deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 14:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/jdrs' into rs1

Browse Source
This commit is contained in:
jdeckerMS 2016-07-27 09:57:46 -07:00
commit 11adfbec34
23 changed files with 65 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
education/windows/set-up-students-pcs-to-join-domain.md
View File

@ -13,7 +13,7 @@ author: jdeckerMS
- Windows 10
If your school uses Active Directory, use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a runtime provisioning package that will configure a PC for student use that is joined to the Active Directory domain. [Install the ADK.](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit)
If your school uses Active Directory, use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a runtime provisioning package that will configure a PC for student use that is joined to the Active Directory domain. [Install the ADK.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
## Create the provisioning package

6
education/windows/set-up-students-pcs-with-apps.md
View File

@ -73,7 +73,7 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi
## Add a universal app to your package
Universal apps that you can distribute in the provisioning package can be line-of-business (LOB) apps developed by your organization, Windows Store for Business apps that you acquire with [offline licensing](https://technet.microsoft.com/en-us/itpro/windows/manage/acquire-apps-windows-store-for-business), or third-party apps. This procedure will assume you are distributing apps from the Windows Store for Business. For other apps, obtain the necessary information (such as the package family name) from the app developer.
Universal apps that you can distribute in the provisioning package can be line-of-business (LOB) apps developed by your organization, Windows Store for Business apps that you acquire with [offline licensing](https://technet.microsoft.com/itpro/windows/manage/acquire-apps-windows-store-for-business), or third-party apps. This procedure will assume you are distributing apps from the Windows Store for Business. For other apps, obtain the necessary information (such as the package family name) from the app developer.
1. In the **Available customizations** pane, go to **Runtime settings** > **UniversalAppInstall**.
@ -91,7 +91,7 @@ Universal apps that you can distribute in the provisioning package can be line-o
![generate license for offline app](images/uwp-license.png)
[Learn more about distributing offline apps from the Windows Store for Business.](https://technet.microsoft.com/en-us/itpro/windows/manage/distribute-offline-apps)
[Learn more about distributing offline apps from the Windows Store for Business.](https://technet.microsoft.com/itpro/windows/manage/distribute-offline-apps)
> **Note:** Removing a provisioning package will not remove any apps installed by device context in that provisioning package.
@ -206,7 +206,7 @@ On a desktop computer, navigate to **Settings** > **Accounts** > **Work ac
## Learn more
- [Develop Universal Windows Education apps](https://msdn.microsoft.com/en-us/windows/uwp/apps-for-education/index)
- [Develop Universal Windows Education apps](https://msdn.microsoft.com/windows/uwp/apps-for-education/index)
- [Build and apply a provisioning package]( http://go.microsoft.com/fwlink/p/?LinkId=629651)

4
windows/deploy/provision-pcs-for-initial-deployment.md
View File

@ -9,7 +9,7 @@ ms.sitesec: library
author: jdeckerMS
---
# Provision PCs with common settings for initial deployment
# Provision PCs with common settings for initial deployment (simple provisioning)
**Applies to**
@ -49,7 +49,7 @@ Provisioning packages can include management instructions and policies, installa
## Create the provisioning package
Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK.](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit)
Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
1. Open Windows ICD (by default, %windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe).

6
windows/deploy/provision-pcs-with-apps-and-certificates.md
View File

@ -9,7 +9,7 @@ ms.sitesec: library
author: jdeckerMS
---
# Provision PCs with apps and certificates for initial deployment
# Provision PCs with apps and certificates for initial deployment (advanced provisioning)
**Applies to**
@ -33,7 +33,7 @@ You can apply a provisioning package on a USB drive to off-the-shelf devices dur
## Create the provisioning package
Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK.](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit)
Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
1. Open Windows ICD (by default, %windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe).
@ -54,7 +54,7 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi
3. Go to **Runtime settings** > **ProvisioningCommands** > **DeviceContext** > **CommandLine** and specify the command line that needs to be executed to install the app. This is a single command line (such as a script, executable, or msi) that triggers a silent install of your CommandFiles. Note that the install must execute silently (without displaying any UI). For MSI installers use, the `msiexec /quiet` option.
> **Note**: If you are installing more than one app, then use CommandLine to invoke the script or batch file that orchestrates installation of the files. For more information, see [Install a Win32 app using a provisioning package](https://msdn.microsoft.com/en-us/library/windows/hardware/mt703295%28v=vs.85%29.aspx).
> **Note**: If you are installing more than one app, then use CommandLine to invoke the script or batch file that orchestrates installation of the files. For more information, see [Install a Win32 app using a provisioning package](https://msdn.microsoft.com/library/windows/hardware/mt703295%28v=vs.85%29.aspx).
### Add a universal app to your package

