deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-22 10:17:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into live

Browse Source
This commit is contained in:
LizRoss 2017-01-10 09:56:07 -08:00
commit 133de7a2e1
11 changed files with 82 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
devices/surface-hub/save-bitlocker-key-surface-hub.md
View File

@ -24,7 +24,7 @@ There are several ways to manage your BitLocker key on the Surface Hub.
2. If youve joined the Surface Hub to Azure Active Directory (Azure AD), the BitLocker key will be stored under the account that was used to join the device. 2. If youve joined the Surface Hub to Azure Active Directory (Azure AD), the BitLocker key will be stored under the account that was used to join the device.
3. If youre using a local admin account to manage the device, you can save the BitLocker key by going to the **Settings** app and navigating to **Update & security** > **Recovery**. Insert a USB drive and select the option to save the BitLocker key. The key will be saved to a text file on the USB drive. 3. If youre using an admin account to manage the device, you can save the BitLocker key by going to the **Settings** app and navigating to **Update & security** > **Recovery**. Insert a USB drive and select the option to save the BitLocker key. The key will be saved to a text file on the USB drive.
## Related topics ## Related topics

2
devices/surface-hub/use-room-control-system-with-surface-hub.md
View File

@ -184,7 +184,7 @@ In Replacement PC mode, the power states are only Ready and Off and only change
</tr> </tr>
<tr class="even"> <tr class="even">
<td align="left"><p>5</p></td> <td align="left"><p>5</p></td>
<td align="left"><p>50</p></td> <td align="left"><p>S0</p></td>
<td align="left"><p>Ready</p></td> <td align="left"><p>Ready</p></td>
</tr> </tr>
</tbody> </tbody>

5
windows/deploy/change-history-for-deploy-windows-10.md
View File

@ -11,6 +11,11 @@ author: greg-lindsay
# Change history for Deploy Windows 10 # Change history for Deploy Windows 10
This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md). This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
## January 2017
| New or changed topic | Description |
|----------------------|-------------|
| [Get started with Upgrade Analytics](upgrade-analytics-get-started.md) | Updated exit code table with suggested fixes, and added link to the Upgrade Analytics blog |
## October 2016 ## October 2016
| New or changed topic | Description | | New or changed topic | Description |
|----------------------|-------------| |----------------------|-------------|

1
windows/deploy/provisioning-packages.md
View File

@ -124,7 +124,6 @@ Provisioning packages can be applied both during image deployment and during run
- [Provision PCs with apps and certificates for initial deployments](provision-pcs-with-apps-and-certificates.md) - [Provision PCs with apps and certificates for initial deployments](provision-pcs-with-apps-and-certificates.md)
- [Configure devices without MDM](../manage/configure-devices-without-mdm.md) - [Configure devices without MDM](../manage/configure-devices-without-mdm.md)
- [Set up a shared or guest PC with Windows 10](../manage/set-up-shared-or-guest-pc.md) - [Set up a shared or guest PC with Windows 10](../manage/set-up-shared-or-guest-pc.md)
- [Configure devices without MDM](../manage/configure-devices-without-mdm.md)
- [Set up a device for anyone to use (kiosk mode)](../manage/set-up-a-device-for-anyone-to-use.md) - [Set up a device for anyone to use (kiosk mode)](../manage/set-up-a-device-for-anyone-to-use.md)
- [Customize Windows 10 Start and taskbar with ICD and provisioning packages](../manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) - [Customize Windows 10 Start and taskbar with ICD and provisioning packages](../manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
- [Set up student PCs to join domain](https://technet.microsoft.com/edu/windows/set-up-students-pcs-to-join-domain) - [Set up student PCs to join domain](https://technet.microsoft.com/edu/windows/set-up-students-pcs-to-join-domain)

1
windows/keep-secure/TOC.md
View File

@ -871,4 +871,5 @@
### [Microsoft Passport guide](microsoft-passport-guide.md) ### [Microsoft Passport guide](microsoft-passport-guide.md)
### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md) ### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md)
### [Windows 10 security overview](windows-10-security-guide.md) ### [Windows 10 security overview](windows-10-security-guide.md)
### [Windows 10 credential theft mitigation guide abstract](windows-credential-theft-mitigation-guide-abstract.md)
## [Change history for Keep Windows 10 secure](change-history-for-keep-windows-10-secure.md) ## [Change history for Keep Windows 10 secure](change-history-for-keep-windows-10-secure.md)

BIN
windows/keep-secure/images/security-stages.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

2
windows/keep-secure/interactive-logon-do-not-display-last-user-name.md
View File

@ -34,8 +34,6 @@ If this policy is disabled, the full name of the last user to log on is displaye
Your implementation of this policy depends on your security requirements for displayed logon information. If you have devices that store sensitive data, with monitors displayed in unsecured locations, or if you have devices with sensitive data that are remotely accessed, revealing logged on users full names or domain account names might contradict your overall security policy. Your implementation of this policy depends on your security requirements for displayed logon information. If you have devices that store sensitive data, with monitors displayed in unsecured locations, or if you have devices with sensitive data that are remotely accessed, revealing logged on users full names or domain account names might contradict your overall security policy.
Depending on your security policy, you might also want to enable the [Interactive logon: Display user information when the session is locked](interactive-logon-display-user-information-when-the-session-is-locked.md) policy, which will prevent the Windows operating system from displaying the logon name when the session is locked or started.
### Location ### Location
Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options

