diff --git a/.localization-config b/.localization-config new file mode 100644 index 0000000000..c24369eb99 --- /dev/null +++ b/.localization-config @@ -0,0 +1,8 @@ +{ + "locales": [ "zh-cn" ], + "files": ["!/*.md", "**/**/*.md", "**/*.md"], + "includeDependencies": true, + "autoPush": true, + "xliffVersion": "2.0", + "useJavascriptMarkdownTransformer": true +} diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index e58deb3585..469c22cfdc 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -52,7 +52,7 @@ "Conceptual": "Content" } }, - { + { "docset_name": "mdop", "build_output_subfolder": "mdop", "locale": "en-us", @@ -61,6 +61,16 @@ "type_mapping": { "Conceptual": "Content" } + }, + { + "docset_name": "education", + "build_output_subfolder": "education", + "locale": "en-us", + "version": 0, + "open_to_public_contributors": "false", + "type_mapping": { + "Conceptual": "Content" + } } ], "notification_subscribers": ["brianlic@microsoft.com"], diff --git a/browsers/edge/Index.md b/browsers/edge/Index.md index 8dd1c27598..1fbb56ff74 100644 --- a/browsers/edge/Index.md +++ b/browsers/edge/Index.md @@ -25,6 +25,7 @@ Microsoft Edge lets you stay up-to-date through the Windows Store and to manage | Topic | Description | | -----------------------| ----------------------------------- | +|[Change history for Microsoft Edge](change-history-for-microsoft-edge.md) |Lists new and updated topics in the Microsoft Edge documentation for both Windows 10 and Windows 10 Mobile. | | [Microsoft Edge requirements and language support](hardware-and-software-requirements.md) | Microsoft Edge is pre-installed on all Windows 10-capable devices that meet the minimum system requirements and are on the supported language list.| | [Available policies for Microsoft Edge](available-policies.md) | Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings.

Group Policy objects (GPO's) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain. | | [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md) | If you have specific web sites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites will automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11.

Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. | diff --git a/browsers/edge/TOC.md b/browsers/edge/TOC.md index 21b6629dd5..8b02ce6c70 100644 --- a/browsers/edge/TOC.md +++ b/browsers/edge/TOC.md @@ -1,4 +1,5 @@ #[Microsoft Edge - Deployment Guide for IT Pros](index.md) +##[Change History for Microsoft Edge](change-history-for-microsoft-edge.md) ##[Microsoft Edge requirements and language support](hardware-and-software-requirements.md) ##[Available policies for Microsoft Edge](available-policies.md) ##[Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index f9b7a99dea..048f00fbc4 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -12,45 +12,43 @@ title: Available policies for Microsoft Edge (Microsoft Edge for IT Pros) **Applies to:** -- Windows 10 +- Windows 10 Insider Preview - Windows 10 Mobile +[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] + Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPO's) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain.

**Note**
For more info about Group Policy, see the [Group Policy TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy. For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, [Group Policy and the Group Policy Management Console (GPMC)](http://go.microsoft.com/fwlink/p/?LinkId=617921), [Group Policy and the Local Group Policy Editor](http://go.microsoft.com/fwlink/p/?LinkId=617922), [Group Policy and the Advanced Group Policy Management (AGPM)](http://go.microsoft.com/fwlink/p/?LinkId=617923), and [Group Policy and Windows Powershell](http://go.microsoft.com/fwlink/p/?LinkId=617924). -  - ## Group Policy settings - Microsoft Edge works with these Group Policy settings (`Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\`) to help you manage your company's web browser configurations: -| Policy name | Description | Options | -| -------------------------------------------- | ----------------------------- | ------------------------------------------------------- | -| Allow employees to send Do Not Track headers | Whether employees can send Do Not Track headers to websites that request tracking info. | **Enable:** Employees can send Do Not Track headers to websites requesting tracking info.

**Disable or not configured (default):** Stops employees from sending Do Not Track headers to websites requesting tracking info. | -| Turn off web content in new tab page | Decide what Microsoft Edge shows when opening a new tab. | **Enable or not configured (default):** Employees can see the new tab page with Top Sites, Top Sites with suggested content, or a blank page.

**Disable:** Employees see an empty tab and are unable to change the **Open new tabs with** setting. | -| Configure cookies | Decide how your company deals with cookies. | **Enable or not configured (default):** Lets you decide how your company treats cookies. If you use this option, you must also choose whether to

**Disable:** Allows all cookies from all websites. | -| Configure corporate Home pages | Choose which corporate Home pages should appear for domain-joined devices. | **Enable:** Configure corporate Home pages for domain-joined devices. If you use this option, you must also include site URLs.

**Example**
``````

**Note**
You must use this format and the angle brackets if you have multiple pages.

**Disable or not configured (default):** Uses the corporate Home pages and URLs specified in the App settings. | -| Configure the Enterprise Mode Site List | Whether your company uses Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps. | **Enable:** Lets you use the Enterprise Mode Site List to address common compatibility problems with legacy apps, if it’s configured. If you use this option, you must also add the location to your site list in the **{URI}** box. When configured, any site on the list will always open in IE11.

**Disable or not configured:** You won't be able to use the Enterprise Mode Site List. | -| Configure Favorites | Decide what sites appear on the default **Favorites** list. | **Enable:** Configure the default list of **Favorite** sites for your employees. If you use this option, you must also add the actual names and URLs for the sites.

**Disable or not configured (default):** Uses the **Favorites** list names and URLs specified in the **Favorites** hub. | -| Don’t allow SmartScreen Filter warning overrides | Whether employees can override the SmartScreen Filter warnings about potentially malicious websites. | **Enable:** Stops employees from ignoring the SmartScreen Filter warnings and blocks them from visiting the site.

**Disable or not configured (default):** Lets employees ignore the SmartScreen Filter warnings about potentially malicious sites and continue to the site.

**Note**
You can also turn on the SmartScreen Filter, using the **Turn off the SmartScreen Filter** setting and stop employees from ignoring the SmartScreen Filter warnings about unverified file downloads, using the **Don’t allow SmartScreen Filter warning overrides for unverified files** setting. | -| Don’t allow SmartScreen Filter warning overrides for unverified files | Whether employees can override the SmartScreen Filter warnings about downloading unverified files. | **Enable:** Stops employees from ignoring the SmartScreen Filter warnings and stops them from downloading unverified files.

**Disable or not configured (default):** Lets employees ignore the SmartScreen Filter warnings about unverified files and lets them continue the download process.

**Note**
You can also turn on the SmartScreen Filter, using the **Turn off the SmartScreen Filter** setting and stop employees from ignoring the SmartScreen Filter warnings about potentially dangerous websites, using the **Don’t allow SmartScreen Filter warning overrides** setting. | -| Don't allow WebRTC to share the LocalHost IP address | Whether an employee’s LocalHost IP address shows while using the WebRTC protocol | **Enable:** Hides the LocalHost IP address while using the WebRTC protocol.

**Disable or not configured (default):** Shows the LocalHost IP address while using the WebRTC protocol. | -| Send all intranet sites to IE11 | Whether your intranet sites should all open using IE11.

**Important:** This setting should only be used if there are known compatibility problems with Microsoft Edge. | **Enable:** Automatically opens all intranet sites using IE11.

**Disable or not configured (default):** Automatically opens all intranet sites using Microsoft Edge. | -| Turn off **Address** bar search suggestions | Whether search suggestions should appear in the **Address** bar of Microsoft Edge. | **Enable or not configured (default):** Employees can see search suggestions in the **Address** bar of Microsoft Edge.

**Disable:** Employees can’t see search suggestions in the **Address** bar of Microsoft Edge. | -| Turn off Autofill | Whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge. | **Enable or not configured (default):** Employees can use Autofill to complete form fields.

**Disable:** Employees can’t use Autofill to complete form fields. | -| Turn off Developer Tools | Whether the F12 Developer Tools are available on Microsoft Edge. | **Enable or not configured (default):** Shows the F12 Developer Tools on Microsoft Edge.

**Disable:** Hides the F12 Developer Tools on Microsoft Edge. | -| Turn off InPrivate browsing | Whether employees can browse using InPrivate website browsing. | **Enable or not configured (default):** Lets employees use InPrivate browsing while on the corporate network.

**Disable:** Stops employees from using inPrivate browsing on the corporate network. | -| Turn off Password Manager | Whether employees can save their passwords locally, using Password Manager. | **Enable or not configured (default):** Employees can use Password Manager to save passwords locally.

**Disable:** Employees can't use Password Manager to save passwords locally. | -| Turn off Pop-up Blocker | Whether to turn on Pop-up Blocker and allow pop-ups to appear in secondary windows. | **Enable or not configured (default):** Turns on Pop-up Blocker, stopping pop-up windows.

**Disable:** Turns off Pop-up Blocker, allowing pop-up windows. | -|Turn off the SmartScreen Filter | Whether to turn on SmartScreen Filter to help protect your employees from potential phishing scams and malicious software. | **Enable or not configured (default):** Turns on SmartScreen Filter, providing warning messages to your employees about potential phishing scams and malicious software.

**Disable:** Turns off SmartScreen Filter.

**Note**
You can also stop employees from ignoring the SmartScreen Filter warnings about potentially dangerous websites, using the **Don’t allow SmartScreen Filter warning overrides** setting and stop employees from ignoring the SmartScreen Filter warnings about unverified file downloads, using the **Don’t allow SmartScreen Filter warning overrides for unverified files** setting. | - -  +| Policy name |Supported versions |Description |Options | +|-------------|------------|-------------|--------| +|Allow Developer Tools |Windows 10, Version 1511 or later |This policy setting lets you decide whether F12 Developer Tools are available on Microsoft Edge.

If you enable or don’t configure this setting, the F12 Developer Tools are available in Microsoft Edge.

If you disable this setting, the F12 Developer Tools aren’t available in Microsoft Edge. |**Enabled or not configured (default):** Shows the F12 Developer Tools on Microsoft Edge.

**Disabled:** Hides the F12 Developer Tools on Microsoft Edge. | +|Allow InPrivate browsing |Windows 10, Version 1511 or later |This policy setting lets you decide whether employees can browse using InPrivate website browsing.

If you enable or don’t configure this setting, employees can use InPrivate website browsing.

If you disable this setting, employees can’t use InPrivate website browsing. |**Enabled or not configured (default):** Lets employees use InPrivate website browsing.

**Disabled:** Stops employees from using InPrivate website browsing. | +|Allow web content on New Tab page |Windows 10 or later |This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens the New Tab page. If you use this setting, employees can’t change it.

If you enable this setting, Microsoft Edge opens a new tab with the New Tab page.

If you disable this setting, Microsoft Edge opens a new tab with a blank page.

If you don’t configure this setting, employees can choose how new tabs appears. |**Not configured (default):** Employees see web content on New Tab page, but can change it.

**Enabled:** Employees see web content on New Tab page.

**Disabled:** Employees always see an empty new tab. | +|Configure Autofill |Windows 10 or later |This policy setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft Edge. By default, employees can choose whether to use Autofill.

If you enable this setting, employees can use Autofill to automatically fill in forms while using Microsoft Edge.

If you disable this setting, employees can’t use Autofill to automatically fill in forms while using Microsoft Edge.

If you don’t configure this setting, employees can choose whether to use Autofill to automatically fill in forms while using Microsoft Edge. |**Not configured (default):** Employees can choose to turn Autofill on or off.

**Enabled:** Employees can use Autofill to complete form fields.

**Disabled:** Employees can’t use Autofill to complete form fields. | +|Configure cookies |Windows 10 or later|This setting lets you configure how to work with cookies.

If you enable this setting, you must also decide whether to:

If you disable or don't configure this setting, all cookies are allowed from all sites. |**Enabled:** Lets you decide how your company treats cookies.
If you use this option, you must also choose whether to:

**Disabled or not configured:** All cookies are allowed from all sites.| +|Configure Do Not Track |Windows 10 or later |This policy setting lets you decide whether employees can send Do Not Track requests to websites that ask for tracking info. By default, Do Not Track requests aren’t sent, but employees can choose to turn on and send requests.

If you enable this setting, Do Not Track requests are always sent to websites asking for tracking info.

If you disable this setting, Do Not Track requests are never sent to websites asking for tracking info.

If you don’t configure this setting, employees can choose whether to send Do Not Track requests to websites asking for tracking info. |**Not configured (default):** Employees can choose to send Do Not Track headers on or off.

**Enabled:** Employees can send Do Not Track requests to websites requesting tracking info.

**Disabled:** Employees can’t send Do Not Track requests to websites requesting tracking info. | +|Configure Edge Extensions |Windows 10 Insider Preview |This policy setting lets you decide whether employees can use Edge Extensions.

If you enable or don’t configure this setting, employees can use Edge Extensions.

If you disable this setting, employees can’t use Edge Extensions. |**Enabled or not configured:** Lets employees use Edge Extensions.

**Disabled:** Stops employees from using Edge Extensions. | +|Configure Favorites |Windows 10, Version 1511 or later |This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their Favorites by adding or removing items at any time.

If you enable this setting, you can configure what default Favorites appear for your employees. If this setting is enabled, you must also provide a list of Favorites in the Options section. This list is imported after your policy is deployed.

If you disable or don’t configure this setting, employees will see the Favorites that they set in the Favorites hub. |**Enabled:** Configure the default list of Favorites for your employees. If you use this option, you must also add the URLs to the sites.

**Disabled or not configured:** Uses the Favorites list and URLs specified in the Favorites hub. | +|Configure Home pages |Windows 10, Version 1511 or later |This policy setting lets you configure one or more Home pages. for domain-joined devices. Your employees won't be able to change this after you set it.

If you enable this setting, you can configure one or more Home pages. If this setting is enabled, you must also include URLs to the pages, separating multiple pages by using angle brackets in this format:
``

If you disable or don’t configure this setting, your default Home page is the webpage specified in App settings. |**Enabled:** Configure your Home pages. If you use this option, you must also include site URLs.

**Disabled or not configured (default):** Uses the Home pages and URLs specified in the App settings. | +|Configure Password Manager |Windows 10 or later |This policy setting lets you decide whether employees can save their passwords locally, using Password Manager. By default, Password Manager is turned on.

If you enable this setting, employees can use Password Manager to save their passwords locally.

If you disable this setting, employees can’t use Password Manager to save their passwords locally.

If you don’t configure this setting, employees can choose whether to use Password Manager to save their passwords locally. |**Not configured:** Employees can choose whether to use Password Manager.

**Enabled (default):** Employees can use Password Manager to save passwords locally.

**Disabled:** Employees can't use Password Manager to save passwords locally. | +|Configure Pop-up Blocker |Windows 10 or later |This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on.

If you enable this setting, Pop-up Blocker is turned on, stopping pop-up windows from appearing.

If you disable this setting, Pop-up Blocker is turned off, letting pop-ups windows appear.

If you don’t configure this setting, employees can choose whether to use Pop-up Blocker. |**Enabled or not configured (default):** Turns on Pop-up Blocker, stopping pop-up windows.

**Disabled:** Turns off Pop-up Blocker, allowing pop-up windows. | +|Configure search suggestions in Address bar |Windows 10 or later |This policy setting lets you decide whether search suggestions appear in the Address bar of Microsoft Edge. By default, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.

If you enable this setting, employees can see search suggestions in the Address bar of Microsoft Edge.

If you disable this setting, employees can't see search suggestions in the Address bar of Microsoft Edge.

If you don’t configure this setting, employees can choose whether search suggestions appear in the Address bar of Microsoft Edge. |**Not configured (default):** Employees can choose whether search suggestions appear in the Address bar of Microsoft Edge.

**Enabled:** Employees can see search suggestions in the Address bar of Microsoft Edge.

**Disabled:** Employees can’t see search suggestions in the Address bar of Microsoft Edge. | +|Configure SmartScreen Filter |Windows 10 or later |This policy setting lets you configure whether to turn on SmartScreen Filter. SmartScreen Filter provides warning messages to help protect your employees from potential phishing scams and malicious software. By default, SmartScreen Filter is turned on.

If you enable this setting, SmartScreen Filter is turned on and employees can’t turn it off.

If you disable this setting, SmartScreen Filter is turned off and employees can’t turn it on.

If you don’t configure this setting, employees can choose whether to use SmartScreen Filter. |**Not configured (default):** Employees can choose whether to use SmartScreen Filter.

**Enabled:** Turns on SmartScreen Filter, providing warning messages to your employees about potential phishing scams and malicious software.

**Disabled:** Turns off SmartScreen Filter. | +|Configure the Enterprise Mode Site List |Windows 10 or later| This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common compatibility problems with legacy apps.

If you enable this setting, Microsoft Edge looks for the Enterprise Mode Site List XML file. This file includes the sites and domains that need to be viewed using Internet Explorer 11 and Enterprise Mode.

If you disable or don’t configure this setting, Microsoft Edge won’t use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while using legacy apps. |**Enabled:** Lets you use the Enterprise Mode Site List to address common compatibility problems with legacy apps, if it’s configured.
If you use this option, you must also add the location to your site list in the `{URI}` box. When configured, any site on the list will always open in Internet Explorer 11.

**Disabled or not configured (default):** You won't be able to use the Enterprise Mode Site List. | +|Prevent access to the about:flags page |Windows 10 Insider Preview |This policy setting lets you decide whether employees can access the about:flags page, which is used to change developer settings and to enable experimental features.

If you enable this policy setting, employees can’t access the about:flags page.

If you disable or don’t configure this setting, employees can access the about:flags page. |**Enabled:** Stops employees from using the about:flags page.

**Disabled or not configured (default):** Lets employees use the about:flags page. | +|Prevent bypassing SmartScreen prompts for files |Windows 10, Version 1511 or later |This policy setting lets you decide whether employees can override the SmartScreen Filter warnings about downloading unverified files.

If you enable this setting, employees can’t ignore SmartScreen Filter warnings and they’re blocked from downloading the unverified files.

If you disable or don’t configure this setting, employees can ignore SmartScreen Filter warnings and continue the download process. |**Enabled:** Stops employees from ignoring the SmartScreen Filter warnings about unverified files.

**Disabled or not configured (default):** Lets employees ignore the SmartScreen Filter warnings about unverified files and lets them continue the download process. | +|Prevent bypassing SmartScreen prompts for sites |Windows 10, Version 1511 or later |This policy setting lets you decide whether employees can override the SmartScreen Filter warnings about potentially malicious websites.

If you enable this setting, employees can’t ignore SmartScreen Filter warnings and they’re blocked from continuing to the site.

If you disable or don’t configure this setting, employees can ignore SmartScreen Filter warnings and continue to the site. |**Enabled:** Stops employees from ignoring the SmartScreen Filter warnings about potentially malicious sites.

**Disabled or not configured (default):** Lets employees ignore the SmartScreen Filter warnings about potentially malicious sites and continue to the site. | +|Prevent using Localhost IP address for WebRTC |Windows 10, Version 1511 or later |This policy setting lets you decide whether an employee’s Localhost IP address shows while making calls using the WebRTC protocol. By default, this setting is turned off.

If you enable this setting, Localhost IP addresses are hidden while making calls using the WebRTC protocol.

If you disable or don’t configure this setting, Localhost IP addresses are shown while making calls using the WebRTC protocol. |**Enabled:** Hides the Localhost IP address during calls using the WebRTC protocol.

**Disabled or not configured (default):** Shows the Localhost IP address during phone calls using the WebRTC protocol. | +|Send all intranet sites to Internet Explorer 11 |Windows 10 or later |This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should only be used if there are known compatibility problems with Microsoft Edge.

If you enable this setting, all intranet sites are automatically opened using Internet Explorer 11.

If you disable or don’t configure this setting, all websites, including intranet sites, are automatically opened using Microsoft Edge. |**Enabled:** Automatically opens all intranet sites using Internet Explorer 11.

**Disabled or not configured (default):** Automatically opens all websites, including intranet sites, using Microsoft Edge. | +|Show message when opening sites in Internet Explorer |Windows 10 Insider Preview |This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.

If you enable this setting, employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.

If you disable or don’t configure this setting, the default app behavior occurs and no additional page appears. |**Enabled:** Shows an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.

