deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-18 16:27:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into aljupudi-5422453-BitlockerCSP

Browse Source
This commit is contained in:
Alekhya Jupudi 2021-09-22 12:04:27 +05:30 committed by GitHub
commit 1f929d55a0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
320 changed files with 1033 additions and 1733 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
View File

@ -428,6 +428,7 @@ ms.date: 10/08/2020
- [ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy](./policy-csp-admx-leakdiagnostic.md#admx-leakdiagnostic-wdiscenarioexecutionpolicy)
- [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablelltdio)
- [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablerspndr)
- [ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1](./policy-csp-admx-locationprovideradm.md#admx-locationprovideradm-disablewindowslocationprovider_1)
- [ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin](./policy-csp-admx-logon.md#admx-logon-blockuserfromshowingaccountdetailsonsignin)
- [ADMX_Logon/DisableAcrylicBackgroundOnLogon](./policy-csp-admx-logon.md#admx-logon-disableacrylicbackgroundonlogon)
- [ADMX_Logon/DisableExplorerRunLegacy_1](./policy-csp-admx-logon.md#admx-logon-disableexplorerrunlegacy-1)

15
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -1676,6 +1676,14 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
</dd>
</dl>
### ADMX_LocationProviderAdm policies
<dl>
<dd>
<a href="./policy-csp-admx-locationprovideradm.md#admx-locationprovideradm-disablewindowslocationprovider_1" id="admx-locationprovideradm-disablewindowslocationprovider_1">ADMX_LocationProviderAdm/BlockUserFromShowingAccountDetailsOnSignin</a>
</dd>
<dl>
### ADMX_Logon policies
<dl>
@ -6065,6 +6073,13 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
</dd>
</dl>
### Feeds policies
<dl>
<dd>
<a href="./policy-csp-feeds.md#feeds-feedsenabled" id="feeds-feedsenabled">Feeds/FeedsEnabled</a>
</dd>
</dl>
### FileExplorer policies
<dl>

112
windows/client-management/mdm/policy-csp-admx-locationprovideradm.md Normal file
View File

@ -0,0 +1,112 @@
---
title: Policy CSP - ADMX_LocationProviderAdm
description: Policy CSP - ADMX_LocationProviderAdm
ms.author: dansimp
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nimishasatapathy
ms.date: 09/20/2021
ms.reviewer:
manager: dansimp
---
# Policy CSP - ADMX_LocationProviderAdm
> [!WARNING]
> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
<hr/>
<!--Policies-->
## ADMX_LocationProviderAdm policies
<dl>
<dd>
<a href="#admx-locationprovideradm-disablewindowslocationprovider_1">ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="admx-locationprovideradm-disablewindowslocationprovider_1"></a>**ADMX_LocationProviderAdm/DisableWindowsLocationProvider_1**
<!--SupportedSKUs-->
<table>
<tr>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Machine
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting turns off the Windows Location Provider feature for this computer.
- If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer will not be able to use the Windows Location Provider feature.
- If you disable or do not configure this policy setting, all programs on this computer can use the Windows Location Provider feature.
<!--/Description-->
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Turn off Windows Location Provider*
- GP name: *DisableWindowsLocationProvider_1*
- GP path: *Windows Components\Location and Sensors\Windows Location Provider*
- GP ADMX file name: *LocationProviderAdm.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
> [!NOTE]
> These policies are currently only available as part of a Windows Insider release.
<!--/Policies-->

484
windows/client-management/mdm/policy-csp-experience.md
View File

@ -37,9 +37,6 @@ manager: dansimp
<dd>
<a href="#experience-allowmanualmdmunenrollment">Experience/AllowManualMDMUnenrollment</a>
</dd>
<dd>
<a href="#experience-allownewsandinterestsonthetaskbar">Experience/AllowNewsAndInterestsOnTheTaskbar</a>
</dd>
<dd>
<a href="#experience-allowsaveasofofficefiles">Experience/AllowSaveAsOfOfficeFiles</a>
</dd>
@ -105,28 +102,34 @@ manager: dansimp
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -184,28 +187,34 @@ ADMX Info:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -252,28 +261,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -314,28 +329,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -384,28 +405,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -442,65 +469,6 @@ The following list shows the supported values:
<hr/>
<!--Policy-->
<a href="" id="experience-allownewsandinterestsonthetaskbar"></a>**Experience/AllowNewsAndInterestsOnTheTaskbar**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Machine
<hr/>
<!--/Scope-->
<!--Description-->
Specifies whether to allow "News and interests" on the Taskbar.
<!--/Description-->
<!--SupportedValues-->
The values for this policy are 1 and 0. This policy defaults to 1.
- 1 - Default - News and interests feature will be allowed on the taskbar. The settings UI will be present in Taskbar context menu, and users will be able to turn off or switch mode.
- 0 - News and interests feature will be turned off completely, and the settings UI in Taskbar context menu will be removed.
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="experience-allowsaveasofofficefiles"></a><b>Experience/AllowSaveAsOfOfficeFiles</b>
@ -531,28 +499,34 @@ This policy is deprecated.
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -589,28 +563,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -665,28 +645,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -735,28 +721,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -808,28 +800,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -880,28 +878,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -951,28 +955,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -1021,28 +1031,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -1093,28 +1109,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -1159,28 +1181,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>No</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td>No</td>
<td>Yes</td>
</tr>
</table>
@ -1217,28 +1245,34 @@ The values for this policy are 0, 1, 2, and 3. This policy defaults to 0 if not
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -1286,28 +1320,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -1356,28 +1396,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -1426,28 +1472,34 @@ The following list shows the supported values:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -1512,36 +1564,40 @@ _**Turn syncing off by default but dont disable**_
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="experience-preventusersfromturningonbrowsersyncing"></a>**Experience/PreventUsersFromTurningOnBrowserSyncing**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
@ -1615,28 +1671,34 @@ Validation procedure:
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>