4
windows/deploy/provisioning-packages.md
View File

@ -93,7 +93,7 @@ For details about the settings you can customize in provisioning packages, see [
## Creating a provisioning package
With Windows 10, you can use the Windows Imaging and Configuration Designer (ICD) tool to create provisioning packages. To install Windows ICD and create provisioning packages, you must [install the Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit).
With Windows 10, you can use the Windows Imaging and Configuration Designer (ICD) tool to create provisioning packages. To install Windows ICD and create provisioning packages, you must [install the Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
While running ADKsetup.exe for Windows 10, version 1607, select the following feature from the **Select the features you want to install** dialog box:
@ -122,7 +122,7 @@ Provisioning packages can be applied both during image deployment and during run
- [Configure devices without MDM](../manage/configure-devices-without-mdm.md)
- [Set up a device for anyone to use (kiosk mode)](../manage/set-up-a-device-for-anyone-to-use.md)
- [Customize Windows 10 Start and taskbar with ICD and provisioning packages](../manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
- [Set up student PCs to join domain](https://technet.microsoft.com/en-us/edu/windows/set-up-students-pcs-to-join-domain)
- [Set up student PCs to join domain](https://technet.microsoft.com/edu/windows/set-up-students-pcs-to-join-domain)

4
windows/keep-secure/.vscode/settings.json vendored Normal file
View File

@ -0,0 +1,4 @@
// Place your settings in this file to overwrite default and user settings.
{
"update.channel": "none",
}

2
windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md
View File

@ -47,6 +47,8 @@ Everyone can get the **Microsoft Authenticator** app from the Windows Store. If
[Tell people how to sign in using their phone.](prepare-people-to-use-microsoft-passport.md#bmk-remote)
## Related topics
[Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md)

2
windows/keep-secure/prepare-people-to-use-microsoft-passport.md
View File

@ -97,3 +97,5 @@ If your enterprise enables phone sign-in, users can pair a phone running Windows
[Event ID 300 - Windows Hello successfully created](passport-event-300.md)
[Windows Hello biometrics in the enterprise](windows-hello-in-enterprise.md)

2
windows/keep-secure/vpn-profile-options.md
View File

@ -60,7 +60,7 @@ A VPN profile configured with LockDown secures the device to only allow network
## Learn more
- [Learn how to configure VPN connections in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/vpn-connections-in-microsoft-intune)
- [Learn how to configure VPN connections in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/vpn-connections-in-microsoft-intune)
- [VPNv2 configuration service provider (CSP) reference](http://go.microsoft.com/fwlink/p/?LinkId=617588)
- [How to Create VPN Profiles in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=618028)

4
windows/manage/configure-devices-without-mdm.md
View File

@ -74,7 +74,7 @@ For details about the settings you can customize in provisioning packages, see [
## Create a provisioning package
Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a runtime provisioning package. [Install the ADK.](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit)
Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a runtime provisioning package. [Install the ADK.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
When you run Windows ICD, you have several options for creating your package.
@ -89,7 +89,7 @@ When you build a provisioning package, you may include sensitive information in
### Using Simple provisioning
1. Open Windows ICD (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe).
1. Open Windows ICD (by default, `%windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe`).
2. Click **Simple provisioning**.
2. Name your project and click **Finish**.
3. In the **Set up device** step, enter a unique 15-character name for the device. For help generating a unique name, you can use %SERIAL%, which includes a hardware-specific serial number, or you can use %RAND:x%, which generates random characters of x length.