**Disabled or not configured (default):** Doesn’t show an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11. | ## Using Microsoft Intune to manage your Mobile Data Management (MDM) settings for Microsoft Edge - - If you manage your policies using Intune, you'll want to use these MDM policy settings. You can see the full list of available policies, on the [Policy CSP]( http://go.microsoft.com/fwlink/p/?LinkId=722885) page.

**Note**
The **Supports** column uses these options: @@ -63,43 +61,46 @@ If you manage your policies using Intune, you'll want to use these MDM policy se All devices must be enrolled with Intune if you want to use the Windows Custom URI Policy. -| Policy name | Supports | Details | -| -------------------------------------------- | --------------------| ------------------------------------------------------- | -| AllowAutofill | Desktop |

| -| AllowBrowser | Mobile | | -| AllowCookies | Both | | -| AllowDeveloperTools | Desktop | | -| AllowDoNotTrack | Both | | -| AllowPasswordManager | Both | -| AllowPopups | Desktop | | -| AllowSearchSuggestions
inAddressBar | Both | | -| AllowSmartScreen | Both | | -| EnterpriseModeSiteList | Desktop | | -| Favorites | Both | | -| FirstRunURL | Mobile | | -| HomePages | Desktop | | -| PreventSmartScreen
PromptOverride | Both | | -| PreventSmartScreen
PromptOverrideForFiles | Both | | -| PreventUsingLocalHost
IPAddressforWebRTC | Desktop | | +| Policy name |Supported versions |Supported device |Details | +|-------------|-------------------|-----------------|--------| +|AllowAutofill|Windows 10 or later |Desktop | +|AllowBrowser |Windows 10 or later |Mobile || +|AllowDeveloperTools |Windows 10, Version 1511 or later |Desktop | | +|AllowDoNotTrack |Windows 10 or later |Both | | +|AllowExtensions |Windows 10 Insider Preview |Desktop | | +|AllowInPrivate |Windows 10, Version 1511 or later |Both | | +|AllowPasswordManager |Windows 10 or later |Both | | +|AllowPopups |Windows 10 or later |Desktop | | +|AllowSearchSuggestions
inAddressBar |Windows 10 or later |Both | | +|AllowSmartScreen |Windows 10 or later |Both | | +|Cookies |Windows 10 or later |Both | | +|EnterpriseModeSiteList |Windows 10 or later |Desktop | | +|Favorites |Windows 10, Version 1511 or later |Both | - - - + \ No newline at end of file diff --git a/browsers/internet-explorer/ie11-deploy-guide/index.md b/browsers/internet-explorer/ie11-deploy-guide/index.md index 89ce6129e1..45f8e7349c 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/index.md +++ b/browsers/internet-explorer/ie11-deploy-guide/index.md @@ -26,6 +26,7 @@ Because this content isn't intended to be a step-by-step guide, not all of the s ## In this guide |Topic |Description | |------|------------| +|[Change history for Internet Explorer 11](change-history-for-internet-explorer-11.md) |Lists new and updated topics in the Internet Explorer 11 documentation for both Windows 10 and Windows 10 Mobile. | |[System requirements and language support for Internet Explorer 11 (IE11)](system-requirements-and-language-support-for-ie11.md) |IE11 is available for a number of systems and languages. This topic provides info about the minimum system requirements and language support. | |[List of updated features and tools - Internet Explorer 11 (IE11)](updated-features-and-tools-with-ie11.md) |IE11 includes several new features and tools. This topic includes high-level info about the each of them. | |[Install and Deploy Internet Explorer 11 (IE11)](install-and-deploy-ie11.md) |Use the topics in this section to learn how to customize your Internet Explorer installation package, how to choose the right method for installation, and how to deploy IE into your environment. You can also find more info about your virtualization options for legacy apps. | diff --git a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md index 7df4d37ea3..d199472eaa 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md +++ b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md @@ -84,9 +84,11 @@ IE opens the app’s website. **Security Note:**
If you don’t fully trust a site, you shouldn’t allow it to launch an outdated app. However, although we don’t recommend it, you can let the webpage launch the app by tapping or clicking **Allow**. This option opens the app without updating or fixing the problem. The next time you visit a webpage running the same outdated app, you’ll get the notification again. ## How does IE decide which ActiveX controls to block? -IE uses Microsoft’s versionlist.xml file to determine whether an ActiveX control should be stopped from loading. This file is updated with newly-discovered out-of-date ActiveX controls, which IE automatically downloads to your local copy of the file. +IE uses Microsoft’s versionlist.xml or versionlistWin7.xml file to determine whether an ActiveX control should be stopped from loading. These files are updated with newly-discovered out-of-date ActiveX controls, which IE automatically downloads to your local copy of the file. -You can see your copy of the versionlist.xml file here `%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\versionlist.xml`, or you can view Microsoft’s version at [Internet Explorer version list](http://go.microsoft.com/fwlink/p/?LinkId=403864). +You can see your copy of the file here `%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\versionlist.xml` or you can view Microsoft’s version, based on your operating system and version of IE, here: +- [Internet Explorer 11 on Windows 7 SP1 or Windows Server 2008 R2](http://go.microsoft.com/fwlink/p/?LinkId=798230) +- [All other configurations](https://go.microsoft.com/fwlink/p/?LinkId=403864) **Security Note:**
Although we strongly recommend against it, if you don’t want your computer to automatically download the updated version list from Microsoft, run the following command from a command prompt: @@ -171,7 +173,7 @@ Here’s a detailed example and description of what’s included in the VersionA ### Inventory your ActiveX controls by using a local WMI class For Windows 10 you also have the option to log your inventory info to a local WMI class. Info logged to this class includes all of info you get from the .csv file, plus the CLSID of the loaded ActiveX control or the name of any apps started from an ActiveX control. -### Before you begin +#### Before you begin Before you can use WMI to inventory your ActiveX controls, you need to [download the configuration package (.zip file)](http://go.microsoft.com/fwlink/p/?LinkId=616971), which includes: - **ConfigureWMILogging.ps1**. A Windows PowerShell script. diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md index 790e48d372..65f42da6b5 100644 --- a/devices/surface-hub/TOC.md +++ b/devices/surface-hub/TOC.md @@ -25,6 +25,7 @@ #### [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) #### [Monitor your Surface Hub](monitor-surface-hub.md) #### [Save your BitLocker key](save-bitlocker-key-surface-hub.md) +#### [Connect other devices and display with Surface Hub](connect-and-display-with-surface-hub.md) #### [Using a room control system](use-room-control-system-with-surface-hub.md) #### [Windows updates](manage-windows-updates-for-surface-hub.md) #### [Wireless network management](wireless-network-management-for-surface-hub.md) diff --git a/devices/surface-hub/connect-and-display-with-surface-hub.md b/devices/surface-hub/connect-and-display-with-surface-hub.md new file mode 100644 index 0000000000..cc608f499b --- /dev/null +++ b/devices/surface-hub/connect-and-display-with-surface-hub.md @@ -0,0 +1,426 @@ +--- +title: Connect other devices and display with Surface Hub +description: You can connect other device to your Surface Hub to display content. This topic describes guest mode and replacement PC modes that is available through a wired connection. +Robots: noindex, nofollow +ms.assetid: 8BB80FA3-D364-4A90-B72B-65F0F0FC1F0D +author: TrudyHa +--- + +# Connect other devices and display with Surface Hub + + +You can connect other device to your Surface Hub to display content. This topic describes guest mode and replacement PC modes that is available through a wired connection. + +## Guest mode + + +Guest mode uses a wired connection, so people can display content from their devices to the Surface Hub. If the source device is Windows based, that device can also provide Touchback and Inkback. Surface Hub's internal PC takes video and audio from the connected device and displays them on the Surface Hub. If Surface Hub encounters an HDCP signal, the source will be re-routed through an alternate path, allowing the source to be displayed full-screen without violating HDCP requirements. + +### Ports + +Use these ports on the Surface Hub for the guest mode. + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
InterfaceTypeDescriptionCapabilities

Display Port 1.1a

Video input

Guest input #1

    +

  • Support simultaneous guest input display with guest input #2 and guest input #3 (one full resolution, two thumbnail).

    • +

  • HDCP compliant in bypass mode

    • +

  • Touchback enabled

    • +

HDMI 1.4

Video input

Guest input #2

    +

  • Support simultaneous guest input display with guest input #1 and guest input #3 (one full resolution, two thumbnail).

    • +

  • HDCP compliant in bypass mode

    • +

  • Touchback enabled

    • +

VGA

Video input

Guest input #3

    +

  • Support simultaneous guest input display with guest input #1 and guest input #2 (one full resolution, two thumbnail).

    • +

  • HDCP compliant in bypass mode

    • +

  • Touchback enabled

    • +

3.5 mm jack

Audio input

Analog audio input

    +

  • Ingest into Surface Hub PC, usually with the VGA video input.

    • +

USB 2.0, type B

USB out

Touchback

    +

  • Provides access to the HID input devices mouse, touch, keyboard, and stylus back to the guest PC.

    • +
+ +  + +### Port locations + +These are the port connections used for guest mode on the 55" and 84" Surface Hubs. + +![image showing guest ports on 55" surface hub. ](images/sh-55-guest-ports.png) + +Wired port connections on 55" Surface Hub + +![image showing guest ports on 84" surface hub. ](images/sh-84-guest-ports.png) + +Wired port connections on 84" Surface Hub + +### Port enumeration + +When a Surface hub is connected to guest computer with the wired connect USB port, a number of USB devices are discovered and configured. These peripheral devices are created for touchback and inkback. The peripheral devices can viewed in Device Manager. Device Manager will show duplicate names for some devices. + +**Human interface devices** + +- HID-compliant consumer control device + +- HID-compliant pen + +- HID-compliant pen (duplicate item) + +- HID-compliant pen (duplicate item) + +- HID-compliant touch screen + +- USB Input Device + +- USB Input Device (duplicate item) + +**Keyboards** + +- Standard PS/2 keyboard + +**Mice and other pointing devices** + +- HID-compliant mouse + +**Universal serial bus conntrollers** + +- Generic USB hub + +- USB composite device + +### Guest mode connectivity + +Your choice of video cable will be determined by what is available from your source input. The Surface Hub has three choices of video input, DisplayPort, HDMI and VGA. Please refer to the below chart for available resolutions. + + ++++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Signal TypeResolutionFrame rateHDMI - RGBDisplayPortVGA

PC

640 x 480

59.94/60

X

X

X

PC

720 x 480

59.94/60

X

X

PC

1024 x 768

60

X

X

X

HDTV

720p

59.94/60

X

X

X

HDTV

1080p

59.94/60

X

X

X

+ +  + +Source audio is provided by DisplayPort and HDMI cables. If you must use VGA, Surface Hub has an audio input port that uses a 3.5 mm plug. Surface Hub also uses a USB cable that provides touch and inkback from the Surface Hub to compatible Windows 10 devices. The USB cable can be used with any video input that is already connected with a cable. + +Someone using guest mode to connect a PC would use one of these options: + +**DisplayPort** -- DisplayPort cable and USB 2.0 cable + +**HDMI** -- HDMI cable and USB 2.0 cable + +**VGA** -- VGA cable, 3.5 mm audio cable, and USB 2.0 cable + +If the computer you are using for guest mode is not compatible with Touch and Inkback, then you won't need the USB cable. + +## Replacement PC mode + + +In replacement PC mode, the embedded computer of the Surface Hub is turned off and an external PC is connected to the Surface Hub. Connections to replacement PC ports give access to key peripherals on the Surface Hub, including the screen, pen, and touch features. This does mean that your Surface Hub won’t have the benefit of the Windows Team experience, but you will have the flexibility offered by providing and managing your own Windows computer. + +### Software requirements + +You can run Surface Hub in replacement PC mode with 64-bit versions of Windows 10 Home, Windows 10 Pro and Windows 10 Enterprise. You can download the [Surface Hub Replacement PC driver package](https://www.microsoft.com/en-us/download/details.aspx?id=52210) from the Microsoft download center. We recommend that you install these drivers on any computer you plan to use as a replacement PC. + +### Hardware requirements + +Surface Hub is compatible with a range of hardware. Choose the processor and memory confirmation for your replacement PC so that it supports the programs you'll be using. Your replacement PC hardware needs to support 64-bit versions of Windows 10. + +### Graphics adapter + +In replacement PC mode, Surface Hub supports any graphics adapter that can produce a DisplayPort signal. You'll improve your experience with a graphics adapter that can match Surface Hub's resolution and refresh rate. For example, though the best and recommended replacement PC experience on the Surface Hub is with a 120Hz video signal, 60Hz video signals are also supported. + +**55" Surface Hubs** - For best experience, use a graphics card capable of 1080p resolution at 120Hz. + +**84" Surface Hubs** - For best experience, use a graphics card capable of outputting four DisplayPort 1.2 streams to produce 2160p at 120Hz (3840 x 2160 at 120Hz vertical refresh). We've verified that this works with the NVIDIA Quadro K2200, NVIDIA Quadro K4200, and NVIDIA Quadro M6000. These are not the only graphics cards - others are available from other vendors. + +Check directly with graphics card vendors for the latest drivers. + + ++++ + + + + + + + + + + + + + + + + + + + + +
Graphics vendorDriver download page

NVIDIA

[http://nvidia.com/Download/index.aspx](http://nvidia.com/Download/index.aspx)

AMD

[http://support.amd.com/download](http://support.amd.com/download)

Intel

[https://downloadcenter.intel.com/](https://downloadcenter.intel.com/)

+ +  + +### Ports + +Replacement PC ports on 55" Surface Hub. + +![image showing replacement pc ports on 55" surface hub. ](images/sh-55-rpc-ports.png) + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
DescriptionTypeInterfaceDetails

PC video

Video input

DisplayPort 1.2

    +

  • Full screen display of 1080p at 120 Hz, plus audio

    • +

  • HDCP compliant

    • +

Internal peripherals

USB output

USB 2.0 type B

    +

  • Touch

    • +

  • Pen

    • +

  • Speakers

    • +

  • Microphone

    • +

  • Cameras

    • +

  • NFC sensor

    • +

  • Ambient light sensor

    • +

  • Passive infrared sensor

    • +

USB hub

USB output

USB 2.0 type B

    +

  • Underneath USB ports

    • +
+ +  + +Replacement PC ports on 84" Surface Hub. + +![image showing replacement pc ports on 84" surface hub. ](images/sh-84-rpc-ports.png) + + ++++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
DescriptionTypeInterfaceDetails

PC video

Video input

DisplayPort 1.2 (2x)

    +

  • Full screen display of 2160p at 120 Hz, plus audio

    • +

  • HDCP compliant

    • +

Internal peripherals

USB output

USB 2.0 type B

    +

  • Touch

    • +

  • Pen

    • +

  • Speakers

    • +

  • Microphone

    • +

  • Cameras

    • +

  • NFC sensor

    • +

  • Ambient light sensor

    • +

  • Passive infrared sensor

    • +

USB hub

USB output

USB 2.0 type B

    +

  • Underneath USB ports

    • +
+ +  + +### Replacement PC setup instructions + +**To use replacement PC mode** + +1. Download and install the [Surface Hub Replacement PC driver package](https://www.microsoft.com/en-us/download/details.aspx?id=52210) on the replacement PC. + + **Note**  We recommend that you set sleep or hibernation on the replacement PC so the Surface Hub will turn off the display when it isn't being used. + +   + +2. Turn off the Surface Hub using the power switch next to the power cable. + +3. Connect the cables from the Surface Hub's replacement PC ports to the replacement PC. These ports are usually covered by a removable plastic cover. + + 55" Surface Hub -- connect one DisplayPort cable, and two USB cables. + + 84" Surface Hub -- connect two DisplayPort cables, and two USB cables. + +4. Toggle the Mode switch to **Replacement PC**. The Mode switch is next to the Replacement PC ports. + +5. Turn on the Surface Hub using the power switch next to the power cable. + +6. Press the power button on the right side of the Surface Hub. + +You can switch the Surface Hub to use the internal PC. + +**To switch back to internal PC** + +1. Turn off the Surface Hub using the power switch next to the power cable. + +2. Toggle the Mode switch to Internal PC. The Mode switch is next to the Replacement PC ports. + +3. Turn on the Surface Hub using the power switch next to the power cable. + +  + +  + + + + + diff --git a/devices/surface-hub/images/sh-55-guest-ports.png b/devices/surface-hub/images/sh-55-guest-ports.png new file mode 100644 index 0000000000..af42c738f8 Binary files /dev/null and b/devices/surface-hub/images/sh-55-guest-ports.png differ diff --git a/devices/surface-hub/images/sh-55-rpc-ports.png b/devices/surface-hub/images/sh-55-rpc-ports.png new file mode 100644 index 0000000000..dfea48ef96 Binary files /dev/null and b/devices/surface-hub/images/sh-55-rpc-ports.png differ diff --git a/devices/surface-hub/images/sh-84-guest-ports.png b/devices/surface-hub/images/sh-84-guest-ports.png new file mode 100644 index 0000000000..6c7060154b Binary files /dev/null and b/devices/surface-hub/images/sh-84-guest-ports.png differ diff --git a/devices/surface-hub/images/sh-84-rpc-ports.png b/devices/surface-hub/images/sh-84-rpc-ports.png new file mode 100644 index 0000000000..f3a0a52327 Binary files /dev/null and b/devices/surface-hub/images/sh-84-rpc-ports.png differ diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md new file mode 100644 index 0000000000..663ec20dc4 --- /dev/null +++ b/devices/surface/TOC.md @@ -0,0 +1,14 @@ +# [Surface](index.md) +## [Advanced UEFI security features for Surface](advanced-uefi-security-features-for-surface.md) +## [Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md) +## [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) +## [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md) +## [Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md) +## [Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md) +## [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md) +## [Surface Data Eraser](microsoft-surface-data-eraser.md) +## [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md) +### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md) +## [Surface Diagnostic Toolkit](surface-diagnostic-toolkit.md) +## [Surface Dock Updater](surface-dock-updater.md) + diff --git a/devices/surface/advanced-uefi-security-features-for-surface.md b/devices/surface/advanced-uefi-security-features-for-surface.md new file mode 100644 index 0000000000..e274220bee --- /dev/null +++ b/devices/surface/advanced-uefi-security-features-for-surface.md @@ -0,0 +1,165 @@ +--- +title: Advanced UEFI security features for Surface (Surface) +description: This article describes how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices. +ms.assetid: 90F790C0-E5FC-4482-AD71-60589E3C9C93 +keywords: ["Surface, Surface Pro 3, security, features, configure, hardware, device, custom, script, update"] +ms.prod: W10 +ms.mktglfcycl: manage +ms.sitesec: library +author: heatherpoulsen +--- + +# Advanced UEFI security features for Surface + + +This article describes how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices. + +To address more granular control over the security of Surface devices, the v3.11.760.0 UEFI update provides additional security options that allow you to disable specific hardware devices or to prevent starting from those devices. After the UEFI update is installed on a device, you can configure it manually or automatically by running a script. + +## Manually install the UEFI update + + +Before you can configure the advanced security features of your Surface device, you must first install the v3.11.760.0 UEFI update. This update is installed automatically if you receive your updates from Windows Update. For more information about how to configure Windows to update automatically using Windows Update, see [How to configure and use Automatic Updates in Windows]( http://go.microsoft.com/fwlink/p/?LinkID=618030). Otherwise, you can download the UEFI update from the Microsoft Download Center; see [SurfacePro3\_ 150326.msi (105 MB)](http://go.microsoft.com/fwlink/p/?LinkID=618033) or [SurfacePro3\_ 150326.zip (156 MB)](http://go.microsoft.com/fwlink/p/?LinkID=618035). + +## Manually configure additional security settings + + +**Note**  To enter firmware setup on a Surface device, begin with the device powered off, press and hold the **Volume Up** button, then press and release the **Power** button, then release the **Volume Up** button after the device has begun to boot. + +  + +After the v3.11.760.0 UEFI update is installed on a Surface device, an additional UEFI menu named **Advanced Device Security** becomes available. If you click this menu, the following options are displayed: + +| Option | Description | Available settings (default listed in bold) | +|----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------| +| Network Boot | Enables or disables the ability of your Surface device to boot from the network (also known as PXE boot). | **Enabled**, Not Bootable | +| Side USB | Enables or disables the USB port on the side of the Surface device. Additionally, the USB port can be enabled, but not allow booting. | **Enabled**, Not Bootable, Disabled | +| Docking Port | Enables or disables