deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 02:13:43 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2spot

Browse Source
This commit is contained in:
jdeckerMS
2017-02-08 10:25:16 -08:00
parent 31c9f47b28 0dd7b5a1f7
commit 2a80cdd28b
58 changed files with 1701 additions and 1594 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
windows/manage/change-history-for-manage-and-update-windows-10.md
View File

@ -14,6 +14,12 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in
>If you're looking for **update history** for Windows 10, see [Windows 10 and Windows Server 2016 update history](https://support.microsoft.com/help/12387/windows-10-update-history).
## February 2017
| New or changed topic | Description |
| --- | --- |
| [Assign devices to servicing branches for Windows 10 updates](waas-servicing-branches-windows-10-updates.md) | Added Group Policy setting that blocks user access to Windows Update. |
## January 2017
| New or changed topic | Description |
@ -24,8 +30,6 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in
| [Quick guide to Windows as a service](waas-quick-start.md) | Added video that explains how Windows as a service works. |
| [Manage device restarts after updates](waas-restart.md) | Added Registry keys for controlling restarts. |
## December 2016
| New or changed topic | Description |

7
windows/manage/customize-windows-10-start-screens-by-using-mobile-device-management.md
View File

@ -15,17 +15,18 @@ localizationpriority: medium
**Applies to**
- Windows 10
- Windows 10
- Windows 10 Mobile
**Looking for consumer information?**
- [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
In Windows 10 Enterprise and Windows 10 Education, you can use a mobile device management (MDM) policy to deploy a customized Start layout to users. No reimaging is required, and the Start layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start layouts for different departments or organizations, with minimal management overhead.
In Windows 10 Mobile, Windows 10 Enterprise, and Windows 10 Education, you can use a mobile device management (MDM) policy to deploy a customized Start layout to users. No reimaging is required, and the Start layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start layouts for different departments or organizations, with minimal management overhead.
> **Note:** Customized taskbar configuration cannot be applied using MDM at this time.
**Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md)
**Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md) for desktop editions or [create a Start layout XML](start-layout-xml-mobile.md) for mobile.
**Warning**  
When a full Start layout is applied with this method, the users cannot pin, unpin, or uninstall apps from Start. Users can view and open all apps in the **All Apps** view, but they cannot pin any apps to Start. When a partial Start layout is applied, the contents of the specified tile groups cannot be changed, but users can move those groups, and can also create and customize their own groups.

13
windows/manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
View File

@ -15,18 +15,19 @@ localizationpriority: medium
**Applies to**
- Windows 10
- Windows 10
- Windows 10 Mobile
**Looking for consumer information?**
- [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
In Windows 10 Enterprise and Windows 10 Education, version 1607, you can use a provisioning package that you create with Windows Imaging and Configuration Designer (ICD) tool to deploy a customized Start and taskbar layout to users. No reimaging is required, and the Start and taskbar layout can be updated simply by overwriting the .xml file that contains the layout. The provisioning package can be applied to a running device. This enables you to customize Start and taskbar layouts for different departments or organizations, with minimal management overhead.
In Windows 10 Mobile, Windows 10 Enterprise, and Windows 10 Education, version 1607, you can use a provisioning package that you create with Windows Imaging and Configuration Designer (ICD) tool to deploy a customized Start and taskbar layout to users. No reimaging is required, and the Start and taskbar layout can be updated simply by overwriting the .xml file that contains the layout. The provisioning package can be applied to a running device. This enables you to customize Start and taskbar layouts for different departments or organizations, with minimal management overhead.
>[!IMPORTANT]
>If you use a provisioning package to configure the taskbar, your configuration will be reapplied each time the explorer.exe process restarts. If your configuration pins an app and the user unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration and allow users to make changes that will persist, apply your configuration by using Group Policy.
**Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md)
**Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md) for desktop editions or [create a Start layout XML](start-layout-xml-mobile.md) for mobile.
## <a href="" id="bkmk-howstartscreencontrolworks"></a>How Start layout control works
@ -48,14 +49,12 @@ Three features enable Start and taskbar layout control:
Use the [Imaging and Configuration Designer (ICD) tool](https://go.microsoft.com/fwlink/p/?LinkID=525483) included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package that applies a customized Start and taskbar layout. [Install the ADK.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
> **Important**
When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
>[!IMPORTANT]
>When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
1. Open ICD (by default, %systemdrive%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe).
2. Choose **Advanced provisioning**.
3. Name your project, and click **Next**.
4. Choose **All Windows desktop editions** and click **Next**.

5
windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
View File

@ -25,8 +25,9 @@ If you want to minimize connections from Windows to Microsoft services, or confi
You can configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience.
We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com.
To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). This baseline was created in the same way as the [Windows security baselines](../keep-secure/windows-security-baselines.md) that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying. Applying this baseline is equivalent to applying the Windows 10 steps covered in this article.
We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com.
## What's new in Windows 10, version 1607 and Windows Server 2016
@ -1359,5 +1360,3 @@ You can turn off automatic updates by doing one of the following. This is not re
- **5**. Turn off automatic updates.
To learn more, see [Device update management](http://msdn.microsoft.com/library/windows/hardware/dn957432.aspx) and [Configure Automatic Updates by using Group Policy](http://technet.microsoft.com/library/cc720539.aspx).
To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). This baseline was created in the same way as the [Windows security baselines](../keep-secure/windows-security-baselines.md) that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying.

4
windows/manage/waas-configure-wufb.md
View File

@ -182,9 +182,9 @@ Below are quick-reference tables of the supported Windows Update for Business po
| MDM Key | Key type | Value |
| --- | --- | --- |
| BranchReadinessLevel | REG_DWORD | 16: systems take Feature Updates for the Current Branch (CB)</br>32: systems take Feature Updates for the Current Branch for Business (CBB)</br>Note: Other value or absent: receive all applicable updates (CB) |
| DeferQualityUpdatesPeriod | REG_DWORD | 0-30: defer quality updates by given days |
| DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-30: defer quality updates by given days |
| PauseQualityUpdates | REG_DWORD | 1: pause quality updates</br>Other value or absent: dont pause quality updates |
| DeferFeatureUpdatesPeriod | REG_DWORD | 0-180: defer feature updates by given days |
| DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-180: defer feature updates by given days |
| PauseFeatureUpdates | REG_DWORD | 1: pause feature updates</br>Other value or absent: dont pause feature updates |
| ExcludeWUDriversinQualityUpdate | REG_DWORD | 1: exclude Windows Update drivers</br>Other value or absent: offer Windows Update drivers |

10
windows/manage/waas-delivery-optimization.md
View File

@ -19,6 +19,10 @@ localizationpriority: high
Delivery Optimization is a self-organizing distributed cache solution for businesses looking to reduce bandwidth consumption for operating system updates, operating system upgrades, and applications by allowing clients to download those elements from alternate sources (such as other peers on the network) in addition to the traditional Internet-based Windows Update servers. You can use Delivery Optimization in conjunction with stand-alone Windows Update, Windows Server Update Services (WSUS), and Windows Update for Business. This functionality is similar to BranchCache in other systems, such as System Center Configuration Manager.
Delivery Optimization is a cloud managed solution. Having access to the Delivery Optimization cloud services, is a requirement for it to be enabled. This mean that in order to utilize the peer-to-peer functionality of Delivery Optimization, machines need to have access to the internet.
For more details, see [Download mode](#download-mode).
>[!NOTE]
>WSUS can also use [BranchCache](waas-branchcache.md) for content sharing and caching. If Delivery Optimization is enabled on devices that use BranchCache, Delivery Optimization will be used instead.
@ -33,17 +37,19 @@ You can use Group Policy or an MDM solution like Intune to configure Delivery Op
Several Delivery Optimization features are configurable.
<span id="download-mode"/>
### Download mode (DODownloadMode)
Download mode dictates which download sources clients are allowed to use when downloading Windows updates in addition to Windows Update servers. The following table shows the available download mode options and what they do.
| Download mode option | Functionality when set |
| --- | --- |
| HTTP Only (0) | This setting disables peer content sharing but still allows Delivery Optimization to download content from Windows Update servers or WSUS servers. |
| HTTP Only (0) | This setting disables peer-to-peer caching but still allows Delivery Optimization to download content from Windows Update servers or WSUS servers. This mode uses additional metadata provided by the Delivery Optimization cloud services for a peerless reliable and efficient download experience. |
| LAN (1 Default) | This default operating mode for Delivery Optimization enables peer sharing on the same network. |
| Group (2) | When group mode is set, the group is automatically selected based on the devices Active Directory Domain Services (AD DS) site (Windows 10, version 1607) or the domain the device is authenticated to (Windows 10, version 1511). In group mode, peering occurs across internal subnets, between devices that belong to the same group, including devices in remote offices. You can use the GroupID option to create your own custom group independently of domains and AD DS sites. Group download mode is the recommended option for most organizations looking to achieve the best bandwidth optimization with Delivery Optimization. |
| Internet (3) | Enable Internet peer sources for Delivery Optimization. |
| Simple (99) | Simple mode disables the use of Delivery Optimization cloud services completely (for offline environments). Delivery Optimization switches to this mode automatically when the Delivery Optimization cloud services are unavailable or unreachable. |
| Simple (99) | Simple mode disables the use of Delivery Optimization cloud services completely (for offline environments). Delivery Optimization switches to this mode automatically when the Delivery Optimization cloud services are unavailable, unreachable or when the content file size is less than 10 MB. In this mode, Delivery Optimization provides a reliable download experience, with no peer-to-peer caching. |
|Bypass (100) | Bypass Delivery Optimization and use BITS, instead. For example, select this mode so that clients can use BranchCache. |
>[!NOTE]