4
windows/manage/connect-to-remote-aadj-pc.md
View File

@ -65,9 +65,9 @@ In organizations using only Azure AD, you can connect from an Azure AD-joined PC
## Related topics
[How to use Remote Desktop](http://windows.microsoft.com/en-us/windows-10/how-to-use-remote-desktop)
[How to use Remote Desktop](https://support.microsoft.com/instantanswers/ff521c86-2803-4bc0-a5da-7df445788eb9/how-to-use-remote-desktop)
[Remote Desktop Connection: frequently asked questions](http://windows.microsoft.com/en-us/windows/remote-desktop-connection-faq#1TC=windows-8) (Windows 8.1 documentation, still applicable to Windows 10)
 

2
windows/manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
View File

@ -42,7 +42,7 @@ Three features enable Start and taskbar layout control:
## <a href="" id="bkmk-domaingpodeployment"></a>Create a provisioning package that contains a customized Start layout
Use the [Imaging and Configuration Designer (ICD) tool](http://go.microsoft.com/fwlink/p/?LinkID=525483) included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package that applies a customized Start and taskbar layout. [Install the ADK.](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit)
Use the [Imaging and Configuration Designer (ICD) tool](http://go.microsoft.com/fwlink/p/?LinkID=525483) included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package that applies a customized Start and taskbar layout. [Install the ADK.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
> **Important**
When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.

14
windows/manage/group-policies-for-enterprise-and-education-editions.md
View File

@ -17,15 +17,15 @@ In Windows 10, version 1607, the following Group Policies apply only to Windows
| Policy name | Policy path | Comments |
| --- | --- | --- |
| **Configure Spotlight on lock screen** | User Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](https://technet.microsoft.com/en-us/itpro/windows/whats-new/windows-spotlight). Note that an additional **Cloud Content** policy, **Do not suggest third-party content in Windows spotlight**, does apply to Windows 10 Pro. |
| **Turn off all Windows Spotlight features** | User Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](https://technet.microsoft.com/en-us/itpro/windows/whats-new/windows-spotlight) |
| **Turn off Microsoft consumer features** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](https://technet.microsoft.com/en-us/itpro/windows/whats-new/windows-spotlight) |
| **Do not display the lock screen** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](https://technet.microsoft.com/en-us/itpro/windows/whats-new/windows-spotlight) |
| **Configure Spotlight on lock screen** | User Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md). Note that an additional **Cloud Content** policy, **Do not suggest third-party content in Windows spotlight**, does apply to Windows 10 Pro. |
| **Turn off all Windows Spotlight features** | User Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md) |
| **Turn off Microsoft consumer features** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md) |
| **Do not display the lock screen** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md |
| **Do not require CTRL+ALT+DEL** </br>combined with</br>**Turn off app notifications on the lock screen** | Computer Configuration > Administrative Templates > System > Logon </br>and</br>Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Interactive logon | When both of these policy settings are enabled, the combination will also disable lock screen apps ([assigned access](set-up-a-device-for-anyone-to-use.md)) on Windows 10 Enterprise and Windows 10 Education only. These policy settings can be applied to Windows 10 Pro, but lock screen apps will not be disabled on Windows 10 Pro. </br></br>**Important:** The description for **Interactive logon: Do not require CTRL+ALT+DEL** in the Group Policy Editor incorrectly states that it only applies to Windows 10 Enterprise and Education. The description will be corrected in a future release.|
| **Do not show Windows Tips** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](https://technet.microsoft.com/en-us/itpro/windows/whats-new/windows-spotlight) |
| **Force a specific default lock screen image** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](https://technet.microsoft.com/en-us/itpro/windows/whats-new/windows-spotlight) |
| **Do not show Windows Tips** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md |
| **Force a specific default lock screen image** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md) |
| **Start layout** | User Configuration\Administrative Templates\Start Menu and Taskbar | For more info, see [Manage Windows 10 Start layout options and policies](windows-10-start-layout-options-and-policies.md) |
| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application<br><br>User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/en-us/kb/3135657). |
| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application<br><br>User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/kb/3135657). |
| **Don't search the web or display web results** | Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results | For more info, see [Cortana integration in your enterprise](manage-cortana-in-enterprise.md) |