the ports on the Surface docking station. Additionally, the docking port can be enabled, but block booting from any USB or Ethernet port in the docking station. | **Enabled**, Not Bootable, Disabled | +| Front Camera | Enables or disables the camera on the front of the Surface device. | **Enabled**, Disabled | +| Rear Camera | Enables or disables the camera on the rear of the Surface device. | **Enabled**, Disabled | +| On Board Audio | Enables or disables audio on the Surface device. | **Enabled**, Disabled | +| microSD | Enables or disables the microSD slot on the Surface device. | **Enabled**, Disabled | +| WiFi | Enables or disables the built-in Wi-Fi transceiver in the Surface device. This also disables Bluetooth. | **Enabled**, Disabled | +| Bluetooth | Enables or disables the built-in Bluetooth transceiver in the Surface device. | **Enabled**, Disabled | + +  + +## Automate additional security settings + + +As an IT professional with administrative privileges, you can automate the configuration of UEFI settings by leveraging [Surface Pro 3 Firmware Tools (476 KB)](http://go.microsoft.com/fwlink/p/?LinkID=618038) available from the Microsoft Download Center. These tools install a .NET assembly that can be called from any custom application or script. + +**Prerequisites** + +- The sample scripts below leverage the previously mentioned extension and therefore assume that the tool has been installed on the device being managed. +- The scripts must be run with administrative privilege. +- The Windows PowerShell command [**Set-ExecutionPolicy Unrestricted**](http://go.microsoft.com/fwlink/p/?LinkID=618039) must be called prior to running sample scripts if they are not digitally signed. + +**Sample scripts** + +**Note**  The UEFI password used in the sample scripts below is presented in clear text. We strongly recommend saving the scripts in a protected location and running them in a controlled environment. + +  + +Show all configurable options: + +``` +# Load the extension +[System.Reflection.Assembly]::Load("SurfaceUefiManager, Version=1.0.5483.22783, Culture=neutral, PublicKeyToken=20606f4b5276c705") + +# Get the collection of all configurable settings +$uefiOptions = [Microsoft.Surface.FirmwareOption]::All() + +foreach ($uefiOption in $uefiOptions) +{ + Write-Host "Name:" $uefiOption.Name + Write-Host " Description =" $uefiOption.Description + Write-Host " Current Value =" $uefiOption.CurrentValue + Write-Host " Default Value =" $uefiOption.DefaultValue + Write-Host " Proposed Value =" $uefiOption.ProposedValue + + # This gives usage and validation information + Write-Host " Allowed Values =" $uefiOption.FriendlyRegEx + Write-Host " Regular Expression =" $uefiOption.RegEx + + Write-Host +} +``` + +Set or change UEFI password: + +``` +# Load the extension +[System.Reflection.Assembly]::Load("SurfaceUefiManager, Version=1.0.5483.22783, Culture=neutral, PublicKeyToken=20606f4b5276c705") + +# Must supply UEFI administrator Password if set +# If it is not currently set this is ignored +[Microsoft.Surface.FirmwareOption]::Unlock("1234") + +$Password = [Microsoft.Surface.FirmwareOption]::Find("Password") + +# Set New value to 12345 +$Password.ProposedValue = "12345" +``` + +Check status of proposed changes: + +``` +# Load the extension +[System.Reflection.Assembly]::Load("SurfaceUefiManager, Version=1.0.5483.22783, Culture=neutral, PublicKeyToken=20606f4b5276c705") + +# Check update status +$updateStatus = [Microsoft.Surface.FirmwareOption]::UpdateStatus +$updateIteration = [Microsoft.Surface.FirmwareOption]::UpdateIteration +Write-Host "Last Update Status =" $updateStatus +Write-Host "Last Update Iteration =" $updateIteration + +# Get the individual results for the last proposed update +# If the device has never had an update attempt this will be an empty list +$details = [Microsoft.Surface.FirmwareOption]::UpdateStatusDetails +Write-Host $details.Count "Settings were proposed" +if ($details.Count -gt 0) +{ + Write-Host "Result Details" + foreach ($detail in $details.GetEnumerator()) + { + Write-Host " " $detail.Key "=" $detail.Value + } +} +``` + +Revert UEFI to default values: + +``` +# Load the extension +[System.Reflection.Assembly]::Load("SurfaceUefiManager, Version=1.0.5483.22783, Culture=neutral, PublicKeyToken=20606f4b5276c705") + +# Must supply UEFI administrator Password if set +# If it is not currently set this is ignored +[Microsoft.Surface.FirmwareOption]::Unlock("1234") + +# Get the collection of all configurable settings +$uefiOptions = [Microsoft.Surface.FirmwareOption]::All() + +# Reset all options to the factory default +foreach ($uefiOption in $uefiOptions) +{ + $uefiOption.ProposedValue = $uefiOption.DefaultValue +} +``` + +Status code interpretation + +- 00 - The proposed update was a success +- 02 - One of the proposed values had an invalid value +- 03 - There was a proposed value set that was not recognized +- 0F - The unlock password did not match currently set password + +  + +  + + + + + diff --git a/devices/surface/customize-the-oobe-for-surface-deployments.md b/devices/surface/customize-the-oobe-for-surface-deployments.md new file mode 100644 index 0000000000..73466d6d64 --- /dev/null +++ b/devices/surface/customize-the-oobe-for-surface-deployments.md @@ -0,0 +1,70 @@ +--- +title: Customize the OOBE for Surface deployments (Surface) +description: This article will walk you through the process of customizing the Surface out-of-box experience for end users in your organization. +ms.assetid: F6910315-9FA9-4297-8FA8-2C284A4B1D87 +keywords: ["deploy, customize, automate, deployment, network, Pen, pair, boot"] +ms.prod: W10 +ms.mktglfcycl: deploy +ms.sitesec: library +author: heatherpoulsen +--- + +# Customize the OOBE for Surface deployments + + +This article will walk you through the process of customizing the Surface out-of-box experience for end users in your organization. + +It is common practice in a Windows deployment to customize the user experience for the first startup of deployed computers — the out-of-box experience, or OOBE. + +**Note**   +OOBE is also often used to describe the phase, or configuration pass, of Windows setup during which the user experience is displayed. For more information about the OOBE phase of setup, see [How Configuration Passes Work](http://msdn.microsoft.com/library/windows/hardware/dn898581(v=vs.85).aspx). + +  + +In some scenarios, you may want to provide complete automation to ensure that at the end of a deployment, computers are ready for use without any interaction from the user. In other scenarios, you may want to leave key elements of the experience for users to perform necessary actions or select between important choices. For administrators deploying to Surface devices, each of these scenarios presents a unique challenge to overcome. + +This article provides a summary of the scenarios where a deployment might require additional steps. It also provides the required information to ensure that the desired experience is achieved on any newly deployed Surface device. This article is intended for administrators who are familiar with the deployment process, as well as concepts such as answer files and [reference images](http://go.microsoft.com/fwlink/p/?LinkID=618042). + +**Note**   +Although the OOBE phase of setup is still run during a deployment with an automated deployment solution such as the [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkId=618117) or System Center Configuration Manager Operating System Deployment (OSD), it is automated by the settings supplied in the Deployment Wizard and task sequence. For more information see: + +- [Deploy Windows 10 with the Microsoft Deployment Toolkit](http://technet.microsoft.com/en-us/itpro/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit) + +- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](http://technet.microsoft.com/en-us/itpro/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager) + +  + +## Scenario 1: Wireless networking in OOBE with MDT 2013 + + +When a wireless network adapter is present during OOBE, the **Join a wireless network** page is displayed, which prompts a user to connect to a wireless network. This page is not automatically hidden by deployment technologies, including MDT 2013, and therefore will be displayed even when a deployment is configured for complete automation. + +To ensure that an automated deployment is not stopped by this page, the page must be hidden by configuring an additional setting in the answer file, **HideWirelessSetupInOOBE**. You can find additional information about the **HideWirelessSetupInOOBE** setting in [Unattended Windows Setup Reference](http://go.microsoft.com/fwlink/p/?LinkID=618044). + +## Scenario 2: Surface Pen pairing in OOBE + + +When you first take a Surface Pro 3, Surface Pro 4, or Surface Book out of the package and start it up, the first-run experience of the factory image includes a prompt that asks you to pair the included Surface Pen to the device. This prompt is only provided by the factory image that ships with the device and is not included in other images used for deployment, such as the Windows Enterprise installation media downloaded from the Volume Licensing Service Center. Because pairing the Bluetooth Surface Pen outside of this experience requires that you enter the Control Panel or PC Settings and manually pair a Bluetooth device, you may want to have users or a technician use this prompt to perform the pairing operation. + +To provide the factory Surface Pen pairing experience in OOBE, you must copy four files from the factory Surface image into the reference image. You can copy these files into the reference environment before you capture the reference image, or you can add them later by using Deployment Image Servicing and Management (DISM) to mount the image. The four required files are: + +- %windir%\\system32\\oobe\\info\\default\\1033\\oobe.xml +- %windir%\\system32\\oobe\\info\\default\\1033\\PenPairing\_en-US.png +- %windir%\\system32\\oobe\\info\\default\\1033\\PenError\_en-US.png +- %windir%\\system32\\oobe\\info\\default\\1033\\PenSuccess\_en-US.png + +**Note**   +You should copy the files from a factory image for the same model Surface device that you intend to deploy to. For example, you should use the files from a Surface Pro 3 to deploy to Surface Pro 3, and the files from Surface Book to deploy Surface Book, but you should not use the files from a Surface Pro 3 to deploy Surface Book or Surface Pro 4. + +  + +The step-by-step process for adding these required files to an image is described in [Deploying Surface Pro 3 Pen and OneNote Tips](http://go.microsoft.com/fwlink/p/?LinkID=618045). This blog post also includes tips to ensure that the necessary updates for the Surface Pen Quick Note-Taking Experience are installed, which allows users to send notes to OneNote with a single click. + +  + +  + + + + + diff --git a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md new file mode 100644 index 0000000000..d5de7a0bb0 --- /dev/null +++ b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md @@ -0,0 +1,197 @@ +--- +title: Download the latest firmware and drivers for Surface devices (Surface) +description: This article provides a list of the available downloads for Surface devices and links to download the drivers and firmware for your device. +ms.assetid: 7662BF68-8BF7-43F7-81F5-3580A770294A +keywords: ["update Surface, newest, latest, download, firmware, driver, tablet, hardware, device"] +ms.prod: W10 +ms.mktglfcycl: deploy +ms.sitesec: library +author: heatherpoulsen +--- + +# Download the latest firmware and drivers for Surface devices + + +This article provides a list of the available downloads for Surface devices and links to download the drivers and firmware for your device. + +As easy as it is to keep Surface device drivers and firmware up to date automatically with Windows Update, it is sometimes necessary to download and install updates manually, such as during a Windows deployment. For any situation where you need to install drivers and firmware separately from Windows Update, you can find the files available for download at the Microsoft Download Center. + +On the Microsoft Download Center page for your device, you will find several files available. These files allow you to deploy drivers and firmware in various ways. You can read more about the different deployment methods for Surface drivers and firmware in [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md). + +Driver and firmware updates for Surface devices are released in one of two ways: + +- **Point updates** are released for specific drivers or firmware revisions and provide the latest update for a specific component of the Surface device. + +- **Cumulative updates** provide comprehensive roundups of all of the latest files for the Surface device running that version of Windows. + +Installation files for administrative tools, drivers for accessories, and updates for Windows are also available for some devices and are detailed here in this article. + +**Note**   +To simplify the process of locating drivers for your device, downloads for Surface devices have been reorganized to separate pages for each model. Bookmark the Microsoft Download Center page for your device from the links provided on this page. Many of the filenames contain a placeholder denoted with *xxxxxx*, which identifies the current version number or date of the file. + +  + +Recent additions to the downloads for Surface devices provide you with options to install Windows 10 on your Surface devices and update LTE devices with the latest Windows 10 drivers and firmware. + +**Note**  A battery charge of 40% or greater is required before you install firmware to a Surface device. See [Microsoft Support article KB2909710](http://go.microsoft.com/fwlink/p/?LinkId=618106) for more information. + +  + +## Surface Book + + +Download the following updates [for Surface Book from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=691691). + +- SurfaceBook\_Win10\_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10 + +- Wintab-xxxxx-64-bit.zip – Tablet driver update for all supported x64-based versions of Windows 8.1 + +## Surface Pro 4 + + +Download the following updates for [Surface Pro 4 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=691692). + +- SurfacePro4\_Win10\_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10 + +- Wintab-xxxxx-64-bit.zip – Tablet driver update for all supported x64-based versions of Windows 8.1 + +## Surface Pro 3 + + +Download the following updates [for Surface Pro 3 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690288). + +- SurfacePro3\_Win10\_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10 + +- SurfacePro3\_Win10\_xxxxxx.zip – Cumulative firmware and driver update package for Windows 10 + +- SurfacePro3\_xxxxxx.msi – Cumulative firmware and driver update package for Windows 8.1 Pro + +- SurfacePro3\_xxxxxx.zip – Cumulative firmware and driver update package for Windows 8.1 Pro + +- Surface Firmware Tool.msi – Firmware tools for UEFI management + +- Surface Ethernet Adapter.zip – x64 Ethernet adapter drivers + +- Surface Gigabit Ethernet Adapter.zip – x64 Ethernet adapter drivers + +- Surface Pro 3 AssetTag.zip – UEFI Asset Tag management tool + +- Surface Pro 3 Driver Set.ppkg – Deployment Asset Provisioning Package for Windows 10 + +- Surface Pro 3 KB2978002.zip – Update for Quick Note-Taking Experience feature in Windows 8.1 + +- Wintab-xxxxx-64-bit.zip – Tablet driver update for all supported x64-based versions of Windows 8.1 + +## Surface 3 + + +Download the following updates [for Surface 3 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690289). + +- Surface3\_Win10\_xxxxxx.zip – Cumulative firmware and driver update package for Windows 10 + +- Surface3\_Win8x\_xxxxxx.msi – Cumulative firmware and driver update package for Windows 8.1 Pro + +- Surface3\_Win8x\_xxxxxx.zip – Cumulative firmware and driver update package for Windows 8.1 Pro + +- Surface Ethernet Adapter.zip – x64 Ethernet adapter drivers + +- Surface Gigabit Ethernet Adapter.zip – x64 Ethernet adapter drivers + +- Wintab-xxxxx-64-bit.zip – Tablet driver update for all supported x64-based versions of Windows 8.1 + +## Surface 3 LTE + + +Download the following updates [for AT&T 4G LTE versions of Surface 3 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690290). + +- Surface3\_US1\_Win10\_xxxxxx.msi – Surface 3 LTE AT&T - Cumulative firmware and driver update for locked carrier dependent AT&T devices in the US, running Windows 10 + +- Surface3\_US1\_Win10\_xxxxxx.zip – Surface 3 LTE AT&T - Cumulative firmware and driver update for locked carrier dependent AT&T devices in the US, running Windows 10 + +- Surface3\_US1\_Win8x\_xxxxxx.msi – Surface 3 LTE AT&T - Cumulative firmware and driver update for locked carrier dependent AT&T devices in the US, running Windows 8.1 Pro + +- Surface3\_US1\_Win8x\_xxxxxx.zip – Surface 3 LTE AT&T - Cumulative firmware and driver update for locked carrier dependent AT&T devices in the US, running Windows 8.1 Pro + +- Surface Ethernet Adapter.zip – x64 Ethernet adapter drivers + +- Surface Gigabit Ethernet Adapter.zip – x64 Ethernet adapter drivers + +- Wintab-xxxxx-64-bit.zip – Tablet driver update for all supported x64-based versions of Windows 8.1 + +Download the following updates [for non-AT&T 4G LTE versions of Surface 3 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690291). + +- Surface3\_NAG\_Win10\_xxxxxx.msi – Surface 3 LTE North America - Cumulative firmware and driver update for unlocked carrier independent devices in the US, running Windows 10 + +- Surface3\_NAG\_Win10\_xxxxxx.zip – Surface 3 LTE North America - Cumulative firmware and driver update for unlocked carrier independent devices in the US, running Windows 10 + +- Surface3\_NAG\_Win8x\_xxxxxx.msi – Surface 3 LTE North America - Cumulative firmware and driver update for unlocked carrier independent devices in the US, running Windows 8.1 Pro + +- Surface3\_NAG\_Win8x\_xxxxxx.zip – Surface 3 LTE North America - Cumulative firmware and driver update for unlocked carrier independent devices in the US, running Windows 8.1 Pro + +- Surface Ethernet Adapter.zip – x64 Ethernet adapter drivers + +- Surface Gigabit Ethernet Adapter.zip – x64 Ethernet adapter drivers + +- Wintab-xxxxx-64-bit.zip – Tablet driver update for all supported x64-based versions of Windows 8.1 + +Download the following updates [for 4G LTE Surface 3 versions for regions outside North America from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690292). + +- Surface3\_ROW\_Win10\_xxxxxx.msi – Surface 3 LTE rest of the world cumulative - Cumulative firmware and driver update for carrier independent devices outside of the US, as well as for Japan, running Windows 10 + +- Surface3\_ROW\_Win10\_xxxxxx.zip – Surface 3 LTE rest of the world cumulative - Cumulative firmware and driver update for carrier independent devices outside of the US, as well as for Japan, running Windows 10 + +- Surface3\_ROW\_Win8x\_xxxxxx.msi – Surface 3 LTE rest of the world cumulative - Cumulative firmware and driver update for carrier independent devices outside of the US, as well as for Japan, running Windows 8.1 Pro + +- Surface3\_ROW\_Win8x\_xxxxxx.zip – Surface 3 LTE rest of the world cumulative - Cumulative firmware and driver update for carrier independent devices outside of the US, as well as for Japan, running Windows 8.1 Pro + +- Surface Ethernet Adapter.zip – x64 Ethernet adapter drivers + +- Surface Gigabit Ethernet Adapter.zip – x64 Ethernet adapter drivers + +- Wintab-xxxxx-64-bit.zip – Tablet driver update for all supported x64-based versions of Windows 8.1 + +## Surface Pro 2 + + +Download the following updates [for Surface Pro 2 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690293). + +- SurfacePro2\_Win10\_xxxxxx.zip – Cumulative firmware and driver update package for Windows 10 + +- SurfacePro2\_Win8x\_xxxxxx.zip – Cumulative firmware and driver update package for Windows 8.1 Pro + +- Surface Ethernet Adapter.zip – x64 Ethernet adapter drivers + +- Surface Gigabit Ethernet Adapter.zip – x64 Ethernet adapter drivers + +- Windows8.1-KB2969817-x64.msu – Fixes an issue that causes Surface devices to reboot twice after firmware updates are installed on all supported x64-based versions of Windows 8.1 + +## Surface Pro + + +Download the following updates [for Surface Pro from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690294). + +- SurfacePro\_Win10\_xxxxxx.zip – Cumulative firmware and driver update package for Windows 10 + +- Surface Pro 1 - xxxxxx.zip – Cumulative firmware and driver update package for Windows 8.1 Pro + +- Surface Ethernet Adapter.zip – x64 Ethernet adapter drivers + +- Surface Gigabit Ethernet Adapter.zip – x64 Ethernet adapter drivers + +- Windows8.1-KB2969817-x64.msu – Fixes an issue that causes Surface devices to reboot twice after firmware updates are installed on all supported x64-based versions of Windows 8.1 + +## Surface RT + + +There are no downloadable firmware or driver updates available for Surface RT. Updates can only be applied using Windows Update. + +If you have additional questions on the driver pack and updates, please contact [Microsoft Surface support for business](http://go.microsoft.com/fwlink/p/?LinkId=618107). + +  + +  + + + + + diff --git a/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md b/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md new file mode 100644 index 0000000000..6a6c9f753c --- /dev/null +++ b/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md @@ -0,0 +1,89 @@ +--- +title: Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices (Surface) +description: Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device. +ms.assetid: A281EFA3-1552-467D-8A21-EB151E58856D +keywords: ["network", "wireless", "device", "deploy", "authenticaion", "protocol"] +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +author: heatherpoulsen +--- + +# Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices + + +Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device. + +If you use PEAP, EAP-FAST, or Cisco LEAP in your enterprise network, you probably already know that these three wireless authentication protocols are not supported by Surface devices out of the box. Some users may discover this when they attempt to connect to your wireless network; others may discover it when they