From ddc7d87e467b2d161f7fa5e3cf876831cd08fd21 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Fri, 26 Nov 2021 13:18:34 +0530 Subject: [PATCH 01/47] Html to md table Conversion- batch 22 Converted the tables from html to md format --- .../policy-csp-windowsconnectionmanager.md | 40 +- ...olicy-csp-windowsdefendersecuritycenter.md | 880 ++++-------------- .../mdm/policy-csp-windowsinkworkspace.md | 80 +- .../mdm/policy-csp-windowslogon.md | 280 ++---- .../mdm/policy-csp-windowspowershell.md | 40 +- .../mdm/policy-csp-windowssandbox.md | 240 +---- .../mdm/policy-csp-wirelessdisplay.md | 320 ++----- .../client-management/mdm/pxlogical-csp.md | 36 +- .../mdm/reclaim-seat-from-user.md | 115 +-- windows/client-management/mdm/registry-csp.md | 108 +-- .../client-management/mdm/remotelock-csp.md | 68 +- .../mdm/securitypolicy-csp.md | 195 +--- .../structure-of-oma-dm-provisioning-files.md | 30 +- windows/client-management/mdm/supl-csp.md | 249 +---- .../client-management/mdm/surfacehub-csp.md | 255 ++--- 15 files changed, 538 insertions(+), 2398 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md index a5e847a460..d1a9fd2e11 100644 --- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md +++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md @@ -34,38 +34,14 @@ manager: dansimp **WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md index 1236c6edd8..2ec774f05e 100644 --- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md +++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md @@ -96,38 +96,14 @@ manager: dansimp **WindowsDefenderSecurityCenter/CompanyName** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -164,38 +140,14 @@ ADMX Info: **WindowsDefenderSecurityCenter/DisableAccountProtectionUI** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -236,38 +188,14 @@ Valid values: **WindowsDefenderSecurityCenter/DisableAppBrowserUI** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -310,38 +238,14 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableClearTpmButton** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -398,38 +302,14 @@ ADMX Info: **WindowsDefenderSecurityCenter/DisableDeviceSecurityUI** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -470,38 +350,14 @@ Valid values: **WindowsDefenderSecurityCenter/DisableEnhancedNotifications** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -547,38 +403,14 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableFamilyUI** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -621,38 +453,14 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableHealthUI** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -695,38 +503,14 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableNetworkUI** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -769,38 +553,14 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableNotifications** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -843,38 +603,14 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -931,38 +667,14 @@ ADMX Info: **WindowsDefenderSecurityCenter/DisableVirusUI** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1005,38 +717,14 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1079,38 +767,14 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/Email** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1147,38 +811,14 @@ ADMX Info: **WindowsDefenderSecurityCenter/EnableCustomizedToasts** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1221,38 +861,14 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/EnableInAppCustomization** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1295,38 +911,14 @@ The following list shows the supported values: **WindowsDefenderSecurityCenter/HideRansomwareDataRecovery** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1367,38 +959,14 @@ Valid values: **WindowsDefenderSecurityCenter/HideSecureBoot** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1439,38 +1007,14 @@ Valid values: **WindowsDefenderSecurityCenter/HideTPMTroubleshooting** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1511,38 +1055,14 @@ Valid values: **WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1601,38 +1121,14 @@ ADMX Info: **WindowsDefenderSecurityCenter/Phone** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1669,38 +1165,14 @@ ADMX Info: **WindowsDefenderSecurityCenter/URL** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md index f463131d83..b4216b2026 100644 --- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md +++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md @@ -36,38 +36,14 @@ manager: dansimp **WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -108,38 +84,14 @@ The following list shows the supported values: **WindowsInkWorkspace/AllowWindowsInkWorkspace** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md index 94a49ce87c..b3254d5ac1 100644 --- a/windows/client-management/mdm/policy-csp-windowslogon.md +++ b/windows/client-management/mdm/policy-csp-windowslogon.md @@ -59,38 +59,14 @@ manager: dansimp **WindowsLogon/AllowAutomaticRestartSignOn** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -144,38 +120,14 @@ ADMX Info: **WindowsLogon/ConfigAutomaticRestartSignOn** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -229,38 +181,14 @@ ADMX Info: **WindowsLogon/DisableLockScreenAppNotifications** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -299,38 +227,14 @@ ADMX Info: **WindowsLogon/DontDisplayNetworkSelectionUI** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -394,38 +298,14 @@ ADMX Info: **WindowsLogon/EnableFirstLogonAnimation** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -479,38 +359,14 @@ Supported values: **WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -549,38 +405,14 @@ ADMX Info: **WindowsLogon/HideFastUserSwitching** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md index a67752e251..478a612256 100644 --- a/windows/client-management/mdm/policy-csp-windowspowershell.md +++ b/windows/client-management/mdm/policy-csp-windowspowershell.md @@ -34,38 +34,14 @@ manager: dansimp **WindowsPowerShell/TurnOnPowerShellScriptBlockLogging** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md index f3fd70ab14..c8066ba2b0 100644 --- a/windows/client-management/mdm/policy-csp-windowssandbox.md +++ b/windows/client-management/mdm/policy-csp-windowssandbox.md @@ -48,38 +48,14 @@ ms.date: 10/14/2020 Available in the latest Windows 10 insider preview build. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -142,38 +118,14 @@ The following are the supported values: Available in the latest Windows 10 insider preview build. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -233,38 +185,14 @@ The following are the supported values: Available in the latest Windows 10 insider preview build. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -322,38 +250,14 @@ The following are the supported values: Available in the latest Windows 10 insider preview build. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -412,38 +316,14 @@ The following are the supported values: Available in the latest Windows 10 insider preview build. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -505,38 +385,14 @@ The following are the supported values: Available in the latest Windows 10 insider preview build. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index 9d941ee024..008904439b 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -53,38 +53,14 @@ manager: dansimp **WirelessDisplay/AllowMdnsAdvertisement** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -117,38 +93,14 @@ The following list shows the supported values: **WirelessDisplay/AllowMdnsDiscovery** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -181,38 +133,14 @@ The following list shows the supported values: **WirelessDisplay/AllowProjectionFromPC** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -245,38 +173,14 @@ The following list shows the supported values: **WirelessDisplay/AllowProjectionFromPCOverInfrastructure** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -309,38 +213,14 @@ The following list shows the supported values: **WirelessDisplay/AllowProjectionToPC** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -385,38 +265,14 @@ The following list shows the supported values: **WirelessDisplay/AllowProjectionToPCOverInfrastructure** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -449,38 +305,14 @@ The following list shows the supported values: **WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -513,38 +345,14 @@ The following list shows the supported values: **WirelessDisplay/RequirePinForPairing** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/pxlogical-csp.md b/windows/client-management/mdm/pxlogical-csp.md index 1b7b94e690..d5e1de6271 100644 --- a/windows/client-management/mdm/pxlogical-csp.md +++ b/windows/client-management/mdm/pxlogical-csp.md @@ -151,36 +151,12 @@ The following table shows the Microsoft custom elements that this configuration These features are available only for the device technique. In addition, the parameter-query and characteristic-query features are not supported for all PXPHYSICAL proxy parameters for all PXADDR types. All parameters can be queried when the PXPHYSICAL proxy PXADDRType is IPv4. For example, if a mobile operator queries the TO-NAPID parameter of a PXPHYSICAL proxy and the PXADDR Type is E164, a noparm is returned. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
FeatureAvailable

parm-query

Yes

noparm

Yes

nocharacteristic

Yes

characteristic-query

Yes

+|Feature|Available| +|--- |--- | +|parm-query|Yes| +|noparm|Yes| +|nocharacteristic|Yes| +|characteristic-query|Yes|   diff --git a/windows/client-management/mdm/reclaim-seat-from-user.md b/windows/client-management/mdm/reclaim-seat-from-user.md index 3beb6993e3..90c3146f19 100644 --- a/windows/client-management/mdm/reclaim-seat-from-user.md +++ b/windows/client-management/mdm/reclaim-seat-from-user.md @@ -18,62 +18,20 @@ The **Reclaim seat from user** operation returns reclaimed seats for a user in t ## Request - ---- - - - - - - - - - - - - -
MethodRequest URI

DELETE

https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats/{username}

+|Method|Request URI| +|--- |--- | +|DELETE|`https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats/{username}`| ### URI parameters The following parameters may be specified in the request URI. - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterTypeDescription

productId

string

Required. Product identifier for an application that is used by the Store for Business.

skuId

string

Required. Product identifier that specifies a specific SKU of an application.

username

string

Requires UserPrincipalName (UPN). User name of the target user account.

- +|Parameter|Type|Description| +|--- |--- |--- | +|productId|string|Required. Product identifier for an application that is used by the Store for Business.| +|skuId|string|Required. Product identifier that specifies a specific SKU of an application.| +|username|string|Requires UserPrincipalName (UPN). User name of the target user account.|   ## Response @@ -81,57 +39,10 @@ The following parameters may be specified in the request URI. The response body contain [SeatDetails](data-structures-windows-store-for-business.md#seatdetails). - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Error codeDescriptionRetryData fieldDetails

400

Invalid parameters

No

Parameter name

-

Reason: Invalid parameter

-

Details: String

Invalid can include productId, skuId or userName

404

Not found

Item type: Inventory, User, Seat

-

Values: ProductId/SkuId, UserName, ProductId/SkuId/UserName

ItemType: Inventory, User, Seat

-

Values: ProductId/SkuId, UserName, ProductId/SkuId/UserName

409

Conflict

Reason: Not online

+|Error code|Description|Retry|Data field|Details| +|--- |--- |--- |--- |--- | +|400|Invalid parameters|No|Parameter name
Reason: Invalid parameter
Details: String|Invalid can include productId, skuId or userName| +|404|Not found||Item type: Inventory, User, Seat
Values: ProductId/SkuId, UserName,
ProductId/SkuId/UserName|ItemType: Inventory, User, Seat
Values: ProductId/SkuId, UserName, ProductId/SkuId/UserName| +|409|Conflict||Reason: Not online||   - -  - - - - - diff --git a/windows/client-management/mdm/registry-csp.md b/windows/client-management/mdm/registry-csp.md index 4978cc70e0..19677b94d4 100644 --- a/windows/client-management/mdm/registry-csp.md +++ b/windows/client-management/mdm/registry-csp.md @@ -41,38 +41,14 @@ The default security role maps to each subnode unless specific permission is gra The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ElementsAvailable

parm-query

Yes

noparm

Yes

nocharacteristic

Yes

characteristic-query

Yes

-

Recursive query: Yes

-

Top level query: No

+|Elements|Available| +|--- |--- | +|parm-query|Yes| +|noparm|Yes| +|nocharacteristic|Yes| +|characteristic-query|Yes +Recursive query: Yes +Top level query: No|   Use these elements to build standard OMA Client Provisioning configuration XML. For information about specific elements, see MSPROV DTD elements. @@ -82,66 +58,20 @@ Use these elements to build standard OMA Client Provisioning configuration XML. The following table shows the data types this configuration service provider supports. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
XML Data TypeNative Registry TypeXML Format

integer

REG_DWORD

Integer. A query of this parameter returns an integer type.

boolean

REG_DWORD

Integer value of 1 or 0. A query of this parameter returns an integer type.

float

REG_SZ

Float. A query of this parameter returns a string type.

string

REG_SZ

String. A query of this parameter returns a string type.

multiplestring

REG_MULTI_SZ

Multiple strings are separated by  and ended with two  - A query of this parameter returns a multistring type.

binary

REG_BINARY

Base64 encoded. A query of this parameter returns a binary type.

time

FILETIME in REG_BINARY

The time format conforms to the ISO8601 standard, with the date portion optional. If the date portion is omitted, also omit the "T" delimiter. A query of this parameter returns a binary type.

date

FILETIME in REG_BINARY

The date format conforms to the ISO8601 standard, with the time portion optional. If the time portion is omitted, also omit the "T" delimiter. A query of this parameter returns a binary type.