4
windows/manage/guidelines-for-assigned-access-app.md
View File

@ -23,7 +23,7 @@ The following guidelines may help you choose an appropriate Windows app for your
## General guidelines
- Windows apps must be provisioned or installed for the assigned access account before they can be selected as the assigned access app. [Learn how to provision and install apps](https://msdn.microsoft.com/en-us/library/windows/hardware/mt228170(v=vs.85).aspx#install_your_apps).
- Windows apps must be provisioned or installed for the assigned access account before they can be selected as the assigned access app. [Learn how to provision and install apps](https://msdn.microsoft.com/library/windows/hardware/mt228170.aspx#install_your_apps).
- Updating a Windows app can sometimes change the Application User Model ID (AUMID) of the app. If this happens, you must update the assigned access settings to launch the updated app, because assigned access uses the AUMID to determine which app to launch.
@ -71,7 +71,7 @@ Check the guidelines published by your selected app and do the setup accordingly
Assigned access in Windows 10 leverages the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above lock . The kiosk app is actually running as an above lock screen app.
Follow the [best practices guidance for developing a kiosk app for assigned access](https://msdn.microsoft.com/en-us/library/windows/hardware/mt633799%28v=vs.85%29.aspx).
Follow the [best practices guidance for developing a kiosk app for assigned access](https://msdn.microsoft.com/library/windows/hardware/mt633799%28v=vs.85%29.aspx).
## Test your assigned access experience

4
windows/manage/how-it-pros-can-use-configuration-service-providers.md
View File

@ -23,7 +23,7 @@ The CSPs are documented on the [Hardware Dev Center](http://go.microsoft.com/fwl
**Note**  
The explanation of CSPs and CSP documentation also apply to Windows Mobile 5, Windows Mobile 6, Windows Phone 7, and Windows Phone 8, but links to current CSPs are for Windows 10 and Windows 10 Mobile.
 [See what's new for CSPs in Windows 10, version 1607.](https://msdn.microsoft.com/en-us/library/windows/hardware/mt299056(v=vs.85).aspx#whatsnew_1607)
 [See what's new for CSPs in Windows 10, version 1607.](https://msdn.microsoft.com/library/windows/hardware/mt299056.aspx#whatsnew_1607)
## What is a CSP?
@ -215,7 +215,7 @@ Here is a list of CSPs supported on Windows 10 Enterprise, Windows 10 Mobile E
## Related topics
[What's new in MDM enrollment and management in Windows 10, version 1607](https://msdn.microsoft.com/en-us/library/windows/hardware/mt299056(v=vs.85).aspx#whatsnew_1607)
[What's new in MDM enrollment and management in Windows 10, version 1607](https://msdn.microsoft.com/library/windows/hardware/mt299056.aspx#whatsnew_1607)
[Lock down Windows 10](lock-down-windows-10.md)

4
windows/manage/lockdown-xml.md
View File

@ -262,13 +262,13 @@ In the following example, when a user presses the Search button, the phone diale
![XML for CSP Runner](images/CSPRunnerXML.jpg)
You can use CSPRunner to include settings that are not defined in AssignedAccessXML. For example, you can include settings from other sections of EnterpriseAssignedAccess CSP, such as lockscreen, theme, and time zone. You can also include settings from other CSPs, such as [Wi-Fi CSP](http://go.microsoft.com/fwlink/p/?LinkID=717460) or [Policy CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962%28v=vs.85%29.aspx).
You can use CSPRunner to include settings that are not defined in AssignedAccessXML. For example, you can include settings from other sections of EnterpriseAssignedAccess CSP, such as lockscreen, theme, and time zone. You can also include settings from other CSPs, such as [Wi-Fi CSP](http://go.microsoft.com/fwlink/p/?LinkID=717460) or [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962%28v=vs.85%29.aspx).
CSPRunner is helpful when you are configuring a device to support multiple roles. It lets you apply different policies according to the role that is signed on. For example, Wi-Fi could be enabled for a supervisor role and disabled for a stocking clerk role.
In CSPRunner, you specify the CSP and settings using SyncML, a standardized markup language for device management. A SyncML section can include multiple settings, or you can use multiple SyncML sections -- it's up to you how you want to organize settings in this section.
> **Note**&nbsp;&nbsp;This description of SyncML is just the information that you need to use SyncML in a lockdown XML file. To learn more about SyncML, see [Structure of OMA DM provisioning files](https://msdn.microsoft.com/en-us/windows/hardware/dn914774.aspx).
> **Note**&nbsp;&nbsp;This description of SyncML is just the information that you need to use SyncML in a lockdown XML file. To learn more about SyncML, see [Structure of OMA DM provisioning files](https://msdn.microsoft.com/windows/hardware/dn914774.aspx).
Let's start with the structure of SyncML in the following example:

