one of the following methods:
- [Loading the Windows PowerShell cmdlets](#bkmk-load-cmdlets)
* While you're deploying and configuring the App-V server, specify an Active Directory group or individual user with permissions to manage the App-V environment. For more information, see [How to deploy the App-V Server](appv-deploy-the-appv-server.md).
* After you've deployed the App-V server, you can use the App-V Management console to add an additional Active Directory group or user. For more information, see [How to add or remove an administrator by using the Management console](appv-add-or-remove-an-administrator-with-the-management-console.md).
- [Getting help for the Windows PowerShell cmdlets](#bkmk-get-cmdlet-help)
### Elevated command prompt
- [Displaying the help for a Windows PowerShell cmdlet](#bkmk-display-help-cmdlet)
You'll need an elevated command prompt to run the following cmdlets:
## <a href="" id="bkmk-reqs-using-posh"></a>Requirements for using Windows PowerShell cmdlets
* **Add-AppvClientPackage**
* **Remove-AppvClientPackage**
* **Set-AppvClientConfiguration**
* **Add-AppvClientConnectionGroup**
* **Remove-AppvClientConnectionGroup**
* **Add-AppvPublishingServer**
* **Remove-AppvPublishingServer**
* **Send-AppvClientReport**
* **Set-AppvClientMode**
* **Set-AppvClientPackage**
* **Set-AppvPublishingServer**
### Other cmdlets
Review the following requirements for using the Windows PowerShell cmdlets:
The following cmdlets are ones that end-users can run unless you configure them to require an elevated command prompt.
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Requirement</th>
<th align="left">Details</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Users can run App-V Server cmdlets only if you grant them access by using one of the following methods:</p></td>
<td align="left"><ul>
<li><p><strong>When you are deploying and configuring the App-V Server</strong>:</p>
<p>Specify an Active Directory group or individual user that has permissions to manage the App-V environment. See [How to Deploy the App-V Server](appv-deploy-the-appv-server.md).</p></li>
<li><p><strong>After youve deployed the App-V Server</strong>:</p>
<p>Use the App-V Management console to add an additional Active Directory group or user. See [How to Add or Remove an Administrator by Using the Management Console](appv-add-or-remove-an-administrator-with-the-management-console.md).</p></li>
</ul></td>
</tr>
<tr class="even">
<td align="left"><p>Cmdlets that require an elevated command prompt</p></td>
<td align="left"><ul>
<li><p>Add-AppvClientPackage</p></li>
<li><p>Remove-AppvClientPackage</p></li>
<li><p>Set-AppvClientConfiguration</p></li>
<li><p>Add-AppvClientConnectionGroup</p></li>
<li><p>Remove-AppvClientConnectionGroup</p></li>
<li><p>Add-AppvPublishingServer</p></li>
<li><p>Remove-AppvPublishingServer</p></li>
<li><p>Send-AppvClientReport</p></li>
<li><p>Set-AppvClientMode</p></li>
<li><p>Set-AppvClientPackage</p></li>
<li><p>Set-AppvPublishingServer</p></li>
</ul></td>
</tr>
<tr class="odd">
<td align="left"><p>Cmdlets that end users can run, unless you configure them to require an elevated command prompt</p></td>
<td align="left"><ul>
<li><p>Publish-AppvClientPackage</p></li>
<li><p>Unpublish-AppvClientPackage</p></li>
</ul>
<p>To configure these cmdlets to require an elevated command prompt, use one of the following methods:</p>
<ul>
<li><p>Run the <strong>Set-AppvClientConfiguration</strong> cmdlet with the <strong>-RequirePublishAsAdmin</strong> parameter.</p>
<p>For more information, see:<br>[How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md)<br>[How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#bkmk-admins-pub-pkgs).</p></li>
<li><p>Enable the “Require publish as administrator” Group Policy setting for App-V Clients.</p>
<p>For more information, see [How to Publish a Package by Using the Management Console](appv-publish-a-packages-with-the-management-console.md)</p></li>
</ul>
</td>
</tr>
</tbody>
</table>
* **Publish-AppvClientPackage**
* **Unpublish-AppvClientPackage**
 
To configure these cmdlets to require an elevated command prompt, use one of the following methods:
## <a href="" id="bkmk-load-cmdlets"></a>Loading the Windows PowerShell cmdlets
* Run the **Set-AppvClientConfiguration** cmdlet with the *-RequirePublishAsAdmin* parameter. For more information, see the following resources:
* [How to manage connection groups on a stand-alone computer by using Windows PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md)
* [Understanding pending packages: UserPending and GlobalPending](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#about-pending-packages-userpending-and-globalpending)
* Enable the **Require publish as administrator** Group Policy setting for App-V Clients. For more information, see [How to publish a package by using the Management Console](appv-publish-a-packages-with-the-management-console.md).
## Loading the Windows PowerShell cmdlets
To load the Windows PowerShell cmdlet modules:
1. Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE).
1. Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE).
2. Enter one of the following cmdlets to load a list of usable cmdlets for the module you want:
2. Type one of the following commands to load the cmdlets for the module you want:
|App-v component|Cmdlet to enter|
|---|---|
|App-V Server|**Import-Module AppvServer**|
|App-V Sequencer|**Import-Module AppvSequencer**|
|App-V Client|**Import-Module AppvClient**|
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">App-V component</th>
<th align="left">Command to type</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>App-V Server</p></td>
<td align="left"><p>Import-Module AppvServer</p></td>
</tr>
<tr class="even">
<td align="left"><p>App-V Sequencer</p></td>
<td align="left"><p>Import-Module AppvSequencer</p></td>
</tr>
<tr class="odd">
<td align="left"><p>App-V Client</p></td>
<td align="left"><p>Import-Module AppvClient</p></td>
</tr>
</tbody>
</table>
 
## <a href="" id="bkmk-get-cmdlet-help"></a>Getting help for the Windows PowerShell cmdlets
## Getting help for the Windows PowerShell cmdlets
Starting in App-V 5.0 SP3, cmdlet help is available in two formats:
- **As a downloadable module**: To download the latest help after downloading the cmdlet module, open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE), and type one of the following commands:
* As a downloadable module in PowerShell. To access the module, open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE) and enter one of the cmdlets from the following table.
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">App-V component</th>
<th align="left">Command to type</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>App-V Server</p></td>
<td align="left"><p>Update-Help -Module AppvServer</p></td>
</tr>
<tr class="even">
<td align="left"><p>App-V Sequencer</p></td>
<td align="left"><p>Update-Help -Module AppvSequencer</p></td>
</tr>
<tr class="odd">
<td align="left"><p>App-V Client</p></td>
<td align="left"><p>Update-Help -Module AppvClient</p></td>
</tr>
</tbody>
</table>
|App-v component|Cmdlet to enter|
|---|---|
|App-V Server|**Update-Help -Module AppvServer**|
|App-V Sequencer|**Update-Help -Module AppvSequencer**|
|App-V Client|**Update-Help -Module AppvClient**|
<br>
- **On TechNet as web pages**: See the App-V node under [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://technet.microsoft.com/library/dn520245.aspx).
## <a href="" id="bkmk-display-help-cmdlet"></a>Displaying the help for a Windows PowerShell cmdlet
* Online in the [Microsoft Desktop Optimization Pack](https://docs.microsoft.com/en-us/powershell/mdop/get-started?view=win-mdop2-ps).
## Displaying the help for a Windows PowerShell cmdlet
To display help for a specific Windows PowerShell cmdlet:
1. Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE).
2. Type **Get-Help** &lt;*cmdlet*&gt;, for example, **Get-Help Publish-AppvClientPackage**.
1. Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE).
2. Enter **Get-Help** followed by the cmdlet you need help with. For example:
```PowerShell
Get-Help Publish-AppvClientPackage
```
## Have a suggestion for App-V?
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).