103
windows/client-management/mdm/policy-csp-feeds.md Normal file
View File

@ -0,0 +1,103 @@
---
title: Policy CSP - Feeds
description: Use the Policy CSP - Feeds setting policy specifies whether news and interests is allowed on the device.
ms.author: v-nsatapathy
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nimishasatapathy
ms.localizationpriority: medium
ms.date: 09/17/2021
ms.reviewer:
manager: dansimp
---
# Policy CSP - Feeds
<hr/>
<!--Policies-->
## Feeds policies
<dl>
<dd>
<a href="#feeds-feedsenabled">Feeds/FeedsEnabled</a>
</dd>
</dl>
<hr/>
<!--Policy-->
<a href="" id="feeds-feedsenabled"></a>**Feeds/FeedsEnabled**
<!--SupportedSKUs-->
<table>
<tr>
<th>Edition</th>
<th>Windows 10</th>
<th>Windows 11</th>
</tr>
<tr>
<td>Home</td>
<td>No</td>
<td>No</td>
</tr>
<tr>
<td>Pro</td>
<td>Yes</td>
<td>No</td>
</tr>
<tr>
<td>Business</td>
<td>Yes</td>
<td>No</td>
</tr>
<tr>
<td>Enterprise</td>
<td>Yes</td>
<td>No</td>
</tr>
<tr>
<td>Education</td>
<td>Yes</td>
<td>No</td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Machine
<hr/>
<!--/Scope-->
<!--Description-->
This policy setting specifies whether news and interests is allowed on the device.
The values for this policy are 1 and 0. This policy defaults to 1.
- 1 - Default - News and interests feature will be allowed on the taskbar. The settings UI will be present in Taskbar context menu, and users will be able to turn off or switch mode.
- 0 - News and interests feature will be turned off completely, and the settings UI in Taskbar context menu will be removed.
<!--/Description-->
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Enable news and interests on the taskbar*
- GP name: *FeedsEnabled*
- GP path: *Windows Components\News and interests*
- GP ADMX file name: *Feeds.admx*
<!--/ADMXBacked-->
<!--/Policy-->
<!--/Policies-->

4
windows/client-management/mdm/toc.yml
View File

@ -519,6 +519,8 @@ items:
href: policy-csp-admx-leakdiagnostic.md
- name: ADMX_LinkLayerTopologyDiscovery
href: policy-csp-admx-linklayertopologydiscovery.md
- name: ADMX_LocationProviderAdm
href: policy-csp-admx-locationprovideradm.md
- name: ADMX_Logon
href: policy-csp-admx-logon.md
- name: ADMX_MicrosoftDefenderAntivirus
@ -713,6 +715,8 @@ items:
href: policy-csp-experience.md
- name: ExploitGuard
href: policy-csp-exploitguard.md
- name: Feeds
href: policy-csp-feeds.md
- name: FileExplorer
href: policy-csp-fileexplorer.md
- name: Games

4
windows/client-management/mdm/vpnv2-csp.md
View File

@ -9,7 +9,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 10/30/2020
ms.date: 09/21/2021
---
# VPNv2 CSP
@ -591,7 +591,7 @@ Valid values:
- True = Register the connection's addresses in DNS.
<a href="" id="vpnv2-profilename-dnssuffix"></a>**VPNv2/**<em>ProfileName</em>**/DnsSuffix**
Optional. Specifies one or more comma-separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList.
Optional. Specifies one or more comma-separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList. Windows has a limit of 50 DNS suffixes that can be set. Windows name resolution will apply each suffix in order. Long DNS suffix lists may impact performance.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.