+|XML Data Type|Native Registry Type|XML Format| +|--- |--- |--- | +|integer|REG_DWORD|Integer. A query of this parameter returns an integer type.| +|boolean|REG_DWORD|Integer value of 1 or 0. A query of this parameter returns an integer type.| +|float|REG_SZ|Float. A query of this parameter returns a string type.| +|string|REG_SZ|String. A query of this parameter returns a string type.| +|multiplestring|REG_MULTI_SZ|Multiple strings are separated by **** and ended with two **** - A query of this parameter returns a multi-string type.| +|binary|REG_BINARY|Base64 encoded. A query of this parameter returns a binary type.| +|time|FILETIME in REG_BINARY|The time format conforms to the ISO8601 standard, with the date portion optional. If the date portion is omitted, also omit the "T" delimiter. A query of this parameter returns a binary type.| +|date|FILETIME in REG_BINARY|The date format conforms to the ISO8601 standard, with the time portion optional. If the time portion is omitted, also omit the "T" delimiter. A query of this parameter returns a binary type.|   -It is not possible to access registry keys nested under the current path by using the Registry configuration service provider. Instead, the values of the subkey must be accessed separately by using a new characteristic. +It is not possible to access registry keys nested under the current path by using the Registry configuration service provider. Instead, the values of the sub-key must be accessed separately by using a new characteristic. ## Related topics diff --git a/windows/client-management/mdm/remotelock-csp.md b/windows/client-management/mdm/remotelock-csp.md index 47ee3981e4..86f5a419c8 100644 --- a/windows/client-management/mdm/remotelock-csp.md +++ b/windows/client-management/mdm/remotelock-csp.md @@ -26,71 +26,21 @@ The RemoteLock CSP supports the ability to lock a device that has a PIN set on t **Lock** Required. The setting accepts requests to lock the device screen. The device screen will lock immediately if a PIN has been set. If no PIN is set, the lock request is ignored and the OMA DM (405) Forbidden error is returned over the management channel. All OMA DM errors are listed [here](https://go.microsoft.com/fwlink/p/?LinkId=522607) in the protocol specification. The supported operations are Get and Exec. - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
StatusDescriptionMeaning [Standard]

(200) OK

The device was successfully locked.

The command and the associated Alert action are completed successfully.

(405)

The device could not be locked because there is no PIN currently set on the device.

The requested command is not allowed on the target.

(500) Command failed

The device was not locked for some unknown reason.

Non-specific errors were created by the recipient while attempting to complete the command.

- -  +|Status|Description|Meaning [Standard]| +|--- |--- |--- | +|(200) OK|The device was successfully locked.|The command and the associated Alert action are completed successfully.| +|(405)|The device could not be locked because there is no PIN currently set on the device.|The requested command is not allowed on the target.| +|(500) Command failed|The device was not locked for some unknown reason.|Non-specific errors were created by the recipient while attempting to complete the command.| **LockAndResetPIN** This setting can be used to lock and reset the PIN on the device. It is used in conjunction with the NewPINValue node. After the **Exec** operation is called successfully on this node, the previous PIN will no longer work and cannot be recovered. The supported operation is Exec. This node will return the following status. All OMA DM errors are listed [here](https://go.microsoft.com/fwlink/p/?LinkId=522607) in the protocol specification. - ----- - - - - - - - - - - - - - - - - - - - -
StatusDescriptionMeaning

(200) OK

The device has been locked with a new password which has been reset.

The command and the associated Alert action are completed successfully.

(500) Command failed

N/A

Non-specific errors were created by the recipient while attempting to complete the command.

+|Status|Description|Meaning| +|--- |--- |--- | +|(200) OK|The device has been locked with a new password which has been reset.|The command and the associated Alert action are completed successfully.| +|(500) Command failed|N/A|Non-specific errors were created by the recipient while attempting to complete the command.| **LockAndRecoverPIN** Added in Windows 10, version 1703. This setting performs a similar function to the LockAndResetPIN node. With LockAndResetPIN any Windows Hello keys associated with the PIN gets deleted, but with LockAndRecoverPIN those keys are saved. After the Exec operation is called successfully on this setting, the new PIN can be retrieved from the NewPINValue setting. The previous PIN will no longer work. diff --git a/windows/client-management/mdm/securitypolicy-csp.md b/windows/client-management/mdm/securitypolicy-csp.md index fbc7a1ec31..890986d418 100644 --- a/windows/client-management/mdm/securitypolicy-csp.md +++ b/windows/client-management/mdm/securitypolicy-csp.md @@ -36,123 +36,20 @@ Defines the security policy identifier as a decimal value. The following security policies are supported. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PolicyIDPolicy namePolicy description

4104

-

Hex: 1008

TPS Policy

This setting indicates whether mobile operators can be assigned the Trusted Provisioning Server (TPS) SECROLE_OPERATOR_TPS role.

-

Default value: 1

-

Supported values:

-

0: The TPS role assignment is disabled.

-

1: The TPS role assignment is enabled, and can be assigned to mobile operators.

4105

-

Hex: 1009

Message Authentication Retry Policy

This setting specifies the maximum number of times the user is allowed to try authenticating a Wireless Application Protocol (WAP) PIN-signed message.

-

Default value: 3

-

Possible values: 0 through 256.

4108

-

Hex: 100c

Service Loading Policy

This setting indicates whether SL messages are accepted, by specifying the security roles that can accept SL messages. An SL message downloads new services or provisioning XML to the device.

-

Default value: 256 (SECROLE_KNOWN_PPG)

-

Supported values: SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG

-

4109

-

Hex:100d

Service Indication Policy

This setting indicates whether SI messages are accepted, by specifying the security roles that can accept SI messages. An SI message is sent to the device to notify users of new services, service updates, and provisioning services.

-

Default value: 256 (SECROLE_KNOWN_PPG)

-

Supported values: SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG

4111

-

Hex:100f

OTA Provisioning Policy

This setting determines whether PIN signed OMA Client Provisioning messages will be processed. This policy's value specifies a role mask. If a message contains at least one of the following roles in the role mask, then the message is processed. To ensure properly signed OMA Client Provisioning messages are accepted by the configuration client, all of the roles that are set in 4141, 4142, and 4143 policies must also be set in this policy. For example, to ensure properly signed USERNETWPIN signed OMA Client Provisioning messages are accepted by the device, if policy 4143 is set to 4096 (SECROLE_ANY_PUSH_SOURCE) for an carrier-unlocked device, policy 4111 must also have the SECROLE_ANY_PUSH_SOURCE role set.

-

Default value: 384 (SECROLE_OPERATOR_TPS | SECROLE_KNOWN_PPG)

-

Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE, SECROLE_OPERATOR_TPS

-

4113

-

Hex:1011

WSP Push Policy

This setting indicates whether Wireless Session Protocol (WSP) notifications from the WAP stack are routed.

-

Default value: 1

-

Supported values:

-

0: Routing of WSP notifications is not allowed.

-

1: Routing of WSP notifications is allowed.

4132

-

Hex:1024

Network PIN signed OTA Provision Message User Prompt Policy

This policy specifies whether the device will prompt a UI to get the user confirmation before processing a pure network pin signed OTA Provisioning message. If prompt, the user has the ability to discard the OTA provisioning message.

-

Default value: 0

-

Supported values:

-

0: The device prompts a UI to get user confirmation when the OTA WAP provisioning message is signed purely with network pin.

-

1: There is no user prompt.

4141

-

Hex:102d

OMA CP NETWPIN Policy

This setting determines whether the OMA network PIN signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.

-

Default value: 0

-

Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE , SECROLE_OPERATOR_TPS

-

4142

-

Hex:102e

OMA CP USERPIN Policy

This setting determines whether the OMA user PIN or user MAC signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.

-

Default value: 256

-

Supported values: SECROLE_OPERATOR_TPS, SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG

4143

-

Hex:102f

OMA CP USERNETWPIN Policy

This setting determines whether the OMA user network PIN signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.

-

Default value: 256

-

Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE, SECROLE_OPERATOR_TPS

-

4144

-

Hex:1030

MMS Message Policy

This setting determines whether MMS messages will be processed. This policy's value specifies a role mask. If a message contains at least one of the roles in the role mask, then the message is processed.

-

Default value: 256 (SECROLE_KNOWN_PPG)

-

Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE

- +|PolicyID|Policy name|Policy description| +|--- |--- |--- | +|4104
Hex: 1008|TPS Policy|This setting indicates whether mobile operators can be assigned the Trusted Provisioning Server (TPS) SECROLE_OPERATOR_TPS role.

Default value: 1

Supported values:
0: The TPS role assignment is disabled.
1: The TPS role assignment is enabled, and can be assigned to mobile operators.| +|4105
Hex: 1009|Message Authentication Retry Policy|This setting specifies the maximum number of times the user is allowed to try authenticating a Wireless Application Protocol (WAP) PIN-signed message.

Default value: 3

Possible values: 0 through 256.| +|4108
Hex: 100c|Service Loading Policy|This setting indicates whether SL messages are accepted, by specifying the security roles that can accept SL messages. An SL message downloads new services or provisioning XML to the device.

Default value: 256 (SECROLE_KNOWN_PPG)

Supported values: SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG| +|4109
Hex:100d|Service Indication Policy|This setting indicates whether SI messages are accepted, by specifying the security roles that can accept SI messages. An SI message is sent to the device to notify users of new services, service updates, and provisioning services.