are unable to gain access to resources inside the network, like file shares and internal sites. For more information, see [Extensible Authentication Protocol](http://go.microsoft.com/fwlink/p/?LinkId=716899). + +You can add support for each protocol by executing a small MSI package from a USB stick or from a file share. For organizations that want to enable EAP support on their Surface devices, the MSI package format supports deployment with many management and deployment tools, like the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. + +## Download PEAP, EAP-FAST, or Cisco LEAP installation files + + +You can download the MSI installation files for PEAP, EAP-FAST, or Cisco LEAP in a single zip archive file from the Microsoft Download Center. To download this file, go to the [Surface Tools for IT](http://go.microsoft.com/fwlink/p/?LinkId=618121) page on the Microsoft Download Center, click **Download**, and then select the **Cisco EAP-Supplicant Installer.zip** file. + +## Deploy PEAP, EAP-FAST, or Cisco LEAP with MDT + + +If you are already performing a Windows deployment to Surface devices in your organization, it is quick and easy to add the installation files for each protocol to your deployment share and configure automatic installation during deployment. You can even configure a task sequence that updates previously deployed Surface devices to provide support for these protocols using the same process. + +To enable support for PEAP, EAP-FAST, or Cisco LEAP on newly deployed Surface devices, follow these steps: + +1. Download and extract the installation files for each protocol to separate folders in an easily accessible location. + +2. Open the MDT Deployment Workbench and expand your deployment share to the **Applications** folder. + +3. Select **New Application** from the **Action** pane. + +4. Choose **Application with source files** to copy the MSI files into the Deployment Share. + +5. Select the folder you created in step 1 for the desired protocol. + +6. Name the folder in the deployment share where the installation files will be stored. + +7. Specify the command line to deploy the application: + + - For PEAP use **EAP-PEAP.msi /qn /norestart**. + + - For LEAP use **EAP-LEAP.msi /qn /norestart**. + + - For EAP-FAST use **EAP-FAST.msi /qn /norestart**. + +8. Use the default options to complete the New Application Wizard. + +9. Repeat steps 3 through 8 for each desired protocol. + +After you’ve performed these steps to import the three MSI packages as applications into MDT, they will be available for selection in the Applications page of the Windows Deployment Wizard. Although in some simple deployment scenarios it might be sufficient to have technicians select each package at the time of deployment, it is not recommended. This practice introduces the possibility that a technician could attempt to apply these packages to computers other than Surface devices, or that a Surface device could be deployed without EAP support due to human error. + +To hide these applications from the Install Applications page, select the **Hide this application in the Deployment Wizard** checkbox in the properties of each application. After the applications are hidden, they will not be displayed as optional applications during deployment. To deploy them in your Surface deployment task sequence, they must be explicitly defined for installation through a separate step in the task sequence. + +To specify the protocol(s) explicitly, follow these steps: + +1. Open your Surface deployment task sequence properties from the MDT Deployment Workbench. + +2. On the **Task Sequence** tab, select the **Install Applications** step under **State Restore**. This is typically found between the pre-application and post-application Windows Update steps. + +3. Use the **Add** button to create a new **Install Application** step from the **General** category. + +4. Select **Install a single application** in the step **Properties** tab. + +5. Select the desired EAP protocol from the list. + +6. Repeat steps 2 through 5 for each desired protocol. + +## Deploy PEAP, EAP-FAST, or Cisco LEAP with Configuration Manager + + +For organizations that manage Surface devices with Configuration Manager, it is even easier to deploy PEAP, EAP-FAST, or Cisco LEAP support to Surface devices. Simply import each MSI file as an application from the Software Library and configure a deployment to your Surface device collection. + +For more information on how to deploy applications with Configuration Manager see [How to Create Applications in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=761079) and [How to Deploy Applications in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=761080). + +  + +  + + + + + diff --git a/devices/surface/ethernet-adapters-and-surface-device-deployment.md b/devices/surface/ethernet-adapters-and-surface-device-deployment.md new file mode 100644 index 0000000000..14c36f3fdb --- /dev/null +++ b/devices/surface/ethernet-adapters-and-surface-device-deployment.md @@ -0,0 +1,91 @@ +--- +title: Ethernet adapters and Surface deployment (Surface) +description: This article provides guidance and answers to help you perform a network deployment to Surface devices. +ms.assetid: 5273C59E-6039-4E50-96B3-426BB38A64C0 +keywords: ["ethernet, deploy, removable, network, connectivity, boot, firmware, device, adapter, PXE boot, USB"] +ms.prod: W10 +ms.mktglfcycl: deploy +ms.sitesec: library +author: heatherpoulsen +--- + +# Ethernet adapters and Surface deployment + + +This article provides guidance and answers to help you perform a network deployment to Surface devices. + +Network deployment to Surface devices can pose some unique challenges for system administrators. Due to the lack of a native wired Ethernet adapter, administrators must provide connectivity through a removable Ethernet adapter. + +## Select an Ethernet adapter for Surface devices + + +Before you can address the concerns of how you will boot to your deployment environment or how devices will be recognized by your deployment solution, you have to use a wired network adapter. + +The primary concern when selecting an Ethernet adapter is how that adapter will boot your Surface device from the network. If you are pre-staging clients with Windows Deployment Services (WDS) or if you are using System Center Configuration Manager, you may also want to consider whether the removable Ethernet adapters will be dedicated to a specific Surface device or shared among multiple devices. See the [Manage MAC addresses with removable Ethernet adapters](#manage-mac-addresses) section of this article for more information on potential conflicts with shared adapters. + +Booting from the network (PXE boot) is only supported when you use an Ethernet adapter or docking station from Microsoft. To boot from the network, the chipset in the Ethernet adapter or dock must be detected and configured as a boot device in the firmware of the Surface device. Microsoft Ethernet adapters, such as the Surface Ethernet Adapter and the [Surface Dock](http://go.microsoft.com/fwlink/p/?LinkId=722364) use a chipset that is compatible with the Surface firmware. + +The following Ethernet devices are supported for network boot with Surface devices: + +- Surface USB to Ethernet adapter + +- Surface USB 3.0 Ethernet adapter + +- Surface Dock + +- Surface 3 Docking Station + +- Surface Pro 3 Docking Station + +- Docking Station for Surface Pro and Surface Pro 2 + +Third-party Ethernet adapters are also supported for network deployment, although they do not support PXE boot. To use a third-party Ethernet adapter, you must load the drivers into the deployment boot image and you must launch that boot image from a separate storage device, such as a USB stick. + +## Boot Surface devices from the network + + +To boot from the network or a connected USB stick, you must instruct the Surface device to boot from an alternate boot device. You can alter the boot order in the system firmware to prioritize USB boot devices, or you can instruct it to boot from an alternate boot device during the boot up process. + +To boot a Surface device from an alternative boot device, follow these steps: + +1. Ensure the Surface device is powered off. +2. Press and hold the **Volume Down** button. +3. Press and release the **Power** button. +4. After the system begins to boot from the USB stick or Ethernet adapter, release the **Volume Down** button. + +**Note**  In addition to an Ethernet adapter, a keyboard must also be connected to the Surface device to enter the preinstallation environment and navigate the deployment wizard. + +  + +To support booting from the network in a Windows Preinstallation Environment (WinPE), such as is used in the Microsoft Deployment Toolkit and Configuration Manager, you must add drivers for the Ethernet adapter to WinPE. You can download the drivers for Surface Ethernet adapters from the Microsoft Download Center page for your specific device. For a list of the available downloads for Surface devices, see [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md). + +## Manage MAC addresses with removable Ethernet adapters + + +Another consideration for administrators performing Windows deployment over the network is how you will identify computers when you use the same Ethernet adapter to deploy to more than one computer. A common identifier used by deployment technologies is the Media Access Control (MAC) address that is associated with each Ethernet adapter. However, when you use the same Ethernet adapter to deploy to multiple computers, you cannot use a deployment technology that inspects MAC addresses because there is no way to differentiate the MAC address of the removable adapter when used on the different computers. + +The simplest solution to avoid MAC address conflicts is to provide a dedicated removable Ethernet adapter for each Surface device. This can make sense in many scenarios where the Ethernet adapter or the additional functionality of the docking station will be used regularly. However, not all scenarios call for the additional connectivity of a docking station or support for wired networks. + +Another potential solution to avoid conflict when adapters are shared is to use the [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkId=618117) to perform deployment to Surface devices. MDT does not use the MAC address to identify individual computers and thus is not subject to this limitation. However, MDT does use Windows Deployment Services to provide PXE boot functionality, and is subject to the limitations regarding pre-staged clients which is covered later in this section. + +When you use a shared adapter for deployment, the solution for affected deployment technologies is to use another means to identify unique systems. For Configuration Manager and WDS, both of which can be affected by this issue, the solution is to use the System Universal Unique Identifier (System UUID) that is embedded in the computer firmware by the computer manufacturer. For Surface devices, you can see this entry in the computer firmware under **Device Information**. + +To access the firmware of a Surface device, follow these steps: + +1. Ensure the Surface device is powered off. +2. Press and hold the **Volume Up** button. +3. Press and release the **Power** button. +4. After the device begins to boot, release the **Volume Up** button. + +When deploying with WDS, the MAC address is only used to identify a computer when the deployment server is configured to respond only to known, pre-staged clients. When pre-staging a client, an administrator creates a computer account in Active Directory and defines that computer by the MAC address or the System UUID. To avoid the identity conflicts caused by shared Ethernet adapters, you should use [System UUID to define pre-staged clients](http://go.microsoft.com/fwlink/p/?LinkId=618118). Alternatively, you can configure WDS to respond to unknown clients that do not require definition by either MAC address or System UUID by selecting the **Respond to all client computers (known and unknown)** option on the [**PXE Response** tab](http://go.microsoft.com/fwlink/p/?LinkId=618119) in **Windows Deployment Server Properties**. + +The potential for conflicts with shared Ethernet adapters is much higher with Configuration Manager. Where WDS only uses MAC addresses to define individual systems when configured to do so, Configuration Manager uses the MAC address to define individual systems whenever performing a deployment to new or unknown computers. This can result in improperly configured devices or even the inability to deploy more than one system with a shared Ethernet adapter. There are several potential solutions for this situation that are described in detail in the [How to Use The Same External Ethernet Adapter For Multiple SCCM OSD](http://go.microsoft.com/fwlink/p/?LinkId=618120) blog post on the Ask Premier Field Engineering (PFE) Platforms TechNet blog. + +  + +  + + + + + diff --git a/devices/surface/images/data-eraser-3.png b/devices/surface/images/data-eraser-3.png new file mode 100644 index 0000000000..eed3836aa7 Binary files /dev/null and b/devices/surface/images/data-eraser-3.png differ diff --git a/devices/surface/images/dataeraser-complete-process.png b/devices/surface/images/dataeraser-complete-process.png new file mode 100644 index 0000000000..c7d0ee1d09 Binary files /dev/null and b/devices/surface/images/dataeraser-complete-process.png differ diff --git a/devices/surface/images/dataeraser-start-tool.png b/devices/surface/images/dataeraser-start-tool.png new file mode 100644 index 0000000000..a727d8a870 Binary files /dev/null and b/devices/surface/images/dataeraser-start-tool.png differ diff --git a/devices/surface/images/dataeraser-usb-selection.png b/devices/surface/images/dataeraser-usb-selection.png new file mode 100644 index 0000000000..6c5382c7b0 Binary files /dev/null and b/devices/surface/images/dataeraser-usb-selection.png differ diff --git a/devices/surface/images/manage-surface-dock-fig1-updateprocess.png b/devices/surface/images/manage-surface-dock-fig1-updateprocess.png new file mode 100644 index 0000000000..e779fa33ef Binary files /dev/null and b/devices/surface/images/manage-surface-dock-fig1-updateprocess.png differ diff --git a/devices/surface/images/sda-fig1-select-steps.png b/devices/surface/images/sda-fig1-select-steps.png new file mode 100644 index 0000000000..15e6e64edc Binary files /dev/null and b/devices/surface/images/sda-fig1-select-steps.png differ diff --git a/devices/surface/images/sda-fig2-specify-local.png b/devices/surface/images/sda-fig2-specify-local.png new file mode 100644 index 0000000000..24d002bc50 Binary files /dev/null and b/devices/surface/images/sda-fig2-specify-local.png differ diff --git a/devices/surface/images/sda-fig5-erase.png b/devices/surface/images/sda-fig5-erase.png new file mode 100644 index 0000000000..cf8abe7dce Binary files /dev/null and b/devices/surface/images/sda-fig5-erase.png differ diff --git a/devices/surface/images/sdasteps-fig1.png b/devices/surface/images/sdasteps-fig1.png new file mode 100644 index 0000000000..2f83597305 Binary files /dev/null and b/devices/surface/images/sdasteps-fig1.png differ diff --git a/devices/surface/images/sdasteps-fig10-rules.png b/devices/surface/images/sdasteps-fig10-rules.png new file mode 100644 index 0000000000..581c6f1492 Binary files /dev/null and b/devices/surface/images/sdasteps-fig10-rules.png differ diff --git a/devices/surface/images/sdasteps-fig11-bootstrap.ini.png b/devices/surface/images/sdasteps-fig11-bootstrap.ini.png new file mode 100644 index 0000000000..64a4bd9aad Binary files /dev/null and b/devices/surface/images/sdasteps-fig11-bootstrap.ini.png differ diff --git a/devices/surface/images/sdasteps-fig12-updatemedia.png b/devices/surface/images/sdasteps-fig12-updatemedia.png new file mode 100644 index 0000000000..01a677ba02 Binary files /dev/null and b/devices/surface/images/sdasteps-fig12-updatemedia.png differ diff --git a/devices/surface/images/sdasteps-fig13-taskseq.png b/devices/surface/images/sdasteps-fig13-taskseq.png new file mode 100644 index 0000000000..1fe51f0b60 Binary files /dev/null and b/devices/surface/images/sdasteps-fig13-taskseq.png differ diff --git a/devices/surface/images/sdasteps-fig14-credentials.png b/devices/surface/images/sdasteps-fig14-credentials.png new file mode 100644 index 0000000000..d2944325f4 Binary files /dev/null and b/devices/surface/images/sdasteps-fig14-credentials.png differ diff --git a/devices/surface/images/sdasteps-fig15-deploy.png b/devices/surface/images/sdasteps-fig15-deploy.png new file mode 100644 index 0000000000..14cc461225 Binary files /dev/null and b/devices/surface/images/sdasteps-fig15-deploy.png differ diff --git a/devices/surface/images/sdasteps-fig16-computername.png b/devices/surface/images/sdasteps-fig16-computername.png new file mode 100644 index 0000000000..1960c5b138 Binary files /dev/null and b/devices/surface/images/sdasteps-fig16-computername.png differ diff --git a/devices/surface/images/sdasteps-fig17-installprogresswindow.png b/devices/surface/images/sdasteps-fig17-installprogresswindow.png new file mode 100644 index 0000000000..ab2c456857 Binary files /dev/null and b/devices/surface/images/sdasteps-fig17-installprogresswindow.png differ diff --git a/devices/surface/images/sdasteps-fig2.png b/devices/surface/images/sdasteps-fig2.png new file mode 100644 index 0000000000..4edeb35ca3 Binary files /dev/null and b/devices/surface/images/sdasteps-fig2.png differ diff --git a/devices/surface/images/sdasteps-fig3.png b/devices/surface/images/sdasteps-fig3.png new file mode 100644 index 0000000000..728ddab514 Binary files /dev/null and b/devices/surface/images/sdasteps-fig3.png differ diff --git a/devices/surface/images/sdasteps-fig4-select.png b/devices/surface/images/sdasteps-fig4-select.png new file mode 100644 index 0000000000..48f7d695a2 Binary files /dev/null and b/devices/surface/images/sdasteps-fig4-select.png differ diff --git a/devices/surface/images/sdasteps-fig5-installwindow.png b/devices/surface/images/sdasteps-fig5-installwindow.png new file mode 100644 index 0000000000..66f1814146 Binary files /dev/null and b/devices/surface/images/sdasteps-fig5-installwindow.png differ diff --git a/devices/surface/images/sdasteps-fig6-specify-driver-app-files.png b/devices/surface/images/sdasteps-fig6-specify-driver-app-files.png new file mode 100644 index 0000000000..7c6750a0c8 Binary files /dev/null and b/devices/surface/images/sdasteps-fig6-specify-driver-app-files.png differ diff --git a/devices/surface/images/sdasteps-fig7-diskpart.png b/devices/surface/images/sdasteps-fig7-diskpart.png new file mode 100644 index 0000000000..70b517f3f1 Binary files /dev/null and b/devices/surface/images/sdasteps-fig7-diskpart.png differ diff --git a/devices/surface/images/sdasteps-fig8-mediafolder.png b/devices/surface/images/sdasteps-fig8-mediafolder.png new file mode 100644 index 0000000000..f6a862e60f Binary files /dev/null and b/devices/surface/images/sdasteps-fig8-mediafolder.png differ diff --git a/devices/surface/images/sdasteps-fig9-location.png b/devices/surface/images/sdasteps-fig9-location.png new file mode 100644 index 0000000000..c8247de908 Binary files /dev/null and b/devices/surface/images/sdasteps-fig9-location.png differ diff --git a/devices/surface/images/surfacedockupdater-fig1-uptodate-568pix.png b/devices/surface/images/surfacedockupdater-fig1-uptodate-568pix.png new file mode 100644 index 0000000000..900ffd9269 Binary files /dev/null and b/devices/surface/images/surfacedockupdater-fig1-uptodate-568pix.png differ diff --git a/devices/surface/images/surfacedockupdater-fig2a-needsupdating.png b/devices/surface/images/surfacedockupdater-fig2a-needsupdating.png new file mode 100644 index 0000000000..4c690e0a7f Binary files /dev/null and b/devices/surface/images/surfacedockupdater-fig2a-needsupdating.png differ diff --git a/devices/surface/images/surfacedockupdater-fig3-progress.png b/devices/surface/images/surfacedockupdater-fig3-progress.png new file mode 100644 index 0000000000..aa56e090e9 Binary files /dev/null and b/devices/surface/images/surfacedockupdater-fig3-progress.png differ diff --git a/devices/surface/images/surfacedockupdater-fig4-disconnect.png b/devices/surface/images/surfacedockupdater-fig4-disconnect.png new file mode 100644 index 0000000000..4892dce1ba Binary files /dev/null and b/devices/surface/images/surfacedockupdater-fig4-disconnect.png differ diff --git a/devices/surface/images/surfacedockupdater-fig5-success.png b/devices/surface/images/surfacedockupdater-fig5-success.png new file mode 100644 index 0000000000..790ff235e9 Binary files /dev/null and b/devices/surface/images/surfacedockupdater-fig5-success.png differ diff --git a/devices/surface/images/surfacedockupdater-fig6-countdown.png b/devices/surface/images/surfacedockupdater-fig6-countdown.png new file mode 100644 index 0000000000..fa208e0e4a Binary files /dev/null and b/devices/surface/images/surfacedockupdater-fig6-countdown.png differ diff --git a/devices/surface/images/surfacedockupdater-fig7-error.png b/devices/surface/images/surfacedockupdater-fig7-error.png new file mode 100644 index 0000000000..c18ef16b4c Binary files /dev/null and b/devices/surface/images/surfacedockupdater-fig7-error.png differ diff --git a/devices/surface/images/surfacedockupdater-fig8-737test.png b/devices/surface/images/surfacedockupdater-fig8-737test.png new file mode 100644 index 0000000000..c101313b96 Binary files /dev/null and b/devices/surface/images/surfacedockupdater-fig8-737test.png differ diff --git a/devices/surface/index.md b/devices/surface/index.md new file mode 100644 index 0000000000..fb08705db4 --- /dev/null +++ b/devices/surface/index.md @@ -0,0 +1,96 @@ +--- +title: Surface (Surface) +description: . +ms.assetid: 2a6aec85-b8e2-4784-8dc1-194ed5126a04 +ms.prod: W10 +ms.mktglfcycl: manage +ms.sitesec: library +author: heatherpoulsen +--- + +# Surface + + +## Purpose + + +This library provides guidance to help you deploy Windows on Surface devices, keep those devices up to date, and easily manage and support Surface devices in your organization. +## In this section + + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
TopicDescription

[Advanced UEFI security features for Surface](advanced-uefi-security-features-for-surface.md)

This article describes how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices.

[Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md)

This article will walk you through the process of customizing the Surface out-of-box experience for end users in your organization.

[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)

This article provides a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.

[Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md)

Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device.

[Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md)

This article provides guidance and answers to help you perform a network deployment to Surface devices.

[Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md)

Read about the different methods you can use to manage the process of Surface Dock firmware updates.

[Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)

This article describes the available options to manage firmware and driver updates for Surface devices.

[Surface Data Eraser](microsoft-surface-data-eraser.md)

Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.

[Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)

Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices.

[Surface Diagnostic Toolkit](surface-diagnostic-toolkit.md)

Find out how you can use the Microsoft Surface Diagnostic Toolkit to test the hardware of your Surface device.

[Surface Dock Updater](surface-dock-updater.md)

This article provides a detailed walkthrough of Microsoft Surface Dock Updater.

+ +  + +## Related topics + + +[Surface TechCenter](https://technet.microsoft.com/windows/surface) + +[Surface for IT pros blog](http://blogs.technet.com/b/surface/) + +  + +  + + + + + diff --git a/devices/surface/manage-surface-dock-firmware-updates.md b/devices/surface/manage-surface-dock-firmware-updates.md new file mode 100644 index 0000000000..be1d2e63f1 --- /dev/null +++ b/devices/surface/manage-surface-dock-firmware-updates.md @@ -0,0 +1,118 @@ +--- +title: Manage Surface Dock firmware updates (Surface) +description: Read about the different methods you can use to manage the process of Surface Dock firmware updates. +ms.assetid: 86DFC0C0-C842-4CD1-A2D7-4425471FFE3F +ms.prod: W10 +ms.mktglfcycl: manage +ms.sitesec: library +author: heatherpoulsen +--- + +# Manage Surface Dock firmware updates + + +Read about the different methods you can use to manage the process of Surface Dock firmware updates. + +The Surface Dock provides external connectivity to Surface devices through a single cable connection that includes Power, Ethernet, Audio, USB 3.0, and DisplayPort. The numerous connections provided by the Surface Dock are enabled by a smart chipset within the Surface Dock device. Like a Surface device’s chipset, the chipset that is built into the Surface Dock is controlled by firmware. + +Like the firmware for Surface devices, firmware for Surface Dock is also contained within a downloaded driver that is visible in Device Manager. This driver stages the firmware update files on the Surface device. When a Surface Dock is connected and the driver is loaded, the newer version of the firmware staged by the driver is detected and firmware files are copied to the Surface Dock. The Surface Dock then begins a two-phase process to apply the firmware internally. Each phase requires the Surface Dock to be disconnected from the Surface device before the firmware is applied. The driver copies the firmware into the dock, but only applies it when the user disconnects the Surface device from the Surface Dock. This ensures that there are no disruptions because the firmware is only applied when the user leaves their desk with the device. + +**Note**   +You can learn more about the firmware update process for Surface devices and how firmware is updated through driver installation at the following links: + +- [How to manage and update your drivers and firmware for Surface](http://go.microsoft.com/fwlink/p/?LinkId=785353) from Microsoft Mechanics + +- [Windows Update Makes Surface Better](http://go.microsoft.com/fwlink/p/?LinkId=785354)on the Microsoft Devices Blog + +  + +The Surface Dock firmware update process shown in Figure 1 follows these steps: + +1. Drivers for Surface Dock are installed on Surface devices that are connected, or have been previously connected, to a Surface Dock. + +2. The drivers for Surface Dock are loaded when a Surface Dock is connected to the Surface device. + +3. The firmware version installed in the Surface Dock is compared with the firmware version staged by the Surface Dock driver. + +4. If the firmware version on the Surface Dock is older than the firmware version contained in the Surface Dock driver, the main chipset firmware update files are copied from the driver to the Surface Dock. + +5. When the Surface Dock is disconnected, the Surface Dock installs the firmware update to the main chipset. + +6. When the Surface Dock is connected again, the main chipset firmware is verified against the firmware present in the Surface Dock driver. + +7. If the firmware update for the main chipset is installed successfully, the Surface Dock driver copies the firmware update for the DisplayPort. + +8. When the Surface Dock is disconnected for a second time, the Surface dock installs the firmware update to the DisplayPort chipset. This process takes up to 3 minutes to apply. + +![figure 1](images/manage-surface-dock-fig1-updateprocess.png) + +*1- Driver installation can be performed by Windows Update, manual installation, or automatically downloaded with Microsoft Surface Dock Updater* + +*2 - The Surface Dock firmware installation process takes approximately 3 minutes* + +Figure 1. The Surface Dock firmware update process + +If the firmware installation process is interrupted (for example, if power is disconnected from the Surface Dock during firmware installation), the Surface Dock will automatically revert to the prior firmware without disruption to the user, and the update process will restart the next time the Surface Dock is disconnected. For most users this update process should be entirely transparent. + +## Methods for updating Surface Dock firmware + + +There are three methods you can use to update the firmware of the Surface Dock: + +- [Automatic installation of drivers with Windows Update](#automatic-installation) + +- [Deployment of drivers downloaded from the Microsoft Download Center](#deployment-dlc) + +- [Manually update with Microsoft Surface Dock Updater](#manual-updater) + +## Automatic installation with Windows Update + + +Windows Update is the method that most users will use. The drivers for the Surface Dock are downloaded automatically from Windows Update and the dock update process is initiated without additional user interaction. The two-phase dock update process described earlier occurs in the background as the user connects and disconnects the Surface Dock during normal use. + +**Note**   +The driver version that is displayed in Device Manager may be different from the firmware version that the Surface Dock is using. + +  + +## Deployment of drivers downloaded from the Microsoft Download Center + + +This method is used mostly in environments where Surface device drivers and firmware are managed separately from Windows Update. See [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md) for more information about the different methods to manage Surface device driver and firmware updates. Updating the Surface Dock firmware through this method involves downloading and deploying an MSI package to the Surface device that contains the updated Surface Dock drivers and firmware. This is the same method recommended for updating all other Surface drivers and firmware. The two-phase firmware update process occurs in the background each time the Surface Dock is disconnected, just like it does with the Windows Update method. + +For more information about how to deploy MSI packages see [Create and deploy an application with System Center Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=785355). + +**Note**   +When drivers are installed through Windows Update or the MSI package, registry keys are added that indicate the version of firmware installed on the Surface Dock and contained within the Surface Dock driver. These registry keys can be found in: + +**HLKM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\SurfaceDockFwUpdate\\Parameters** + +Firmware status is displayed for both the main chipset (displayed as **Component10**) and the DisplayPort chipset (displayed as **Component20**). For each chipset there are four keys, where *xx* is **10** or **20** corresponding to each chipset: + +- **Component*xx*CurrentFwVersion** – This key displays the version of firmware that is installed on the currently connected or most recently connected Surface Dock. + +- **Component*xx*OfferFwVersion** – This key displays the version of firmware staged by the Surface Dock driver. + +- **Component*xx*FirmwareUpdateStatus** – This key displays the stage of the Surface Dock firmware update process. + +- **Component*xx*FirmwareUpdateStatusRejectReason** – This key changes as the firmware update is processed. It should result in 0 after the successful installation of Surface Dock firmware. + +These registry keys are not present unless you have installed updated Surface Dock drivers through Windows Update or MSI deployment. + +  + +## Manually update with Microsoft Surface Dock Updater + + +The manual method using the Microsoft Surface Dock Updater tool to update the Surface Dock is used mostly in environments where IT prepares Surface Docks prior to delivery to the end user, or for troubleshooting of a Surface Dock. Microsoft Surface Dock Updater is a tool that you can run from any Surface device that is compatible with the Surface Dock, and will walk you through the process of performing the Surface Dock firmware update in the least possible amount of time. You can also use this tool to verify the firmware status of a connected Surface Dock. + +For more information about how to use the Microsoft Surface Dock Updater tool, please see [Microsoft Surface Dock Updater](surface-dock-updater.md). You can download the Microsoft Surface Dock Updater tool from the [Surface Tools for IT page](http://go.microsoft.com/fwlink/p/?LinkId=618121) on the Microsoft Download Center. + +  + +  + + + + + diff --git a/devices/surface/manage-surface-pro-3-firmware-updates.md b/devices/surface/manage-surface-pro-3-firmware-updates.md new file mode 100644 index 0000000000..7a8b380b8b --- /dev/null +++ b/devices/surface/manage-surface-pro-3-firmware-updates.md @@ -0,0 +1,70 @@ +--- +title: Manage Surface driver and firmware updates (Surface) +description: This article describes the available options to manage firmware and driver updates for Surface devices. +ms.assetid: CD1219BA-8EDE-4BC8-BEEF-99B50C211D73 +keywords: ["Surface, Surface Pro 3, firmware, update, device, manage, deploy, driver, USB"] +ms.prod: W10 +ms.mktglfcycl: manage +ms.sitesec: library +author: heatherpoulsen +--- + +# Manage Surface driver and firmware updates + + +This article describes the available options to manage firmware and driver updates for Surface devices. + +For a list of the available downloads for Surface devices and links to download the drivers and firmware for your device, see [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md). + +On Surface devices, the firmware is exposed to the operating system as a driver and is visible in Device Manager. This allows a Surface device firmware to be automatically updated along with all drivers through Windows Update. This mechanism provides a seamless, automatic experience to receive the latest firmware and driver updates. Although automatic updating is easy for end users, updating firmware and drivers automatically may not always apply to organizations and businesses. Automatic updates with Windows Update may not be applicable where updates are carefully managed, or when you deploy a new operating system to a Surface device. + +## Methods for firmware deployment + + +Although firmware is provided automatically by Windows Update for computers that receive updates directly from Microsoft, in environments where updates are carefully managed by using Windows Server Update Services (WSUS), updating the firmware through Windows Update is not supported. For managed environments, there are a number of options you can use to deploy firmware updates. + +**Windows Update** + +The simplest solution to ensure that firmware on Surface devices in your organization is kept up to date is to allow Surface devices to receive updates directly from Microsoft. You can implement this solution easily by excluding Surface devices from Group Policy that directs computers to receive updates from WSUS. + +Although this solution ensures that firmware will be updated as new releases are made available to Windows Update, it does present potential drawbacks. Each Surface device that receives Windows Updates directly will separately download each update rather than accessing a central location, which increases demand on Internet connectivity and bandwidth. Updates are also provided automatically to devices, without being subjected to testing or review by administrators. + +For details about Group Policy for client configuration of WSUS or Windows Update, see [Step 5: Configure Group Policy Settings for Automatic Updates](http://go.microsoft.com/fwlink/p/?LinkId=618172). + +**Windows Installer Package** + +The firmware and driver downloads for Surface devices now include MSI installation files for firmware and driver updates. These MSI packages can be deployed with utilities that support application deployment, including the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. This solution allows for centralized deployment and for administrators to test and review firmware updates before they are deployed. For more information about the MSI package delivery method for firmware and driver updates, including details on what drivers are updated by the package and why certain drivers and firmware are not updated by the MSI package, see the [Surface Pro 3 MSI Now Available](http://go.microsoft.com/fwlink/p/?LinkId=618173) blog post. + +For instructions on how to deploy with System Center Configuration Manager, refer to [How to Deploy Applications in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=618175). For deployment of applications with MDT, see [Step 4: Add an application in the Deploy a Windows 8.1 Image Using MDT 2013](http://go.microsoft.com/fwlink/p/?LinkId=618176). Note that you can deploy applications separately from an operating system deployment through MDT by using a Post OS Installation task sequence. + +**Provisioning packages** + +New in Windows 10, provisioning packages (PPKG files) provide a simple method to apply a configuration to a destination device. You can find out more about provisioning packages, including instructions for how to create your own, in [Provisioning packages](http://go.microsoft.com/fwlink/p/?LinkId=761075). For easy application of a complete set of drivers and firmware to devices running Windows 10, a provisioning package is supplied for Surface Pro 3 devices. This file contains all of the instructions and required assets to update a Surface Pro 3 device with Windows 10 to the latest drivers and firmware. + +**Windows PowerShell** + +Another method you can use to update the firmware when Windows Updates are managed in the organization is to install the firmware from the firmware and driver pack by using PowerShell. This method allows for a similar deployment experience to the Windows Installer package and can similarly be deployed as a package by using System Center Configuration Manager. You can find the PowerShell script and details on how to perform the firmware deployment in the [Deploying Drivers and Firmware to Surface Pro](http://go.microsoft.com/fwlink/p/?LinkId=618177) blog post. + +## Operating system deployment considerations + + +The deployment of firmware updates during an operating system deployment is a straightforward process. The firmware and driver pack can be imported into either System Center Configuration Manager or MDT, and are used to deploy a fully updated environment, complete with firmware, to a target Surface device. For a complete step-by-step guide for deployment to Surface Pro 3 using either Configuration Manager or MDT, download the [Deployment and Administration Guide for Surface Pro 3](http://go.microsoft.com/fwlink/p/?LinkId=618178) from the Microsoft Download Center. + +The individual driver files are also made available in the Microsoft Download Center if you are using deployment tools. The driver files are available in the ZIP archive file in the list of available downloads for your device. + +**Windows PE and Surface firmware and drivers** + +A best practice for deployment with any solution that uses the Windows Preinstallation Environment (WinPE), such as System Center Configuration Manager or MDT, is to configure WinPE with only the drivers that are required during the WinPE stage of deployment. These usually include drivers for network adapters and storage controllers. This best practice helps to prevent errors with more complex drivers that rely on components that are not present in WinPE. For Surface Pro 3 devices, this is especially true of the Touch Firmware. The Touch Firmware should never be loaded in a WinPE environment on Surface Pro 3. + +**Update Surface Pro 3 firmware offline through USB** + +In some early versions of Surface Pro 3 firmware, PXE boot performance can be quite slow. This has been resolved with updated firmware, but for organizations where firmware will be updated through operating system deployment, this issue is encountered before the updates can be deployed to the device. In this scenario, you can deploy updated firmware through a USB drive to ensure that when the operating system deployment is initiated, the network boot is quick, and deployment can complete in a timely fashion. To create a USB drive to update Surface Pro 3 firmware, see [How to Update the Surface Pro 3 Firmware Offline using a USB Drive](http://go.microsoft.com/fwlink/p/?LinkId=618189) on the Ask Premier Field Engineering (PFE) Platforms TechNet Blog. + +  + +  + + + + + diff --git a/devices/surface/microsoft-surface-data-eraser.md b/devices/surface/microsoft-surface-data-eraser.md new file mode 100644 index 0000000000..bf0348511d --- /dev/null +++ b/devices/surface/microsoft-surface-data-eraser.md @@ -0,0 +1,149 @@ +--- +title: Microsoft Surface Data Eraser (Surface) +description: Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices. +ms.assetid: 8DD3F9FE-5458-4467-BE26-E9200341CF10 +keywords: ["tool", "USB", "data", "erase"] +ms.prod: W10 +ms.mktglfcycl: manage +ms.sitesec: library +author: heatherpoulsen +--- + +# Microsoft Surface Data Eraser + + +Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices. + +[Microsoft Surface Data Eraser](http://go.microsoft.com/fwlink/p/?LinkId=691148) is a tool that boots from a USB stick and allows you to perform a secure wipe of all data from a compatible Surface device. A Microsoft Surface Data Eraser USB stick requires only the ability to boot from USB. The USB tool is easy to create by using the provided wizard, the Microsoft Surface Data Eraser Wrapper, and is easy to use with a simple graphic interface, no command line needed. To learn more about the data wiping capabilities and practices Microsoft uses during the service process for Surface, see [Protecting your data if you send your Surface in for service](http://go.microsoft.com/fwlink/p/?LinkId=691222). + +Compatible Surface devices include: + +- Surface Book + +- Surface Pro 4 + +- Surface Pro3 + +- Surface 3 + +- Surface 3 LTE + +- Surface Pro 2 + +Some scenarios where Microsoft Surface Data Eraser can be helpful include: + +- Prepare a Surface device to be sent for repair + +- Decommission a Surface device to be removed from corporate or organizational use + +- Repurpose a Surface device for use in a new department or for use by a new user + +- Standard practice when performing reimaging for devices used with sensitive data + +**Note**   +Third-party devices, Surface devices running Windows RT (including Surface and Surface 2), and Surface Pro are not compatible with Microsoft Surface Data Eraser. + +  + +**Note**   +Because the ability to boot to USB is required to run Microsoft Surface Data Eraser, if the device is not configured to boot from USB or if the device is unable to boot or POST successfully, the Microsoft Surface Data Eraser tool will not function. + +  + +## How to create a Microsoft Surface Data Eraser USB stick + + +To create a Microsoft Surface Data Eraser USB stick, first install the Microsoft Surface Data Eraser setup tool from the Microsoft Download Center using the link provided at the beginning of this article. You do not need a Surface device to *create* the USB stick. After you have downloaded the installation file to your computer, follow these steps to install the Microsoft Surface Data Eraser creation tool: + +1. Run the DataEraserSetup.msi installation file that you downloaded from the Microsoft Download Center. + +2. Select the check box to accept the terms of the license agreement, and then click **Install**. + +3. Click **Finish** to close the Microsoft Surface Data Eraser setup window. + +After the creation tool is installed, follow these steps to create a Microsoft Surface Data Eraser USB stick. Before you begin these steps, ensure that you have a USB 3.0 stick that is 4 GB or larger connected to the computer. + +1. Start Microsoft Surface Data Eraser from the Start menu or Start screen. + +2. Click **Build** to begin the Microsoft Surface Data Eraser USB creation process. + +3. Click **Start** to acknowledge that you have a USB stick of at least 4 GB connected, as shown in Figure 1. + + ![figure 1](images/dataeraser-start-tool.png) + + Figure 1. Start the Microsoft Surface Data Eraser tool + +4. Select the USB drive of your choice from the **USB Thumb Drive Selection** page as shown in Figure 2, and then click **Start** to begin the USB creation process. The drive you select will be formatted and any existing data on this drive will be lost. + + **Note**   + If the Start button is disabled, check that your removable drive has a total capacity of at least 4 GB. + +   + + ![figure 2](images/dataeraser-usb-selection.png) + + Figure 2. USB thumb drive selection + +5. After the creation process is finished, the USB drive has been formatted and all binaries are copied to the USB drive. Click **Success**. + +6. When the **Congratulations** screen is displayed, you can eject and remove the thumb drive. This thumb drive is now ready to be inserted into a Surface device, booted from, and wipe any data on the device. Click **Complete** to finish the USB creation process, as shown in Figure 3. + + ![figure 3](images/dataeraser-complete-process.png) + + Figure 3. Complete the Microsoft Surface Data Eraser USB creation process + +7. Click **X** to close Microsoft Surface Data Eraser. + +## How to use a Microsoft Surface Data Eraser USB stick + + +After you create a Microsoft Surface Data Eraser USB stick, you can boot a supported Surface device from the USB stick by following this procedure: + +1. Insert the bootable Microsoft Surface Data Eraser USB stick into the supported Surface device. + +2. Ensure your system firmware is set to boot to USB. To enter the firmware settings: + + 1. Turn off your Surface device. + + 2. Press and hold the **Volume Up** button. + + 3. Press and release the **Power** button. + + 4. Release the **Volume Up** button. + +3. When the Surface device boots, a **SoftwareLicenseTerms** text file is displayed. + + ![](images/data-eraser-3.png) + + Figure 4. Booting the Microsoft Surface Data Eraser USB stick + +4. Read the software license terms, and then close the notepad file. + +5. Accept or Decline the Software License Terms by typing **Accept** or **Decline**. + +6. Select one of the following three options: + + - **Enter S to start Data Erase** – Select this option to begin the data erase process. You will have a chance to confirm in the next step. + + - **Enter D to perform Diskpart** – Select this option to use diskpart.exe to manage partitions on your disk. + + - **Enter X to shut device down** – Select this option to perform no action and shut down the device. + +7. If you typed **S** to begin the data erase process, the partition that will be erased is displayed, as shown in Figure 5. If this is correct, press **Y** to continue, or **N** to shut down the device. + + ![](images/sda-fig5-erase.png) + + Figure 5. Partition to be erased is displayed in Microsoft Surface Data Eraser + +8. If you pressed **Y** in step 7, due to the destructive nature of the data erasure process, an additional dialog box is displayed to confirm your choice. + +9. Click the **Yes** button to continue erasing data on the Surface device. + +  + +  + + + + + diff --git a/devices/surface/microsoft-surface-deployment-accelerator.md b/devices/surface/microsoft-surface-deployment-accelerator.md new file mode 100644 index 0000000000..7b79663642 --- /dev/null +++ b/devices/surface/microsoft-surface-deployment-accelerator.md @@ -0,0 +1,91 @@ +--- +title: Microsoft Surface Deployment Accelerator (Surface) +description: Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices. +ms.assetid: E7991E90-4AAE-44B6-8822-58BFDE3EADE4 +keywords: ["deploy", "install", "tool"] +ms.prod: W10 +ms.mktglfcycl: deploy +ms.sitesec: library +author: heatherpoulsen +--- + +# Microsoft Surface Deployment Accelerator + + +Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices. + +Microsoft Surface Deployment Accelerator includes a wizard that automates the creation and configuration of a Microsoft recommended deployment experience by using free Microsoft deployment tools. The resulting deployment solution is complete with everything you need to immediately begin the deployment of Windows to a Surface device. You can also use Microsoft Surface Deployment Accelerator to create and capture a Windows reference image and then deploy it with the latest Windows Updates. + +Microsoft Surface Deployment Accelerator is built on the powerful suite of deployment tools available from Microsoft including the Windows Assessment and Deployment Kit (ADK), the Microsoft Deployment Toolkit (MDT), and Windows Deployment Services (WDS). The resulting deployment share encompasses the recommended best practices for managing drivers during deployment and automating image creation and can serve as a starting point upon which you build your own customized deployment solution. + +You can find more information about how to deploy to Surface devices, including step-by-step walkthroughs of customized deployment solution implementation, on the Deploy page of the [Surface TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=691693). + +### Download Microsoft Surface Deployment Accelerator + +You can download the installation files for Microsoft Surface Deployment Accelerator from the Microsoft Download Center. To download the installation files: + +1. Go to the [Surface Tools for IT](http://go.microsoft.com/fwlink/p/?LinkId=618121) page on the Microsoft Download Center. + +2. Click the **Download** button, select the **Surface\_Deployment\_Accelerator\_xxxx.msi** file, and then click **Next**. + +## Microsoft Surface Deployment Accelerator prerequisites + + +Before you install Microsoft Surface Deployment Accelerator, your environment must meet the following prerequisites: + +- Microsoft Surface Deployment Accelerator must be installed on Windows Server 2012 R2 or later + +- PowerShell Script Execution Policy must be set to **Unrestricted** + +- DHCP and DNS must be enabled on the network where the Windows Server 2012 R2 environment is connected + +- To download Surface drivers and apps automatically the Windows Server 2012 R2 environment must have Internet access and Internet Explorer Enhanced Security Configuration must be disabled + +- To support network boot, the Windows Server 2012 R2 environment must have Windows Deployment Services installed and configured to respond to PXE requests + +- Access to Windows source files or installation media is required when you prepare a deployment with Microsoft Surface Deployment Accelerator + +- At least 6 GB of free space for each version of Windows you intend to deploy + +## How Microsoft Surface Deployment Accelerator works + + +As you progress through the Microsoft Surface Deployment Accelerator wizard, you will be asked some basic questions about how your deployment solution should be configured. As you select the desired Surface models to be supported and apps to be installed (see Figure 1), the wizard will prepare scripts that download, install, and configure everything needed to perform a complete deployment and capture of a reference image. By using the network boot (PXE) capabilities of Windows Deployment Services (WDS), the resulting solution enables you to boot a Surface device from the network and perform a clean deployment of Windows. + +![figure 1](images/sda-fig1-select-steps.png) + +Figure 1: Select desired apps and drivers + +When the Microsoft Surface Deployment Accelerator completes, you can use the deployment share to deploy over the network immediately. Simply boot your Surface device from the network using a Surface Ethernet Adapter and select the Surface deployment share you created with the Microsoft Surface Deployment Accelerator wizard. Select the **1- Deploy Microsoft Surface** task sequence and the wizard will walk you through an automated deployment of Windows to your Surface device. + +You can modify the task sequence in the MDT Deployment Workbench to [include your own apps](http://go.microsoft.com/fwlink/p/?linkid=691700), or to [pause the automated installation routine](http://go.microsoft.com/fwlink/p/?linkid=691701). While the installation is paused, you can make changes to customize your reference image. After the image is captured, you can configure a deployment task sequence and distribute this custom configuration by using the same network boot capabilities as before. + +**Note**   +With Microsoft Surface Deployment Accelerator v1.9.0258, Surface Pro 3, Surface Pro 4, and Surface Book are supported for Windows 10 deployment, and Surface Pro 3 is supported for Windows 8.1 deployment. + +  + +## Use Microsoft Surface Deployment Accelerator without an Internet connection + + +For environments where the Microsoft Surface Deployment Accelerator server will not be able to connect to the Internet, the required Surface files can be downloaded separately. To specify a local source for Surface driver and app files, select the **Copy from a local directory** option and specify the location of your downloaded files (see Figure 2). All of the driver and app files for your selected choices must be placed in the specified folder. + +![figure 2](images/sda-fig2-specify-local.png) + +Figure 2. Specify a local source for Surface driver and app files + +You can find a full list of available driver downloads at [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) + +**Note**   +Downloaded files do not need to be extracted. The downloaded files can be left as .zip files as long as they are stored in one folder. + +  + +  + +  + + + + + diff --git a/devices/surface/step-by-step-surface-deployment-accelerator.md b/devices/surface/step-by-step-surface-deployment-accelerator.md new file mode 100644 index 0000000000..37fa2adb25 --- /dev/null +++ b/devices/surface/step-by-step-surface-deployment-accelerator.md @@ -0,0 +1,387 @@ +--- +title: Step by step Surface Deployment Accelerator (Surface) +description: This article shows you how to install Microsoft Surface Deployment Accelerator (SDA), configure a deployment share for the deployment of Windows to Surface devices, and perform a deployment to Surface devices. +ms.assetid: A944FB9C-4D81-4868-AFF6-B9D1F5CF1032 +keywords: ["deploy, configure"] +ms.prod: W10 +ms.mktglfcycl: deploy +ms.sitesec: library +author: heatherpoulsen +--- + +# Step by step: Surface Deployment Accelerator + + +This article shows you how to install Microsoft Surface Deployment Accelerator (SDA), configure a deployment share for the deployment of Windows to Surface devices, and perform a deployment to Surface devices. This article also contains instructions on how to perform these tasks without an Internet connection or without support for Windows Deployment Services network boot (PXE). + +## How to install Surface Deployment Accelerator + + +For information about prerequisites and instructions for how to download and install SDA, see [Microsoft Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md). + +1. Download SDA, which is included in [Surface Tools for IT](http://go.microsoft.com/fwlink/p/?LinkId=618121) on the Microsoft Download Center. + +2. Run the SDA installation file, named **Surface\_Deployment\_Accelerator\_*xxxx*.msi**, where *xxxx* is the current version number. + +3. Accept the End User License Agreement (EULA) by selecting the check box, and then click **Install**, as shown in Figure 1. + + ![figure 1](images/sdasteps-fig1.png) + + Figure 1. SDA setup + +4. Click **Finish** to complete the installation of SDA. + +The tool installs in the Surface Deployment Accelerator program group, as shown in Figure 2. + +![figure 2](images/sdasteps-fig2.png) + +Figure 2. The Surface Deployment Accelerator program group and icon + +**Note**   +At this point the tool has not yet prepared any deployment environment or downloaded any materials from the Internet. + +  + +## Create a deployment share + + +The following steps show how you create a deployment share for Windows 10 that supports Surface Pro 3, Surface Pro 4, Surface Book, the Surface Firmware Tool, and the Surface Asset Tag Tool. As you follow the steps below, make the selections that are applicable for your organization. For example, you could choose to deploy Windows 10 to Surface Book only, without any of the Surface apps. + +**Note**   +SDA lets you create deployment shares for both Windows 8.1 and Windows 10 deployments, but you can only create a single deployment share at a time. Therefore, to create both Windows 8.1 and Windows 10 deployment shares, you will need to run the tool twice. + +  + +1. Open the SDA wizard by double-clicking the icon in the **Surface Deployment Accelerator** program group on the Start screen. + +2. On the **Welcome** page, click **Next** to continue. + +3. On the **Verify System** page, the SDA wizard verifies the prerequisites required for an SDA deployment share. This process also checks for the presence of the Windows Assessment and Deployment Kit (ADK) for Windows 10 and the Microsoft Deployment Toolkit (MDT) 2013 Update 1. If these tools are not detected, they are downloaded and installed automatically. Click **Next** to continue. + +4. On the **Windows 8.1** page, to create a Windows 10 deployment share, do not select the **Would you like to support Windows 8.1** check box. Click **Next** to continue. + +5. On the **Windows 10** page, to create a Windows 10 deployment share, select the **Would you like to support Windows 10** check box. Supply the following information before you click **Next** to continue: + + - **Configure Deployment Share for Windows 10** + + - **Local Path** – Specify or browse to a location on the local storage device where you would like to store the deployment share files for the Windows 10 SDA deployment share. For example, **E:\\SDAWin10\\** is the location specified in Figure 3. + + - **Share Name** – Specify a name for the file share that will be used to access the deployment share on this server from the network. For example, **SDAWin10** is the deployment share name shown in Figure 3. The local path folder is automatically shared by the SDA scripts under this name to the group **Everyone** with a permission level of **Full Control**. + + - **Windows 10 Deployment Services** + + - Select the **Import boot media into the local Windows Deployment Service** check box if you would like to boot your Surface devices from the network to perform the Windows deployment. Windows Deployment Services must be installed and configured to respond to PXE boot requests. See [Windows Deployment Services Getting Started Guide for Windows Server 2012](http://go.microsoft.com/fwlink/p/?LinkId=761072) for more information about how to configure Windows Deployment Services for PXE boot. + + - **Windows 10 Source Files** + + - **Local Path** – Specify or browse to the root directory of Windows 10 installation files. If you have an ISO file, mount it and browse to the root of the mounted drive. You must have a full set of source files, not just **Install.wim**. + + ![figure 3](images/sdasteps-fig3.png) + + Figure 3. Specify Windows 10 deployment share options + +6. On the **Configure** page, select the check box next to each device or app that you want to include in your deployment share. Note that Surface Pro 4 and Surface Book only support Windows 10 and are not available for the deployment of Windows 8.1. The Surface Firmware Tool is only applicable to Surface Pro 3 and cannot be selected unless Surface Pro 3 drivers are selected, as shown in Figure 4. Click **Next** to continue. + + ![figure 4](images/sdasteps-fig4-select.png) + + Figure 4. Selecting Surface Firmware Tool requires Surface Pro 3 drivers + +7. On the **Summary** page confirm your selections and click **Finish** to begin the creation of your deployment share. The process can take several minutes as files are downloaded, the tools are installed, and the deployment share is created. While the SDA scripts are creating your deployment share, an **Installation Progress** window will be displayed, as shown in Figure 5. A typical SDA process includes: + + - Download of Windows ADK + + - Installation of Windows ADK + + - Download of MDT + + - Installation of MDT + + - Download of Surface apps and drivers + + - Creation of the deployment share + + - Import of Windows installation files into the deployment share + + - Import of the apps and drivers into the deployment share + + - Creation of rules and task sequences for Windows deployment + + ![figure 5](images/sdasteps-fig5-installwindow.png) + + Figure 5. The **Installation Progress** window + +8. When the SDA process completes the creation of your deployment share, a **Success** window is displayed. Click **Finish** to close the window. At this point your deployment share is now ready to perform a Windows deployment to Surface devices. + +### Optional: Create a deployment share without an Internet connection + +If you are unable to connect to the Internet with your deployment server, or if you want to download the Surface drivers and apps separately, you can specify a local source for the driver an app files at the time of deployment share creation. On the **Configure** page of the SDA wizard, select the **Copy from a Local Directory** check box, as shown in Figure 6. The **Download from the Internet** check box will be automatically deselected. Enter the folder location where you have placed the driver and app files in the **Local Path** field, as shown in Figure 6. + +**Note**   +All of the downloaded driver and applications files must be located in the same folder. The driver and app files do not need to be extracted from the downloaded .zip files. + +  + +![figure 6](images/sdasteps-fig6-specify-driver-app-files.png) + +Figure 6. Specify the Surface driver and app files from a local path + +**Note**   +The **Copy from a Local Directory** check box is only available in SDA version 1.90.0221 or later. + +  + +### Optional: Prepare offline USB media + +You can use USB media to perform an SDA deployment if your Surface device is unable to boot from the network. For example, if you do not have a Microsoft Surface Ethernet Adapter or Microsoft Surface dock to facilitate network boot (PXE boot). The USB drive produced by following these steps includes a complete copy of the SDA deployment share and can be run on a Surface device without a network connection. + +**Note**   +The offline media files for the complete SDA deployment share are approximately 9 GB in size. Your USB drive must be at least 9 GB in size. A 16 GB USB drive is recommended. + +  + +Before you can create bootable media files within the MDT Deployment Workbench or copy those files to a USB drive, you must first configure that USB drive to be bootable. Using [DiskPart](http://go.microsoft.com/fwlink/p/?LinkId=761073), create a partition, format the partition as FAT32, and set the partition to be active. To run DiskPart, open an administrative PowerShell or Command Prompt window, and then run the following sequence of commands, as shown in Figure 7: + +1. **diskpart** – Opens DiskPart to manage disks and partitions. + +2. **list disk** – Displays a list of the disks available in your system; use this list to identify the disk number that corresponds with your USB drive. + +3. **sel disk 2** – Selects your USB drive; use the number that corresponds with the disk in your system. + +4. **clean** – Removes all configuration from your USB drive. + + **Warning**   + This step will remove all information from your drive. Verify that your USB drive does not contain any needed data before you perform the **clean** command. + +   + +5. **create part pri** – Creates a primary partition on the USB drive. + +6. **format fs=fat32 quick** – Formats the partition with the FAT32 file system, performing a quick format. FAT32 is required to boot the device from UEFI systems like Surface devices. + +7. **assign** – Assigns the next available drive letter to the newly created FAT32 volume. + +8. **active** – Sets the partition to be active, which is required to boot the volume. + +9. **exit** – Exits DiskPart, after which you can close the PowerShell or Command Prompt window. + + ![figure 7](images/sdasteps-fig7-diskpart.png) + + Figure 7. Use DiskPart to prepare a USB drive for boot + + **Note**   + You can format your USB drive with FAT32 from Disk Management, but you must still use DiskPart to set the partition as active for the drive to boot properly. + +   + +After you have prepared the USB drive for boot, the next step is to generate offline media from the SDA deployment share. To create this media, follow these steps: + +1. Open the **Deployment Workbench** from the **Microsoft Deployment Toolkit** group on your Start screen. + +2. Expand the **Deployment Shares** node and the **Microsoft Surface Deployment Accelerator** deployment share. + +3. Expand the folder **Advanced Configuration** and select the **Media** folder. + +4. Right-click the **Media** folder and click **New Media** as shown in Figure 8 to start the New Media Wizard. + + ![figure 8](images/sdasteps-fig8-mediafolder.png) + + Figure 8. The Media folder of the SDA deployment share + +5. On the **General Settings** page in the **Media path** field, enter or browse to a folder where you will create the files for the new offline media. See the example **E:\\SDAMedia** in Figure 9. Leave the default profile **Everything** selected in the **Selection profile** drop-down menu, and then click **Next**. + + ![figure 9](images/sdasteps-fig9-location.png) + + Figure 9. Specify a location and selection profile for your offline media + +6. On the **Summary** page verify your selections, and then click **Next** to begin creation of the media. + +7. A **Progress** page is displayed while the media is created. + +8. On the **Confirmation** page, click **Finish** to complete creation of the media. + +9. Right-click the **Microsoft Surface Deployment Accelerator** deployment share folder, click **Properties**, and then click the **Rules** tab as shown in Figure 10. + + ![figure 10](images/sdasteps-fig10-rules.png) + + Figure 10. The Rules of the SDA deployment share + +10. Use your mouse to highlight all of the text displayed in the text box of the **Rules** tab, and then press **Ctrl+C** to copy the text. + +11. Click **OK** to close the **Microsoft Surface Deployment Accelerator** deployment share properties. + +12. Right-click the newly created **MEDIA001** item in the **Media** folder, click **Properties**, and then click the **Rules** tab. + +13. Use your mouse to highlight all of the text displayed in the text box of the **Rules** tab, and then press **Ctrl+V** to paste the text you copied from the **Microsoft Surface Deployment Accelerator** deployment share rules. + +14. Right-click the **Microsoft Surface Deployment Accelerator** deployment share folder, click **Properties**, and then click the **Rules** tab again. Click the **Bootstrap.ini** button to open Bootstrap.ini in Notepad. + +15. Press **Ctrl+A** to select all of the text in the window, and then press **Ctrl+C** to copy the text. + +16. Close Bootstrap.ini and click **OK** in **Microsoft Surface Deployment Accelerator** deployment share properties to close the window. + +17. Right-click the newly created **MEDIA001** item in the **Media** folder, click **Properties**, and then click the **Rules** tab again. Click the **Bootstrap.ini** button to open Bootstrap.ini in Notepad. + +18. Press **Ctrl+A** to select all of the text in the window, then press **Ctrl+V** to paste the text from the SDA deployment share Bootstrap.ini file. + +19. Delete the following lines from the Bootstrap.ini as shown in Figure 11, and then save the file: + + ``` + UserID= + UserDomain= + UserPassword= + DeployRoot=\\SDASERVER\SDAWin10 + UserID= + UserDomain= + UserPassword= + ``` + + ![figure 11](images/sdasteps-fig11-bootstrap.ini.png) + + Figure 11. The Bootstrap.ini file of MEDIA001 + +20. Close Bootstrap.ini and click **OK** in **MEDIA001** deployment share properties to close the window. + +21. In the **Deployment Workbench** under the **Media** folder, right-click the newly created **MEDIA001** and click **Update Media Content**, as shown in Figure 12. This will update the media files with the content of the **Microsoft Surface Deployment Accelerator** deployment share. + + ![figure 12](images/sdasteps-fig12-updatemedia.png)Figure 12. Select **Update Media Content** + +22. The **Update Media Content** window is displayed and shows the progress as the media files are created. When the process completes, click **Finish.