216
windows/deployment/update/windows-update-errors.md
View File

@ -7,9 +7,9 @@ audience: itpro
itproauthor: jaimeo
ms.audience: itpro
author: jaimeo
ms.reviewer:
ms.reviewer: kaushika
manager: laurawi
ms.topic: article
ms.topic: troubleshooting
ms.custom: seo-marvel-apr2020
---
@ -22,22 +22,198 @@ ms.custom: seo-marvel-apr2020
The following table provides information about common errors you might run into with Windows Update, as well as steps to help you mitigate them.
## 0x8024402F
| Error Code | Message | Description | Mitigation |
|------------------------------------------|-----------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 0x8024402F | WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS | External cab file processing completed with some errors | One of the reasons we see this issue is due to the design of a software called Lightspeed Rocket for Web filtering. <br>Add the IP addresses of devices you want to get updates to the exceptions list of Lightspeed |
| 0x80242006 | WU_E_UH_INVALIDMETADATA | A handler operation could not be completed because the update contains invalid metadata. | Rename Software Redistribution Folder and attempt to download the updates again: <br>Rename the following folders to \*.BAK: <br>- %systemroot%\system32\catroot2 <br><br>Type the following commands at a command prompt. Press ENTER after you type each command.<br>- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak<br>- Ren %systemroot%\SoftwareDistribution\Download \*.bak<br>Ren %systemroot%\system32\catroot2 \*.bak |
| 0x80070BC9 | ERROR_FAIL_REBOOT_REQUIRED | The requested operation failed. A system reboot is required to roll back changes made. | Ensure that you don't have any policies that control the start behavior for the Windows Module Installer. This service should be managed by the operating system. |
| 0x80200053 | BG_E_VALIDATION_FAILED | NA | Ensure that there are no firewalls that filter downloads. Such filtering could lead to incorrect responses being received by the Windows Update Client.<br><br>If the issue still persists, run the [Windows Update reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc). |
| 0x80072EE2 | WININET_E_TIMEOUT | The operation timed out | This error message can be caused if the computer isn't connected to the Internet. To fix this issue, follow these steps: make sure these URLs are not blocked: <br> http://<em>.update.microsoft.com<br>https://</em>.update.microsoft.com <br><http://download.windowsupdate.com> <br><br>You can also take a network trace to check what is timing out. \<Refer to Firewall Troubleshooting scenario> |
| 0x80072EFD <br>0x80072EFE<br>0x80D02002 | TIME_OUT_ERRORS | The operation timed out | Make sure there are no firewall rules or proxy to block Microsoft download URLs. <br>Take a network monitor trace to understand better. \<Refer to Firewall Troubleshooting scenario> |
| 0X8007000D | ERROR_INVALID_DATA | Indicates invalid data downloaded or corruption occurred. | Attempt to re-download the update and initiate installation. |
| 0x8024A10A | USO_E_SERVICE_SHUTTING_DOWN | Indicates that the Windows Update Service is shutting down. | This can occur after a very long period of time of inactivity, the system failing to respond leading to the service being idle and causing the service to shut down. Ensure that the system remains active and the connections remain established to complete the upgrade. |
| 0x80240020 | WU_E_NO_INTERACTIVE_USER | Operation did not complete because there is no logged-on interactive user. | Sign in to the device to start the installation and allow the device to restart. |
| 0x80242014 | WU_E_UH_POSTREBOOTSTILLPENDING | The post-restart operation for the update is still in progress. | Some Windows Updates require the device to be restarted. Restart the device to complete update installation. |
| 0x80246017 | WU_E_DM_UNAUTHORIZED_LOCAL_USER | The download failed because the local user was denied authorization to download the content. | Ensure that the user attempting to download and install updates has been provided with sufficient privileges to install updates (Local Administrator). |
| 0x8024000B | WU_E_CALL_CANCELLED | Operation was canceled. | The operation was canceled by the user or service. You might also receive this error when we are unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete. |
| 0x8024000E | WU_E_XML_INVALID | Windows Update Agent found invalid information in the update's XML data. | Certain drivers contain additional metadata information in the update.xml, which could lead Orchestrator to understand it as invalid data. Ensure that you have the latest Windows Update Agent installed on the machine. |
| 0x8024D009 | WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the wuident.cab file. | You may encounter this error when WSUS is not sending the Self-update to the clients.<br><br>Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue. |
| 0x80244007 | WU_E_PT_SOAPCLIENT_SOAPFAULT | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. | This issue occurs because Windows cannot renew the cookies for Windows Update. <br><br>Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue. |
| 0x80070422 | | This issue occurs when the Windows Update service stops working or is not running. | Check if the Windows Update service is running.<br> |
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_PT_ECP_SUCCEEDED_WITH_ERRORS | External .cab file processing completed with some errors | This can be caused by the Lightspeed Rocket for web filtering software. <br>Add the IP addresses of devices you want to get updates to the exceptions list of Lightspeed Rocket. |
## 0x80242006
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_UH_INVALIDMETADATA | A handler operation could not be completed because the update contains invalid metadata. | Rename the software redistribution folder and try to download the updates again: <br>Rename the following folders to \*.BAK: <br>- %systemroot%\system32\catroot2 <br><br>Type the following commands at a command prompt. Press ENTER after you type each command.<br>- Ren %systemroot%\SoftwareDistribution\DataStore \*.bak<br>- Ren %systemroot%\SoftwareDistribution\Download \*.bak<br>- Ren %systemroot%\system32\catroot2 \*.bak |
## 0x80070BC9
| Message | Description | Mitigation |
|---------|-------------|------------|
| ERROR_FAIL_REBOOT_REQUIRED | The requested operation failed. Restart the system to roll back changes made. | Ensure that you don't have any policies that control the start behavior for the Windows Module Installer. This service should be managed by the operating system. |
## 0x80200053
| Message | Description | Mitigation |
|---------|-------------|------------|
| BG_E_VALIDATION_FAILED | NA | Ensure that there are no firewalls that filter downloads. Such filtering could lead to incorrect responses being received by the Windows Update client.<br><br>If the issue still persists, run the [Windows Update reset script](https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc).|
## 0x80072EFD or 0x80072EFEor 0x80D02002
| Message | Description | Mitigation |
|---------|-------------|------------|
| TIME_OUT_ERRORS | The operation timed out | Make sure there are no firewall rules or proxies that block Microsoft download URLs. <br>Take a network monitor trace to understand better. \<Refer to Firewall Troubleshooting scenario> |
## 0X8007000D
| Message | Description | Mitigation |
|---------|-------------|------------|
| ERROR_INVALID_DATA | Indicates data that isn't valid was downloaded or corruption occurred.| Attempt to re-download the update and start installation. |
## 0x8024A10A
| Message | Description | Mitigation |
|---------|-------------|------------|
| USO_E_SERVICE_SHUTTING_DOWN | Indicates that the Windows Update Service is shutting down. | This can occur after a very long period of time of inactivity. The system fails to respond, leading to the service being idle and causing the service to shut down. Ensure that the system remains active and the connections remain established to complete the installation. |
## 0x80240020
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_NO_INTERACTIVE_USER | Operation did not complete because no interactive user is signed in. | Sign in to the device to start the installation and allow the device to restart. |
## 0x80242014
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_UH_POSTREBOOTSTILLPENDING | The post-restart operation for the update is still in progress. | Some Windows updates require the device to be restarted. Restart the device to complete update installation. |
## 0x80246017
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_DM_UNAUTHORIZED_LOCAL_USER | The download failed because the local user was denied authorization to download the content. | Ensure that the user attempting to download and install updates has been provided with sufficient privileges to install updates (Local Administrator).|
## 0x8024000B
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_CALL_CANCELLED | Operation was canceled. | The operation was canceled by the user or service. You might also receive this error when we're unable to filter the results. Run the [Decline Superseded PowerShell script](https://gallery.technet.microsoft.com/scriptcenter/Cleanup-WSUS-server-4424c9d6) to allow the filtering process to complete. |
## 0x8024000E
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_XML_INVALID | Windows Update Agent found information in the update's XML data that isn't valid. | Certain drivers contain additional metadata information in Update.xml, which Orchestrator can interpret as data that isn't valid. Ensure that you have the latest Windows Update Agent installed on the device. |
## 0x8024D009
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_SETUP_SKIP_UPDATE | An update to the Windows Update Agent was skipped due to a directive in the Wuident.cab file. | You might encounter this error when WSUS is not sending the self-update to the clients.<br><br>Review [KB920659](https://support.microsoft.com/help/920659/the-microsoft-windows-server-update-services-wsus-selfupdate-service-d) for instructions to resolve the issue. |
## 0x80244007
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_PT_SOAPCLIENT_SOAPFAULT | SOAP client failed because there was a SOAP fault for reasons of WU_E_PT_SOAP_\* error codes. | This issue occurs because Windows can't renew the cookies for Windows Update. <br><br>Review [KB2883975](https://support.microsoft.com/help/2883975/0x80244007-error-when-windows-tries-to-scan-for-updates-on-a-wsus-serv) for instructions to resolve the issue. |