33
windows/application-management/app-v/appv-maintaining-appv.md
View File

@ -6,45 +6,30 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.date: 09/27/2018
---
# Maintaining App-V
**Applies to**
- Windows 10, version 1607
>Applies to: Windows 10, version 1607
After you have deployed App-V for Windows 10, you can use the following information to maintain the App-V infrastructure.
## Moving the App-V server
The App-V server connects to the App-V database. Therefore you can install the management component on any computer on the network and then connect it to the App-V database.
The App-V server connects to the App-V database, which means you can install the management component and connect it to the App-V database on any computer on the network. For more information, see [How to move the App-V server to another computer](appv-move-the-appv-server-to-another-computer.md).
[How to Move the App-V Server to Another Computer](appv-move-the-appv-server-to-another-computer.md)
## Determine if an App-V application is running virtualized
## <a href="" id="determine-if-an-app-v-application-is-running-virtualized-"></a>Determine if an App-V Application is Running Virtualized
Independent software vendors (ISV) who want to determine if an application is running virtualized with App-V should open a named object called **AppVVirtual-&lt;PID&gt;** in the default namespace (PID stands for process ID). To find the process ID of the process you're currently using, enter the Windows API **GetCurrentProcessId()**.
For example, let's say the process ID is 4052. If you can successfully open a named Event object called **AppVVirtual-4052** with the **OpenEvent()** API in the default read access namespace, then the application is virtual. If the **OpenEvent()** call fails, the application isn't virtual.
Independent software vendors (ISV) who want to determine if an application is running virtualized with App-V should open a named object called **AppVVirtual-&lt;PID&gt;** in the default namespace. For example, Windows API **GetCurrentProcessId()** can be used to obtain the current process's ID, for example 4052, and then if a named Event object called **AppVVirtual-4052** can be successfully opened using **OpenEvent()** in the default namespace for read access, then the application is virtual. If the **OpenEvent()** call fails, the application is not virtual.
Additionally, ISVs who want to explicitly virtualize or not virtualize calls on specific APIs with App-V 5.1 and later, can use the **VirtualizeCurrentThread()** and **CurrentThreadIsVirtualized()** functions implemented in the AppEntSubsystems32.dll module. These provide a way of hinting at a downstream component that the call should or should not be virtualized.
Additionally, ISVs who want to explicitly virtualize or not virtualize calls on specific APIs with App-V 5.1 and later can use the **VirtualizeCurrentThread()** and **CurrentThreadIsVirtualized()** functions implemented in the AppEntSubsystems32.dll module to hint to a downstream component whether the call should be virtualized or not.
## Have a suggestion for App-V?
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Other resources for maintaining App-V
[Operations for App-V](appv-operations.md)
 
 
* [Operations for App-V](appv-operations.md)

306
windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
View File

@ -1,283 +1,171 @@
---
title: How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell (Windows 10)
description: How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell
title: How to manage App-V packages running on a stand-alone computer by using Windows PowerShell (Windows 10)
description: How to manage App-V packages running on a stand-alone computer by using Windows PowerShell.
author: MaggiePucciEvans
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.date: 09/24/2018
---
# How to manage App-V packages running on a stand-alone computer by using Windows PowerShell
>Applies to: Windows 10, version 1607
# How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell
The following sections explain how to perform various management tasks on a stand-alone client computer with Windows PowerShell cmdlets.
**Applies to**
- Windows 10, version 1607
## Return a list of packages
Enter the **Get-AppvClientPackage** cmdlet to return a list of packages entitled to a specific user. Its parameters are *-Name*, *-Version*, *-PackageID*, and *-VersionID*.
The following sections explain how to perform various management tasks on a stand-alone client computer by using Windows PowerShell:
For example:
- [To return a list of packages](#bkmk-return-pkgs-standalone-posh)
```PowerShell
Get-AppvClientPackage Name “ContosoApplication” -Version 2
```
- [To add a package](#bkmk-add-pkgs-standalone-posh)
## Add a package
- [To publish a package](#bkmk-pub-pkg-standalone-posh)
Use the **Add-AppvClientPackage** cmdlet to add a package to a computer.
- [To publish a package to a specific user](#bkmk-pub-pkg-a-user-standalone-posh)
>[!IMPORTANT]
>This example only adds a package. It does not publish the package to the user or the computer.
- [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh)
For example:
- [To unpublish an existing package](#bkmk-unpub-pkg-standalone-posh)
```PowerShell
$Contoso = Add-AppvClientPackage \\\\path\\to\\appv\\package.appv
```
- [To unpublish a package for a specific user](#bkmk-unpub-pkg-specfc-use)
## Publish a package
- [To remove an existing package](#bkmk-remove-pkg-standalone-posh)
Use the **Publish-AppvClientPackage** cmdlet to publish a package that has been added to either a specific user or globally to any user on the computer.
- [To enable only administrators to publish or unpublish packages](#bkmk-admins-pub-pkgs)
Enter the cmdlet with the application name to publish it to the user.
- [Understanding pending packages (UserPending and GlobalPending)](#bkmk-understd-pend-pkgs)
```PowerShell
Publish-AppvClientPackage “ContosoApplication”
```
## <a href="" id="bkmk-return-pkgs-standalone-posh"></a>To return a list of packages
To publish the application globally, just add the *-Global* parameter.
```Powershell
Publish-AppvClientPackage “ContosoApplication” -Global
```
Use the following information to return a list of packages that are entitled to a specific user:
## Publish a package to a specific user
**Cmdlet**: Get-AppvClientPackage
>[!NOTE]  
>You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter.
**Parameters**: -Name -Version -PackageID -VersionID
**Example**: Get-AppvClientPackage Name “ContosoApplication” -Version 2
## <a href="" id="bkmk-add-pkgs-standalone-posh"></a>To add a package
Use the following information to add a package to a computer.
**Important**  
This example only adds a package. It does not publish the package to the user or the computer.
 
**Cmdlet**: Add-AppvClientPackage
**Example**: $Contoso = Add-AppvClientPackage \\\\path\\to\\appv\\package.appv
## <a href="" id="bkmk-pub-pkg-standalone-posh"></a>To publish a package
Use the following information to publish a package that has been added to a specific user or globally to any user on the computer.
<table>
<colgroup>
<col width="30%" />
<col width="70%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Publishing method</th>
<th align="left">Cmdlet and example</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Publishing to the user</p></td>
<td align="left"><p><strong>Cmdlet</strong>: Publish-AppvClientPackage</p>
<p><strong>Example</strong>: Publish-AppvClientPackage “ContosoApplication”</p></td>
</tr>
<tr class="even">
<td align="left"><p>Publishing globally</p></td>
<td align="left"><p><strong>Cmdlet</strong>: Publish-AppvClientPackage</p>
<p><strong>Example</strong>: Publish-AppvClientPackage “ContosoApplication” -Global</p></td>
</tr>
</tbody>
</table>
 
## <a href="" id="bkmk-pub-pkg-a-user-standalone-posh"></a>To publish a package to a specific user
**Note**  
You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter.
 
An administrator can publish a package to a specific user by specifying the optional **UserSID** parameter with the **Publish-AppvClientPackage** cmdlet, where **-UserSID** represents the end users security identifier (SID).
An administrator can publish a package to a specific user by specifying the optional *UserSID* parameter with the **Publish-AppvClientPackage** cmdlet, where *-UserSID* represents the end users security identifier (SID).
To use this parameter:
- You can run this cmdlet from the user or administrator session.
- You can run this cmdlet from the user or administrator session.
- You must be logged in with administrative credentials to use the parameter.
- The end user must be signed in.
- You must provide the end users security identifier (SID).
- You must be logged in with administrative credentials to use the parameter.
For example:
- The end user must be logged in.
```PowerShell
Publish-AppvClientPackage “ContosoApplication” -UserSID S-1-2-34-56789012-3456789012-345678901-2345
```
- You must provide the end users security identifier (SID).
## Add and publish a package
**Cmdlet**: Publish-AppvClientPackage
Use the **Add-AppvClientPackage** cmdlet to add a package to a computer and publish it to the user.
**Example**: Publish-AppvClientPackage “ContosoApplication” -UserSID S-1-2-34-56789012-3456789012-345678901-2345
For example:
## <a href="" id="bkmk-add-pub-pkg-standalone-posh"></a>To add and publish a package
```PowerShell
Add-AppvClientPackage <path to App-V package> | Publish-AppvClientPackage
```
## Unpublish an existing package
Use the following information to add a package to a computer and publish it to the user.
Use the **Unpublish-AppvClientPackage** cmdlet to unpublish a package which has been entitled to a user but not remove the package from the computer.
**Cmdlet**: Add-AppvClientPackage
For example:
**Example**: Add-AppvClientPackage \\\\path\\to\\appv\\package.appv | Publish-AppvClientPackage
```PowerShell
Unpublish-AppvClientPackage “ContosoApplication”
```
## <a href="" id="bkmk-unpub-pkg-standalone-posh"></a>To unpublish an existing package
## Unpublish a package for a specific user
>[!NOTE]
>You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter.
Use the following information to unpublish a package which has been entitled to a user but not remove the package from the computer.
**Cmdlet**: Unpublish-AppvClientPackage
**Example**: Unpublish-AppvClientPackage “ContosoApplication”
## <a href="" id="bkmk-unpub-pkg-specfc-use"></a>To unpublish a package for a specific user
**Note**  
You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter.
 
An administrator can unpublish a package for a specific user by using the optional **UserSID** parameter with the **Unpublish-AppvClientPackage** cmdlet, where **-UserSID** represents the end users security identifier (SID).
An administrator can unpublish a package for a specific user by using the optional *-UserSID* parameter with the **Unpublish-AppvClientPackage** cmdlet, where *-UserSID* represents the end users security identifier (SID).
To use this parameter:
- You can run this cmdlet from the user or administrator session.
- You can run this cmdlet from the user or administrator session.
- You must sign in with administrative credentials to use the parameter.
- The end user must be signed in.
- You must provide the end users security identifier (SID).
- You must be logged in with administrative credentials to use the parameter.
For example:
- The end user must be logged in.
```PowerShell
Unpublish-AppvClientPackage “ContosoApplication” -UserSID S-1-2-34-56789012-3456789012-345678901-2345
```
- You must provide the end users security identifier (SID).
## Remove an existing package
**Cmdlet**: Unpublish-AppvClientPackage
Use the **Remove-AppvClientPackage** cmdlet to remove a package from the computer.
**Example**: Unpublish-AppvClientPackage “ContosoApplication” -UserSID S-1-2-34-56789012-3456789012-345678901-2345
For example:
## <a href="" id="bkmk-remove-pkg-standalone-posh"></a>To remove an existing package
```PowerShell
Remove-AppvClientPackage “ContosoApplication”
```
>[!NOTE]
>App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [Add and publish a package](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#add-and-publish-a-package). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](https://blogs.technet.microsoft.com/appv/2012/12/03/app-v-5-0-client-powershell-deep-dive/).
Use the following information to remove a package from the computer.
## Enable only administrators to publish or unpublish packages
**Cmdlet**: Remove-AppvClientPackage
Starting in App-V 5.0 SP3, you can use the **Set-AppvClientConfiguration** cmdlet and *-RequirePublishAsAdmin* parameter to enable only administrators (not end users) to publish or unpublish packages.
**Example**: Remove-AppvClientPackage “ContosoApplication”
You can set the *-RequirePublishAsAdmin* parameter to the following values:
**Note**  
App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](https://blogs.technet.microsoft.com/appv/2012/12/03/app-v-5-0-client-powershell-deep-dive/).
- 0: False
- 1: True
 
For example:
## <a href="" id="bkmk-admins-pub-pkgs"></a>To enable only administrators to publish or unpublish packages
```PowerShell
Set-AppvClientConfiguration RequirePublishAsAdmin1
```
Starting in App-V 5.0 SP3, you can use the following cmdlet and parameter to enable only administrators (not end users) to publish or unpublish packages:
To use the App-V Management console to set this configuration, see [How to publish a package by using the Management Console](appv-publish-a-packages-with-the-management-console.md).
<table>
<colgroup>
<col width="30%" />
<col width="70%" />
</colgroup>
<tbody>
<tr class="odd">
<td align="left"><p><strong>Cmdlet</strong></p></td>
<td align="left"><p>Set-AppvClientConfiguration</p></td>
</tr>
<tr class="even">
<td align="left"><p><strong>Parameter</strong></p></td>
<td align="left"><p>-RequirePublishAsAdmin</p>
<p>Parameter values:</p>
<ul>
<li><p>0 - False</p></li>
<li><p>1 - True</p></li>
</ul>
<p><strong>Example:</strong>: Set-AppvClientConfiguration RequirePublishAsAdmin1</p></td>
</tr>
</tbody>
</table>
## About pending packages: UserPending and GlobalPending
 