Default value: 256 (SECROLE_KNOWN_PPG)

Supported values: SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG| +|4111
Hex:100f|OTA Provisioning Policy|This setting determines whether PIN signed OMA Client Provisioning messages will be processed. This policy's value specifies a role mask. If a message contains at least one of the following roles in the role mask, then the message is processed. To ensure properly signed OMA Client Provisioning messages are accepted by the configuration client, all of the roles that are set in 4141, 4142, and 4143 policies must also be set in this policy. For example, to ensure properly signed USERNETWPIN signed OMA Client
Provisioning messages are accepted by the device, if policy 4143 is set to 4096 (SECROLE_ANY_PUSH_SOURCE) for an carrier-unlocked device, policy 4111 must also have the SECROLE_ANY_PUSH_SOURCE role set.

Default value: 384 (SECROLE_OPERATOR_TPS | SECROLE_KNOWN_PPG)

Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE, SECROLE_OPERATOR_TPS| +|4113
Hex:1011|WSP Push Policy|This setting indicates whether Wireless Session Protocol (WSP) notifications from the WAP stack are routed.

Default value: 1

Supported values:
0: Routing of WSP notifications is not allowed.
1: Routing of WSP notifications is allowed.| +|4132
Hex:1024|Network PIN signed OTA Provision Message User Prompt Policy|This policy specifies whether the device will prompt a UI to get the user confirmation before processing a pure network pin signed OTA Provisioning message. If prompt, the user has the ability to discard the OTA provisioning message.

Default value: 0

Supported values:
0: The device prompts a UI to get user confirmation when the OTA WAP provisioning message is signed purely with network pin.
1: There is no user prompt.| +|4141
Hex:102d|OMA CP NETWPIN Policy|This setting determines whether the OMA network PIN signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.

Default value: 0

Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE , SECROLE_OPERATOR_TPS| +|4142
Hex:102e|OMA CP USERPIN Policy|This setting determines whether the OMA user PIN or user MAC signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.

Default value: 256

Supported values: SECROLE_OPERATOR_TPS, SECROLE_ANY_PUSH_SOURCE, SECROLE_KNOWN_PPG| +|4143
Hex:102f|OMA CP USERNETWPIN Policy|This setting determines whether the OMA user network PIN signed message will be accepted. The message's role mask and the policy's role mask are combined using the AND operator. If the result is non-zero, then the message is accepted.

Default value: 256

Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE, SECROLE_OPERATOR_TPS| +|4144
Hex:1030|MMS Message Policy|This setting determines whether MMS messages will be processed. This policy's value specifies a role mask. If a message contains at least one of the roles in the role mask, then the message is processed.

Default value: 256 (SECROLE_KNOWN_PPG)

Supported values: SECROLE_KNOWN_PPG, SECROLE_ANY_PUSH_SOURCE|   - ## Remarks @@ -160,41 +57,11 @@ Security roles allow or restrict access to device resources. The security role i The following security roles are supported. - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Security roleDecimal valueDescription

SECROLE_OPERATOR_TPS

128

Trusted Provisioning Server.

-

Assigned to WAP messages that come from a Push Initiator that is authenticated (SECROLE_PPG_AUTH) by a trusted Push Proxy Gateway (SECROLE_TRUSTED_PPG), and where the Uniform Resource Identifier (URI) of the Push Initiator corresponds to the URI of the Trusted Provisioning Server (TPS) on the device.

-

The mobile operator can determine whether this role and the SECROLE_OPERATOR role require the same permissions.

SECROLE_KNOWN_PPG

256

Known Push Proxy Gateway.

-

Messages assigned this role indicate that the device knows the address to the Push Proxy Gateway.

SECROLE_ANY_PUSH_SOURCE

4096

Push Router.

-

Messages received by the push router will be assigned to this role.

+|Security role|Decimal value|Description| +|--- |--- |--- | +|SECROLE_OPERATOR_TPS|128|Trusted Provisioning Server.
Assigned to WAP messages that come from a Push Initiator that is authenticated (SECROLE_PPG_AUTH) by a trusted Push Proxy Gateway (SECROLE_TRUSTED_PPG), and where the Uniform Resource Identifier (URI) of the Push Initiator corresponds to the URI of the Trusted Provisioning Server (TPS) on the device.
The mobile operator can determine whether this role and the SECROLE_OPERATOR role require the same permissions.| +|SECROLE_KNOWN_PPG|256|Known Push Proxy Gateway.
Messages assigned this role indicate that the device knows the address to the Push Proxy Gateway.| +|SECROLE_ANY_PUSH_SOURCE|4096|Push Router.
Messages received by the push router will be assigned to this role.|   @@ -271,28 +138,10 @@ Querying a security policy: The following table shows the Microsoft custom elements that this Configuration Service Provider supports for OMA Client Provisioning. - ---- - - - - - - - - - - - - - - - - -
ElementsAvailable

parm-query

Yes

noparm

Yes. If this is used, then the policy is set to 0 by default (corresponding to the most restrictive of policy values).

+|Elements|Available| +|--- |--- | +|parm-query|Yes| +|noparm|Yes. If this is used, then the policy is set to 0 by default (corresponding to the most restrictive of policy values).|   diff --git a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md index 2b482383bd..3533bdee35 100644 --- a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md +++ b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md @@ -22,32 +22,10 @@ Each message is composed of a header, specified by the SyncHdr element, and a me The following table shows the OMA DM versions that are supported. - ---- - - - - - - - - - - - - - - - - -
VersionFormat

OMA DM version 1.1.2

<SyncML xmlns='SYNCML:SYNCML1.1'>

-

</SyncML>

OMA DM version 1.2

<SyncML xmlns='SYNCML:SYNCML1.2'>

-

</SyncML>

- -  +|Version|Format| +|--- |--- | +|OMA DM version 1.1.2|<SyncML xmlns='SYNCML:SYNCML1.1'>

</SyncML>| +|OMA DM version 1.2|<SyncML xmlns='SYNCML:SYNCML1.2'>

</SyncML>| ## File format diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md index e41a8c2374..f9d75a8612 100644 --- a/windows/client-management/mdm/supl-csp.md +++ b/windows/client-management/mdm/supl-csp.md @@ -16,45 +16,10 @@ ms.date: 09/12/2019 The SUPL configuration service provider is used to configure the location client, as shown in the following table: - ----- - - - - - - - - - - - - - - - - - - - -
Location ServiceSUPLV2 UPL

Connection type

All connections other than CDMA

CDMA

Configuration

    -

  • Settings that need to get pushed to the GNSS driver to configure the SUPL behavior:

    -
      -

    • Address of the Home SUPL (H-SLP) server.

      • -

    • H-SLP server certificate.

      • -

    • Positioning method.

      • -

    • Version of the protocol to use by default.

      • -
    • -

  • MCC/MNC value pairs which are used to specify which networks' UUIC the SUPL account matches.

    • -
    -

  • Address of the server — a mobile positioning center for non-trusted mode.

    • -

  • The positioning method used by the MPC for non-trusted mode.

    • -
- +|Location Service|SUPL|V2 UPL| +|--- |--- |--- | +|Connection type|All connections other than CDMA|CDMA| +|Configuration|

  • Settings that need to get pushed to the GNSS driver to configure the SUPL behavior
  • MCC/MNC value pairs which are used to specify which networks' UUIC the SUPL account matches.|
  • Address of the server — a mobile positioning center for non-trusted mode.
  • The positioning method used by the MPC for non-trusted mode.|   The SUPL or V2 UPL connection will be reconfigured every time the device is rebooted, a new UICC is inserted, or new settings are provisioned by using OMA Client Provisioning, OMA DM, or test tools. When the device is in roaming mode, it reverts to Mobile Station Standalone mode, in which only the built–in Microsoft location components are used. @@ -126,44 +91,14 @@ For OMA DM, if the format for this node is incorrect the entry will be ignored a **HighAccPositioningMethod** Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The value can be one of the following integers: - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ValueDescription

    0

    None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection and ephemeris data) from the Microsoft Positioning Service.

    1

    Mobile Station Assisted: The device contacts the H-SLP server to obtain a position. The H-SLP does the calculation of the position and returns it to the device.

    2

    Mobile Station Based: The device obtains location-aiding data (almanac, ephemeris data, time and coarse initial position of the device) from the H-SLP server, and the device uses this information to help GPS obtain a fix. All position calculations are done in the device.

    3

    Mobile Station Standalone: The device obtains assistance as required from the Microsoft location services.

    4

    OTDOA

    5

    AFLT

    +|Value|Description| +|--- |--- | +|0|None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection and ephemeris data) from the Microsoft Positioning Service.| +|1|Mobile Station Assisted: The device contacts the H-SLP server to obtain a position. The H-SLP does the calculation of the position and returns it to the device.| +|2|Mobile Station Based: The device obtains location-aiding data (almanac, ephemeris data, time and coarse initial position of the device) from the H-SLP server, and the device uses this information to help GPS obtain a fix. All position calculations are done in the device.| +|3|Mobile Station Standalone: The device obtains assistance as required from the Microsoft location services.| +|4|OTDOA| +|5|AFLT|   @@ -180,44 +115,13 @@ Optional. Boolean. Specifies whether the location toggle on the **location** scr This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Location toggle settingLocMasterSwitchDependencyNII settingNI request processing allowed

    On

    0

    Yes

    On

    1

    Yes

    Off

    0

    Yes

    Off

    1

    No (unless privacyOverride is set)

    +|Location toggle setting|LocMasterSwitchDependencyNII setting|NI request processing allowed| +|--- |--- |--- | +|On|0|Yes| +|On|1|Yes| +|Off|0|Yes| +|Off|1|No (unless privacyOverride is set)| -  When the location toggle is set to Off and this value is set to 1, the following application requests will fail: @@ -309,42 +213,13 @@ Optional. The address of the Position Determination Entity (PDE), in the format **PositioningMethod\_MR** Optional. Specifies the positioning method that the SUPL client will use for mobile originated position requests. The value can be one of the following integers: - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ValueDescription

    0

    None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection, and ephemeris data) from the Microsoft Positioning Service.

    1

    Mobile Station Assisted: The device contacts the H-SLP server to obtain a position. The H-SLP does the calculation of the position and returns it to the device.

    2

    Mobile Station Based: The device obtains location-aiding data (almanac, ephemeris data, time and coarse initial position of the device) from the H-SLP server, and the device uses this information to help GPS obtain a fix. All position calculations are done in the device.

    3

    Mobile Station Standalone: The device obtains assistance as required from the Microsoft location services.