** + +The final step is to copy the offline media files to your USB drive. + +1. In File Explorer, open the path you specified in Step 5, for example **E:\\SDAMedia**. + +2. Copy all of the files from the Content folder to the root of the USB drive. + +Your USB drive is now configured as bootable offline media that contains all of the resources required to perform a deployment to a Surface device. + +## SDA task sequences + + +The SDA deployment share is configured with all of the resources required to perform a Windows deployment to a Surface device. These resources include Windows source files, image, Surface drivers, and Surface apps. The deployment share also contains two pre-configured task sequences, as shown in Figure 13. These task sequences contain the steps required to perform a deployment to a Surface device using the default Windows image from the installation media or to create a reference image complete with Windows updates and applications. To learn more about task sequences, see [MDT 2013 Update 1 Lite Touch components](http://technet.microsoft.com/en-us/itpro/windows/deploy/mdt-2013-lite-touch-components). + +![figure 13](images/sdasteps-fig13-taskseq.png) + +Figure 13. Task sequences in the Deployment Workbench + +### Deploy Microsoft Surface + +The **1 – Deploy Microsoft Surface** task sequence is used to perform a complete deployment of Windows to a Surface device. This task sequence is pre-configured by the SDA wizard and is ready to perform a deployment as soon as the wizard completes. Running this task sequence on a Surface device deploys the unaltered Windows image copied directly from the Windows installation media you specified in the SDA wizard, along with the Surface drivers for your device. The drivers for your Surface device will be automatically selected through the pre-configured deployment share rules. + +When you run the task sequence, you will be prompted to provide the following information: + +- A computer name + +- Your domain information and the credentials required to join the domain + +- A product key, if one is required + + **Note**   + If you are deploying the same version of Windows as the version that came on your device, no product key is required. + +   + +- A time zone + +- An Administrator password + +The Surface apps you specified on the **Configure** page of the SDA wizard are automatically installed when you run this task sequence on a Surface device. + +### Create Windows reference image + +The **2 – Create Windows Reference Image** task sequence is used to perform a deployment to a virtual machine for the purpose of capturing an image complete with Windows Updates for use in a deployment to Surface devices. By installing Windows Updates in your reference image, you eliminate the need to download and install those updates on each deployed Surface device. The deployment process with an up-to-date image is significantly faster and more efficient than performing a deployment first and then installing Windows Updates on each device. + +Like the **1 – Deploy Microsoft Surface** task sequence, the **2 – Create Windows Reference Image** task sequence performs a deployment of the unaltered Windows image directly from the installation media. Creation of a reference image should always be performed on a virtual machine. Using a virtual machine as your reference system helps to ensure that the resulting image is compatible with different hardware configurations. + +**Note**   +Using a virtual machine when you create a reference image for Windows deployment is a recommended practice for performing Windows deployments with Microsoft deployment tools including the Microsoft Deployment Toolkit and System Center Configuration Manager. These Microsoft deployment technologies use the hardware agnostic images produced from a virtual machine and a collection of managed drivers to deploy to different configurations of hardware. For more information see [Deploy a Windows 10 image using MDT 2013 Update 1](http://technet.microsoft.com/en-us/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt). + +  + +In addition to the information required by the **1 – Deploy Microsoft Surface** task sequence, you will also be prompted to capture an image when you run this task sequence on your reference virtual machine. The **Location** and **File name** fields are automatically populated with the proper information for your deployment share. All that you need to do is select the **Capture an image of this reference computer** option when you are prompted on the **Capture Image** page of the Windows Deployment Wizard. + +## Deployment to Surface devices + + +To perform a deployment from the SDA deployment share, follow this process on the Surface device: + +1. Boot the Surface device to MDT boot media for the SDA deployment share. You can do this over the network by using PXE boot, or from a USB drive as described in the [Optional: Prepare offline USB media](#optional) section of this article. + +2. Select the deployment share for the version of Windows you intend to deploy and enter your credentials when you are prompted. + +3. Select the task sequence you want to run, usually the **1 – Deploy Microsoft Surface** task sequence. + +4. Address the task sequence prompts to pick applications, supply a password, and so on. + +5. The task sequence performs the automated deployment using the options specified. + +### Boot the Surface device from the network + +To boot the Surface device from the network, the Microsoft Surface Deployment Accelerator wizard must have been run on a Windows Server 2012 R2 or later environment that was configured with the Windows Deployment Services (WDS). WDS must have been configured to respond to network boot (PXE boot) requests and the boot files must have been imported into WDS. The SDA wizard will import these file automatically if the **Import boot media into the local Windows Deployment Service** check box was selected on the page for the version of Windows you intend to deploy. + +To boot the Surface device from the network, you must also use a Microsoft Surface Ethernet Adapter or the Ethernet port on a Microsoft Surface Dock. Third-party Ethernet adapters are not supported for network boot (PXE boot). A keyboard is also required. Both the Microsoft Surface Type Cover and keyboards connected via USB to the device or dock are supported. + +To instruct your Surface device to boot from the network, start with the device powered off and follow these steps: + +1. Press and hold the **Volume Down** button, press and release the **Power** button. Continue holding the **Volume Down** button until the device has begun to boot from the network. + +2. Press **Enter** when prompted by the dialog on the screen. This prompt indicates that your device has found the WDS PXE server over the network. + +3. If you have configured more than one deployment share on this device, you will be prompted to select between the boot images for each deployment share. For example, if you created both a Windows 10 and a Windows 8.1 deployment share, you will be prompted to choose between these two options. + +4. Enter the domain credentials that you use to log on to the server where SDA is installed when you are prompted, as shown in Figure 14. + + ![figure 14](images/sdasteps-fig14-credentials.png) + + Figure 14. The prompt for credentials to the deployment share + +5. The Windows Deployment Wizard will start from the deployment share to walk you through the deployment process. + +### Alternatively boot the devices from the USB stick + +To boot a device from the USB stick: + +1. Press and hold the **Volume Down** button, press and release the **Power** button. Continue holding the **Volume Down** button until the device has begun to boot from the USB drive. + +2. The Windows Deployment Wizard will start from the deployment share to walk you through the deployment process. + +### Run the Deploy Microsoft Surface task sequence + +To run the Deploy Microsoft Surface task sequence: + +1. On the **Task Sequence** page, select the **1 – Deploy Microsoft Surface** task sequence as shown in Figure 15, and then click **Next.** + + ![figure 15](images/sdasteps-fig15-deploy.png) + + Figure 15. Select the **1 – Deploy Microsoft Surface** task sequence + +2. On the **Computer Details** page, type a name for the Surface device in the **Computer Name** box. In the **Join a domain** section, type your domain name and credentials as shown in Figure 16, and then click **Next**. + + ![figure 16](images/sdasteps-fig16-computername.png) + + Figure 16. Enter the computer name and domain information + +3. On the **Product Key** page, keep the **No product key is required** check box selected if you are deploying the same version and edition of Windows to your Surface devices as they came with from the factory. If you are deploying a different version or edition of Windows to the device, such as Windows Enterprise, select the licensing option that is applicable to your scenario. + +4. On the **Locale and Time** page, select your desired **Language Settings** and **Time Zone**, and then click **Next.** + +5. On the **Administrator Password** page, type a password for the local Administrator account on the Surface device, and then click **Next.** + +6. On the **BitLocker** page, select the **Enable BitLocker** option along with your desired configuration of BitLocker protectors if you want to encrypt the device. Otherwise, keep the **Do not enable BitLocker for this computer** check box selected, and then click **Next.** + +7. On the **Ready** page, verify your selections and then click **Begin** to start the automated deployment to this device. The deployment will not require user interaction again. The Windows Deployment Wizard will close and an **Installation Progress** window is displayed to show progress of the task sequence as the image is applied and applications are installed (Figure 17). + + ![figure 17](images/sdasteps-fig17-installprogresswindow.png) + + Figure 17. The **Installation Progress** window + +8. When the deployment task sequence completes, a **Success** window is displayed. Click **Finish** to complete the deployment and begin using your Surface device. + +  + +  + + + + + diff --git a/devices/surface/surface-diagnostic-toolkit.md b/devices/surface/surface-diagnostic-toolkit.md new file mode 100644 index 0000000000..972b8ebe93 --- /dev/null +++ b/devices/surface/surface-diagnostic-toolkit.md @@ -0,0 +1,521 @@ +--- +title: Microsoft Surface Diagnostic Toolkit (Surface) +description: Find out how you can use the Microsoft Surface Diagnostic Toolkit to test the hardware of your Surface device. +ms.assetid: FC4C3E76-3613-4A84-A384-85FE8809BEF1 +keywords: ["hardware, device, tool, test, component"] +ms.prod: W8 +ms.mktglfcycl: manage +ms.sitesec: library +author: heatherpoulsen +--- + +# Microsoft Surface Diagnostic Toolkit + + +Find out how you can use the Microsoft Surface Diagnostic Toolkit to test the hardware of your Surface device. + +The [Microsoft Surface Diagnostic Toolkit](http://go.microsoft.com/fwlink/p/?LinkId=618121) is a small, portable diagnostic tool that runs through a suite of tests to diagnose the hardware of Surface devices. The Microsoft Surface Diagnostic Toolkit executable file is less than 3 MB, which allows it to be distributed through email. It does not require installation, so it can be run directly from a USB stick or over the network. The Microsoft Surface Diagnostic Toolkit walks you through several tests of individual components including the touchscreen, cameras, and sensors. + +**Note**   +A Surface device must boot into Windows to run the Microsoft Surface Diagnostic Toolkit. The Microsoft Surface Diagnostic Toolkit will run only on the following Surface devices: + +- Surface Book + +- Surface Pro 4 + +- Surface 3 LTE + +- Surface 3 + +- Surface Pro 3 + +- Surface Pro 2 + +- Surface Pro + +  + +**Note**   +Security software and built-in security measures in many email applications and services will block executable files that are transferred through email. To email the Surface Diagnostic Toolkit, attach the .zip archive file as downloaded from the Surface Tools for IT page without extracting it first. You can also create a custom .zip archive that contains the .exe file. (For example, if you want to localize the text as described in the [Localization](#localization) section of this article.) + +  + +Running the Microsoft Surface Diagnostic Toolkit is a hands-on activity. The test sequence includes several tests that require you to perform actions or observe the outcome of the test, and then click the applicable **Pass** or **Fail** button. Some tests require connectivity to external devices, like an external display. Other tests use the built in Windows troubleshooters. At the end of testing, a visual report of the test results is displayed and you are given the option to save a log file or copy the results to the clipboard. + +To run a full set of tests with the Microsoft Surface Diagnostic Toolkit, you should be prepared with the following items: + +- An external display with the appropriate HDMI or DisplayPort connection + +- A Bluetooth device that can be put into pairing mode + +- A MicroSD or SD card that is compatible with your Surface device + +- A Surface Pen + +- Room to move the Surface device around + +- External speakers or headphones + +**Note**   +The Microsoft Surface Diagnostic Toolkit tests verify only the hardware of a Surface device and do not test or resolve issues with the operating system or software. + +  + +## The tests + + +The Microsoft Surface Diagnostic Toolkit runs several individual tests on a Surface device. Not all tests are applicable to every device. For example, the Home button test is not applicable to Surface Pro 4 where there is no Home button. You can specify which tests to run, or you can choose to run all tests. For tests that require external devices (such as testing output to an external display) but you do not have the required external device at the time of the test, you are given the option to skip the test. If a test fails, you are prompted to continue or stop testing at that time. + +### Windows Update + +This test checks for any outstanding Windows updates and will prompt you to install those updates before you proceed to other tests. It is important to keep a Surface device up to date with the latest Windows updates, including drivers and firmware for the Surface device. The success of some of the tests that are performed later in the task sequence depend on these updated drivers and firmware. You will be prompted to restart the device if required by Windows Update. If you must restart the device, you will need to start the Microsoft Surface Diagnostic Toolkit again. + +### Device information + +This test reads the Device ID and serial number in addition to basic system information such as device model, operating system version, processor, memory, and storage. The Device ID is recorded in the name of the log file and can be used to identify a log file for a specific device. Several system log files are also collected, including update and rollback logs, and output from several Windows built-in tools, such as [DirectX Diagnostics](http://go.microsoft.com/fwlink/p/?LinkId=746476) and [System Information](http://go.microsoft.com/fwlink/p/?LinkId=746477), power configuration, disk health, and event logs. See the following list for a full set of collected log files: + +- Output of **Get-WindowsUpdateLog** if the operating system is Windows 10 + +- **%windir%\\Logs** + +- **%windir%\\Panther** + +- **%windir%\\System32\\sysprep\\Panther** + +- **%windir%\\System32\\WinEvt\\Logs** + +- **$windows.~bt\\Sources\\Panther** + +- **$windows.~bt\\Sources\\Rollback** + +- **%windir%\\System32\\WinEvt\\Logs** + +- Output of **dxdiag.exe /t** + +- Output of **msinfo32.exe /report** + +- Output of **powercfg.exe /batteryreport** + +- Output of **powercfg.exe /sleepstudy** + +- Output of **wevtutil.exe epl System** + +- Events from: + + - **Chkdsk** + + - **Microsoft-Windows-Ntfs** + + - **Microsoft-Windows-WER-SystemErrorReporting** + + - **Microsoft-Windows-Startuprepair** + + - **Microsoft-Windows-kernel-Power** + +- Output of **powercfg.exe /q** + +- Output of **powercfg.exe /qh** + +- **%windir%\\Inf\\SetupApi\*.log** + +These files and logs are stored in a .zip file saved by the Microsoft Surface Diagnostic Toolkit when all selected tests have completed alongside the Microsoft Surface Diagnostic Toolkit log file. + +### Type Cover test + +**Note**   +A Surface Type Cover is required for this test. + +  + +If a Surface Type Cover is not detected, the test prompts you to connect the Type Cover. When a Type Cover is detected the test prompts you to use the keyboard and touchpad. The cursor should move while you swipe the touchpad, and the keyboard Windows key should bring up the Start menu or Start screen to successfully pass this test. You can skip this test if a Type Cover is not used with the Surface device. + +### Integrated keyboard test + +**Note**   +This test is only applicable to Surface Book and requires that the Surface Book be docked to the keyboard. + +  + +This test is essentially the same as the Type Cover test, except the integrated keyboard in the Surface Book base is tested rather than the Type Cover. Move the cursor and use the Windows key to bring up the Start menu to confirm that the touchpad and keyboard are operating successfully. This test will display the status of cursor movement and keyboard input for you to verify. Press **ESC** to complete the test. + +### Canvas mode battery test + +**Note**   +This test is only applicable to Surface Book. + +  + +Depending on which mode Surface Book is in, different batteries are used to power the device. When Surface Book is in clipboard mode (detached form the keyboard) it uses an internal battery, and when it is connected in either laptop mode or canvas mode it uses different connections to the battery in the keyboard. In canvas mode, the screen is connected to the keyboard so that when the device is closed, the screen remains face-up and visible. Connect the Surface Book to the keyboard in this manner for the test to automatically proceed. + +### Clipboard mode battery test + +**Note**   +This test is only applicable to Surface Book. + +  + +Disconnect the Surface Book from the keyboard to work in clipboard mode. In clipboard mode the Surface Book operates from an internal battery that is tested when the Surface Book is disconnected from the keyboard. Disconnecting the Surface Book from the keyboard will also disconnect the Surface Book from power and will automatically begin this test. + +### Laptop mode battery test + +**Note**   +This test is only applicable to Surface Book. + +  + +Connect the Surface Book to the keyboard in the opposite fashion to canvas mode in laptop mode. In laptop mode the screen will face you when the device is open and the device can be used in the same way as any other laptop. Disconnect AC Power from the laptop base when prompted for this test to check the battery status. + +### Battery test + +In this test the battery is discharged for a few seconds and tested for health and estimated runtime. You are prompted to disconnect the power adapter and then to reconnect the power adapter when the test is complete. + +### Discrete graphics (dGPU) test + +**Note**   +This test is only applicable to Surface Book models with a discrete graphics processor. + +  + +This test will query the device information of current hardware to check for the presence of both the Intel integrated graphics processor in the Surface Book and the NVIDIA discrete graphics processor in the Surface Book keyboard. The keyboard must be attached for this test to function. + +### Discrete graphics (dGPU) fan test + +**Note**   +This test is only applicable to Surface Book models with a discrete graphics processor. + +  + +The discrete graphics processor in the Surface Book includes a separate cooling fan. The fan is turned on automatically by the test for 5 seconds. Listen for the sound of the fan in the keyboard and report if the fan is working correctly when prompted. + +### Muscle wire test + +**Note**   +This test is only applicable to Surface Book. + +  + +To disconnect the Surface Book from the keyboard, software must instruct the muscle wire latch mechanism to open. This is typically accomplished by pressing and holding the undock key on the keyboard. This test sends the same signal to the latch, which unlocks the Surface Book from the Surface Book keyboard. Remove the Surface Book from the keyboard when you are prompted to do so. + +### Dead pixel and display artifacts tests + +**Note**   +Before you run this test, be sure to clean the screen of dust or smudges. + +  + +This test prompts you to view the display in search of malfunctioning pixels. The test displays full-screen, single-color images including black, white, red, green, and blue. Pixels that remain bright or dark when the screen displays an image of a different color indicate a failed test. You should also look for distortion or variance in the color of the screen. + +### Digitizer edges + +The touchscreen of a Surface device should detect when a user swipes in from the left or right side of the screen. This test prompts you to swipe in from the edges of the screen to bring up the Action Center and Task View. Both Action Center and Task View should launch to pass this test. + +### Digitizer pinch + +The pinch gesture (when you bring two fingers closer together or farther apart) is used to manipulate zoom and to position content through the touchscreen. This test displays an image in Windows Picture Viewer and prompts you to zoom in, move, and zoom out of the picture. The picture should zoom in, move, and zoom out as the gestures are performed. + +### Digitizer touch + +The Surface touchscreen should detect input across the entire screen of the device equally. To perform this test a series of lines are displayed on the screen for you to trace with a finger in search of unresponsive areas. The lines traced across the screen should appear continuous for the length of the line as drawn with your finger. + +### Digitizer pen test + +**Note**   +A Microsoft Surface Pen is required for this test. + +  + +This test displays the same lines as those that are displayed during the Digitizer Touch test, but your input is performed with a Surface Pen instead of your finger. The lines should remain unbroken for as long as the Pen is pressed to the screen. Trace all of the lines in the image to look for unresponsive areas across the entire screen of the Surface device. + +### Digitizer multi touch + +The Surface touchscreen is capable of detecting 10 fingers simultaneously. Place all of your fingers on the screen simultaneously to perform this test. The screen will show the number of points detected, which should match the number of fingers you have on the screen. + +### Home button test + +The Home button or Windows button on your Surface device is used to bring up the Start screen or Start menu. This test is successful if the Start screen or Start menu is displayed when the Windows button is pressed. This test is not displayed on Surface Pro 4 because no Windows button exists. + +### Volume rocker test + +This test prompts you to use the volume rocker to turn the volume all the way up, all the way down, and then all the way up again. To pass this test, the volume slider should move up and down as the rocker is pressed. + +### Micro SD or SD slot test + +**Note**   +This test requires a micro SD or SD card that is compatible with the slot in your Surface device. + +  + +Insert a micro SD or SD card when you are prompted. When the SD card is detected, the test prompts you to remove the SD card to ensure that the card is not left in the device. During this test a small file is written to the SD card and then verified. Detection and verification of the SD card automatically passes this test without additional input. + +### Microphone test + +This test displays the **Recording** tab of the Sound item in Control Panel. The test prompts you to monitor the meter that is displayed next to the **Microphone Array** recording device. A recommended test is to speak and watch for your speech to be detected in the meter. If the meter moves when you speak, the microphone is working correctly. For Surface Book you will be prompted to tap locations near the microphones. This tapping should produce noticeable spikes in the audio meter. + +### Video out test + +**Note**   +This test requires an external display with the applicable connection for your Surface