## 0x80070422
| Message | Description | Mitigation |
|---------|-------------|------------|
| NA | This issue occurs when the Windows Update service stops working or isn't running. | Check if the Windows Update service is running.<br> |
## 0x800f0821
| Message | Description | Mitigation |
|---------|-------------|------------|
| CBS_E_ABORT; client abort, IDABORT returned by ICbsUIHandler method except Error() | CBS transaction timeout exceeded. | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires. Extending the timeout will mitigate the issue. Increase the resources on the device. If a virtual machine, increase virtual CPU and memory to speed up operations. Make sure the has installed the update in KB4493473 or later.|
## 0x800f0825
| Message | Description | Mitigation |
|---------|-------------|------------|
| CBS_E_CANNOT_UNINSTALL; Package cannot be uninstalled. | Typically this is due component store corruption caused when a component is in a partially installed state. | Repair the component store with the **Dism RestoreHealth** command or manually repair with a payload from the partially installed component. From an elevated command prompt, run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. |
## 0x800F0920
| Message | Description | Mitigation |
|---------|-------------|------------|
| CBS_E_HANG_DETECTED; A failure to respond was detected while processing the operation. | Subsequent error logged after getting 0x800f0821 | A servicing operation is taking a long time to complete. The servicing stack watchdog timer expires and assumes the system has stopped responding. Extending the timeout will mitigate the issue. Increase the resources on the device. If a virtual machine, increase virtual CPU and memory to speed up operations. Make sure the device has installed the update in KB4493473 or later.|
## 0x800f081f
| Message | Description | Mitigation |
|---------|-------------|------------|
| CBS_E_SOURCE_MISSING; source for package or file not found, ResolveSource() unsuccessful | Component Store corruption | Repair the component store with the **Dism RestoreHealth** command or manually repair with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. |
## 0x800f0831
| Message | Description | Mitigation |
|---------|-------------|------------|
| CBS_E_STORE_CORRUPTION; CBS store is corrupted. | Corruption in the Windows Component Store. | Repair the component store with **Dism RestoreHealth** or manually repair with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. |
## 0x80070005
| Message | Description | Mitigation |
|---------|-------------|------------|
| E_ACCESSDENIED; General access denied error | File system or registry key permissions have been changed and the servicing stack doesn't have the required level of access. | This error generally means an access was denied.<br> Go to %Windir%\logs\CBS, open the last CBS.log and search for “, error” and match with the timestamp. After finding the error, scroll up and try to determine what caused the access denial. It could be acess denied to a file, registry key. Determine what object needs the right permissions and change the permissions as needed. |
## 0x80070570
| Message | Description | Mitigation |
|---------|-------------|------------|
| ERROR_FILE_CORRUPT; The file or directory is corrupted and unreadable. | Component Store corruption | Repair the component store with **Dism RestoreHealth** or manually repair with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device.|
## 0x80070003
| Message | Description | Mitigation |
|---------|-------------|------------|
| ERROR_PATH_NOT_FOUND; The system cannot find the path specified. | The servicing stack cannot access a specific path. | Indicates an invalid path to an executable. Go to %Windir%\logs\CBS, open the last CBS.log, and search for “, error” and match with the timestamp. |
## 0x80070020
| Message | Description | Mitigation |
|---------|-------------|------------|
| ERROR_SHARING_VIOLATION | Numerous causes. CBS log analysis required. | This error is usually caused by non-Microsoft filter drivers like antivirus. <br> 1. [Perform a clean boot and retry the installation](https://support.microsoft.com/help/929135/) <br> 2. Download the sysinternal tool [Process Monitor](/sysinternals/downloads/procmon). <br> 3. Run Procmon.exe. It will start data capture automatically. <br> 4. Install the update package again <br> 5. With the Process Monitor main window in focus, press CTRL + E or select the magnifying glass to stop data capture. <br> 6. Select **File > Save > All Events > PML**, and choose a path to save the .PML file <br> 7. Go to %windir%\logs\cbs, open the last Cbs.log file, and search for the error. After finding the error line a bit above, you should have the file being accessed during the installation that is giving the sharing violation error <br> 8. In Process Monitor, filter for path and insert the file name (it should be something like “path” “contains” “filename from CBS”). <br> 9. Try to stop it or uninstall the process causing the error. |
## 0x80073701
| Message | Description | Mitigation |
|---------|-------------|------------|
| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically, a component store corruption caused when a component is in a partially installed state. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. |
## 0x8007371b
| Message | Description | Mitigation |
|---------|-------------|------------|
| ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE; One or more required members of the transaction are not present. | Component Store corruption. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt and run these commands:<br>*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*<br>*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*<br>*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*<br>*Sfc /Scannow*<br> Restart the device. |
## 0x80072EFE
| Message | Description | Mitigation |
|---------|-------------|------------|
| WININET_E_CONNECTION_ABORTED; The connection with the server was closed abnormally | BITS is unable to transfer the file successfully. | Encountered if BITS is broken or if the file being transferred can't be written to the destination folder on the client. This error is usually caused by connection errors while checking or downloading updates.<br> From a cmd prompt run: *BITSADMIN /LIST /ALLUSERS /VERBOSE* <br> Search for the 0x80072EFE error code. You should see a reference to an HTTP code with a specific file. Using a browser, try to download it manually, making sure youre using your organization's proxy settings. If the download fails, check with your proxy manager to allow for the communication to be sucesfull. Also check with your network team for this specific URL access. |
## 0x80072F8F
| Message | Description | Mitigation |
|---------|-------------|------------|
| WININET_E_DECODING_FAILED; Content decoding has failed | TLS 1.2 is not configured correctly on the client. | This error generally means that the Windows Update Agent was unable to decode the received content. Install and configure TLS 1.2 by installing the update in [KB3140245](https://support.microsoft.com/help/3140245/).
## 0x80072EE2
| Message | Description | Mitigation |
|---------|-------------|------------|
| WININET_E_TIMEOUT; The operation timed out | Unable to scan for updates due to a connectivity issue to Windows Update, Configuration Manager, or WSUS. | This error generally means that the Windows Update Agent was unable to connect to the update servers or your own source, such as WSUS, Configuration Manager, or Microsoft Endpoint Manager. <br> Check with your network team to ensure that the device can reach the update sources. For more info, see [Troubleshoot software update scan failures in Configuration Manager](/mem/configmgr/troubleshoot-software-update-scan-failures). <br> If youre using the public Microsoft update servers, check that your device can access the following Windows Update endpoints: <br> `http://windowsupdate.microsoft.com` <br> https://*.windowsupdate.microsoft.com <br> https://*.windowsupdate.microsoft.com <br> https://*.update.microsoft.com <br> https://*.update.microsoft.com <br> https://*.windowsupdate.com <br> https://download.windowsupdate.com <br> https://download.microsoft.com <br> https://*.download.windowsupdate.com <br> https://wustat.windows.com <br> https://ntservicepack.microsoft.com |
## 0x80240022
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_ALL_UPDATES_FAILED; Operation failed for all the updates. | Multiple root causes for this error.| Most common issue is that antivirus software is blocking access to certain folders (like SoftwareDistribution). CBS.log analysis needed to determine the file or folder being protected. |
## 0x8024401B
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_PT_HTTP_STATUS_PROXY_AUTH_REQ; Same as HTTP status 407 - proxy authentication is required. | Unable to authenticate through a proxy server. | Either the Winhttp proxy or WinInet proxy settings are not configured correctly. This error generally means that the Windows Update Agent was unable to connect to the update servers or your own update source, such as WSUS, Configuration Manager, or Microsoft Endpoint Manager, due to a proxy error. <br> Verify the proxy settings on the client. The Windows Update Agent uses WinHTTP to scan for available updates. When there is a proxy server between the client and the update source, the proxy settings must be configured correctly on the clients to enable them to communicate by using the source's FQDN. <br> Check with your network and proxy teams to confirm that the device can the update source without the proxy requiring user authentication. |
## 0x80244022
| Message | Description | Mitigation |
|---------|-------------|------------|
| WU_E_PT_HTTP_STATUS_SERVICE_UNAVAILABLE; Same as HTTP status 503 - the service is temporarily overloaded. | Unable to connect to the configured update source. | Network troubleshooting needed to resolve the connectivity issue. Check with your network and proxy teams to confirm that the device can the update source without the proxy requiring user authentication. |

11
windows/security/identity-protection/access-control/active-directory-security-groups.md
View File

@ -1,5 +1,5 @@
---
title: Active Directory Security Groups (Windows 10)
title: Active Directory Security Groups
description: Active Directory Security Groups
ms.prod: w10
ms.mktglfcycl: deploy
@ -12,14 +12,15 @@ manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
ms.date: 09/21/2021
ms.reviewer:
---
# Active Directory Security Groups
**Applies to**
- Windows Server 2016
- Windows Server 2016 or later
- Windows 10 or later
This reference topic for the IT professional describes the default Active Directory security groups.
@ -1489,7 +1490,7 @@ This security group has not changed since Windows Server 2008.
<tbody>
<tr class="odd">
<td><p>Well-Known SID/RID</p></td>
<td><p>S-1-5-&lt;domain&gt;-512</p></td>
<td><p>S-1-5-21-&lt;domain&gt;-512</p></td>
</tr>
<tr class="even">
<td><p>Type</p></td>
@ -1885,7 +1886,7 @@ This security group has not changed since Windows Server 2008.
<tbody>
<tr class="odd">
<td><p>Well-Known SID/RID</p></td>
<td><p>S-1-5-21-&lt;domain&gt;-498</p></td>
<td><p>S-1-5-21-&lt;root domain&gt;-498</p></td>
</tr>
<tr class="even">
<td><p>Type</p></td>

5
windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md
View File

@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Filtering Platform Policy Change
**Applies to**
- Windows 10
- Windows Server 2016
Audit Filtering Platform Policy Change allows you to audit events generated by changes to the [Windows Filtering Platform](/windows/win32/fwp/windows-filtering-platform-start-page) (WFP), such as the following:

5
windows/security/threat-protection/auditing/audit-group-membership.md
View File

@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Group Membership
**Applies to**
- Windows 10
- Windows Server 2016
By using Audit Group Membership, you can audit group memberships when they're enumerated on the client computer.

5
windows/security/threat-protection/auditing/audit-handle-manipulation.md
View File

@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Handle Manipulation
**Applies to**
- Windows 10
- Windows Server 2016
Audit Handle Manipulation enables generation of “4658: The handle to an object was closed” in [Audit File System](audit-file-system.md), [Audit Kernel Object](audit-kernel-object.md), [Audit Registry](audit-registry.md), [Audit Removable Storage](audit-removable-storage.md) and [Audit SAM](audit-sam.md) subcategories, and shows objects handle duplication and close actions.

5
windows/security/threat-protection/auditing/audit-ipsec-driver.md
View File

@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 10/02/2018
ms.date: 09/06/2021
ms.technology: mde
---
# Audit IPsec Driver
**Applies to**
- Windows 10
- Windows Server 2016
Audit IPsec Driver allows you to audit events generated by IPSec driver such as the following:

6
windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 10/02/2018
ms.date: 09/06/2021
ms.technology: mde
---
# Audit IPsec Extended Mode
**Applies to**
- Windows 10
- Windows Server 2016
Audit IPsec Extended Mode allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations.

5
windows/security/threat-protection/auditing/audit-ipsec-main-mode.md
View File

@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 10/02/2018
ms.date: 09/06/2021
ms.technology: mde
---
# Audit IPsec Main Mode
**Applies to**
- Windows 10
- Windows Server 2016
Audit IPsec Main Mode allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations.

5
windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md
View File

@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 10/02/2018
ms.date: 09/06/2021
ms.technology: mde
---
# Audit IPsec Quick Mode
**Applies to**
- Windows 10
- Windows Server 2016
Audit IPsec Quick Mode allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations.

6
windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Kerberos Authentication Service
**Applies to**
- Windows 10
- Windows Server 2016
Audit Kerberos Authentication Service determines whether to generate audit events for Kerberos authentication ticket-granting ticket (TGT) requests.

6
windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Kerberos Service Ticket Operations
**Applies to**
- Windows 10
- Windows Server 2016
Audit Kerberos Service Ticket Operations determines whether the operating system generates security audit events for Kerberos service ticket requests.

6
windows/security/threat-protection/auditing/audit-kernel-object.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Kernel Object
**Applies to**
- Windows 10
- Windows Server 2016
Audit Kernel Object determines whether the operating system generates audit events when users attempt to access the system kernel, which includes mutexes and semaphores.

6
windows/security/threat-protection/auditing/audit-logoff.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 07/16/2018
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Logoff
**Applies to**
- Windows 10
- Windows Server 2016
Audit Logoff determines whether the operating system generates audit events when logon sessions are terminated.

6
windows/security/threat-protection/auditing/audit-logon.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Logon
**Applies to**
- Windows 10
- Windows Server 2016
Audit Logon determines whether the operating system generates audit events when a user attempts to log on to a computer.

6
windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit MPSSVC Rule-Level Policy Change
**Applies to**
- Windows 10
- Windows Server 2016
Audit MPSSVC Rule-Level Policy Change determines whether the operating system generates audit events when changes are made to policy rules for the Microsoft Protection Service (MPSSVC.exe).