    4

    AFLT

    - -  +|Value|Description| +|--- |--- | +|0|None: The device uses the default positioning method. In this default mode, the GNSS obtains assistance (time injection, coarse position injection, and ephemeris data) from the Microsoft Positioning Service.| +|1|Mobile Station Assisted: The device contacts the H-SLP server to obtain a position. The H-SLP does the calculation of the position and returns it to the device.| +|2|Mobile Station Based: The device obtains location-aiding data (almanac, ephemeris data, time and coarse initial position of the device) from the H-SLP server, and the device uses this information to help GPS obtain a fix. All position calculations are done in the device.| +|3|Mobile Station Standalone: The device obtains assistance as required from the Microsoft location services.| +|4|AFLT| The default is 0. The default method provides high-quality assisted GNSS positioning for mobile originated position requests without loading the mobile operator’s network or location services. @@ -359,44 +234,12 @@ Optional. Boolean. Specifies whether the location toggle on the **location** scr This value manages the settings for both SUPL and v2 UPL. If a device is configured for both SUPL and V2 UPL and these values differ, the SUPL setting will always be used. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Location toggle settingLocMasterSwitchDependencyNII settingNI request processing allowed

    On

    0

    Yes

    On

    1

    Yes

    Off

    0

    Yes

    Off

    1

    No (unless privacyOverride is set)

    - -  +|Location toggle setting|LocMasterSwitchDependencyNII setting|NI request processing allowed| +|--- |--- |--- | +|On|0|Yes| +|On|1|Yes| +|Off|0|Yes| +|Off|1|No (unless privacyOverride is set)| When the location toggle is set to Off and this value is set to 1, the following application requests will fail: @@ -584,30 +427,12 @@ Adding a SUPL account to a device. Values in italic must be replaced with correc The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning. - ---- - - - - - - - - - - - - - - - - -
    ElementsAvailable

    parm-query

    Yes

    characteristic-query

    Yes

    -

    Recursive query: No

    -

    Top level query: No

    +|Elements|Available| +|--- |--- | +|parm-query|Yes| +|characteristic-query|Yes +Recursive query: No +Top level query: No|   ## Related topics diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index 147c460f3b..a5282427d8 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -208,57 +208,14 @@ SurfaceHub **DeviceAccount/ErrorContext**

    If there is an error calling ValidateAndCommit, there is additional context for that error in this node. Here are the possible error values: - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ErrorContext valueStage where error occurredDescription and suggestions

    1

    Unknown

    2

    Populating account

    Unable to retrieve account details using the username and password you provided.

    -
      -
    • For Azure AD accounts, ensure that UserPrincipalName and Password are valid.
      • -
    • For AD accounts, ensure that DomainName, UserName, and Password are valid.
      • -
    • Ensure that the specified account has an Exchange server mailbox.
      • -

    3

    Populating Exchange server address

    Unable to auto-discover your Exchange server address. Try to manually specify the Exchange server address using the ExchangeServer field.

    4

    Validating Exchange server address

    Unable to validate the Exchange server address. Ensure that the ExchangeServer field is valid.

    5

    Saving account information

    Unable to save account details to the system.

    6

    Validating EAS policies

    The device account uses an unsupported EAS policy. Make sure the EAS policy is configured correctly according to the admin guide.

    +|ErrorContext value|Stage where error occurred|Description and suggestions| +|--- |--- |--- | +|1|Unknown|| +|2|Populating account|Unable to retrieve account details using the username and password you provided.

  • For Azure AD accounts, ensure that UserPrincipalName and Password are valid.
  • For AD accounts, ensure that DomainName, UserName, and Password are valid.
  • Ensure that the specified account has an Exchange server mailbox.| +|3|Populating Exchange server address|Unable to auto-discover your Exchange server address. Try to manually specify the Exchange server address using the ExchangeServer field.| +|4|Validating Exchange server address|Unable to validate the Exchange server address. Ensure that the ExchangeServer field is valid.| +|5|Saving account information|Unable to save account details to the system.| +|6|Validating EAS policies|The device account uses an unsupported EAS policy. Make sure the EAS policy is configured correctly according to the admin guide.|  

    The data type is integer. Supported operation is Get. @@ -343,26 +300,11 @@ SurfaceHub **InBoxApps/WirelessProjection/Channel**

    Wireless channel to use for Miracast operation. The supported channels are defined by the Wi-Fi Alliance Wi-Fi Direct specification. - ---- - - - - - - - - - - - - - - -

    Works with all Miracast senders in all regions

    1, 3, 4, 5, 6, 7, 8, 9, 10, 11

    Works with all 5ghz band Miracast senders in all regions

    36, 40, 44, 48

    Works with all 5ghz band Miracast senders in all regions except Japan

    149, 153, 157, 161, 165

    +|Compatibility|Values| +|--- |--- | +|Works with all Miracast senders in all regions|1, 3, 4, 5, 6, 7, 8, 9, 10, 11| +|Works with all 5ghz band Miracast senders in all regions|36, 40, 44, 48| +|Works with all 5ghz band Miracast senders in all regions except Japan|149, 153, 157, 161, 165|

    The default value is 255. Outside of regulatory concerns, if the channel is configured incorrectly the driver will either not boot, or will broadcast on the wrong channel (which senders won't be looking for). @@ -397,50 +339,19 @@ SurfaceHub

    The following table shows the permitted values. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ValueDescription
    0Never time out
    11 minute
    22 minutes
    33 minutes
    55 minutes (default)
    1010 minutes
    1515 minutes
    3030 minutes
    601 hour
    1202 hours
    2404 hours
    +|Value|Description| +|--- |--- | +|0|Never time out| +|1|1 minute| +|2|2 minutes| +|3|3 minutes| +|5|5 minutes (default)| +|10|10 minutes| +|15|15 minutes| +|30|30 minutes| +|60|1 hour| +|120|2 hours| +|240|4 hours|

    The data type is integer. Supported operation is Get and Replace. @@ -449,50 +360,19 @@ SurfaceHub

    The following table shows the permitted values. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ValueDescription
    0Never time out
    11 minute (default)
    22 minutes
    33 minutes
    55 minutes
    1010 minutes
    1515 minutes
    3030 minutes
    601 hour
    1202 hours
    2404 hours
    +|Value|Description| +|--- |--- | +|0|Never time out| +|1|1 minute (default)| +|2|2 minutes| +|3|3 minutes| +|5|5 minutes| +|10|10 minutes| +|15|15 minutes| +|30|30 minutes| +|60|1 hour| +|120|2 hours| +|240|4 hours|

    The data type is integer. Supported operation is Get and Replace. @@ -501,50 +381,19 @@ SurfaceHub

    The following table shows the permitted values. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ValueDescription
    0Never time out
    11 minute
    22 minutes
    33 minutes
    55 minutes (default)
    1010 minutes
    1515 minutes
    3030 minutes
    601 hour
    1202 hours
    2404 hours
    +|Value|Description| +|--- |--- | +|0|Never time out| +|1|1 minute| +|2|2 minutes| +|3|3 minutes| +|5|5 minutes (default)| +|10|10 minutes| +|15|15 minutes| +|30|30 minutes| +|60|1 hour| +|120|2 hours| +|240|4 hours|

    The data type is integer. Supported operation is Get and Replace. From 2bbdf90c7ba9d554324e92780a80e399b496c41a Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Fri, 26 Nov 2021 13:24:54 +0530 Subject: [PATCH 02/47] Acrolinx fix --- windows/client-management/mdm/registry-csp.md | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/windows/client-management/mdm/registry-csp.md b/windows/client-management/mdm/registry-csp.md index 19677b94d4..c71fa92829 100644 --- a/windows/client-management/mdm/registry-csp.md +++ b/windows/client-management/mdm/registry-csp.md @@ -33,7 +33,7 @@ For OMA Client Provisioning, the follows notes apply: - This documentation describes the default characteristics. Additional characteristics may be added. -- Because the **Registry** configuration service provider uses the backslash (\\) character as a separator between key names, backslashes which occur in the name of a registry key must be escaped. Backslashes can be escaped by using two sequential backslashes (\\\\). +- Because the **Registry** configuration service provider uses the backslash (\\) character as a separator between key names, backslashes, which occur in the name of a registry key must be escaped. Backslashes can be escaped by using two sequential backslashes (\\\\). The default security role maps to each subnode unless specific permission is granted to the subnode. The security role for subnodes is implementation specific, and can be changed by OEMs and mobile operators. @@ -43,12 +43,12 @@ The following table shows the Microsoft custom elements that this configuration |Elements|Available| |--- |--- | -|parm-query|Yes| -|noparm|Yes| -|nocharacteristic|Yes| -|characteristic-query|Yes +|Parm-query|Yes| +|Noparm|Yes| +|Uncharacteristic|Yes| +|Characteristic-query|Yes Recursive query: Yes -Top level query: No| +Top-level query: No|   Use these elements to build standard OMA Client Provisioning configuration XML. For information about specific elements, see MSPROV DTD elements. @@ -60,18 +60,18 @@ The following table shows the data types this configuration service provider sup |XML Data Type|Native Registry Type|XML Format| |--- |--- |--- | -|integer|REG_DWORD|Integer. A query of this parameter returns an integer type.| -|boolean|REG_DWORD|Integer value of 1 or 0. A query of this parameter returns an integer type.| -|float|REG_SZ|Float. A query of this parameter returns a string type.| -|string|REG_SZ|String. A query of this parameter returns a string type.| -|multiplestring|REG_MULTI_SZ|Multiple strings are separated by **** and ended with two **** - A query of this parameter returns a multi-string type.| -|binary|REG_BINARY|Base64 encoded. A query of this parameter returns a binary type.| -|time|FILETIME in REG_BINARY|The time format conforms to the ISO8601 standard, with the date portion optional. If the date portion is omitted, also omit the "T" delimiter. A query of this parameter returns a binary type.| -|date|FILETIME in REG_BINARY|The date format conforms to the ISO8601 standard, with the time portion optional. If the time portion is omitted, also omit the "T" delimiter. A query of this parameter returns a binary type.| +|Integer|REG_DWORD|Integer. A query of this parameter returns an integer type.| +|Boolean|REG_DWORD|Integer value of 1 or 0. A query of this parameter returns an integer type.| +|Float|REG_SZ|Float. A query of this parameter returns a string type.| +|String|REG_SZ|String. A query of this parameter returns a string type.| +|multiple string|REG_MULTI_SZ|Multiple strings are separated by **** and ended with two **** - A query of this parameter returns a multi-string type.| +|Binary|REG_BINARY|Base64 encoded. A query of this parameter returns a binary type.| +|Time|FILETIME in REG_BINARY|The time format conforms to the ISO8601 standard, with the date portion optional. If the date portion is omitted, also omit the "T" delimiter. A query of this parameter returns a binary type.| +|Date|FILETIME in REG_BINARY|The date format conforms to the ISO8601 standard, with the time portion optional. If the time portion is omitted, also omit the "T" delimiter. A query of this parameter returns a binary type.|   -It is not possible to access registry keys nested under the current path by using the Registry configuration service provider. Instead, the values of the sub-key must be accessed separately by using a new characteristic. +It is not possible to access registry keys nested under the current path by using the Registry configuration service provider. Instead, the values of the subkey must be accessed separately by using a new characteristic. ## Related topics From 3333313a7002f9a1547e751e80dba16665488b4d Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Mon, 29 Nov 2021 14:20:42 +0530 Subject: [PATCH 03/47] Html to md table Update- batch 23 Converted html tables into markdown format --- .../mdm/wmi-providers-supported-in-windows.md | 189 ++-------- ...changes-to-start-policies-in-windows-10.md | 97 +---- .../customize-and-export-start-layout.md | 45 +-- .../lockdown-features-windows-10.md | 109 +----- ...v-application-template-schema-reference.md | 261 +++---------- ...anging-the-frequency-of-scheduled-tasks.md | 150 +------- ...nfiguring-uev-with-group-policy-objects.md | 158 ++------ ...ith-system-center-configuration-manager.md | 55 +-- ...anage-administrative-backup-and-restore.md | 60 +-- ...plates-using-windows-powershell-and-wmi.md | 264 +++---------- ...ackages-with-windows-powershell-and-wmi.md | 349 +++--------------- .../ue-v/uev-security-considerations.md | 143 ++----- .../ue-v/uev-sync-trigger-events.md | 98 +---- ...synchronizing-microsoft-office-with-uev.md | 89 +---- windows/deployment/mbr-to-gpt.md | 4 +- 15 files changed, 335 insertions(+), 1736 deletions(-) diff --git a/windows/client-management/mdm/wmi-providers-supported-in-windows.md b/windows/client-management/mdm/wmi-providers-supported-in-windows.md index 7dfbe89239..d03e4dadc8 100644 --- a/windows/client-management/mdm/wmi-providers-supported-in-windows.md +++ b/windows/client-management/mdm/wmi-providers-supported-in-windows.md @@ -51,163 +51,46 @@ Result ## MDM Bridge WMI classes - For links to these classes, see [**MDM Bridge WMI Provider**](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal). ## MDM WMI classes - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ClassTest completed in Windows 10 for desktop
    MDM_AppInstallJob