device. + +  + +Surface devices provide a Mini DisplayPort connection for connecting to an external display. Connect your display through the Mini DisplayPort on the device when prompted. The display should be detected automatically and an image should appear on the external display. + +### Bluetooth test + +**Note**   +This test requires a Bluetooth device. The device must be set to pairing mode or made discoverable to perform this test. + +  + +After you receive a prompt to put the device in pairing mode, the test opens the **Add a device** window and begins to search for discoverable Bluetooth devices. Watch the **Add a device** window to verify that your Bluetooth device is detected. Select your Bluetooth device from the list and connect to the device to complete the test. + +### Camera test + +Use this test to verify that the cameras on your Surface device are operating properly. Images will be displayed from both the front and rear cameras, and the infrared camera on a Surface Pro 4. Continuous autofocus can be enabled on the rear camera. Move the device closer and farther away from an object to verify the operation of continuous autofocus. + +### Speaker test + +**Note**   +Headphones or external speakers are required to test the headphone jack in this test. + +  + +This test plays audio over left and right channels respectively, both for the internal speakers and for speakers or headphones connected to the headphone jack. Mark each channel as a pass or fail as you hear the audio play. + +### Network test + +**Note**   +Connect the Surface device to a Wi-Fi network before you run this test. Connections that are made during the test are removed when the test is completed. + +  + +This test uses the Windows Network Diagnostics built in troubleshooter to diagnose potential issues with network connectivity, including proxy configuration, DNS problems, and IP address conflicts. An event log is saved by this test in Windows logs and is visible in the Windows Event Viewer. The Event ID is 6100. + +### Power test + +Settings such as display brightness, the elapsed time until the screen sleeps, and the elapsed time until device sleeps, are checked against default values with the Power built-in troubleshooter. The troubleshooter will automatically correct settings that may prevent the device from conserving power or entering sleep mode. + +### Mobile broadband test + +This test prompts you to enable mobile broadband and attempts to browse to http://www.bing.com. This test is only applicable to Surface devices that come equipped with mobile broadband, such as Surface 3 LTE. + +### Accelerometer test + +The accelerometer detects lateral, longitudinal, and vertical movements of the Surface device. This test prompts you to pick up and move the Surface device forward and backward, to the left and to the right, and up and down, to test the sensor for directional movement. The test automatically passes when movement is detected. + +### Gyrometer test + +The gyrometer detects pitch, roll, and yaw movements. This test prompts you to pick up and rotate the Surface device to test the sensors for angular movement. The test automatically passes when movement is detected. + +### Compass test + +The compass detects which direction the Surface device is facing relative to north, south, east, and west. Turn the Surface device to face in different directions to test the sensor. The test automatically passes when a change in direction is detected. + +### Ambient light test + +The ambient light sensor is used to automatically adjust screen brightness relative to the ambient lighting in the environment. Turn the device toward or away from a light source to cause the screen to dim or brighten in response increased or decreased light. The test automatically passes when the screen brightness automatically changes. + +### Device orientation test + +**Note**   +Before you run this test, disable rotation lock from the Action Center if enabled. + +  + +The device orientation sensor determines what the angle of the Surface device is, relative to the ground. Rotate the display 90 degrees or 180 degrees to cause the screen orientation to switch between portrait and landscape mode. The test automatically passes when the screen orientation switches. + +### Brightness test + +This test cycles the screen through brightness levels from 0 percent to 100 percent, and then a message is displayed to confirm if the brightness level changed accordingly. You are then prompted to disconnect the power adapter. The screen should automatically dim when power is disconnected. + +### System assessment + +**Note**   +The Surface device must be connected to AC power before you can run this test. + +  + +The Windows System Assessment Tool (WinSAT) runs a series of benchmarks against the processor, memory, video adapter, and storage devices. The results include the processing speed of various algorithms, read and write performance of memory and storage, and performance in several Direct3D graphical tests. + +### Performance Monitor test + +Performance and diagnostic trace logs are recorded from Performance Monitor for 30 seconds and collected in the .zip file output of the Microsoft Surface Diagnostic Toolkit by this test. You can analyze these trace logs with the [Windows Performance Analyzer](http://go.microsoft.com/fwlink/p/?LinkId=746486) to identify causes of application crashes, performance issues, or other undesirable behavior in Windows. + +### Crash dump collection + +If your Surface device has encountered an error that caused the device to fail or produce a blue screen error, this stage of the Microsoft Surface Diagnostic Toolkit records the information from the automatically recorded crash dump files in the diagnostic log. You can use these crash dump files to identify a faulty driver, hardware component, or application through analysis. Use the [Windows Debugging Tool](http://go.microsoft.com/fwlink/p/?LinkId=746488) to analyze these files. If you are not familiar with the analysis of crash dump files, you can describe your issue and post a link to your crash dump files (uploaded to OneDrive or another file sharing service) in the [Windows TechNet Forums](http://go.microsoft.com/fwlink/p/?LinkId=746489). + +## Command line + + +You can run the Microsoft Surface Diagnostic Toolkit from the command line or as part of a script. The tool supports the following arguments: + +**Note**   +Many of the tests performed by the Microsoft Surface Diagnostic Toolkit require technician interaction. The Microsoft Surface Diagnostic Toolkit cannot run unattended. + +  + +### exclude + +Use this argument to exclude specific tests. + +Example: + +``` +Surface_Diagnostic_Toolkit_1.0.60.0.exe “exclude=BatteryTest,CameraTest” +``` + +See the following list for test names: + +- AccelerometerTest + +- AmbientLightSensorTest + +- BatteryTest + +- BluetoothTest + +- BrightnessTest + +- CameraTest + +- CanvasModeBatteryTest + +- ChargingTest + +- ClipboardModeBatteryTest + +- CrashDumpCollectionTest + +- DeadPixelDetectionTest + +- DeviceInformationTest + +- DeviceOrientationTest + +- DigitalCompassSensorTest + +- DigitizerEdgeTest + +- DigitizerMultiTouchTest + +- DigitizerPenCoverageTest + +- DigitizerPinchTest + +- DigitizerTouchCoverageTest + +- DisplayArtifactsTest + +- DualGraphicsTest + +- FanTest + +- GyrometerSensorTest + +- HomeButtonTest + +- IntegratedKeyboardTest + +- LaptopModeBatteryTest + +- MicrophoneTest + +- MicroSdCardTest + +- MobileBroadbandTest + +- MuscleWireTest + +- NetworkTest + +- PenTest + +- PerformanceMonitorTest + +- PowerTest + +- SdCardTest + +- SpeakerTest + +- SystemAssessmentTest + +- TypeCoverTest + +- VideoOutTest + +- VolumeRockerTest + +- WindowsUpdateCheckTest + +### forceplatformsupport + +Use this argument to force tests to run when the make and model of the device is not properly detected by Windows. Surface Diagnostic Toolkit is intended to run only on Surface devices. + +Example: + +``` +Surface_Diagnostic_Toolkit_1.0.60.0.exe forceplatformsupport +``` + +### include + +Use this argument to include tests when you run Microsoft Surface Diagnostic Toolkit from the command line. Tests specified by the **Include** command will be run even if the test is not supported on the model of Surface device. In the following example, the Surface Book specific tests for the latch mechanism and discrete graphics will be run, even if the command is run on a Surface Pro 4 or other Surface model. + +Example: + +``` +Surface_Diagnostic_Toolkit_1.0.60.0.exe “include=DualGraphicsTest,FanTest,MuscleWireTest” +``` + +### logpath + +Use this argument to specify the path for the log file. + +Example 1: + +``` +Surface_Diagnostic_Toolkit_1.0.60.0.exe logpath=C:\Folder +``` + +Example 2: + +``` +Surface_Diagnostic_Toolkit_1.0.60.0.exe “logpath=C:\Folder with spaces” +``` + +## Localization + + +By default, the Microsoft Surface Diagnostic Toolkit is available in English only. If you want to localize the text of the Microsoft Surface Diagnostic Toolkit prompts into another language, you can do so by creating a custom localization file. If the localization file exists, the Microsoft Surface Diagnostic Toolkit will override the default English text and use the text contained in the file instead. To create a localization file, follow these steps: + +1. Open Notepad. + +2. Type the following line at the beginning of the file: + + ``` syntax + + ``` + +3. Save the file as SurfaceDiagnosticTool\_v1.0.60.0.locale in the same location where the Microsoft Surface Diagnostic Toolkit executable file is stored. + +4. Run the Microsoft Surface Diagnostic Toolkit executable file, Surface\_Diagnostic\_Toolkit\_v1.0.60.0.exe. The SurfaceDiagnosticTool\_v1.0.60.0.locale file will be populated with all of the text from the default prompts. + +5. Open the SurfaceDiagnosticTool\_v1.0.60.0.locale file in Notepad and change the text of each prompt to your custom or localized text. + +6. Save the SurfaceDiagnosticTool\_v1.0.60.0.locale file. + +**Note**   +The SurfaceDiganosticTool\_v1.0.60.0.locale file must be located in the same folder and have the same name other than the file extension as the Microsoft Surface Diagnostic Toolkit executable file to use the custom prompt text. The SurfaceDiganosticTool\_v1.0.60.0.locale is an .xml file and must use UTF-8 encoding. + +  + +  + +  + + + + + diff --git a/devices/surface/surface-dock-updater.md b/devices/surface/surface-dock-updater.md new file mode 100644 index 0000000000..6cee308250 --- /dev/null +++ b/devices/surface/surface-dock-updater.md @@ -0,0 +1,107 @@ +--- +title: Microsoft Surface Dock Updater (Surface) +description: This article provides a detailed walkthrough of Microsoft Surface Dock Updater. +ms.assetid: 1FEFF277-F7D1-4CB4-8898-FDFE8CBE1D5C +ms.prod: W10 +ms.mktglfcycl: manage +ms.sitesec: library +author: heatherpoulsen +--- + +# Microsoft Surface Dock Updater + + +This article provides a detailed walkthrough of Microsoft Surface Dock Updater. + +The [Microsoft Surface Dock Updater](http://go.microsoft.com/fwlink/p/?LinkId=618121) tool allows you to check the firmware status of a Surface Dock and to manually update the firmware of Surface Dock devices. It is most often used to update Surface Docks prior to deployment of those Surface Docks to end users or as a troubleshooting tool. Microsoft Surface Dock Updater walks you through the process of updating the firmware on one or more Surface Docks, including the required connect and disconnect steps to perform the complete firmware installation. + +When you run the Microsoft Surface Dock Updater installer you will be prompted to accept an End User License Agreement (EULA). + +**Note**   +Updating Surface Dock firmware requires connectivity to the Surface Dock, available only on Surface Pro 3, Surface Pro 4, and Surface Book devices. A Surface Pro 3, Surface Pro 4, or Surface Book is required to successfully install Microsoft Surface Dock Updater. + +## Update a Surface Dock with Microsoft Surface Dock Updater + + +After you install the [Microsoft Surface Dock Updater](http://go.microsoft.com/fwlink/p/?LinkId=618121) tool, you can find Microsoft Surface Dock Updater under **All Apps** in your Start menu. Click **Microsoft Surface Dock Updater** to start the application. + +To update a Surface Dock with Microsoft Surface Dock Updater, follow these steps: + +1. Click Start to begin the firmware update process. If you do not have a Surface Dock connected, you will be prompted to connect a Surface Dock. + +2. Microsoft Surface Dock Updater checks the status of your Surface Dock firmware. + + - If the tool determines that the firmware of your Surface Dock is up to date, a **You have the latest firmware for this Surface Dock** message is displayed, as shown in Figure 1. + + ![figure 1](images/surfacedockupdater-fig1-uptodate-568pix.png) + + Figure 1. Your Surface Dock firmware is up to date. + + - If Microsoft Surface Dock Updater determines that the firmware of your Surface Dock is not up to date, a **This Surface Dock is not running the latest firmware** message is displayed, as shown in Figure 2. + + ![figure 2](images/surfacedockupdater-fig2a-needsupdating.png) + + Figure 2. Your Surface Dock firmware needs to be updated + +3. To begin the firmware update process, click **Update** on the **Surface Dock Firmware** page. + +4. Before the firmware update process begins, you will be prompted for confirmation. Click **OK** to proceed or **Cancel** to return to the **Surface Dock Firmware** page displaying the status of your Surface Dock firmware. + +5. As the firmware update is uploaded to the Surface Dock, a **Progress** page is displayed, as shown in Figure 3. Do not disconnect the Surface Dock while firmware is being uploaded. + + ![figure 3](images/surfacedockupdater-fig3-progress.png) + + Figure 3. Progress of firmware update upload to Surface Dock + +6. After the firmware update has successfully uploaded to the Surface Dock, you are prompted to disconnect and then reconnect the Surface Dock from the Surface device, as shown in Figure 4. The main chipset firmware update will be applied while the Surface Dock is disconnected. + + ![figure 4](images/surfacedockupdater-fig4-disconnect.png) + + Figure 4. Disconnect and reconnect Surface Dock when prompted + +7. When the main chipset firmware update is verified, the DisplayPort chipset firmware update will be uploaded to the Surface Dock. Upon completion, a **Success** page is displayed and you will again be prompted to disconnect the Surface Dock, as shown in Figure 5. + + ![figure 5](images/surfacedockupdater-fig5-success.png) + + Figure 5. Successful upload of Surface Dock firmware + +8. After you disconnect the Surface Dock the DisplayPort firmware update will be installed. This process occurs on the Surface Dock hardware while it is disconnected. The Surface Dock must remain powered for up to 3 minutes after it has been disconnected for the firmware update to successfully install. An **Update in Progress** page is displayed (as shown in Figure 6), with a countdown timer to show the estimated time remaining to complete the firmware update installation. + + ![figure 6](images/surfacedockupdater-fig6-countdown.png) + + Figure 6. Countdown timer to complete firmware installation on Surface Dock + +9. If you want to update multiple Surface Docks in one sitting, you can click the **Update another Surface Dock** button to begin the process on the next Surface Dock. + + **Note**   + The LED in the Ethernet port of the dock will blink while the update is in progress. Please wait until the LED stops blinking before you unplug your Surface Dock from power. + +   + +## Troubleshooting Microsoft Surface Dock Updater + + +If the Surface Dock firmware update process encounters an installation error with either firmware update, the **Encountered an unexpected error** page may be displayed, as shown in Figure 7. + +![figure 7](images/surfacedockupdater-fig7-error.png) + +Figure 7. Firmware update installation has encountered an error + +Microsoft Surface Dock Updater logs its progress into the Event Log, as shown in Figure 8. If you need to troubleshoot an update through this tool, you will find Surface Dock events recorded with the following event IDs: + +| Event ID | Event type | +|----------|----------------------------------------------------------| +| 12100 | Up-to-date confirmation | +| 12101 | Event in the main chipset firmware update process | +| 12102 | Event in the DisplayPort chipset firmware update process | +| 12105 | Error | + +  +![figure 8](images/surfacedockupdater-fig8-737test.png) + +Figure 8. Surface Dock Updater events in Event Viewer + +## Related topics + + +[Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md) diff --git a/education/docfx.json b/education/docfx.json new file mode 100644 index 0000000000..cc09ff86a7 --- /dev/null +++ b/education/docfx.json @@ -0,0 +1,24 @@ +{ + "build": { + "content": + [ + { + "files": ["**/**.md"], + "exclude": ["**/obj/**"] + } + ], + "resource": [ + { + "files": ["**/images/**", "**/*.json"], + "exclude": ["**/obj/**"] + } + ], + "globalMetadata": { + "ROBOTS": "INDEX, FOLLOW" + }, + "externalReference": [ + ], + "template": "op.html", + "dest": "education" + } +} diff --git a/education/index.md b/education/index.md new file mode 100644 index 0000000000..0bd9ced4cc --- /dev/null +++ b/education/index.md @@ -0,0 +1 @@ +#OP Testing file diff --git a/mdop/appv-v5/TOC.md b/mdop/appv-v5/TOC.md index 2e81d5ad03..3f983101a4 100644 --- a/mdop/appv-v5/TOC.md +++ b/mdop/appv-v5/TOC.md @@ -17,7 +17,7 @@ ##### [Planning to Deploy App-V 5.1 with an Electronic Software Distribution System](planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md) ##### [Planning for the App-V 5.1 Server Deployment](planning-for-the-app-v-51-server-deployment.md) ##### [Planning for the App-V 5.1 Sequencer and Client Deployment](planning-for-the-app-v-51-sequencer-and-client-deployment.md) -##### [Planning for Migrating from a Previous Version of App-V 5.1 ](planning-for-migrating-from-a-previous-version-of-app-v51.md) +##### [Planning for Migrating from a Previous Version of App-V](planning-for-migrating-from-a-previous-version-of-app-v51.md) ##### [Planning for Using App-V with Office 5.1](planning-for-using-app-v-with-office51.md) ##### [Planning to Use Folder Redirection with App-V 5.1](planning-to-use-folder-redirection-with-app-v51.md) #### [App-V 5.1 Planning Checklist](app-v-51-planning-checklist.md) @@ -79,11 +79,12 @@ ##### [How to Access the Client Management Console 5.1](how-to-access-the-client-management-console51.md) ##### [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server 5.1](how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-51.md) #### [Migrating to App-V 5.1 from a Previous Version](migrating-to-app-v-51-from-a-previous-version.md) +##### [Check Registry Keys before installing App-V 5.x Server](check-reg-key-svr.md) ##### [How to Convert a Package Created in a Previous Version of App-V 5.1](how-to-convert-a-package-created-in-a-previous-version-of-app-v51.md) -##### [How to Migrate Extension Points From an App-V 4.6 SP2 Package to a Converted App-V 5.1 Package for All Users on a Specific Computer](how-to-migrate-extension-points-from-an-app-v-46-sp2-package-to-a-converted-app-v-51-package-for-all-users-on-a-specific-computer.md) -##### [How to Migrate Extension Points From an App-V 4.6 SP2 Package to App-V 5.1 for a Specific User](how-to-migrate-extension-points-from-an-app-v-46-sp2-package-to-app-v-51-for-a-specific-user.md) -##### [How to Revert Extension Points from an App-V 5.1 Package to an App-V 4.6 SP2 Package For All Users on a Specific Computer](how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-sp2-package-for-all-users-on-a-specific-computer.md) -##### [How to Revert Extension Points From an App-V 5.1 Package to an App-V 4.6 SP2 Package for a Specific User](how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-sp2-package-for-a-specific-user.md) +##### [How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.1 Package for All Users on a Specific Computer](how-to-migrate-extension-points-from-an-app-v-46-sp2-package-to-a-converted-app-v-51-package-for-all-users-on-a-specific-computer.md) +##### [How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.1 for a Specific User](how-to-migrate-extension-points-from-an-app-v-46-sp2-package-to-app-v-51-for-a-specific-user.md) +##### [How to Revert Extension Points from an App-V 5.1 Package to an App-V 4.6 Package For All Users on a Specific Computer](how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-sp2-package-for-all-users-on-a-specific-computer.md) +##### [How to Revert Extension Points From an App-V 5.1 Package to an App-V 4.6 Package for a Specific User](how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-sp2-package-for-a-specific-user.md) ##### [How to Use an App-V 4.6 SP1 Application From an App-V 5.1 Application](how-to-use-an-app-v-46-sp1-application-from-an-app-v-51-application.md) #### [Maintaining App-V 5.1](maintaining-app-v-51.md) ##### [How to Move the App-V Server to Another Computer 5.1](how-to-move-the-app-v-server-to-another-computer51.md) diff --git a/mdop/appv-v5/about-app-v-50-sp3.md b/mdop/appv-v5/about-app-v-50-sp3.md index a4418a6430..84f1b27782 100644 --- a/mdop/appv-v5/about-app-v-50-sp3.md +++ b/mdop/appv-v5/about-app-v-50-sp3.md @@ -197,7 +197,7 @@ Complete the following steps to upgrade each component of the App-V infrastructu

 

-

  • If you are upgrading the App-V Server from App-V SP1 Hotfix Package 3 or later, complete the steps in section [Check registry keys after installing the App-V 5.0 SP3 Server](#bkmk-check-reg-key-svr).

    • +

  • If you are upgrading the App-V Server from App-V 5.0 SP1 Hotfix Package 3 or later, complete the steps in section [Check registry keys after installing the App-V 5.0 SP3 Server](#bkmk-check-reg-key-svr).

  • Follow the steps in [How to Deploy the App-V 5.0 Server](how-to-deploy-the-app-v-50-server-50sp3.md).

    • diff --git a/mdop/appv-v5/about-app-v-51.md b/mdop/appv-v5/about-app-v-51.md index 162630bae1..debcd6ece3 100644 --- a/mdop/appv-v5/about-app-v-51.md +++ b/mdop/appv-v5/about-app-v-51.md @@ -63,7 +63,7 @@ See the following links for the App-V 5.1 software prerequisites and supported c ## Migrating to App-V 5.1 -Use the following information to upgrade to App-V 5.1 from earlier versions. See [Migrating from a Previous Version](migrating-from-a-previous-version-app-v-50.md) for more information. +Use the following information to upgrade to App-V 5.1 from earlier versions. See [Migrating to App-V 5.1 from a Previous Version](migrating-to-app-v-51-from-a-previous-version.md) for more information. ### Before you start the upgrade @@ -90,7 +90,7 @@ Review the following information before you start the upgrade:
    Note   -

    To use the App-V client user interface, download the existing version from [Application Virtualization 5.0 Client UI Application](http://www.microsoft.com/download/details.aspx?id=41186).

    +

    Prior to App-V 5.0 SP2, the Client Management User Interface (UI) was provided with the App-V Client installation. For App-V 5.0 SP2 installations (or later), you can use the Client Management UI by downloading from [Application Virtualization 5.0 Client UI Application](http://www.microsoft.com/download/details.aspx?id=41186).

      @@ -98,7 +98,7 @@ Review the following information before you start the upgrade:

    Upgrading from App-V 4.x

    -

    For more information, see:

    +

    You must first upgrade to App-V 5.0. You cannot upgrade directly from App-V 4.x to App-V 5.1. For more information, see: