merging test

2025-05-11 21:07:23 +00:00 · 2023-05-25 13:28:37 -04:00 · 2023-05-25 13:28:37 -04:00 · 29a81b2540
commit 29a81b2540
parent 37a2825c25
7 changed files with 98 additions and 32 deletions
--- a/images/group-policy.svg
+++ b/images/group-policy.svg
@ -0,0 +1,3 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 2048 2048">
+  <path d="M1792 0q53 0 99 20t82 55 55 81 20 100q0 53-20 99t-55 82-81 55-100 20h-128v1280q0 53-20 99t-55 82-81 55-100 20H256q-53 0-99-20t-82-55-55-81-20-100q0-53 20-99t55-82 81-55 100-20V256q0-53 20-99t55-82 81-55T512 0h1280zM128 1792q0 27 10 50t27 40 41 28 50 10h930q-34-60-34-128t34-128H256q-27 0-50 10t-40 27-28 41-10 50zm1280 128q27 0 50-10t40-27 28-41 10-50V256q0-68 34-128H512q-27 0-50 10t-40 27-28 41-10 50v1280h1024q26 0 45 19t19 45q0 26-19 45t-45 19q-25 0-49 9t-42 28q-18 18-27 42t-10 49q0 27 10 50t27 40 41 28 50 10zm384-1536q27 0 50-10t40-27 28-41 10-50q0-27-10-50t-27-40-41-28-50-10q-27 0-50 10t-40 27-28 41-10 50v128h128zm-1280 0h896v128H512V384zm0 256h256v128H512V640zm0 256h256v128H512V896zm0 256h256v128H512v-128zm640-512q53 0 99 20t82 55 55 81 20 100q0 17-4 33t-4 31v539l-248-124-248 124V960q0-14-4-30t-4-34q0-53 20-99t55-82 81-55 100-20zm0 128q-27 0-50 10t-40 27-28 41-10 50q0 27 10 50t27 40 41 28 50 10q27 0 50-10t40-27 28-41 10-50q0-27-10-50t-27-40-41-28-50-10zm136 549v-204q-30 20-65 29t-71 10q-36 0-71-9t-65-30v204l136-68 136 68z" fill="#0078D4" />
+</svg>
--- a/images/information.svg
+++ b/images/information.svg
@ -0,0 +1,3 @@
+<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path d="M8 7C8.27614 7 8.5 7.22386 8.5 7.5V10.5C8.5 10.7761 8.27614 11 8 11C7.72386 11 7.5 10.7761 7.5 10.5V7.5C7.5 7.22386 7.72386 7 8 7ZM8.00001 6.24907C8.41369 6.24907 8.74905 5.91371 8.74905 5.50003C8.74905 5.08635 8.41369 4.751 8.00001 4.751C7.58633 4.751 7.25098 5.08635 7.25098 5.50003C7.25098 5.91371 7.58633 6.24907 8.00001 6.24907ZM2 8C2 4.68629 4.68629 2 8 2C11.3137 2 14 4.68629 14 8C14 11.3137 11.3137 14 8 14C4.68629 14 2 11.3137 2 8ZM8 3C5.23858 3 3 5.23858 3 8C3 10.7614 5.23858 13 8 13C10.7614 13 13 10.7614 13 8C13 5.23858 10.7614 3 8 3Z" fill="#0078D4" />
+</svg>
--- a/images/intune.svg
+++ b/images/intune.svg
@ -0,0 +1,24 @@
+<svg id="a9ed4d43-c916-4b9a-b9ca-be76fbdc694c" xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 18 18">
+  <defs>
+    <linearGradient id="aaede26b-698f-4a65-b6db-859d207e2da6" x1="8.05" y1="11.32" x2="8.05" y2="1.26" gradientUnits="userSpaceOnUse">
+      <stop offset="0" stop-color="#0078d4" />
+      <stop offset="0.82" stop-color="#5ea0ef" />
+    </linearGradient>
+    <linearGradient id="bc54987f-34ba-4701-8ce4-6eca10aff9e9" x1="8.05" y1="15.21" x2="8.05" y2="11.32" gradientUnits="userSpaceOnUse">
+      <stop offset="0" stop-color="#1490df" />
+      <stop offset="0.98" stop-color="#1f56a3" />
+    </linearGradient>
+    <linearGradient id="a5434fd8-c18c-472c-be91-f2aa070858b7" x1="8.05" y1="7.87" x2="8.05" y2="4.94" gradientUnits="userSpaceOnUse">
+      <stop offset="0" stop-color="#d2ebff" />
+      <stop offset="1" stop-color="#f0fffd" />
+    </linearGradient>
+  </defs>
+  <title>Icon-intune-329</title>
+  <rect x="0.5" y="1.26" width="15.1" height="10.06" rx="0.5" fill="url(#aaede26b-698f-4a65-b6db-859d207e2da6)" />
+  <rect x="1.34" y="2.1" width="13.42" height="8.39" rx="0.28" fill="#fff" />
+  <path d="M11.08,14.37c-1.5-.23-1.56-1.31-1.55-3h-3c0,1.74-.06,2.82-1.55,3a.87.87,0,0,0-.74.84h7.54A.88.88,0,0,0,11.08,14.37Z" fill="url(#bc54987f-34ba-4701-8ce4-6eca10aff9e9)" />
+  <path d="M17.17,5.91H10.29a2.31,2.31,0,1,0,0,.92H11v9.58a.33.33,0,0,0,.33.33h5.83a.33.33,0,0,0,.33-.33V6.24A.33.33,0,0,0,17.17,5.91Z" fill="#32bedd" />
+  <rect x="11.62" y="6.82" width="5.27" height="8.7" rx="0.12" fill="#fff" />
+  <circle cx="8.05" cy="6.41" r="1.46" opacity="0.9" fill="url(#a5434fd8-c18c-472c-be91-f2aa070858b7)" />
+  <path d="M14.88,10.82,13.76,9.7a.06.06,0,0,0-.1.05v.68a.06.06,0,0,1-.06.06H11v.83H13.6a.06.06,0,0,1,.06.06v.69a.06.06,0,0,0,.1,0L14.88,11A.12.12,0,0,0,14.88,10.82Z" fill="#0078d4" />
+</svg>
--- a/images/windows-os.svg
+++ b/images/windows-os.svg
@ -0,0 +1,3 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 2048 2048" width="18" height="18" >
+  <path d="M0 0h961v961H0V0zm1087 0h961v961h-961V0zM0 1087h961v961H0v-961zm1087 0h961v961h-961v-961z" fill="#0078D4" />
+</svg>
--- a/windows/security/application-security/application-control/user-account-control/how-user-account-control-works.md
+++ b/windows/security/application-security/application-control/user-account-control/how-user-account-control-works.md
@ -56,13 +56,11 @@ The default, built-in UAC elevation component for an administrator account in Ad

 The credential prompt is presented when a standard user attempts to perform a task that requires a user's administrative access token. Administrators can also be required to provide their credentials by setting the **User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode** policy setting value to **Prompt for credentials**.

-The following is an example of the UAC credential prompt.
-
 :::image type="content" source="images/uaccredentialprompt.png" alt-text="UAC credential prompt.":::

 ### The consent prompt

-The consent prompt is presented when a user attempts to perform a task that requires a user's administrative access token. The following is an example of the UAC consent prompt.
+The consent prompt is presented when a user attempts to perform a task that requires a user's administrative access token.

  :::image type="content" source="images/uacconsentpromptadmin.png" alt-text="UAC consent prompt.":::

@ -105,7 +103,7 @@ The following diagram details the UAC architecture.

 ![uac architecture.](images/uacarchitecture.gif)

-To better understand each component, review the table below:
+To better understand each component, review the following tables:

 ### User

@ -135,7 +133,7 @@ To better understand each component, review the table below:
 |<p>Virtualization|<p>Virtualization technology ensures that noncompliant apps don't silently fail to run or fail in a way that the cause can't be determined. UAC also provides file and registry virtualization and logging for applications that write to protected areas.|
 |<p>File system and registry|<p>The per-user file and registry virtualization redirects per-computer registry and file write requests to equivalent per-user locations. Read requests are redirected to the virtualized per-user location first and to the per-computer location second.|
 
-The slider will never turn off UAC completely. If you set it to **Never notify**, it will:
+The slider never turns off UAC completely. If you set it to **Never notify**, it will:

 - Keep the UAC service running
 - Cause all elevation request initiated by administrators to be auto-approved without showing a UAC prompt
@ -165,7 +163,7 @@ Virtualization isn't an option in the following scenarios:

 An app manifest is an XML file that describes and identifies the shared and private side-by-side assemblies that an app should bind to at run time. The app manifest includes entries for UAC app compatibility purposes. Administrative apps that include an entry in the app manifest prompt the user for permission to access the user's access token. Although they lack an entry in the app manifest, most administrative app can run without modification by using app compatibility fixes. App compatibility fixes are database entries that enable applications that aren't UAC-compliant to work properly.

-All UAC-compliant apps should have a requested execution level added to the application manifest. If the application requires administrative access to the system, then marking the app with a requested execution level of "require administrator" ensures that the system identifies this program as an administrative app and performs the necessary elevation steps. Requested execution levels specify the privileges required for an app.
+All UAC-compliant apps should have a requested execution level added to the application manifest. If the application requires administrative access to the system, marking the app with a requested execution level of *require administrator* ensures that the system identifies this program as an administrative app, and performs the necessary elevation steps. Requested execution levels specify the privileges required for an app.