    Currently testing.

    MDM_Application

    Currently testing.

    MDM_ApplicationFramework

    Currently testing.

    MDM_ApplicationSetting

    Currently testing.

    MDM_BrowserSecurityZonesYes
    MDM_BrowserSettingsYes
    MDM_CertificateYes
    MDM_CertificateEnrollmentYes
    MDM_Client

    Currently testing.

    MDM_ConfigSettingYes
    MDM_DeviceRegistrationInfo
    MDM_EASPolicyYes
    MDM_MgMtAuthorityYes
    MDM_MsiApplication
    MDM_MsiInstallJob
    MDM_RemoteApplication

    Test not started.

    MDM_RemoteAppUseCookie

    Test not started.

    MDM_RestrictionsYes
    MDM_RestrictionsUser

    Test not started.

    MDM_SecurityStatusYes
    MDM_SideLoader
    MDM_SecurityStatusUser

    Currently testing.

    MDM_UpdatesYes
    MDM_VpnApplicationTriggerYes
    MDM_VpnConnection
    MDM_WebApplication

    Currently testing.

    MDM_WirelessProfileYes
    MDM_WirelesssProfileXMLYes
    MDM_WNSChannelYes
    MDM_WNSConfigurationYes
    MSFT_NetFirewallProfileYes
    MSFT_VpnConnectionYes
    SoftwareLicensingProduct
    SoftwareLicensingService
    - - +|Class|Test completed in Windows 10 for desktop| +|--- |--- | +|[**MDM_AppInstallJob**](/previous-versions/windows/desktop/mdmappprov/mdm-appinstalljob)|Currently testing.| +|[**MDM_Application**](/previous-versions/windows/desktop/mdmappprov/mdm-application)|Currently testing.| +|[**MDM_ApplicationFramework**](/previous-versions/windows/desktop/mdmappprov/mdm-applicationframework)|Currently testing.| +|[**MDM_ApplicationSetting**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-applicationsetting)|Currently testing.| +|[**MDM_BrowserSecurityZones**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-browsersecurityzones)|Yes| +|[**MDM_BrowserSettings**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-browsersettings)|Yes| +|[**MDM_Certificate**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-certificate)|Yes| +|[**MDM_CertificateEnrollment**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-certificateenrollment)|Yes| +|[**MDM_Client**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-client)|Currently testing.| +|[**MDM_ConfigSetting**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-configsetting)|Yes| +|[**MDM_DeviceRegistrationInfo**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-deviceregistrationinfo)|| +|[**MDM_EASPolicy**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-easpolicy)|Yes| +|[**MDM_MgMtAuthority**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-mgmtauthority)|Yes| +|**MDM_MsiApplication**|| +|**MDM_MsiInstallJob**|| +|[**MDM_RemoteApplication**](/previous-versions/windows/desktop/mdmappprov/mdm-remoteapplication)|Test not started.| +|[**MDM_RemoteAppUseCookie**](/previous-versions/windows/desktop/mdmappprov/mdm-remoteappusercookie)|Test not started.| +|[**MDM_Restrictions**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-restrictions)|Yes| +|[**MDM_RestrictionsUser**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-restrictionsuser)|Test not started.| +|[**MDM_SecurityStatus**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-securitystatus)|Yes| +|[**MDM_SideLoader**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-sideloader)|| +|[**MDM_SecurityStatusUser**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-securitystatususer)|Currently testing.| +|[**MDM_Updates**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-updates)|Yes| +|[**MDM_VpnApplicationTrigger**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-vpnapplicationtrigger)|Yes| +|**MDM_VpnConnection**|| +|[**MDM_WebApplication**](/previous-versions/windows/desktop/mdmappprov/mdm-webapplication)|Currently testing.| +|[**MDM_WirelessProfile**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wirelessprofile)|Yes| +|[**MDM_WirelesssProfileXML**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wirelessprofilexml)|Yes| +|[**MDM_WNSChannel**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wnschannel)|Yes| +|[**MDM_WNSConfiguration**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wnsconfiguration)|Yes| +|[**MSFT_NetFirewallProfile**](/previous-versions/windows/desktop/wfascimprov/msft-netfirewallprofile)|Yes| +|[**MSFT_VpnConnection**](/previous-versions/windows/desktop/vpnclientpsprov/msft-vpnconnection)|Yes| +|[**SoftwareLicensingProduct**](/previous-versions/windows/desktop/sppwmi/softwarelicensingproduct)|| +|[**SoftwareLicensingService**](/previous-versions/windows/desktop/sppwmi/softwarelicensingservice)|| ### Parental control WMI classes diff --git a/windows/configuration/changes-to-start-policies-in-windows-10.md b/windows/configuration/changes-to-start-policies-in-windows-10.md index 2deeb1c576..6d1d2b4a1c 100644 --- a/windows/configuration/changes-to-start-policies-in-windows-10.md +++ b/windows/configuration/changes-to-start-policies-in-windows-10.md @@ -29,85 +29,24 @@ Windows 10 has a brand new Start experience. As a result, there are changes to These policy settings are available in **Administrative Templates\\Start Menu and Taskbar** under **User Configuration**. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    PolicyNotes
    Clear history of recently opened documents on exitDocuments that the user opens are tracked during the session. When the user signs off, the history of opened documents is deleted.
    Do not allow pinning items in Jump ListsJump Lists are lists of recently opened items, such as files, folders, or websites, organized by the program that you use to open them. This policy prevents users from pinning items to any Jump List.
    Do not display or track items in Jump Lists from remote locationsWhen this policy is applied, only items local on the computer are shown in Jump Lists.
    Do not keep history of recently opened documentsDocuments that the user opens are not tracked during the session.
    Prevent changes to Taskbar and Start Menu SettingsIn Windows 10, this disables all of the settings in Settings > Personalization > Start as well as the options in dialog available via right-click Taskbar > Properties
    Prevent users from customizing their Start Screen

    Use this policy in conjunction with a customized Start layout to prevent users from changing it

    Prevent users from uninstalling applications from StartIn Windows 10, this removes the uninstall button in the context menu. It does not prevent users from uninstalling the app through other entry points (e.g. PowerShell)
    Remove All Programs list from the Start menuIn Windows 10, this removes the All apps button.
    Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commandsThis removes the Shut Down, Restart, Sleep, and Hibernate commands from the Start Menu, Start Menu power button, CTRL+ALT+DEL screen, and Alt+F4 Shut Down Windows menu.
    Remove common program groups from Start MenuAs in earlier versions of Windows, this removes apps specified in the All Users profile from Start
    Remove frequent programs list from the Start MenuIn Windows 10, this removes the top left Most used group of apps.
    Remove Logoff on the Start MenuLogoff has been changed to Sign Out in the user interface, however the functionality is the same.
    Remove pinned programs list from the Start MenuIn Windows 10, this removes the bottom left group of apps (by default, only File Explorer and Settings are pinned).
    Show "Run as different user" command on StartThis enables the Run as different user option in the right-click menu for apps.
    Start Layout

    This applies a specific Start layout, and it also prevents users from changing the layout. This policy can be configured in User Configuration or Computer Configuration.