5
windows/security/threat-protection/auditing/audit-network-policy-server.md
View File

@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Network Policy Server
**Applies to**
- Windows 10
- Windows Server 2016
Audit Network Policy Server allows you to audit events generated by RADIUS (IAS) and Network Access Protection (NAP) activity related to user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unlock.

6
windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Non-Sensitive Privilege Use
**Applies to**
- Windows 10
- Windows Server 2016
Audit Non-Sensitive Privilege Use contains events that show usage of non-sensitive privileges. This is the list of non-sensitive privileges:

15
windows/security/threat-protection/auditing/audit-other-account-logon-events.md
View File

@ -1,6 +1,6 @@
---
title: Audit Other Account Logon Events (Windows 10)
description: The policy setting, Audit Other Account Logon Events, allows you to audit events generated by responses to credential requests for certain kinds of user logons.
description: The policy setting, Audit Other Account Logon Events allows you to audit events when generated by responses to credential requests for certain kinds of user logons.
ms.assetid: c8c6bfe0-33d2-4600-bb1a-6afa840d75b3
ms.reviewer:
manager: dansimp
@ -11,24 +11,19 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Other Account Logon Events
**Applies to**
- Windows 10
- Windows Server 2016
**General Subcategory Information:**
This auditing subcategory does not contain any events. It is intended for future use.
| Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments |
|-------------------|-----------------|-----------------|------------------|------------------|----------------------------------------------------------------------------------------------------------------------------|
| Domain Controller | No | No | No | No | This auditing subcategory does not contain any events. It is intended for future use, and there is no reason to enable it. |
| Member Server | No | No | No | No | This auditing subcategory does not contain any events. It is intended for future use, and there is no reason to enable it. |
| Workstation | No | No | No | No | This auditing subcategory does not contain any events. It is intended for future use, and there is no reason to enable it. |
| Domain Controller | No | No | No | No | This auditing subcategory does not contain any events. Intended for future use, no reason to enable it. |
| Member Server | No | No | No | No | This auditing subcategory does not contain any events. Intended for future use, no reason to enable it. |
| Workstation | No | No | No | No | This auditing subcategory does not contain any events. Intended for future use, no reason to enable it. |

6
windows/security/threat-protection/auditing/audit-other-account-management-events.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Other Account Management Events
**Applies to**
- Windows 10
- Windows Server 2016
Audit Other Account Management Events determines whether the operating system generates user account management audit events.

6
windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Other Logon/Logoff Events
**Applies to**
- Windows 10
- Windows Server 2016
Audit Other Logon/Logoff Events determines whether Windows generates audit events for other logon or logoff events.

6
windows/security/threat-protection/auditing/audit-other-object-access-events.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 05/29/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Other Object Access Events
**Applies to**
- Windows 10
- Windows Server 2016
Audit Other Object Access Events allows you to monitor operations with scheduled tasks, COM+ objects and indirect object access requests.

6
windows/security/threat-protection/auditing/audit-other-policy-change-events.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Other Policy Change Events
**Applies to**
- Windows 10
- Windows Server 2016
Audit Other Policy Change Events contains events about EFS Data Recovery Agent policy changes, changes in Windows Filtering Platform filter, status on Security policy settings updates for local Group Policy settings, Central Access Policy changes, and detailed troubleshooting events for Cryptographic Next Generation (CNG) operations.

5
windows/security/threat-protection/auditing/audit-other-privilege-use-events.md
View File

@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Other Privilege Use Events
**Applies to**
- Windows 10
- Windows Server 2016
This auditing subcategory should not have any events in it, but for some reason Success auditing will enable the generation of event [4985(S): The state of a transaction has changed](/windows/security/threat-protection/auditing/event-4985).

6
windows/security/threat-protection/auditing/audit-other-system-events.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Other System Events
**Applies to**
- Windows 10
- Windows Server 2016
Audit Other System Events contains Windows Firewall Service and Windows Firewall driver start and stop events, failure events for these services and Windows Firewall Service policy processing failures.

6
windows/security/threat-protection/auditing/audit-pnp-activity.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit PNP Activity
**Applies to**
- Windows 10
- Windows Server 2016
Audit PNP Activity determines when Plug and Play detects an external device.

6
windows/security/threat-protection/auditing/audit-process-creation.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Process Creation
**Applies to**
- Windows 10
- Windows Server 2016
Audit Process Creation determines whether the operating system generates audit events when a process is created (starts).

6
windows/security/threat-protection/auditing/audit-process-termination.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Process Termination
**Applies to**
- Windows 10
- Windows Server 2016
Audit Process Termination determines whether the operating system generates audit events when process has exited.

6
windows/security/threat-protection/auditing/audit-registry.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Registry
**Applies to**
- Windows 10
- Windows Server 2016
Audit Registry allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists ([SACL](/windows/win32/secauthz/access-control-lists)s) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL.

6
windows/security/threat-protection/auditing/audit-removable-storage.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Removable Storage
**Applies to**
- Windows 10
- Windows Server 2016
Audit Removable Storage allows you to audit user attempts to access file system objects on a removable storage device. A security audit event is generated for all objects and all types of access requested, with no dependency on objects [SACL](/windows/win32/secauthz/access-control-lists).

6
windows/security/threat-protection/auditing/audit-rpc-events.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit RPC Events
**Applies to**
- Windows 10
- Windows Server 2016
Audit RPC Events determines whether the operating system generates audit events when inbound remote procedure call (RPC) connections are made.

6
windows/security/threat-protection/auditing/audit-sam.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit SAM
**Applies to**
- Windows 10
- Windows Server 2016
Audit SAM, which enables you to audit events that are generated by attempts to access Security Account Manager ([SAM](/previous-versions/windows/it-pro/windows-server-2003/cc756748(v=ws.10))) objects.

5
windows/security/threat-protection/auditing/audit-security-group-management.md
View File

@ -11,15 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 02/28/2019
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Security Group Management
**Applies to**
- Windows 10
- Windows Server 2016
Audit Security Group Management determines whether the operating system generates audit events when specific security group management tasks are performed.

6
windows/security/threat-protection/auditing/audit-security-state-change.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Security State Change
**Applies to**
- Windows 10
- Windows Server 2016
Audit Security State Change contains Windows startup, recovery, and shutdown events, and information about changes in system time.