Starting in App-V 5.0 SP2, if you run a Windows PowerShell cmdlet that affects a package currently in use, the task you're trying to perform is placed in a pending state. For example, if you try to publish a package when an application in that package is being used, and then run **Get-AppvClientPackage**, the pending status appears in the cmdlet output as follows:
To use the App-V Management console to set this configuration, see [How to Publish a Package by Using the Management Console](appv-publish-a-packages-with-the-management-console.md).
## <a href="" id="bkmk-understd-pend-pkgs"></a>Understanding pending packages (UserPending and GlobalPending)
**Starting in App-V 5.0 SP2**: If you run a Windows PowerShell cmdlet that affects a package that is currently in use, the task that you are trying to perform is placed in a pending state. For example, if you try to publish a package when an application in that package is being used, and then run **Get-AppvClientPackage**, the pending status appears in the cmdlet output as follows:
<table>
<colgroup>
<col width="30%" />
<col width="70%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Cmdlet output item</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>UserPending</p></td>
<td align="left"><p>Indicates whether the listed package has a pending task that is being applied to the user:</p>
<ul>
<li><p>True</p></li>
<li><p>False</p></li>
</ul></td>
</tr>
<tr class="even">
<td align="left"><p>GlobalPending</p></td>
<td align="left"><p>Indicates whether the listed package has a pending task that is being applied globally to the computer:</p>
<ul>
<li><p>True</p></li>
<li><p>False</p></li>
</ul></td>
</tr>
</tbody>
</table>
 
|Cmdlet output item|Description|
|---|---|
|UserPending|Indicates whether the listed package has a pending task that is being applied to the user:<br>- True<br>- False|
|GlobalPending|Indicates whether the listed package has a pending task that is being applied globally to the computer:<br>- True<br>- False|
The pending task will run later, according to the following rules:
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Task type</th>
<th align="left">Applicable rule</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>User-based task, e.g., publishing a package to a user</p></td>
<td align="left"><p>The pending task will be performed after the user logs off and then logs back on.</p></td>
</tr>
<tr class="even">
<td align="left"><p>Globally based task, e.g., enabling a connection group globally</p></td>
<td align="left"><p>The pending task will be performed when the computer is shut down and then restarted.</p></td>
</tr>
</tbody>
</table>
|Task type|Applicable rule|
|---|---|
|User-based<br>(for example, publishing a package to a user)|The pending task will be performed after the user logs off and then logs back on.|
|Globally based<br>(for example, enabling a connection group globally)|The pending task will be performed when the computer is shut down and then restarted.|
For more information about pending tasks, see [Upgrading an in-use App-V package](appv-application-publishing-and-client-interaction.md#upgrading-an-in-use-app-v-package).
## Have a suggestion for App-V?
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
[Operations for App-V](appv-operations.md)
[Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
- [Operations for App-V](appv-operations.md)
- [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md)

20
windows/application-management/app-v/appv-publish-a-connection-group.md
View File

@ -6,29 +6,25 @@ ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.date: 09/27/2018
---
# How to Publish a Connection Group
**Applies to**
- Windows 10, version 1607
>Applies to: Windows 10, version 1607
After you create a connection group, you must publish it to computers that run the App-V client.
**To publish a connection group**
## Publish a connection group
1. Open the App-V Management Console, and select **CONNECTION GROUPS**.
1. Open the App-V Management Console and select **CONNECTION GROUPS**.
2. Right-click the connection group to be published, and select **publish**.
2. Right-click the connection group to be published, and select **publish**.
## Have a suggestion for App-V?
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
[Operations for App-V](appv-operations.md)
[Managing Connection Groups](appv-managing-connection-groups.md)
* [Operations for App-V](appv-operations.md)
* [Managing connection groups](appv-managing-connection-groups.md)

44
windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
View File

@ -1,51 +1,45 @@
---
title: How to Publish a Package by Using the Management Console (Windows 10)
description: How to Publish a Package by Using the Management Console
title: How to publish a package by using the Management console (Windows 10)
description: How to publish a package by using the Management console.
author: MaggiePucciEvans
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library
ms.prod: w10
ms.date: 04/19/2017
ms.date: 09/27/2018
---
# How to publish a package by using the Management console
>Applies to: Windows 10, version 1607
# How to Publish a Package by Using the Management Console
Use the following procedure to publish an App-V package. Once you publish a package, computers running the App-V client can access and run the applications in that package.
**Applies to**
- Windows 10, version 1607
>[!NOTE]  
>The ability to enable only administrators to publish or unpublish packages (described below) is supported starting in App-V 5.0 SP3.
Use the following procedure to publish an App-V package. Once you publish a package, computers that are running the App-V client can access and run the applications in that package.
## Publish an App-V package
**Note**  
The ability to enable only administrators to publish or unpublish packages (described below) is supported starting in App-V 5.0 SP3.
1. In the App-V Management console. Select or right-click the name of the package to be published. Select **Publish**.
 
**To publish an App-V package**
1. In the App-V Management console. Click or right-click the name of the package to be published. Select **Publish**.
2. Review the **Status** column to verify that the package has been published and is now available. If the package is available, the status **published** is displayed.
2. Review the **Status** column to verify that the package has been published and is now available. If the package is available, the status **published** is displayed.
If the package is not published successfully, the status **unpublished** is displayed, along with error text that explains why the package is not available.
**To enable only administrators to publish or unpublish packages**
## Enable only administrators to publish or unpublish packages
1. Navigate to the following Group Policy Object node:
1. Navigate to the following Group Policy Object node:
**Computer Configuration &gt; Administrative Templates &gt; System &gt; App-V &gt; Publishing**.
**Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **App-V** &gt; **Publishing**.
2. Enable the **Require publish as administrator** Group Policy setting.
2. Enable the **Require publish as administrator** Group Policy setting.
To instead use Windows PowerShell to set this item, see [How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#bkmk-admins-pub-pkgs).
To instead use Windows PowerShell to set this item, see [Understanding pending packages: UserPending and GlobalPending](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#about-pending-packages-userpending-and-globalpending).
## Have a suggestion for App-V?
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
## Related topics
[Operations for App-V](appv-operations.md)
[How to Configure Access to Packages by Using the Management Console](appv-configure-access-to-packages-with-the-management-console.md)
* [Operations for App-V](appv-operations.md)
* [How to configure access to packages by using the Management console](appv-configure-access-to-packages-with-the-management-console.md)