2
windows/keep-secure/smart-card-architecture.md
View File

@ -74,7 +74,7 @@ Credential providers must be registered on a computer running Windows, and they
## Smart card subsystem architecture ## Smart card subsystem architecture
Vendors provide smart cards and smart card readers, and in many cases the vendors are different for the smart card and the smart card reader. Drivers for smart card readers are written to the [Personal Computer/Smart Card (PC/SC) standard](http://www.pcscworkgroup.com/specifications/overview.php). Each smart card must have a Credential Service Provider (CSP) that uses the CryptoAPI interfaces to enable cryptographic operations, and the WinSCard APIs to enable communications with smart card hardware. Vendors provide smart cards and smart card readers, and in many cases the vendors are different for the smart card and the smart card reader. Drivers for smart card readers are written to the [Personal Computer/Smart Card (PC/SC) standard](https://www.pcscworkgroup.com/). Each smart card must have a Credential Service Provider (CSP) that uses the CryptoAPI interfaces to enable cryptographic operations, and the WinSCard APIs to enable communications with smart card hardware.
### Base CSP and smart card minidriver architecture ### Base CSP and smart card minidriver architecture

2
windows/keep-secure/smart-card-smart-cards-for-windows-service.md
View File

@ -14,7 +14,7 @@ Applies To: Windows 10, Windows Server 2016
This topic for the IT professional and smart card developers describes how the Smart Cards for Windows service (formerly called Smart Card Resource Manager) manages readers and application interactions. This topic for the IT professional and smart card developers describes how the Smart Cards for Windows service (formerly called Smart Card Resource Manager) manages readers and application interactions.
The Smart Cards for Windows service provides the basic infrastructure for all other smart card components as it manages smart card readers and application interactions on the computer. It is fully compliant with the specifications set by the PC/SC Workgroup. For information about these specifications, see the [PC/SC Workgroup Specifications Overview](http://www.pcscworkgroup.com/specifications/overview.php). The Smart Cards for Windows service provides the basic infrastructure for all other smart card components as it manages smart card readers and application interactions on the computer. It is fully compliant with the specifications set by the PC/SC Workgroup. For information about these specifications, see the [PC/SC Workgroup Specifications website](https://www.pcscworkgroup.com/).
The Smart Cards for Windows service runs in the context of a local service, and it is implemented as a shared service of the services host (svchost) process. The Smart Cards for Windows service, Scardsvr, has the following service description: The Smart Cards for Windows service runs in the context of a local service, and it is implemented as a shared service of the services host (svchost) process. The Smart Cards for Windows service, Scardsvr, has the following service description:

67
windows/keep-secure/windows-credential-theft-mitigation-guide-abstract.md Normal file
View File

@ -0,0 +1,67 @@
---
title: Windows 10 Credential Theft Mitigation Guide Abstract (Windows 10)
description: Provides a summary of the Windows 10 credential theft mitigation guide.
ms.assetid: 821ddc1a-f401-4732-82a7-40d1fff5a78a
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: justinha
---
# Windows 10 Credential Theft Mitigation Guide Abstract
**Applies to**
- Windows 10
This topic provides a summary of the Windows 10 credential theft mitigation guide, which can be downloaded from the Microsoft Download Center.
This guide explains how credential theft attacks occur and the strategies and countermeasures you can implement to mitigate them, following these security stages:
- Identify high-value assets
- Protect against known and unknown threats
- Detect pass-the-hash and related attacks
- Respond to suspicious activity
- Recover from a breach
![Security stages](images\security-stages.png)
## Attacks that steal credentials
Learn about the different types of attacks that are used to steal credentials, and the factors that can place your organization at risk.
The types of attacks that are covered include:
- Pass the hash
- Kerberos pass the ticket
- Kerberos golden ticket and silver ticket
- Key loggers
- Shoulder surfing
## Credential protection strategies
This part of the guide helps you consider the mindset of the attacker, with prescriptive guidance about how to prioritize high-value accounts and computers.
You'll learn how to architect a defense against credential theft:
- Establish a containment model for account privileges
- Harden and restrict administrative hosts
- Ensure that security configurations and best practices are implemented
## Technical countermeasures for credential theft
Objectives and expected outcomes are covered for each of these countermeasures:
- Use Windows 10 with Credential Guard
- Restrict and protect high-privilege domain accounts
- Restrict and protect local accounts with administrative privileges
- Restrict inbound network traffic
Many other countermeasures are also covered, such as using Microsoft Passport and Windows Hello, or multifactor authentication.
## Detecting credential attacks
This sections covers how to detect the use of stolen credentials and how to collect computer events to help you detect credential theft.
## Responding to suspicious activity
Learn Microsoft's recommendations for responding to incidents, including how to recover control of compromised accounts, how to investigate attacks, and how to recover from a breach.

5
windows/plan/change-history-for-plan-for-windows-10-deployment.md
View File

@ -13,6 +13,11 @@ author: TrudyHa
This topic lists new and updated topics in the [Plan for Windows 10 deployment](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md). This topic lists new and updated topics in the [Plan for Windows 10 deployment](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
## January 2017
| New or changed topic | Description |
|----------------------|-------------|
| [Windows 10 Infrastructure Requirements](windows-10-infrastructure-requirements.md) | Added link for Windows Server 2008 R2 and Windows 7 activation and a link to Windows Server 2016 Volume Activation Tips |
## September 2016 ## September 2016
| New or changed topic | Description | | New or changed topic | Description |