    -
    - -
    Force Start to be either full screen size or menu sizeThis applies a specific size for Start.
    - +|Policy|Notes| +|--- |--- | +|Clear history of recently opened documents on exit|Documents that the user opens are tracked during the session. When the user signs off, the history of opened documents is deleted.| +|Do not allow pinning items in Jump Lists|Jump Lists are lists of recently opened items, such as files, folders, or websites, organized by the program that you use to open them. This policy prevents users from pinning items to any Jump List.| +|Do not display or track items in Jump Lists from remote locations|When this policy is applied, only items local on the computer are shown in Jump Lists.| +|Do not keep history of recently opened documents|Documents that the user opens are not tracked during the session.| +|Prevent changes to Taskbar and Start Menu Settings|In Windows 10, this disables all of the settings in **Settings** > **Personalization** > **Start** as well as the options in dialog available via right-click Taskbar > **Properties**| +|Prevent users from customizing their Start Screen|Use this policy in conjunction with a [customized Start layout](windows-10-start-layout-options-and-policies.md) to prevent users from changing it| +|Prevent users from uninstalling applications from Start|In Windows 10, this removes the uninstall button in the context menu. It does not prevent users from uninstalling the app through other entry points (e.g. PowerShell)| +|Remove All Programs list from the Start menu|In Windows 10, this removes the **All apps** button.| +|Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands|This removes the Shut Down, Restart, Sleep, and Hibernate commands from the Start Menu, Start Menu power button, CTRL+ALT+DEL screen, and Alt+F4 Shut Down Windows menu.| +|Remove common program groups from Start Menu|As in earlier versions of Windows, this removes apps specified in the All Users profile from Start| +|Remove frequent programs list from the Start Menu|In Windows 10, this removes the top left **Most used** group of apps.| +|Remove Logoff on the Start Menu|**Logoff** has been changed to **Sign Out** in the user interface, however the functionality is the same.| +|Remove pinned programs list from the Start Menu|In Windows 10, this removes the bottom left group of apps (by default, only File Explorer and Settings are pinned).| +|Show "Run as different user" command on Start|This enables the **Run as different user** option in the right-click menu for apps.| +|Start Layout|This applies a specific Start layout, and it also prevents users from changing the layout. This policy can be configured in **User Configuration** or **Computer Configuration**.| +|Force Start to be either full screen size or menu size|This applies a specific size for Start.| ## Deprecated Group Policy settings for Start diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/customize-and-export-start-layout.md index f50e213ce8..d78cf4b515 100644 --- a/windows/configuration/customize-and-export-start-layout.md +++ b/windows/configuration/customize-and-export-start-layout.md @@ -105,34 +105,23 @@ When you have the Start layout that you want your users to see, use the [Export- Example of a layout file produced by `Export-StartLayout`: - - - - - - - - - - - - - - - -
    XML
    <LayoutModificationTemplate Version="1" xmlns="https://schemas.microsoft.com/Start/2014/LayoutModification">
-      <DefaultLayoutOverride>
-        <StartLayoutCollection>
-          <defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout="https://schemas.microsoft.com/Start/2014/FullDefaultLayout">
-            <start:Group Name="Life at a glance" xmlns:start="https://schemas.microsoft.com/Start/2014/StartLayout">
-              <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
-              <start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI" />
-              <start:Tile Size="2x2" Column="2" Row="0" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
-            </start:Group>        
-          </defaultlayout:StartLayout>
-        </StartLayoutCollection>
-      </DefaultLayoutOverride>
-    </LayoutModificationTemplate>
    +```xml + + + + + + + + + + + + + + + +``` 3. (Optional) Edit the .xml file to add [a taskbar configuration](configure-windows-10-taskbar.md) or to [modify the exported layout](start-layout-xml-desktop.md). When you make changes to the exported layout, be aware that [the order of the elements in the .xml file is critical.](start-layout-xml-desktop.md#required-order) diff --git a/windows/configuration/lockdown-features-windows-10.md b/windows/configuration/lockdown-features-windows-10.md index df13bd302b..38da2ca1ca 100644 --- a/windows/configuration/lockdown-features-windows-10.md +++ b/windows/configuration/lockdown-features-windows-10.md @@ -23,97 +23,18 @@ ms.localizationpriority: medium Many of the lockdown features available in Windows Embedded 8.1 Industry have been modified in some form for Windows 10. This table maps Windows Embedded Industry 8.1 features to Windows 10 Enterprise features, along with links to documentation. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Windows Embedded 8.1 Industry lockdown featureWindows 10 featureChanges

    Hibernate Once/Resume Many (HORM): Quick boot to device

    		HORM

    HORM is supported in Windows 10, version 1607 and later.

    Unified Write Filter: protect a device's physical storage media

    		Unified Write Filter

    The Unified Write Filter is continued in Windows 10.

    Keyboard Filter: block hotkeys and other key combinations

    		Keyboard Filter

    Keyboard filter is added in Windows 10, version 1511. As in Windows Embedded Industry 8.1, Keyboard Filter is an optional component that can be turned on via Turn Windows Features On/Off. Keyboard Filter (in addition to the WMI configuration previously available) will be configurable through Windows Imaging and Configuration Designer (ICD) in the SMISettings path.

    Shell Launcher: launch a Windows desktop application on sign-on

    		Shell Launcher

    Shell Launcher continues in Windows 10. It is now configurable in Windows ICD under the SMISettings category.

    -

    Learn how to use Shell Launcher to create a kiosk device that runs a Windows desktop application.

    Application Launcher: launch a Universal Windows Platform (UWP) app on sign-on

    		Assigned Access

    The Windows 8 Application Launcher has been consolidated into Assigned Access. Application Launcher enabled launching a Windows 8 app and holding focus on that app. Assigned Access offers a more robust solution for ensuring that apps retain focus.

    Dialog Filter: suppress system dialogs and control which processes can run

    		AppLocker

    Dialog Filter has been deprecated for Windows 10. Dialog Filter provided two capabilities; the ability to control which processes were able to run, and the ability to prevent dialogs (in practice, system dialogs) from appearing.

    -
      -

    • Control over which processes are able to run will now be provided by AppLocker.

      • -

    • System dialogs in Windows 10 have been replaced with system toasts. To see more on blocking system toasts, see Toast Notification Filter below.

      • -

    Toast Notification Filter: suppress toast notifications

    		Mobile device management (MDM) and Group Policy

    Toast Notification Filter has been replaced by MDM and Group Policy settings for blocking the individual components of non-critical system toasts that may appear. For example, to prevent a toast from appearing when a USB drive is connected, ensure that USB connections have been blocked using the USB-related policies, and turn off notifications from apps.

    -

    Group Policy: User Configuration > Administrative Templates > Start Menu and Taskbar > Notifications

    -

    MDM policy name may vary depending on your MDM service. In Microsoft Intune, use Allow action center notifications and a custom OMA-URI setting for AboveLock/AllowActionCenterNotifications.

    Embedded Lockdown Manager: configure lockdown features

    		Windows Imaging and Configuration Designer (ICD)

    The Embedded Lockdown Manager has been deprecated for Windows 10 and replaced by the Windows ICD. Windows ICD is the consolidated tool for Windows imaging and provisioning scenarios and enables configuration of all Windows settings, including the lockdown features previously configurable through Embedded Lockdown Manager.

    USB Filter: restrict USB devices and peripherals on system

    		MDM and Group Policy

    The USB Filter driver has been replaced by MDM and Group Policy settings for blocking the connection of USB devices.

    -

    Group Policy: Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions

    -

    MDM policy name may vary depending on your MDM service. In Microsoft Intune, use Removable storage.

    Assigned Access: launch a UWP app on sign-in and lock access to system

    		Assigned Access

    Assigned Access has undergone significant improvement for Windows 10. In Windows 8.1, Assigned Access blocked system hotkeys and edge gestures, and non-critical system notifications, but it also applied some of these limitations to other accounts on the device.

    -

    In Windows 10, Assigned Access no longer affects accounts other than the one being locked down. Assigned Access now restricts access to other apps or system components by locking the device when the selected user account logs in and launching the designated app above the lock screen, ensuring that no unintended functionality can be accessed.

    -

    Learn how to use Assigned Access to create a kiosk device that runs a Universal Windows app.

    Gesture Filter: block swipes from top, left, and right edges of screen

    		MDM and Group Policy

    In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. In Windows 10, Charms have been removed. In Windows 10, version 1607, you can block swipes using the Allow edge swipe policy.

    Custom Logon: suppress Windows UI elements during Windows sign-on, sign-off, and shutdown

    		Embedded Logon

    No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.

    Unbranded Boot: custom brand a device by removing or replacing Windows boot UI elements

    		Unbranded Boot

    No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.

    - - +|Windows Embedded 8.1 Industry lockdown feature|Windows 10 feature|Changes| +|--- |--- |--- | +|[Hibernate Once/Resume Many (HORM)](/previous-versions/windows/embedded/dn449302(v=winembedded.82)): Quick boot to device|[HORM](/windows-hardware/customize/enterprise/hibernate-once-resume-many-horm-)|HORM is supported in Windows 10, version 1607 and later.| +|[Unified Write Filter](/previous-versions/windows/embedded/dn449332(v=winembedded.82)): protect a device's physical storage media|[Unified Write Filter](/windows-hardware/customize/enterprise/unified-write-filter)|The Unified Write Filter is continued in Windows 10.| +|[Keyboard Filter](/previous-versions/windows/embedded/dn449298(v=winembedded.82)): block hotkeys and other key combinations|[Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter)|Keyboard filter is added in Windows 10, version 1511. As in Windows Embedded Industry 8.1, Keyboard Filter is an optional component that can be turned on via **Turn Windows Features On/Off**. Keyboard Filter (in addition to the WMI configuration previously available) will be configurable through Windows Imaging and Configuration Designer (ICD) in the SMISettings path.| +|[Shell Launcher](/previous-versions/windows/embedded/dn449423(v=winembedded.82)): launch a Windows desktop application on sign-on|[Shell Launcher](/windows-hardware/customize/enterprise/shell-launcher)|Shell Launcher continues in Windows 10. It is now configurable in Windows ICD under the **SMISettings** category.
    Learn [how to use Shell Launcher to create a kiosk device](/windows/configuration/kiosk-single-app) that runs a Windows desktop application.| +|[Application Launcher](/previous-versions/windows/embedded/dn449251(v=winembedded.82)): launch a Universal Windows Platform (UWP) app on sign-on|[Assigned Access](/windows/client-management/mdm/assignedaccess-csp)|The Windows 8 Application Launcher has been consolidated into Assigned Access. Application Launcher enabled launching a Windows 8 app and holding focus on that app. Assigned Access offers a more robust solution for ensuring that apps retain focus.| +|[Dialog Filter](/previous-versions/windows/embedded/dn449395(v=winembedded.82)): suppress system dialogs and control which processes can run|[AppLocker](/windows/device-security/applocker/applocker-overview)|Dialog Filter has been deprecated for Windows 10. Dialog Filter provided two capabilities; the ability to control which processes were able to run, and the ability to prevent dialogs (in practice, system dialogs) from appearing.

  • Control over which processes are able to run will now be provided by AppLocker.
  • System dialogs in Windows 10 have been replaced with system toasts. To see more on blocking system toasts, see Toast Notification Filter below.| +|[Toast Notification Filter](/previous-versions/windows/embedded/dn449360(v=winembedded.82)): suppress toast notifications|Mobile device management (MDM) and Group Policy|Toast Notification Filter has been replaced by MDM and Group Policy settings for blocking the individual components of non-critical system toasts that may appear. For example, to prevent a toast from appearing when a USB drive is connected, ensure that USB connections have been blocked using the USB-related policies, and turn off notifications from apps.
    Group Policy: **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications**
    MDM policy name may vary depending on your MDM service. In Microsoft Intune, use **Allow action center notifications** and a [custom OMA-URI setting](https://go.microsoft.com/fwlink/p/?LinkID=616317) for **AboveLock/AllowActionCenterNotifications**.| +|[Embedded Lockdown Manager](/previous-versions/windows/embedded/dn449279(v=winembedded.82)): configure lockdown features|[Windows Imaging and Configuration Designer (ICD)](/windows/configuration/provisioning-packages/provisioning-install-icd)|The Embedded Lockdown Manager has been deprecated for Windows 10 and replaced by the Windows ICD. Windows ICD is the consolidated tool for Windows imaging and provisioning scenarios and enables configuration of all Windows settings, including the lockdown features previously configurable through Embedded Lockdown Manager.| +|[USB Filter](/previous-versions/windows/embedded/dn449350(v=winembedded.82)): restrict USB devices and peripherals on system|MDM and Group Policy|The USB Filter driver has been replaced by MDM and Group Policy settings for blocking the connection of USB devices.

    Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Device Installation** > **Device Installation Restrictions**
    MDM policy name may vary depending on your MDM service. In Microsoft Intune, use **Removable storage**.| +|[Assigned Access](/previous-versions/windows/embedded/dn449303(v=winembedded.82)): launch a UWP app on sign-in and lock access to system|[Assigned Access](/windows/client-management/mdm/assignedaccess-csp)|Assigned Access has undergone significant improvement for Windows 10. In Windows 8.1, Assigned Access blocked system hotkeys and edge gestures, and non-critical system notifications, but it also applied some of these limitations to other accounts on the device.
    In Windows 10, Assigned Access no longer affects accounts other than the one being locked down. Assigned Access now restricts access to other apps or system components by locking the device when the selected user account logs in and launching the designated app above the lock screen, ensuring that no unintended functionality can be accessed.

    Learn [how to use Assigned Access to create a kiosk device](/windows/configuration/kiosk-single-app) that runs a Universal Windows app.| +|[Gesture Filter](/previous-versions/windows/embedded/dn449374(v=winembedded.82)): block swipes from top, left, and right edges of screen|MDM and Group Policy|In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. In Windows 10, Charms have been removed. In Windows 10, version 1607, you can block swipes using the [Allow edge swipe](/windows/client-management/mdm/policy-configuration-service-provider#LockDown_AllowEdgeSwipe) policy.| +|[Custom Logon](/previous-versions/windows/embedded/dn449309(v=winembedded.82)): suppress Windows UI elements during Windows sign-on, sign-off, and shutdown|[Embedded Logon](/windows-hardware/customize/desktop/unattend/microsoft-windows-embedded-embeddedlogon)|No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.| +|[Unbranded Boot](/previous-versions/windows/embedded/dn449249(v=winembedded.82)): custom brand a device by removing or replacing Windows boot UI elements|[Unbranded Boot](/windows-hardware/customize/enterprise/unbranded-boot)|No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.| diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md index 1ac2f752ac..263c3d6b51 100644 --- a/windows/configuration/ue-v/uev-application-template-schema-reference.md +++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md @@ -108,52 +108,14 @@ Architecture enumerates two possible values: **Win32** and **Win64**. These valu **Process** The Process data type is a container used to describe processes to be monitored by UE-V. It contains six child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. This table details each element’s respective data type: - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Element

    Data Type

    Mandatory

    Filename

    FilenameString

    True

    Architecture

    Architecture

    False

    ProductName

    String

    False

    FileDescription

    String

    False

    ProductVersion

    ProcessVersion

    False

    FileVersion

    ProcessVersion

    False

    - - +|Element|Data Type|Mandatory| +|--- |--- |--- | +|Filename|FilenameString|True| +|Architecture|Architecture|False| +|ProductName|String|False| +|FileDescription|String|False| +|ProductVersion|ProcessVersion|False| +|FileVersion|ProcessVersion|False| **Processes** The Processes data type represents a container for a collection of one or more Process elements. Two child elements are supported in the Processes sequence type: **Process** and **ShellProcess**. Process is an element of type Process and ShellProcess is of data type Empty. At least one item must be identified in the sequence. @@ -177,32 +139,11 @@ FileSetting contains parameters associated with files and files paths. Four chil **Settings** Settings is a container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings described earlier. In addition, it can also contain the following child elements with behaviors described: - ---- - - - - - - - - - - - - - - - - - - -

    Element

    Description

    Asynchronous

    Asynchronous settings packages are applied without blocking the application startup so that the application start proceeds while the settings are still being applied. This is useful for settings that can be applied asynchronously, such as those get/set through an API, like SystemParameterSetting.

    PreventOverlappingSynchronization

    By default, UE-V only saves settings for an application when the last instance of an application using the template is closed. When this element is set to ‘false’, UE-V exports the settings even if other instances of an application are running. Suited templates – those that include a Common element section– that are shipped with UE-V use this flag to enable shared settings to always export on application close, while preventing application-specific settings from exporting until the last instance is closed.

    AlwaysApplySettings

    This parameter forces an imported settings package to be applied even if there are no differences between the package and the current state of the application. This parameter should be used only in special cases since it can slow down settings import.

    - - +|Element|Description| +|--- |--- | +|Asynchronous|Asynchronous settings packages are applied without blocking the application startup so that the application start proceeds while the settings are still being applied. This is useful for settings that can be applied asynchronously, such as those get/set through an API, like SystemParameterSetting.| +|PreventOverlappingSynchronization|By default, UE-V only saves settings for an application when the last instance of an application using the template is closed. When this element is set to ‘false’, UE-V exports the settings even if other instances of an application are running. Suited templates – those that include a Common element section– that are shipped with UE-V use this flag to enable shared settings to always export on application close, while preventing application-specific settings from exporting until the last instance is closed.| +|AlwaysApplySettings|This parameter forces an imported settings package to be applied even if there are no differences between the package and the current state of the application. This parameter should be used only in special cases since it can slow down settings import.| ### Name Element @@ -482,162 +423,50 @@ The child elements and syntax rules for FileVersion are identical to those of Pr Application is a container for settings that apply to a particular application. It is a collection of the following fields/types. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Field/Type

    Description

    Name

    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.

    ID

    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see ID.

    Description

    An optional description of the template.

    LocalizedNames

    An optional name displayed in the UI, localized by a language locale.

    LocalizedDescriptions

    An optional template description localized by a language locale.

    Version

    Identifies the version of the settings location template for administrative tracking of changes. For more information, see Version.

    DeferToMSAccount

    Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.

    DeferToOffice365

    Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.

    FixedProfile

    Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.

    Processes

    A container for a collection of one or more Process elements. For more information, see Processes.

    Settings

    A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in Data types.

    +|Field/Type|Description| +|--- |--- | +|Name|Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).| +|ID|Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).| +|Description|An optional description of the template.| +|LocalizedNames|An optional name displayed in the UI, localized by a language locale.| +|LocalizedDescriptions|An optional template description localized by a language locale.| +|Version|Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).| +|DeferToMSAccount|Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.| +|DeferToOffice365|Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.| +|FixedProfile|Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.| +|Processes|A container for a collection of one or more Process elements. For more information, see [Processes](#processes21).| +|Settings|A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see **Settings** in [Data types](#data21)".| - ### Common Element Common is similar to an Application element, but it is always associated with two or more Application elements. The Common section represents the set of settings that are shared between those Application instances. It is a collection of the following fields/types. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Field/Type

    Description

    Name

    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.

    ID

    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see ID.

    Description

    An optional description of the template.

    LocalizedNames

    An optional name displayed in the UI, localized by a language locale.

    LocalizedDescriptions

    An optional template description localized by a language locale.

    Version

    Identifies the version of the settings location template for administrative tracking of changes. For more information, see Version.

    DeferToMSAccount

    Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.

    DeferToOffice365

    Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.

    FixedProfile

    Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.

    Settings

    A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in Data types.

    - - +|Field/Type|Description| +|--- |--- | +|Name|Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).| +|ID|Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).| +|Description|An optional description of the template.| +|LocalizedNames|An optional name displayed in the UI, localized by a language locale.| +|LocalizedDescriptions|An optional template description localized by a language locale.| +|Version|Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).| +|DeferToMSAccount|Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.| +|DeferToOffice365|Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.| +|FixedProfile|Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.| +|Settings|A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see **Settings** in [Data types](#data21).| ### SettingsLocationTemplate Element This element defines the settings for a single application or a suite of applications. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Field/Type

    Description

    Name

    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.

    ID

    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see ID.

    Description

    An optional description of the template.

    LocalizedNames

    An optional name displayed in the UI, localized by a language locale.

    LocalizedDescriptions

    An optional template description localized by a language locale.

    +|Field/Type|Description| +|--- |--- | +|Name|Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).| +|ID|Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).| +|Description|An optional description of the template.| +|LocalizedNames|An optional name displayed in the UI, localized by a language locale.| +|LocalizedDescriptions|An optional template description localized by a language locale.| - ### Appendix: SettingsLocationTemplate.xsd diff --git a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md index 43910cf8eb..06047a3a6f 100644 --- a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md +++ b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md @@ -44,51 +44,17 @@ The following scheduled tasks are included in UE-V with sample scheduled task co The **Monitor Application Settings** task is used to synchronize settings for Windows apps. It is runs at logon but is delayed by 30 seconds to not affect the logon detrimentally. The Monitor Application Status task runs the UevAppMonitor.exe file, which is located in the UE-V Agent installation directory. - ---- - - - - - - - - - - - - -
    Task nameDefault event

    \Microsoft\UE-V\Monitor Application Status

    Logon

    - -  +|Task name|Default event| +|--- |--- | +|\Microsoft\UE-V\Monitor Application Status|Logon| ### Sync Controller Application The **Sync Controller Application** task is used to start the Sync Controller to synchronize settings from the computer to the settings storage location. By default, the task runs every 30 minutes. At that time, local settings are synchronized to the settings storage location, and updated settings on the settings storage location are synchronized to the computer. The Sync Controller application runs the Microsoft.Uev.SyncController.exe, which is located in the UE-V Agent installation directory. - ---- - - - - - - - - - - - - -
    Task nameDefault event

    \Microsoft\UE-V\Sync Controller Application

    Logon, and every 30 minutes thereafter

    - -  +|Task name|Default event| +|--- |--- | +|\Microsoft\UE-V\Sync Controller Application|Logon, and every 30 minutes thereafter| For example, the following command configures the agent to synchronize settings every 15 minutes instead of the default 30 minutes. @@ -100,51 +66,18 @@ Schtasks /change /tn “Microsoft\UE-V\Sync Controller Application” /ri 15 The **Synchronize Settings at Logoff** task is used to start an application at logon that controls the synchronization of applications at logoff for UE-V. The Synchronize Settings at Logoff task runs the Microsoft.Uev.SyncController.exe file, which is located in the UE-V Agent installation directory. - ---- - - - - - - - - - - - - -
    Task nameDefault event

    \Microsoft\UE-V\Synchronize Settings at Logoff

    Logon

    - -  +|Task name|Default event| +|--- |--- | +|\Microsoft\UE-V\Synchronize Settings at Logoff|Logon| ### Template Auto Update The **Template Auto Update** task checks the settings template catalog for new, updated, or removed templates. This task only runs if the SettingsTemplateCatalog is configured. The **Template Auto Update** task runs the ApplySettingsCatalog.exe file, which is located in the UE-V Agent installation directory. - ---- - - - - - - - - - - - - -
    Task nameDefault event

    \Microsoft\UE-V\Template Auto Update

    System startup and at 3:30 AM every day, at a random time within a 1-hour window

    +|Task name|Default event| +|--- |--- | +|\Microsoft\UE-V\Template Auto Update|System startup and at 3:30 AM every day, at a random time within a 1-hour window| -  **Example:** The following command configures the UE-V service to check the settings template catalog store every hour. @@ -158,59 +91,12 @@ schtasks /change /tn "Microsoft\UE-V\Template Auto Update" /ri 60 The following chart provides additional information about scheduled tasks for UE-V 2: - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Task Name (file name)

    Default Frequency

    Power Toggle

    Idle Only

    Network Connection

    Description

    Monitor Application Settings (UevAppMonitor.exe)

    Starts 30 seconds after logon and continues until logoff.