 ### Installer detection technology

--- a/windows/security/application-security/application-control/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
+++ b/windows/security/application-security/application-control/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
@ -5,7 +5,7 @@ ms.collection:
  - highpri
  - tier2
 ms.topic: article
-ms.date: 04/19/2017
+ms.date: 05/25/2023
 ---

 # User Account Control Group Policy and registry key settings
@ -189,3 +189,38 @@ The registry keys are found in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Wind
 | EnableLUA | [User Account Control: Run all administrators in Admin Approval Mode](#user-account-control-run-all-administrators-in-admin-approval-mode) | 0 = Disabled<br />1 (Default) = Enabled |
 | PromptOnSecureDesktop | [User Account Control: Switch to the secure desktop when prompting for elevation](#user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation) | 0 = Disabled<br />1 (Default) = Enabled |
 | EnableVirtualization | [User Account Control: Virtualize file and registry write failures to per-user locations](#user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations) | 0 = Disabled<br />1 (Default) = Enabled |
+
+
+
+
+
+## Configure Shared PC
+
+Shared PC can be configured using the following methods:
+
+- Microsoft Intune/MDM
+- Provisioning package (PPKG)
+- PowerShell script
+
+Follow the instructions below to configure your devices, selecting the option that best suits your needs.
+
+#### [:::image type="icon" source="../../../../../images/group-policy.svg"::: **Intune**](#tab/intune)
+
+To configure devices using Microsoft Intune, [create a **Settings catalog** policy][MEM-2], and use the settings listed under the category **`User Account Control`**:
+
+:::image type="content" source="../../../../../images/group-policy.svg" alt-text="Screenshot that shows the Shared PC policies in the Intune settings catalog." lightbox="../../../../../images/group-policy.svg" border="True":::
+
+Assign the policy to a security group that contains as members the devices or users that you want to configure.
+
+Alternatively, you can configure devices using a [custom policy][MEM-1] with the [SharedPC CSP][WIN-3].
+
+#### [:::image type="icon" source="../../../../../images/group-policy.svg"::: **PPKG**](#tab/ppkg)
+
+
+#### [:::image type="icon" source="../../../../../images/group-policy.svg"::: **PowerShell**](#tab/powershell)
+
+To configure devices using the registry
+
+
+
+---
--- a/windows/security/identity-protection/toc.yml
+++ b/windows/security/identity-protection/toc.yml
@ -22,28 +22,28 @@ items:
      displayName: VSC
    - name: Enterprise Certificate Pinning
      href: enterprise-certificate-pinning.md
-    - name: Account Lockout Policy 🔗
-      href: ../threat-protection/security-policy-settings/account-lockout-policy.md
-    - name: Technical support policy for lost or forgotten passwords
-      href: password-support-policy.md
-    - name: Windows LAPS (Local Administrator Password Solution) 🔗
-      displayName: LAPS
-      href: /windows-server/identity/laps/laps-overview
-    - name: Enhanced Phishing Protection in Microsoft Defender SmartScreen
-      href: ../threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
-      displayName: EPP
-    - name: Access Control
-      items:
-      - name: Overview
-        href: access-control/access-control.md
-        displayName: ACL
-      - name: Local Accounts
-        href: access-control/local-accounts.md
-    - name: Security policy settings 🔗
-      href: ../threat-protection/security-policy-settings/security-policy-settings.md
-    - name: Advanced credential protection
-      items:
-      - name: Windows Defender Credential Guard
-        href: credential-guard/toc.yml
-      - name: Windows Defender Remote Credential Guard
-        href: remote-credential-guard.md
+  - name: Account Lockout Policy 🔗
+    href: ../threat-protection/security-policy-settings/account-lockout-policy.md
+  - name: Technical support policy for lost or forgotten passwords
+    href: password-support-policy.md
+  - name: Windows LAPS (Local Administrator Password Solution) 🔗
+    displayName: LAPS
+    href: /windows-server/identity/laps/laps-overview
+  - name: Enhanced Phishing Protection in Microsoft Defender SmartScreen
+    href: ../threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen.md
+    displayName: EPP
+  - name: Access Control
+    items:
+    - name: Overview
+      href: access-control/access-control.md
+      displayName: ACL
+    - name: Local Accounts
+      href: access-control/local-accounts.md
+  - name: Security policy settings 🔗
+    href: ../threat-protection/security-policy-settings/security-policy-settings.md
+  - name: Advanced credential protection
+    items:
+    - name: Windows Defender Credential Guard
+      href: credential-guard/toc.yml
+    - name: Windows Defender Remote Credential Guard
+      href: remote-credential-guard.md