12
windows/security/threat-protection/auditing/audit-security-system-extension.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Security System Extension
**Applies to**
- Windows 10
- Windows Server 2016
Audit Security System Extension contains information about the loading of an authentication package, notification package, or security package, plus information about trusted logon process registration events.
@ -36,9 +32,9 @@ Attempts to install or load security system extensions or services are critical
| Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments |
|-------------------|-----------------|-----------------|------------------|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Domain Controller | Yes | No | Yes | No | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.” <br>For other events we strongly recommend monitoring an allow list of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should have “SYSTEM” as value for **“Subject”** field.<br>This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
| Member Server | Yes | No | Yes | No | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.” <br>For other events we strongly recommend monitoring an allow list of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should display “SYSTEM” for the **“Subject”** field.<br>This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
| Workstation | Yes | No | Yes | No | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.” <br>For other events we strongly recommend monitoring an allow list of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should display “SYSTEM” for the **“Subject”** field.<br>This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
| Domain Controller | Yes | No | Yes | No | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.” <br>For other events, we strongly recommend monitoring an allowlist of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should have “SYSTEM” as value for **“Subject”** field.<br>This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
| Member Server | Yes | No | Yes | No | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.” <br>For other events, we strongly recommend monitoring an allowlist of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should display “SYSTEM” for the **“Subject”** field.<br>This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
| Workstation | Yes | No | Yes | No | The main reason why we recommend Success auditing for this subcategory is “[4697](event-4697.md)(S): A service was installed in the system.” <br>For other events, we strongly recommend monitoring an allowlist of allowed security extensions (authenticated packages, logon processes, notification packages, and security packages). Otherwise it's hard to pull useful information from these events, except event 4611 which typically should display “SYSTEM” for the **“Subject”** field.<br>This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
**Events List:**

6
windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Sensitive Privilege Use
**Applies to**
- Windows 10
- Windows Server 2016
Audit Sensitive Privilege Use contains events that show the usage of sensitive privileges. This is the list of sensitive privileges:

6
windows/security/threat-protection/auditing/audit-special-logon.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit Special Logon
**Applies to**
- Windows 10
- Windows Server 2016
Audit Special Logon determines whether the operating system generates audit events under special sign on (or log on) circumstances.

6
windows/security/threat-protection/auditing/audit-system-integrity.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit System Integrity
**Applies to**
- Windows 10
- Windows Server 2016
Audit System Integrity determines whether the operating system audits events that violate the integrity of the security subsystem.

4
windows/security/threat-protection/auditing/audit-token-right-adjusted.md
View File

@ -11,10 +11,6 @@ ms.technology: mde
# Audit Token Right Adjusted
**Applies to**
- Windows 10
- Windows Server 2016
Audit Token Right Adjusted allows you to audit events generated by adjusting the privileges of a token.

6
windows/security/threat-protection/auditing/audit-user-account-management.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit User Account Management
**Applies to**
- Windows 10
- Windows Server 2016
Audit User Account Management determines whether the operating system generates audit events when specific user account management tasks are performed.

6
windows/security/threat-protection/auditing/audit-user-device-claims.md
View File

@ -11,16 +11,12 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit User/Device Claims
**Applies to**
- Windows 10
- Windows Server 2016
Audit User/Device Claims allows you to audit user and device claims information in the accounts logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to.

4
windows/security/threat-protection/auditing/basic-audit-account-logon-events.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit account logon events
**Applies to**
- Windows 10
Determines whether to audit each instance of a user logging on to or logging off from another device in which this device is used to validate the account.

4
windows/security/threat-protection/auditing/basic-audit-account-management.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit account management
**Applies to**
- Windows 10
Determines whether to audit each event of account management on a device.

4
windows/security/threat-protection/auditing/basic-audit-directory-service-access.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit directory service access
**Applies to**
- Windows 10
Determines whether to audit the event of a user accessing an Active Directory object that has its own system access control list (SACL) specified.

4
windows/security/threat-protection/auditing/basic-audit-logon-events.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit logon events
**Applies to**
- Windows 10
Determines whether to audit each instance of a user logging on to or logging off from a device.

4
windows/security/threat-protection/auditing/basic-audit-object-access.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit object access
**Applies to**
- Windows 10
Determines whether to audit the event of a user accessing an object--for example, a file, folder, registry key, printer, and so forth--that has its own system access control list (SACL) specified.

4
windows/security/threat-protection/auditing/basic-audit-policy-change.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit policy change
**Applies to**
- Windows 10
Determines whether to audit every incident of a change to user rights assignment policies, audit policies, or trust policies.

4
windows/security/threat-protection/auditing/basic-audit-privilege-use.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit privilege use
**Applies to**
- Windows 10
Determines whether to audit each instance of a user exercising a user right.

4
windows/security/threat-protection/auditing/basic-audit-process-tracking.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit process tracking
**Applies to**
- Windows 10
Determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access.

4
windows/security/threat-protection/auditing/basic-audit-system-events.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Audit system events
**Applies to**
- Windows 10
Determines whether to audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log.

4
windows/security/threat-protection/auditing/basic-security-audit-policies.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Basic security audit policies
**Applies to**
- Windows 10
Before you implement auditing, you must decide on an auditing policy. A basic audit policy specifies categories of security-related events that you want to audit. When this version of Windows is first installed, all auditing categories are disabled. By enabling various auditing event categories, you can implement an auditing policy that suits the security needs of your organization.

4
windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/06/2021
ms.technology: mde
---
# Basic security audit policy settings
**Applies to**
- Windows 10
Basic security audit policy settings are found under Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Audit Policy.

4
windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.technology: mde
---
# Create a basic audit policy for an event category
**Applies to**
- Windows 10
By defining auditing settings for specific event categories, you can create an auditing policy that suits the security needs of your organization. On devices that are joined to a domain, auditing settings for the event categories are undefined by default. On domain controllers, auditing is turned on by default.

6
windows/security/threat-protection/auditing/event-1100.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 1100(S): The event logging service has shut down.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-1100.png" alt="Event 1100 illustration" width="449" height="317" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-1102.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 1102(S): The audit log was cleared.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-1102.png" alt="Event 1102 illustration" width="449" height="336" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-1104.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 1104(S): The security log is now full.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-1104.png" alt="Event 1104 illustration" width="449" height="317" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-1105.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 1105(S): Event log automatic backup
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-1105.png" alt="Event 1105 illustration" width="572" height="317" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-1108.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 1108(S): The event logging service encountered an error while processing an incoming event published from %1.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-1108.png" alt="Event 1108 illustration" width="613" height="429" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4608.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4608(S): Windows is starting up.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4608.png" alt="Event 4608 illustration" width="449" height="317" hspace="10" align="top" />

6
windows/security/threat-protection/auditing/event-4610.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4610(S): An authentication package has been loaded by the Local Security Authority.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4610.png" alt="Event 4610 illustration" width="656" height="317" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4611.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4611(S): A trusted logon process has been registered with the Local Security Authority.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4611.png" alt="Event 4611 illustration" width="449" height="393" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4612.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4612(S): Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.
**Applies to**
- Windows 10
- Windows Server 2016
This event is generated when audit queues are filled and events must be discarded. This most commonly occurs when security events are being generated faster than they are being written to disk.