7
windows/manage/waas-servicing-branches-windows-10-updates.md
View File

@ -190,6 +190,13 @@ or [Manage Windows 10 updates using System Center Configuration Manager](waas-ma
</tbody></table>
</br>
## Block user access to Windows Update settings
In Windows 10, administrators can control user access to Windows Update.
By enabling the Group Policy setting under **Computer Configuration\Administrative Templates\Windows Components\Windows update\Remove access to use all Windows update features**, administrators can disable the "Check for updates" option for users. Any background update scans, downloads and installations will continue to work as configured.
>[!NOTE]
> In Windows 10, any Group Policy user configuration settings for Windows Update were deprecated and are no longer supported on this platform.
## Related topics

128
windows/manage/windows-libraries.md Normal file
View File

@ -0,0 +1,128 @@
---
ms.assetid: e68cd672-9dea-4ff8-b725-a915f33d8fd2
title: Windows Libraries
ms.prod: windows-server-threshold
ms.author: jgerend
ms.manager: dongill
ms.technology: storage
ms.topic: article
author: jasongerend
ms.date: 2/6/2017
description: All about Windows Libraries, which are containers for users' content, such as Documents and Pictures.
---
> Applies to: Windows 10, Windows 8.1, Windows 7, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2
# Windows Libraries
Libraries are virtual containers for users content. A library can contain files and folders stored on the local computer or in a remote storage location. In Windows Explorer, users interact with libraries in ways similar to how they would interact with other folders. Libraries are built upon the legacy known folders (such as My Documents, My Pictures, and My Music) that users are familiar with, and these known folders are automatically included in the default libraries and set as the default save location.
## Features for Users
Windows libraries are backed by full content search and rich metadata. Libraries offer the following advantages to users:
- Aggregate content from multiple storage locations into a single, unified presentation.
- Enable users to stack and group library contents based on metadata.
- Enable fast, full-text searches across multiple storage locations, from Windows Explorer or from the Start menu.
- Support customized filter search suggestions, based on the types of files contained in the library.
- Enable users to create new libraries and specify which folders they want to include.
## Features for Administrators
Administrators can configure and control Windows libraries in the following ways:
- Create custom libraries by creating and deploying Library Description (*.library-ms) files.
- Hide or delete the default libraries. (The Library node itself cannot be hidden or deleted from the Windows Explorer navigation pane.)
- Specify a set of libraries available to Default User, and then deploy those libraries to users that derive from Default User.
- Specify locations to include in a library.
- Remove a default location from a library.
- Remove advanced libraries features, when the environment does not support the local caching of files, by using the [Turn off Windows Libraries features that rely on indexed file data](https://technet.microsoft.com/library/faaefdad-6e12-419a-b714-6a7bb60f6773#WS_TurnOffWindowsLibraries) Group Policy. This makes all libraries basic (see [Indexing Requirements and Basic Libraries](https://technet.microsoft.com/library/dd744693.aspx#WS_IndexingReqs_BasicLibraries)), removes libraries from the scope of the Start menu search, and removes other features to avoid confusing users and consuming resources.
## More about Libraries
The following is important information about libraries you may need to understand to successfully manage your enterprise.
### Library Contents
Including a folder in a library does not physically move or change the storage location of the files or folders; the library is a view into those folders. However, users interacting with files in a library are copying, moving, and deleting the files themselves, not copies of these files.
### Default Libraries and Known Folders
The default libraries include:
- Documents
- Music
- Pictures
- Videos
Libraries are built upon the legacy known folders (such as My Documents, My Pictures, and My Music) that users are familiar with. These known folders are automatically included in the default libraries and set as the default save location. That is, when users drag, copy, or save a file to the Documents library, the file is moved, copied, or saved to the My Documents folder. Administrators and users can change the default save-to location.
### Hiding Default Libraries
Users or administrators can hide or delete the default libraries, though the libraries node in the Navigation pane cannot be hidden or deleted. Hiding a default library is preferable to deleting it, as applications like Windows Media Player rely on the default libraries and will re-create them if they do not exist on the computer. See [How to Hide Default Libraries](https://technet.microsoft.com/library/d44c78e0-08ef-4e91-935a-a6f43716e37d#BKMK_HideDefaultLibraries) for instructions.
### Default Save Locations for Libraries
Each library has a default save location. Files are saved or copied to this location if the user chooses to save or copy a file to a library, rather than a specific location within the library. Known folders are the default save locations; however, users can select a different save location.