4
windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
View File

@ -116,7 +116,7 @@ Assigned Access has one setting, KioskModeApp. In the KioskModeApp setting, you
### <a href="" id="icd"></a>Set up assigned access using Windows Imaging and Configuration Designer (ICD)
Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package that configures a device as a kiosk. [Install the ADK.](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit)
Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package that configures a device as a kiosk. [Install the ADK.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
> **Important**
When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
@ -203,7 +203,7 @@ Set-AssignedAccess -AppName <CustomApp> -UserSID <usersid>
> **Note:** To set up assigned access using `-AppName`, the user account that you specify for assigned access must have logged on at least once.
[Learn how to get the AUMID](http://go.microsoft.com/fwlink/p/?LinkId=614867).
[Learn how to get the AppName](https://msdn.microsoft.com/en-us/library/windows/hardware/mt620046%28v=vs.85%29.aspx) (see **Parameters**).
[Learn how to get the AppName](https://msdn.microsoft.com/library/windows/hardware/mt620046%28v=vs.85%29.aspx) (see **Parameters**).
[Learn how to get the SID](http://go.microsoft.com/fwlink/p/?LinkId=615517).

2
windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md
View File

@ -85,7 +85,7 @@ When you build a provisioning package, you may include sensitive information in
 
2. Open Windows ICD (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe).
2. Open Windows ICD (by default, `%windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe`).
3. Choose **Advanced provisioning**.

14
windows/manage/set-up-shared-or-guest-pc.md
View File

@ -17,7 +17,7 @@ author: jdeckerMS
Windows 10, version 1607, introduces *shared PC mode*, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. You can apply shared PC mode to Windows 10 Pro, Education, and Enterprise.
> **Note:** If you're interested in using Windows 10 for shared PCs in a school, see [Use Set up School PCs app](https://technet.microsoft.com/en-us/edu/windows/use-set-up-school-pcs-app) which provides a simple way to configure PCs with shared PC mode plus additional settings specific for education.
> **Note:** If you're interested in using Windows 10 for shared PCs in a school, see [Use Set up School PCs app](https://technet.microsoft.com/edu/windows/use-set-up-school-pcs-app) which provides a simple way to configure PCs with shared PC mode plus additional settings specific for education.
##Shared PC mode concepts
A Windows 10 PC in shared PC mode is designed to be management- and maintenance-free with high reliability. In shared PC mode, only one user can be signed in at a time. When the PC is locked, the currently signed in user can always be signed out at the lock screen. Users who sign-in are signed in as standard users, not admin users.
@ -37,7 +37,11 @@ While shared PC mode does not configure Windows Update itself, it is strongly re
- MDM: Set **Update/AllowAutoUpdate** to `4`.
- Provisioning: In Windows Imaging and Configuration Designer (ICD), set **Policies/Update/AllowAutoUpdate** to `4`.
[Learn more about the AllowAutoUpdate settings](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#Update_AllowAutoUpdate)
[Learn more about the AllowAutoUpdate settings](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_AllowAutoUpdate)
###App behavior
Apps can take advantage of shared PC mode by changing their app behavior to align with temporary use scenarios. For example, an app might only download content on demand on a device in shared PC mode, or might skip first run experiences. For information on how an app can query for shared PC mode, see [SharedModeSettings class](https://msdn.microsoft.com/en-us/library/windows/apps/windows.system.profile.sharedmodesettings.aspx).
###Customization
Shared PC mode exposes a set of customizations to tailor the behavior to your requirements. These customizations are the options that you'll set either using MDM or a provisioning package as explained in [Configuring shared PC mode on Windows](#configuring-shared-pc-mode-on-windows). The options are listed in the following table.
@ -59,16 +63,16 @@ Shared PC mode exposes a set of customizations to tailor the behavior to your re
##Configuring shared PC mode on Windows
You can configure Windows to be in shared PC mode in a couple different ways:
- Mobile device management (MDM): Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723294.aspx). Your MDM policy can contain any of the options listed in the [Customization](#customization) section. The following image shows a Microsoft Intune policy with the shared PC options added as OMA-URI settings. [Learn more about Windows 10 policy settings in Microsoft Intune.](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune)
- Mobile device management (MDM): Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/mt723294.aspx). Your MDM policy can contain any of the options listed in the [Customization](#customization) section. The following image shows a Microsoft Intune policy with the shared PC options added as OMA-URI settings. [Learn more about Windows 10 policy settings in Microsoft Intune.](https://docs.microsoft.com/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune)
![custom OMA-URI policy in Intune](images/oma-uri-shared-pc.png)
- A provisioning package created with the Windows Imaging and Configuration Designer (ICD): You can apply a provisioning package when you initially set up the PC (also known as the out-of-box-experience or OOBE), or you can apply the provisioning package to a Windows 10 PC that is already in use. The provisioning package is created in Windows Imaging and Configuration Designer (ICD). Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723294.aspx), exposed in ICD as SharedPC.
- A provisioning package created with the Windows Imaging and Configuration Designer (ICD): You can apply a provisioning package when you initially set up the PC (also known as the out-of-box-experience or OOBE), or you can apply the provisioning package to a Windows 10 PC that is already in use. The provisioning package is created in Windows Imaging and Configuration Designer (ICD). Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/mt723294.aspx), exposed in ICD as SharedPC.
![Shared PC settings in ICD](images/icd-adv-shared-pc.png)
### Create a provisioning package for shared use
Use the Windows ICD tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package that configures a device for shared PC mode. [Install the ADK.](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit)
Use the Windows ICD tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package that configures a device for shared PC mode. [Install the ADK.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
1. Open Windows ICD (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe).