14
windows/configuration/kiosk-shelllauncher.md
View File

@ -8,7 +8,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: medium
ms.date: 07/30/2018
ms.date: 10/01/2018
---
# Use Shell Launcher to create a Windows 10 kiosk
@ -25,11 +25,19 @@ ms.date: 07/30/2018
Using Shell Launcher, you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on.
>[!NOTE]
>Using the Shell Launcher controls which application the user sees as the shell after sign-in. It does not prevent the user from accessing other desktop applications and system components.
>
>Methods of controlling access to other desktop applications and system components can be used in addition to using the Shell Launcher. These methods include, but are not limited to:
>- [Group Policy](https://www.microsoft.com/download/details.aspx?id=25250) - example: Prevent access to registry editing tools
>- [AppLocker](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview) - Application control policies
>- [Mobile Device Management](https://docs.microsoft.com/windows/client-management/mdm) - Enterprise management of device security policies
>
>You can also configure a kiosk device that runs a Windows desktop application by using the [Provision kiosk devices wizard](#wizard).
>[!WARNING]
>- Windows 10 doesnt support setting a custom shell prior to OOBE. If you do, you wont be able to deploy the resulting image.
>- Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you cannot specify **write.exe** in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. **Write.exe** creates a 32-bit wordpad.exe process and exits. Because Shell Launcher is not aware of the newly created wordpad.exe process, Shell Launcher will take action based on the exit code of **Write.exe**, such as restarting the custom shell.
>Windows 10 doesnt support setting a custom shell prior to the out-of-box-experience (OOBE). If you do, you wont be able to deploy the resulting image.
>
>Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you cannot specify **write.exe** in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. **Write.exe** creates a 32-bit wordpad.exe process and exits. Because Shell Launcher is not aware of the newly created wordpad.exe process, Shell Launcher will take action based on the exit code of **Write.exe**, such as restarting the custom shell.
### Requirements

11
windows/deployment/TOC.md
View File

@ -20,7 +20,8 @@
## [Deploy Windows 10](deploy.md)
### [Overview of Windows Autopilot](windows-autopilot/windows-autopilot.md)
### [Windows 10 in S mode](windows-10-pro-in-s-mode.md)
### [Windows 10 in S mode](s-mode.md)
#### [Switch to Windows 10 Pro/Enterprise from S mode](windows-10-pro-in-s-mode.md)
### [Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
### [Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md)
### [Windows 10 volume license media](windows-10-media.md)
@ -217,13 +218,6 @@
### [Prepare servicing strategy for Windows 10 updates](update/waas-servicing-strategy-windows-10-updates.md)
### [Build deployment rings for Windows 10 updates](update/waas-deployment-rings-windows-10-updates.md)
### [Assign devices to servicing channels for Windows 10 updates](update/waas-servicing-channels-windows-10-updates.md)
### [Get started with Windows Update](update/windows-update-overview.md)
#### [How Windows Update works](update/how-windows-update-works.md)
#### [Windows Update log files](update/windows-update-logs.md)
#### [How to troubleshoot Windows Update](update/windows-update-troubleshooting.md)
#### [Common Windows Update errors](update/windows-update-errors.md)
#### [Windows Update error code reference](update/windows-update-error-reference.md)
#### [Other Windows Update resources](update/windows-update-resources.md)
### [Optimize Windows 10 update delivery](update/waas-optimize-windows-10-updates.md)
#### [Configure Delivery Optimization for Windows 10 updates](update/waas-delivery-optimization.md)
#### [Configure BranchCache for Windows 10 updates](update/waas-branchcache.md)
@ -241,6 +235,7 @@
### [Deploy Windows 10 updates using System Center Configuration Manager](update/waas-manage-updates-configuration-manager.md)
### [Manage device restarts after updates](update/waas-restart.md)
### [Manage additional Windows Update settings](update/waas-wu-settings.md)
### [Determine the source of Windows updates](update/windows-update-sources.md)
### [Change history for Update Windows 10](update/change-history-for-update-windows-10.md)
## [Windows Analytics](update/windows-analytics-overview.md)

BIN
windows/deployment/images/CreateSolution-Part1-Marketplace.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 85 KiB

BIN
windows/deployment/images/CreateSolution-Part2-Create.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 420 KiB

BIN
windows/deployment/images/CreateSolution-Part3-Workspace.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 451 KiB

BIN
windows/deployment/images/CreateSolution-Part4-WorkspaceSelected.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 357 KiB

BIN
windows/deployment/images/CreateSolution-Part5-GoToResource.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 245 KiB

BIN
windows/deployment/images/UR-Azureportal1.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 116 KiB

BIN
windows/deployment/images/UR-Azureportal2.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 190 KiB

BIN
windows/deployment/images/UR-Azureportal3.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 143 KiB

BIN
windows/deployment/images/UR-Azureportal4.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 65 KiB

BIN
windows/deployment/images/autopilotworkflow.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 64 KiB

BIN
windows/deployment/images/s-mode-flow-chart.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 31 KiB

BIN
windows/deployment/images/smodeconfig.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 64 KiB

45
windows/deployment/s-mode.md Normal file
View File

@ -0,0 +1,45 @@
---
title: Windows 10 Pro in S mode
description: Overview of Windows 10 Pro/Enterprise in S mode. What is S mode for Enterprise customers?
keywords: Windows 10 S, S mode, Windows S mode, Windows 10 S mode, S-mode, system requirements, Overview, Windows 10 Pro in S mode, Windows 10 Enterprise in S mode, Windows 10 Pro/Enterprise in S mode
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.prod: w10
ms.sitesec: library
ms.pagetype: deploy
ms.date: 10/02/2018
author: Mikeblodge
---
# Windows 10 in S mode - What is it?
S mode is an evolution of the S SKU introduced with Windows 10 April 2018 Update. It's a configuration that's available on all Windows Editions when enabled at the time of manufacturing. The edition of Windows can be upgrade at any time as shown below. However, the switch from S mode is a onetime switch and can only be undone by a wipe and reload of the OS.
![Configuration and features of S mode](images/smodeconfig.png)
## S mode key features
**Microsoft-verified security**
With Windows 10 in S mode, youll find your favorite applications, such as Office, Evernote, and Spotify in the Microsoft Store where theyre Microsoft-verified for security. You can also feel secure when youre online. Microsoft Edge, your default browser, gives you protection against phishing and socially-engineered malware.
**Performance that lasts**
Start-ups are quick, and S mode is built to keep them that way. With Microsoft Edge as your browser, your online experience is fast and secure. Plus, youll enjoy a smooth, responsive experience, whether youre streaming HD video, opening apps, or being productive on the go.
**Choice and flexibility**
Save your files to your favorite cloud, like OneDrive or Dropbox, and access them from any device you choose. Browse the Microsoft Store for thousands of apps, and if you dont find exactly what you want, you can easily [switch out of S mode](https://docs.microsoft.com/en-us/windows/deployment/windows-10-pro-in-s-mode) at any time and search the web for more choices.
![Switching out of S mode flow chart](images/s-mode-flow-chart.png)
## Deployment
Windows 10 S mode is built for [Modern Management](https://docs.microsoft.com/en-us/windows/client-management/manage-windows-10-in-your-organization-modern-management) which means using [Windows Auto Pilot](https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-10-autopilot). The best way to start using an S mode device is to embrace Modern Management fully when designing the deployment plan. Windows Auto Pilot allows you to deploy the deivce directly to the employee without having to touch the physical device. Instead of manually deploying a custom image to a machine, Windows Auto Pilot will start with a generic PC that can only be used to join the company domain; Polices are then deployed automatically through Modern Device Management.
![Windows auto pilot work flow](images/autopilotworkflow.png)
## Related links
- [Consumer applications for S mode](https://www.microsoft.com/en-us/windows/s-mode)
- [S mode devices](https://www.microsoft.com/en-us/windows/view-all-devices)
- [Windows Defender Application Control deployment guide](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide)
- [Windows Defender Advanced Threat Protection](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp)

