Merge pull request #4519 from ojrb/Issue3395

Updating GPO requeriments for WIndows Hello
2025-06-21 13:23:36 +00:00 · 2019-07-26 10:55:54 -07:00
parent b934789433 80245d98a3
commit 282d4913f8
2 changed files with 17 additions and 2 deletions
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
@ -33,9 +33,9 @@ On-premises certificate-based deployments of Windows Hello for Business needs on

 ## Enable Windows Hello for Business Group Policy

-The Enable Windows Hello for Business Group Policy setting is the configuration needed for Windows to determine if a user should be attempt to enroll for Windows Hello for Business.  A user will only attempt enrollment if this policy setting is configured to enabled.  
+The Group Policy setting determines whether users are allowed, and prompted, to enroll for Windows Hello for Business. It can be configured for computers or users. 

-You can configure the Enable Windows Hello for Business Group Policy setting for computer or users. Deploying this policy setting to computers results in ALL users that sign-in that computer to attempt a Windows Hello for Business enrollment. Deploying this policy setting to a user results in only that user attempting a Windows Hello for Business enrollment.  Additionally, you can deploy the policy setting to a group of users so only those users attempt a Windows Hello for Business enrollment. If both user and computer policy settings are deployed, the user policy setting has precedence.
+If you configure the Group Policy for computers, all users that sign-in to those computers will be allowed and prompted to enroll for Windows Hello for Business. If you configure the Group Policy for users, only those users will be allowed and prompted to enroll for Windows Hello for Business. For these settings to be configured using GPO, you need to download and install the latest Administrative Templates (.admx) for Windows 10. 


 ## Create the Windows Hello for Business Group Policy object
--- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md
+++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md
@ -38,6 +38,21 @@ To complete this procedure, you must be logged on as a member of the built-in Ad
    -   To audit successful events, click **Success.**
    -   To audit failure events, click **Fail.**
    -   To audit all events, click **All.**
+6.  In the **Applies to** box, click the object(s) that the audit of events will apply to. These include:
+    -   **This folder only**
+    -   **This folder, subfolders and files**
+    -   **This folder and subfolders**
+    -   **This folder and files**
+    -   **Subfolders and files only**
+    -   **Subfolders only**
+    -   **Files only.**
+7.  By default, the selected **Basic Permissions** to audit are the following:
+    -   **Read and execute**
+    -   **List folder contents**
+    -   **Read**
+    -   Additionally, you can choose **Full control**, **Modify**, and/or **Write** permissions with your selected audit combination.
+    
+    

 > **Important:**  Before setting up auditing for files and folders, you must enable [object access auditing](basic-audit-object-access.md) by defining auditing policy settings for the object access event category. If you do not enable object access auditing, you will receive an error message when you set up auditing for files and folders, and no files or folders will be audited.