2
windows/manage/windows-10-start-layout-options-and-policies.md
View File

@ -16,7 +16,7 @@ author: jdeckerMS
- Windows 10
> **Looking for consumer information?** See [Customize the Start menu](http://windows.microsoft.com/en-us/windows-10/getstarted-see-whats-on-the-menu)
> **Looking for consumer information?** See [Customize the Start menu](http://windows.microsoft.com/windows-10/getstarted-see-whats-on-the-menu)
Organizations might want to deploy a customized Start and taskbar configuration to devices running Windows 10 Enterprise or Windows 10 Education. A standard, customized Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes. Configuring the taskbar allows the organization to pin useful apps for their employees and to remove apps that are pinned by default.

14
windows/whats-new/whats-new-windows-10-version-1507-and-1511.md
View File

@ -299,10 +299,20 @@ Administrators can also use mobile device management (MDM) or Group Policy to di
## Updates
Windows Update for Business enables information technology administrators to keep the Windows 10-based devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Microsofts Windows Update service.
With Windows 10, your enterprise will have more choice and flexibility in applying operating system updates. You can manage and control updates to devices running Windows 10 Pro and Windows 10 Enterprise using MDM policies.
By using [Group Policy Objects](http://go.microsoft.com/fwlink/p/?LinkId=699279), Windows Update for Business is an easily established and implemented system which enables organizations and administrators to exercise control on how their Windows 10-based devices are updated, by allowing:
While Windows Update provides updates to unmanaged devices, most enterprises prefer to manage and control the flow of updates using their device management solution. You can choose to apply the latest updates as soon as they are available, or you can set a source and schedule for updates that works for your specific requirements.
- **Deployment and validation groups**; where administrators can specify which devices go first in an update wave, and which devices will come later (to ensure any quality bars are met).
- **Peer-to-peer delivery**, which administrators can enable to make delivery of updates to branch offices and remote sites with limited bandwidth very efficient.
- **Use with existing tools** such as System Center Configuration Manager and the [Enterprise Mobility Suite](http://go.microsoft.com/fwlink/p/?LinkId=699281).
Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](http://technet.microsoft.com/library/hh852345.aspx) and [System Center Configuration Manager](http://technet.microsoft.com/library/gg682129.aspx).
Learn more about [Windows Update for Business](../plan/windows-update-for-business.md).
For more information about updating Windows 10, see [Windows 10 servicing options for updates and upgrades](../manage/introduction-to-windows-10-servicing.md).

1
windows/whats-new/windows-update-for-business.md
View File

@ -6,6 +6,7 @@ ms.prod: w10
ms.mktglfcycl: explore
ms.sitesec: library
author: TrudyHa
redirect_url: /whats-new/whats-new-windows-10-version-1507-and-1511
---
# What's new in Windows Update for Business?