From c3c1e9ec7b074a0333fbfb9133908d62cd78a78c Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Mon, 31 Jul 2017 17:32:54 +0000 Subject: [PATCH 1/2] Merged PR 2469: AppLocker CSP - updated description for CodeIntegrity/Policy node --- windows/client-management/mdm/applocker-csp.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index e1097181a3..8f7f3dd2f0 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -156,6 +156,20 @@ Each of the previous nodes contains one or more of the following leaf nodes:

Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.

Policy nodes are a Base64-encoded blob of the binary policy representation. The binary policy may be signed or unsigned.

For CodeIntegrity/Policy, you can use the [certutil -encode](http://go.microsoft.com/fwlink/p/?LinkId=724364) command line tool to encode the data to base-64.

+

Here is a sample certutil invocation:

+ +``` +certutil -encode WinSiPolicy.p7b WinSiPolicy.txt +``` + +

Use only the data enclosed in the BEGIN CERTIFIFCATE and END CERTIFICATE section. Ensure that you have removed all line breaks before passing the data to the CSP node.

+

An alternative to using certutil would be to use the following PowerShell invocation:

+ +``` +[Convert]::ToBase64String($(Get-Content -Encoding Byte -ReadCount 0 -Path )) +``` + +

If you are using Hybrid MDM management with System Center Configuration Manager please ensure that you are using Base64 as the Data type when using Custom OMA-URI functionality to apply the Code Integrity policy.

Data type is string. Supported operations are Get, Add, Delete, and Replace.

From 8e3ff89a42650da3a67f1d1ea8d83399f38a819a Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Mon, 31 Jul 2017 17:50:21 +0000 Subject: [PATCH 2/2] Updated manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 3d3757b969..9c7505d906 100644 --- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -296,7 +296,7 @@ After that, configure the following: - Disable the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Enable Windows NTP Server** > **Windows Time Service** > **Configure Windows NTP Client** > [!NOTE] - > This is only available on Windows 10, version 1703 and later. If you're using Windows 10, version 1607, the Group Policy setting is **Computer Configuration** > **Administrative Templates** > **System** > **Windows Time Service** > ** Time Providers** > **Enable Windows NTP Client** + > This is only available on Windows 10, version 1703 and later. If you're using Windows 10, version 1607, the Group Policy setting is **Computer Configuration** > **Administrative Templates** > **System** > **Windows Time Service** > **Time Providers** > **Enable Windows NTP Client** -or -