3
windows/deployment/update/windows-analytics-get-started.md
View File

@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: deploy
author: jaimeo
ms.author: jaimeo
ms.date: 08/01/2018
ms.date: 10/01/2018
ms.localizationpriority: medium
---
@ -48,6 +48,7 @@ To enable data sharing, configure your proxy sever to whitelist the following en
| `https://v10.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for use with Windows 10, version 1803|
| `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier |
| `https://vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for operating systems older than Windows 10 |
| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for use with Windows versions that have KB4458469 installed |
| `https://settings-win.data.microsoft.com` | Enables the compatibility update to send data to Microsoft.
| `http://adl.windows.com` | Allows the compatibility update to receive the latest compatibility data from Microsoft. |
| `https://watson.telemetry.microsoft.com` | Windows Error Reporting (WER); required for Device Health and Update Compliance AV reports. Not used by Upgrade Readiness. |

46
windows/deployment/upgrade/upgrade-readiness-get-started.md
View File

@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: deploy
author: jaimeo
ms.author: jaimeo
ms.date: 08/21/2018
ms.date: 09/26/2018
ms.localizationpriority: medium
---
@ -38,32 +38,38 @@ When you are ready to begin using Upgrade Readiness, perform the following steps
To enable system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what diagnostic data Microsoft collects and how that data is used and protected by Microsoft, see the following topics, refer to [Frequently asked questions and troubleshooting Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-FAQ-troubleshooting), which discusses the issues and provides links to still more detailed information.
## Add Upgrade Readiness to Operations Management Suite or Azure Log Analytics
## Add the Upgrade Readiness solution to your Azure subscription
Upgrade Readiness is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing your on-premises and cloud environments. For more information about OMS, see [Operations Management Suite overview](https://azure.microsoft.com/documentation/articles/operations-management-suite-overview/).
Upgrade Readiness is offered as a *solution* which you link to a new or existing [Azure Log Analytics](https://azure.microsoft.com/services/log-analytics/) *workspace* within your Azure *subscription*. To configure this, follows these steps:
>[!IMPORTANT]
>Upgrade Readiness is a free solution for Azure subscribers. When configured correctly, all data associated with the Upgrade Readiness solution are exempt from billing in both OMS and Azure. Upgrade Readiness data **do not** count toward OMS daily upload limits. The Upgrade Readiness service will ingest a full snapshot of your data into your OMS workspace on a daily basis. Each snapshot includes all of your devices that have been active within the past 30 days regardless of your OMS retention period.
1. Sign in to the [Azure Portal](https://portal.azure.com) with your work or school account or a Microsoft account. If you don't already have an Azure subscription you can create one (including free trial options) through the portal.
>[!NOTE]
> Upgrade Readiness is included at no additional cost with Windows 10 [education and enterprise licensing](https://docs.microsoft.com/en-us/windows/deployment/update/device-health-monitor#device-health-licensing). An Azure subscription is required for managing and using Upgrade Readiness, but no Azure charges are expected to accrue to the subscription as a result of using Upgrade Readiness.
If you are already using OMS, youll find Upgrade Readiness in the Solutions Gallery. Select the **Upgrade Readiness** tile in the gallery and then click **Add** on the solution's details page. Upgrade Readiness is now visible in your workspace. While you have this dialog open, you should also consider adding the [Device Health](../update/device-health-monitor.md) and [Update Compliance](../update/update-compliance-monitor.md) solutions as well, if you haven't already. To do so, just select the check boxes for those solutions.
2. In the Azure portal select **Create a resource**, search for "Upgrade Readiness", and then select **Create** on the **Upgrade Readiness** solution.
![Azure portal page highlighting + Create a resource and with Upgrade Readiness selected](../images/UR-Azureportal1.png)
>[!NOTE]
>If you are already using OMS, you can also follow [this link](https://portal.mms.microsoft.com/#Workspace/ipgallery/details/details/index?IPId=CompatibilityAssessment) to go directly to the Upgrade Readiness solution and add it to your workspace.
If you are not using OMS or Azure Log Analytics:
1. Go to [Log Analytics](https://azure.microsoft.com/services/log-analytics/) on Microsoft.com and select **Start free** to start the setup process. During the process, youll create a workspace and add the Upgrade Readiness solution to it.
2. Sign in to Operations Management Suite (OMS) or Azure Log Analytics. You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
3. Create a new workspace. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Select **Create**.
4. If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organizations Azure administrator.
> If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. Your workspace opens.
5. To add the Upgrade Readiness solution to your workspace, go to the **Solutions Gallery**. Select the **Upgrade Readiness** tile in the gallery and then select **Add** on the solutions details page. The solution is now visible on your workspace. Note that you may need to scroll to find Upgrade Readiness.
![Azure portal showing Upgrade Readiness fly-in and Create button highlighted(images/CreateSolution-Part2-Create.png)](../images/UR-Azureportal2.png)
3. Choose an existing workspace or create a new workspace to host the Upgrade Readiness solution.
![Azure portal showing Log Analytics workspace fly-in](../images/UR-Azureportal3.png)
- If you are using other Windows Analytics solutions (Device Health or Update Compliance) you should add Upgrade Readiness to the same workspace.
- If you are creating a new workspace, and your organization does not have policies governing naming conventions and structure, consider the following workspace settings to get started:
- Choose a workspace name which reflects the scope of planned usage in your organization, for example *PC-Analytics*.
- For the resource group setting select **Create new** and use the same name you chose for your new workspace.
- For the location setting, choose the Azure region where you would prefer the data to be stored.
- For the pricing tier select **Free**.
4. Now that you have selected a workspace, you can go back to the Upgrade Readiness blade and select **Create**.
![Azure portal showing workspace selected and with Create button highlighted](../images/UR-Azureportal4.png)
5. Watch for a Notification (in the Azure portal) that "Deployment 'Microsoft.CompatibilityAssessmentOMS' to resource group 'YourResourceGroupName' was successful." and then select **Go to resource** This might take several minutes to appear.
![Azure portal all services page with Log Analytics found and selected as favorite](../images/CreateSolution-Part5-GoToResource.png)
- Suggestion: Choose the **Pin to Dashboard** option to make it easy to navigate to your newly added Upgrade Readiness solution.
- Suggestion: If a "resource unavailable" error occurs when navigating to the solution, try again after one hour.
## Enroll devices in Windows Analytics
Once you've added Update Compliance to Microsoft Operations Management Suite, you can now start enrolling the devices in your organization. For full instructions, see [Enrolling devices in Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started).
Once you've added Upgrade Readiness to a workspace in your Azure subscription, you can start enrolling the devices in your organization. For full instructions, see [Enrolling devices in Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started).

47
windows/deployment/windows-10-pro-in-s-mode.md
View File

@ -1,5 +1,5 @@
---
title: Windows 10 Pro in S mode
title: Switch to Windows 10 Pro/Enterprise from S mode
description: Overview of Windows 10 Pro/Enterprise in S mode. S mode switch options are also outlined in this document. Switching out of S mode is optional.
keywords: Windows 10 S switch, S mode Switch, Switch in S mode, s mode switch, Windows 10 S, S-mode, system requirements, Overview, Windows 10 Pro in S mode, Windows 10 Pro in S mode
ms.mktglfcycl: deploy
@ -7,47 +7,17 @@ ms.localizationpriority: medium
ms.prod: w10
ms.sitesec: library
ms.pagetype: deploy
ms.date: 04/30/2018
ms.date: 08/30/2018
author: Mikeblodge
---
# Windows 10 Pro/Enterprise in S mode
# Switch to Windows 10 Pro/Enterprise from S mode
S mode is an enhanced security mode of Windows 10. Windows 10 Pro and Enterprise in S mode powers affordable, cloud-ready devices that are simple, secure, and efficient. Users can get started quickly, thanks to self-service deployment and a familiar Windows experience. Low-price S mode devices offer tailored solutions for kiosks, digital signs, and task work. If your device is running Windows 10, version 1709, or Windows 10, version 1803, you can switch from Windows 10 in S mode to Windows 10 Pro.
## Benefits of Windows 10 Pro in S mode:
- **Microsoft-verified security** - It reduces risk of malware and exploitations because only Microsoft-verified apps can be installed including Windows Defender Antivirus.
- **Performance that lasts** - Provides all-day battery life to keep workers on task and not tripping over cords. Also, verified apps wont degrade device performance over time.
- **Streamlined for speed** - Offers faster log-in times with Windows Hello. Plus, workers get all the exclusive Windows innovations including Cortana and Windows Ink.
| |Home |S mode |Pro/Pro Education |Enterprise/Education |
|---------|:---:|:---:|:---:|:---:|
|Start Menu/Hello/Cortana/<BR>Windows Ink/Microsoft Edge | X | X | X | X |
|Store apps (including Windows <BR>desktop bridge apps) | X | X | X | X |
|Windows Update | X | X | X | X |
|Device Encryption | X | X | X | X |
|BitLocker | | X | X | X |
|Windows Update for Business | | X | X | X |
|Microsoft Store for Education | | X | X | X |
|Mobile Device Management<BR> and Azure AD join | | X | X | X |
|Group Policy management and <BR>Active Directory Domain Services | | | X | X |
|Desktop (Windows 32) Apps | X | | X | X |
|Change App Defaults<BR>Search/Browser/Photos/etc. | X | | X | X |
|Credential Guard | | | | X |
|Device Guard | | | | X |
## Keep Line of Business apps functioning with Desktop Bridge
Worried about your LOB apps not working in S mode? Using Desktop Bridge will enable you to convert your Line of Business apps to a packaged app with UWP manifest. After testing and validating you can distribute the app through the Windows Store or existing channels.
[Explore Desktop Bridge](https://docs.microsoft.com/en-us/windows/uwp/porting/desktop-to-uwp-root)
We recommend staying in S mode. However, in some limited scenarios, you might need to switch to Windows 10 Pro. You can switch devices running Windows 10, version 1709 or later. Use the following information to switch to Windows 10 Pro through the Microsoft Store.
> [!IMPORTANT]
> While its free to switch to Windows 10 Pro, its not reversible. The only way to rollback this kind of switch is through a [bare metal recover (BMR)](https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/create-media-to-run-push-button-reset-features-s14) reset. This restores a Windows device to the factory state, even if the user needs to replace the hard drive or completely wipe the drive clean. If a device is switched out of S mode via the Microsoft Store, it will remain out of S mode even after the device is reset.
### Windows 10 in S mode is safe, secure, and fast.
We recommend staying in S mode. However, in some limited scenarios, you might need to switch to Windows 10 Pro. You can switch devices running Windows 10, version 1709 or later. Use the following information to switch to Windows 10 Pro through the Microsoft Store.
## How to switch
If youre running Windows 10, version 1709 or version 1803, you can switch to Windows 10 Pro through the Microsoft Store. Devices running version 1803 will only be able to switch through the Store one device at a time.
@ -56,6 +26,15 @@ If youre running Windows 10, version 1709 or version 1803, you can switch to
3. In the offer, click **Buy**, **Get**, OR **Learn more.**
You'll be prompted to save your files before the switch starts. Follow the prompts to switch to Windows 10 Pro.
## Keep Line of Business apps functioning with Desktop Bridge
Worried about your LOB apps not working in S mode? Using Desktop Bridge will enable you to convert your Line of Business apps to a packaged app with UWP manifest. After testing and validating you can distribute the app through the Windows Store or existing channels.
[Explore Desktop Bridge](https://docs.microsoft.com/en-us/windows/uwp/porting/desktop-to-uwp-root)
## Repackage win32 apps into the MSIX format
The MSIX Packaging Tool (Preview) is now available to install from the Microsoft Store. The MSIX Packaging Tool enables you to repackage your existing win32 applications to the MSIX format. You can run your desktop installers through this tool interactively and obtain an MSIX package that you can install on your machine and upload to the Microsoft Store.
[Explore MSIX app Packaging Tool](https://docs.microsoft.com/en-us/windows/application-management/msix-app-packaging-tool)
## Related topics

2
windows/privacy/diagnostic-data-viewer-overview.md
View File

@ -80,8 +80,6 @@ The Diagnostic Data Viewer provides you with the following features to view and
- **Provide diagnostic event feedback.** The **Feedback** icon opens the Feedback Hub app, letting you provide feedback about the Diagnostic Data Viewer and the diagnostic events.
![Send event feedback](images/ddv-event-feedback.png)
Selecting a specific event in the Diagnostic Data Viewer automatically fills in the field in the Feedback Hub. You can add your comments to the box labeled, **Give us more detail (optional)**.
>[!Important]

13
windows/security/threat-protection/intelligence/fileless-threats.md
View File

@ -13,7 +13,7 @@ ms.date: 09/14/2018
#Fileless threats
What exactly is a fileless threat? The term "fileless" suggests that a threat that does not come in a file, such as a backdoor that lives only in the memory of a machine. However, there's no generally accepted definition. The terms is used broadly; it's also used to describe malware families that do rely on files in order to operate. In the Sharpshooter example, while the payload itself is fileless, the entry point relies on scripts that need to be dropped on the targets machine and executed. This, too, is considered a fileless attack.
What exactly is a fileless threat? The term "fileless" suggests that a threat that does not come in a file, such as a backdoor that lives only in the memory of a machine. However, there's no generally accepted definition. The terms is used broadly; it's also used to describe malware families that do rely on files in order to operate.
Given that attacks involve [several stages](https://attack.mitre.org/wiki/ATT&CK_Matrix) for functionalities like execution, persistence, information theft, lateral movement, communication with command-and-control, etc., some parts of the attack chain may be fileless, while others may involve the filesystem in some form or another.
@ -22,11 +22,11 @@ To shed light on this loaded term, we grouped fileless threats into different ca
![Comprehensive diagram of fileless malware](images/fileless-malware.png)<br>
*Figure 1. Comprehensive diagram of fileless malware*
First, we can classify the entry point (inner circle in the diagram), which indicates how fileless malware can arrive on a machine: via an exploit; through compromised hardware; or via regular execution of applications and scripts.
We can classify fileless threats by their entry point, which indicates how fileless malware can arrive on a machine: via an exploit; through compromised hardware; or via regular execution of applications and scripts.
Next, we can list the form of entry point (intermediate circle): for example, exploits can be based on files or network data; PCI peripherals are a type of hardware vector; and scripts and executables are sub-categories of the execution vector.
Next, we can list the form of entry point: for example, exploits can be based on files or network data; PCI peripherals are a type of hardware vector; and scripts and executables are sub-categories of the execution vector.
Finally, we can classify the host of the infection (outer circle): for example, a Flash application that may contain an exploit; a simple executable; a malicious firmware from a hardware device; or an infected MBR, which could bootstrap the execution of a malware before the operating system even loads.
Finally, we can classify the host of the infection: for example, a Flash application that may contain an exploit; a simple executable; a malicious firmware from a hardware device; or an infected MBR, which could bootstrap the execution of a malware before the operating system even loads.
This helps us divide and categorize the various kinds of fileless threats. Clearly, the categories are not all the same: some are more dangerous but also more difficult to implement, while others are more commonly used despite (or precisely because of) not being very advanced.
@ -89,3 +89,8 @@ Having described the broad categories, we can now dig into the details and provi
**Disk-based** (Type II: Boot Record): The [Boot Record](https://en.wikipedia.org/wiki/Boot_sector) is the first sector of a disk or volume and contains executable code required to start the boot process of the operating system. Threats like [Petya](https://cloudblogs.microsoft.com/microsoftsecure/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/?source=mmpc) are capable of infecting the Boot Record by overwriting it with malicious code, so that when the machine is booted the malware immediately gains control (and in the case of Petya, with disastrous consequences). The Boot Record resides outside the file system, but its accessible by the operating system, and modern antivirus products have the capability to scan and restore it.
##Defeating fileless malware
At Microsoft, we actively monitor the security landscape to identify new threat trends and develop solutions that continuously enhance Windows security and mitigate classes of threats. We instrument durable protections that are effective against a wide range of threats. Through AntiMalware Scan Interface (AMSI), behavior monitoring, memory scanning, and boot sector protection, Windows Defender Advanced Threat Protection [(Windows Defender ATP)](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-fileless) can inspect fileless threats even with heavy obfuscation. Machine learning technologies in the cloud allow us to scale these protections against new and emerging threats.
To learn more, read: [Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/27/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av/)

2
windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
View File

@ -116,7 +116,7 @@ The following table details these path variables.
| Windows directory or disk | AppLocker path variable | Windows environment variable |
| - | - | - |
| Windows| %WINDIR%| %SystemRoot%|
| System32| %SYSTEM32%| %SystemDirectory%|
| System32 and SysWOW64| %SYSTEM32%| %SystemDirectory%|
| Windows installation directory| %OSDRIVE%| %SystemDrive%|
| Program Files| %PROGRAMFILES%| %ProgramFiles% and %ProgramFiles(x86)% |
| Removable media (for example, a CD or DVD)| %REMOVABLE%| |

4
windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
View File

@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
ms.date: 09/20/2018
ms.date: 09/28/2018
---
# Configure advanced features in Windows Defender ATP
@ -31,7 +31,7 @@ When you enable this feature, you'll be able to take advantage of the automated
For tenants created on or after Windows 10, version 1809 the automated investigations capability is configured by default to resolve alerts where the automated analysis result status is "No threats found" or "Remediated". If you dont want to have alerts auto-resolved, youll need to manually turn off the feature.
>[!TIP]
>For tenants created prior that version, you'll need to manually turn this feature on.
>For tenants created prior that version, you'll need to manually turn this feature on from the [Advanced features](https://securitycenter.windows.com/preferences2/integration) page.
>[!NOTE]
> - The result of the auto-resolve action may influence the Machine risk level calculation which is based on the active alerts found on a machine.

2
windows/security/threat-protection/windows-defender-atp/overview.md
View File

@ -24,7 +24,7 @@ Topic | Description
[Attack surface reduction](overview-attack-surface-reduction.md) | Leverage the attack surface reduction capabilities to protect the perimeter of your organization.
[Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) | Learn about the antivirus capabilities in Windows Defender ATP so you can protect desktops, portable computers, and servers.
[Endpoint detection and response](overview-endpoint-detection-response.md) | Understand how Windows Defender ATP continuously monitors your organization for possible attacks against systems, networks, or users in your organization and the features you can use to mitigate and remediate threats.
[Automated investigation and investigation](automated-investigations-windows-defender-advanced-threat-protection.md) | In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
[Automated investigation and remediation](automated-investigations-windows-defender-advanced-threat-protection.md) | In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
[Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md) | Quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to better protect your organization - all in one place.
[Advanced hunting](overview-hunting-windows-defender-advanced-threat-protection.md) | Use a powerful search and query language to create custom queries and detection rules.
[Management and APIs](management-apis.md) | Windows Defender ATP supports a wide variety of tools to help you manage and interact with the platform so that you can integrate the service into your existing workflows.

2
windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
View File

@ -253,7 +253,7 @@ If the verification fails and your environment is using a proxy to connect to th
For example, in Group Policy there should be no entries such as the following values:
- ```<Key Path="SOFTWARE\Policies\Microsoft\Windows Defender"><KeyValue Value="0" ValueKind="DWord" Name="DisableAntiSpyware"/></Key>```
- ```<Key Path="SOFTWARE\Policies\Microsoft\Windows Defender"><KeyValue Value="0" ValueKind="DWord" Name="DisableAntiSpyware"/></Key>```
- ```<Key Path="SOFTWARE\Policies\Microsoft\Windows Defender"><KeyValue Value="0" ValueKind="DWord" Name="DisableAntiVirus"/></Key>```
- After clearing the policy, run the onboarding steps again.
- You can also check the following registry key values to verify that the policy is disabled:

2
windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
View File

@ -57,7 +57,7 @@ Arbitrary code guard (ACG) | Prevents the introduction of non-image-backed execu
Block low integrity images | Prevents the loading of images marked with Low Integrity. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
Block remote images | Prevents loading of images from remote devices. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
Block untrusted fonts | Prevents loading any GDI-based fonts not installed in the system fonts directory, notably fonts from the web. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
Code integrity guard | Restricts loading of images signed by Microsoft, WQL, and higher. Can optionally allow Microsoft Store signed images. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
Code integrity guard | Restricts loading of images signed by Microsoft, WHQL, or higher. Can optionally allow Microsoft Store signed images. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
Disable extension points | Disables various extensibility mechanisms that allow DLL injection into all processes, such as AppInit DLLs, window hooks, and Winsock service providers. | App-level only | [!include[Check mark no](images/svg/check-no.svg)]
Disable Win32k system calls | Prevents an app from using the Win32k system call table. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
Do not allow child processes | Prevents an app from creating child processes. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]