6
windows/security/threat-protection/auditing/event-4614.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4614(S): A notification package has been loaded by the Security Account Manager.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4614.png" alt="Event 4614 illustration" width="449" height="317" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4615.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4615(S): Invalid use of LPC port.
**Applies to**
- Windows 10
- Windows Server 2016
It appears that this event never occurs.

6
windows/security/threat-protection/auditing/event-4616.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4616(S): The system time was changed.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4616.png" alt="Event 4616 illustration" width="522" height="518" hspace="10" align="top" />

6
windows/security/threat-protection/auditing/event-4618.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4618(S): A monitored security event pattern has occurred.
**Applies to**
- Windows 10
- Windows Server 2016
***Subcategory:***&nbsp;[Audit System Integrity](audit-system-integrity.md)

5
windows/security/threat-protection/auditing/event-4621.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,9 +16,6 @@ ms.technology: mde
# 4621(S): Administrator recovered system from CrashOnAuditFail.
**Applies to**
- Windows 10
- Windows Server 2016
This event is logged after a system reboots following [CrashOnAuditFail](/previous-versions/windows/it-pro/windows-2000-server/cc963220(v=technet.10)?f=255&MSPPError=-2147217396). It generates when CrashOnAuditFail = 2.

6
windows/security/threat-protection/auditing/event-4622.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4622(S): A security package has been loaded by the Local Security Authority.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4622.png" alt="Event 4622 illustration" width="449" height="317" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4624.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4624(S): An account was successfully logged on.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4624.png" alt="Event 4624 illustration" width="438" height="668" hspace="10" />

6
windows/security/threat-protection/auditing/event-4625.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4625(F): An account failed to log on.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4625.png" alt="Event 4625 illustration" width="449" height="780" hspace="10" align="top" />

6
windows/security/threat-protection/auditing/event-4626.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4626(S): User/Device claims information.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4626.png" alt="Event 4626 illustration" width="549" height="771" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4627.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4627(S): Group membership information.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4627.png" alt="Event 4627 illustration" width="554" height="896" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4634.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 11/20/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4634(S): An account was logged off.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4634.png" alt="Event 4634 illustration" width="449" height="431" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4647.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4647(S): User initiated logoff.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4647.png" alt="Event 4647 illustration" width="449" height="392" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4648.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4648(S): A logon was attempted using explicit credentials.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4648.png" alt="Event 4648 illustration" width="486" height="663" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4649.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4649(S): A replay attack was detected.
**Applies to**
- Windows 10
- Windows Server 2016
This event generates on domain controllers when **KRB\_AP\_ERR\_REPEAT** Kerberos response was sent to the client.

6
windows/security/threat-protection/auditing/event-4656.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4656(S, F): A handle to an object was requested.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4656.png" alt="Event 4656 illustration" width="764" height="895"/>

6
windows/security/threat-protection/auditing/event-4657.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4657(S): A registry value was modified.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4657.png" alt="Event 4657 illustration" width="449" height="570" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4658.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4658(S): The handle to an object was closed.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4658.png" alt="Event 4658 illustration" width="449" height="463" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4660.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4660(S): An object was deleted.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4660.png" alt="Event 4660 illustration" width="449" height="477" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4661.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4661(S, F): A handle to an object was requested.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4661.png" alt="Event 4661 illustration" width="449" height="661" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4662.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4662(S, F): An operation was performed on an object.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4662.png" alt="Event 4662 illustration" width="496" height="614" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4663.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4663(S): An attempt was made to access an object.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4663.png" alt="Event 4663 illustration" width="530" height="589" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4664.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4664(S): An attempt was made to create a hard link.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4664.png" alt="Event 4664 illustration" width="449" height="419" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4670.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4670(S): Permissions on an object were changed.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4670.png" alt="Event 4670 illustration" width="449" height="605" hspace="10" align="left" />

8
windows/security/threat-protection/auditing/event-4671.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,11 +16,7 @@ ms.technology: mde
# 4671(-): An application attempted to access a blocked ordinal through the TBS.
**Applies to**
- Windows 10
- Windows Server 2016
*
Currently this event doesnt generate. It is a defined event, but it is never invoked by the operating system.
***Subcategory:***&nbsp;[Audit Other Object Access Events](audit-other-object-access-events.md)

6
windows/security/threat-protection/auditing/event-4672.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 12/20/2018
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4672(S): Special privileges assigned to new logon.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4672.png" alt="Event 4672 illustration" width="449" height="503" hspace="10" align="left" />
</br>

6
windows/security/threat-protection/auditing/event-4673.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4673(S, F): A privileged service was called.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4673.png" alt="Event 4673 illustration" width="449" height="503" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4674.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4674(S, F): An operation was attempted on a privileged object.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4674.png" alt="Event 4674 illustration" width="449" height="543" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4675.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4675(S): SIDs were filtered.
**Applies to**
- Windows 10
- Windows Server 2016
This event generates when SIDs were filtered for specific Active Directory trust.

6
windows/security/threat-protection/auditing/event-4688.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4688(S): A new process has been created.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4688.png" alt="Event 4688 illustration" width="417" height="479" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4689.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4689(S): A process has exited.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4689.png" alt="Event 4689 illustration" width="449" height="421" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4690.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4690(S): An attempt was made to duplicate a handle to an object.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4690.png" alt="Event 4690 illustration" width="449" height="463" hspace="10" align="left" />

6
windows/security/threat-protection/auditing/event-4691.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.localizationpriority: none
author: dansimp
ms.date: 04/19/2017
ms.date: 09/07/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
@ -16,10 +16,6 @@ ms.technology: mde
# 4691(S): Indirect access to an object was requested.
**Applies to**
- Windows 10
- Windows Server 2016
<img src="images/event-4691.png" alt="Event 4691 illustration" width="485" height="515" hspace="10" align="left" />

Some files were not shown because too many files have changed in this diff Show More