If the user removes the default save location from a library, the next location is automatically selected as the new default save location. If the library is empty of locations or if all included locations cannot be saved to, then the save operation fails.
### Indexing Requirements and “Basic” Libraries
Certain library features depend on the contents of the libraries being indexed. Library locations must be available for local indexing or be indexed in a manner conforming to the Windows Indexing Protocol. If indexing is not enabled for one or more locations within a library, the entire library reverts to basic functionality:
- No support for metadata browsing via **Arrange By** views.
- Grep-only searches.
- Grep-only search suggestions. The only properties available for input suggestions are **Date Modified** and **Size**.
- No support for searching from the Start menu. Start menu searches do not return files from basic libraries.
- No previews of file snippets for search results returned in Content mode.
To avoid this limited functionality, all locations within the library must be indexable, either locally or remotely. When users add local folders to libraries, Windows adds the location to the indexing scope and indexes the contents. Remote locations that are not indexed remotely can be added to the local index using Offline File synchronization. This gives the user the benefits of local storage even though the location is remote. Making a folder “Always available offline” creates a local copy of the folders files, adds those files to the index, and keeps the local and remote copies in sync. Users can manually sync locations which are not indexed remotely and are not using folder redirection to gain the benefits of being indexed locally.
For instructions on enabling indexing, see [How to Enable Indexing of Library Locations](https://technet.microsoft.com/library/d44c78e0-08ef-4e91-935a-a6f43716e37d#BKMK_EnableIndexLocations).
If your environment does not support caching files locally, you should enable the [Turn off Windows Libraries features that rely on indexed file](https://technet.microsoft.com/library/faaefdad-6e12-419a-b714-6a7bb60f6773#WS_TurnOffWindowsLibraries) data Group Policy. This makes all libraries basic. For further information, see [Group Policy for Windows Search, Browse, and Organize](https://technet.microsoft.com/library/dd744697.aspx).
### Folder Redirection
While library files themselves cannot be redirected, you can redirect known folders included in libraries by using [Folder Redirection](https://technet.microsoft.com/library/hh848267.aspx). For example, you can redirect the “My Documents” folder, which is included in the default Documents library. When redirecting known folders, you should make sure that the destination is either indexed or always available offline in order to maintain full library functionality. In both cases, the files for the destination folder are indexed and supported in libraries. These settings are configured on the server side.
### Supported storage locations
The following table show which locations are supported in Windows libraries.
|Supported Locations|Unsupported Locations|
|---|---|
|Fixed local volumes (NTFS/FAT)|Removable drives|
|Shares that are indexed (departmental servers*, Windows home PCs)|Removable media (such as DVDs)<br><br>Network shares that are accessible through DFS Namespaces or are part of a failover cluster|
|Shares that are available offline (redirected folders that use Offline Files)|Network shares that aren't available offline or remotely indexed <br><br>Network Attached Storage (NAS) devices|
||Other data sources: SharePoint, Exchange, etc.|
\* For shares that are indexed on a departmental server, Windows Search works well in workgroups or on a domain server that has similar characteristics to a workgroup server. For example, Windows Search works well on a single share departmental server with the following characteristics:
- Expected maximum load is four concurrent query requests.
- Expected indexing corpus is a maximum of one million documents.
- Users directly access the server. That is, the server is not made available through DFS Namespaces.
- Users are not redirected to another server in case of failure. That is, server clusters are not used.
### Library Attributes
The following library attributes can be modified within Windows Explorer, the Library Management dialog, or the Library Description file (*.library-ms):
- Name
- Library locations
- Order of library locations
- Default save location
The library icon can be modified by the administrator or user by directly editing the Library Description schema file.
See the [Library Description Schema](http://go.microsoft.com/fwlink/?LinkId=159581) topic on MSDN for information on creating Library Description files.
## See also
### Concepts
- [Windows Search Features ](https://technet.microsoft.com/library/dd744686.aspx)
- [Windows Indexing Features](https://technet.microsoft.com/library/dd744700.aspx)
- [Federated Search Features](https://technet.microsoft.com/library/dd744682.aspx)
- [Administrative How-to Guides](https://technet.microsoft.com/library/ee461108.aspx)
- [Group Policy for Windows Search, Browse, and Organize](https://technet.microsoft.com/library/dd744697.aspx)
- [Additional Resources for Windows Search, Browse, and Organization](https://technet.microsoft.com/library/dd744695.aspx)
### Other resources
- [Folder Redirection, Offline Files, and Roaming User Profiles](https://technet.microsoft.com/library/hh848267.aspx)
- [Library Description Schema](https://msdn.microsoft.com/library/dd798389.aspx)