    No

    Yes

    N/A

    Synchronizes settings for Windows (AppX) apps.

    Sync Controller Application (Microsoft.Uev.SyncController.exe)

    At logon and every 30 min thereafter.

    Yes

    Yes

    Only if Network is connected

    Starts the Sync Controller which synchronizes local settings with the settings storage location.

    Synchronize Settings at Logoff (Microsoft.Uev.SyncController.exe)

    Runs at logon and then waits for Logoff to Synchronize settings.

    No

    Yes

    N/A

    Start an application at logon that controls the synchronization of applications at logoff.

    Template Auto Update (ApplySettingsCatalog.exe)

    Runs at initial logon and at 3:30 AM every day thereafter.

    Yes

    No

    N/A

    Checks the settings template catalog for new, updated, or removed templates. This task only runs if SettingsTemplateCatalog is configured.

    - +|Task Name (file name)|Default Frequency|Power Toggle|Idle Only|Network Connection|Description| +|--- |--- |--- |--- |--- |--- | +|**Monitor Application Settings** (UevAppMonitor.exe)|Starts 30 seconds after logon and continues until logoff.|No|Yes|N/A|Synchronizes settings for Windows (AppX) apps.| +|**Sync Controller Application** (Microsoft.Uev.SyncController.exe)|At logon and every 30 min thereafter.|Yes|Yes|Only if Network is connected|Starts the Sync Controller which synchronizes local settings with the settings storage location.| +|**Synchronize Settings at Logoff** (Microsoft.Uev.SyncController.exe)|Runs at logon and then waits for Logoff to Synchronize settings.|No|Yes|N/A|Start an application at logon that controls the synchronization of applications at logoff.| +|**Template Auto Update** (ApplySettingsCatalog.exe)|Runs at initial logon and at 3:30 AM every day thereafter.|Yes|No|N/A|Checks the settings template catalog for new, updated, or removed templates. This task only runs if SettingsTemplateCatalog is configured.|   **Legend** diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md index 852fd636c1..3e8f520a9f 100644 --- a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md +++ b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md @@ -26,147 +26,31 @@ The following policy settings can be configured for UE-V. **Group Policy settings** - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Group Policy setting nameTargetGroup Policy setting descriptionConfiguration options

    Do not use the sync provider

    Computers and Users

    By using this Group Policy setting, you can configure whether UE-V uses the sync provider feature. This policy setting also lets you enable notification to appear when the import of user settings is delayed.

    Enable this setting to configure the UE-V service not to use the sync provider.

    First Use Notification

    Computers Only

    This Group Policy setting enables a notification in the notification area that appears when the UE-V service runs for the first time.

    The default is enabled.

    Synchronize Windows settings

    Computers and Users

    This Group Policy setting configures the synchronization of Windows settings.

    Select which Windows settings synchronize between computers.

    -

    By default, Windows themes, desktop settings, and Ease of Access settings synchronize settings between computers of the same operating system version.

    Settings package size warning threshold

    Computers and Users

    This Group Policy setting lets you configure the UE-V service to report when a settings package file size reaches a defined threshold.

    Specify the preferred threshold for settings package sizes in kilobytes (KB).

    -

    By default, the UE-V service does not have a package file size threshold.

    Settings storage path

    Computers and Users

    This Group Policy setting configures where the user settings are to be stored.

    Enter a Universal Naming Convention (UNC) path and variables such as \Server\SettingsShare%username%.

    Settings template catalog path

    Computers Only

    This Group Policy setting configures where custom settings location templates are stored. This policy setting also configures whether the catalog is to be used to replace the default Microsoft templates that are installed with the UE-V service.

    Enter a Universal Naming Convention (UNC) path such as \Server\TemplateShare or a folder location on the computer.

    -

    Select the check box to replace the default Microsoft templates.

    Sync settings over metered connections

    Computers and Users

    This Group Policy setting defines whether UE-V synchronizes settings over metered connections.

    By default, the UE-V service does not synchronize settings over a metered connection.

    Sync settings over metered connections even when roaming

    Computers and Users

    This Group Policy setting defines whether UE-V synchronizes settings over metered connections outside of the home provider network, for example, when the data connection is in roaming mode.

    By default, UE-V does not synchronize settings over a metered connection when it is in roaming mode.

    Synchronization timeout

    Computers and Users

    This Group Policy setting configures the number of milliseconds that the computer waits before a time-out when it retrieves user settings from the remote settings location. If the remote storage location is unavailable, and the user does not use the sync provider, the application start is delayed by this many milliseconds.

    Specify the preferred synchronization time-out in milliseconds. The default value is 2000 milliseconds.

    Tray Icon

    Computers Only

    This Group Policy setting enables the User Experience Virtualization (UE-V) tray icon.

    This setting only has an effect for UE-V 2.x and earlier. It has no effect for UE-V in Windows 10, version 1607.

    Use User Experience Virtualization (UE-V)

    Computers and Users

    This Group Policy setting lets you enable or disable User Experience Virtualization (UE-V).

    This setting only has an effect for UE-V 2.x and earlier. For UE-V in Windows 10, version 1607, use the Enable UE-V setting.

    Enable UE-V

    Computers and Users

    This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. Reboot is needed for enable to take effect.

    This setting only has an effect for UE-V in Windows 10, version 1607. For UE-V 2.x and earlier, choose the Use User Experience Virtualization (UE-V) setting.

    +|Group Policy setting name|Target|Group Policy setting description|Configuration options| +|--- |--- |--- |--- | +|Do not use the sync provider|Computers and Users|By using this Group Policy setting, you can configure whether UE-V uses the sync provider feature. This policy setting also lets you enable notification to appear when the import of user settings is delayed.|Enable this setting to configure the UE-V service not to use the sync provider.| +|First Use Notification|Computers Only|This Group Policy setting enables a notification in the notification area that appears when the UE-V service runs for the first time.|The default is enabled.| +|Synchronize Windows settings|Computers and Users|This Group Policy setting configures the synchronization of Windows settings.|Select which Windows settings synchronize between computers.
    By default, Windows themes, desktop settings, and Ease of Access settings synchronize settings between computers of the same operating system version.| +|Settings package size warning threshold|Computers and Users|This Group Policy setting lets you configure the UE-V service to report when a settings package file size reaches a defined threshold.|Specify the preferred threshold for settings package sizes in kilobytes (KB).
    By default, the UE-V service does not have a package file size threshold.| +|Settings storage path|Computers and Users|This Group Policy setting configures where the user settings are to be stored.|Enter a Universal Naming Convention (UNC) path and variables such as \Server\SettingsShare%username%.| +|Settings template catalog path|Computers Only|This Group Policy setting configures where custom settings location templates are stored. This policy setting also configures whether the catalog is to be used to replace the default Microsoft templates that are installed with the UE-V service.|Enter a Universal Naming Convention (UNC) path such as \Server\TemplateShare or a folder location on the computer.
    Select the check box to replace the default Microsoft templates.| +|Sync settings over metered connections|Computers and Users|This Group Policy setting defines whether UE-V synchronizes settings over metered connections.|By default, the UE-V service does not synchronize settings over a metered connection.| +|Sync settings over metered connections even when roaming|Computers and Users|This Group Policy setting defines whether UE-V synchronizes settings over metered connections outside of the home provider network, for example, when the data connection is in roaming mode.|By default, UE-V does not synchronize settings over a metered connection when it is in roaming mode.| +|Synchronization timeout|Computers and Users|This Group Policy setting configures the number of milliseconds that the computer waits before a time-out when it retrieves user settings from the remote settings location. If the remote storage location is unavailable, and the user does not use the sync provider, the application start is delayed by this many milliseconds.|Specify the preferred synchronization time-out in milliseconds. The default value is 2000 milliseconds.| +|Tray Icon|Computers Only|This Group Policy setting enables the User Experience Virtualization (UE-V) tray icon.|This setting only has an effect for UE-V 2.x and earlier. It has no effect for UE-V in Windows 10, version 1607.| +|Use User Experience Virtualization (UE-V)|Computers and Users|This Group Policy setting lets you enable or disable User Experience Virtualization (UE-V).|This setting only has an effect for UE-V 2.x and earlier. For UE-V in Windows 10, version 1607, use the **Enable UE-V** setting.| +|Enable UE-V|Computers and Users|This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. Reboot is needed for enable to take effect.|This setting only has an effect for UE-V in Windows 10, version 1607. For UE-V 2.x and earlier, choose the **Use User Experience Virtualization (UE-V)** setting.| - - -**Note**   -In addition, Group Policy settings are available for many desktop applications and Windows apps. You can use these settings to enable or disable settings synchronization for specific applications. - - +>[!NOTE] +>In addition, Group Policy settings are available for many desktop applications and Windows apps. You can use these settings to enable or disable settings synchronization for specific applications. **Windows App Group Policy settings** - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Group Policy setting nameTargetGroup Policy setting descriptionConfiguration options

    Do not synchronize Windows Apps

    Computers and Users

    This Group Policy setting defines whether the UE-V service synchronizes settings for Windows apps.

    The default is to synchronize Windows apps.

    Windows App List

    Computer and User

    This setting lists the family package names of the Windows apps and states expressly whether UE-V synchronizes that app’s settings.

    You can use this setting to specify that settings of an app are never synchronized by UE-V, even if the settings of all other Windows apps are synchronized.

    Sync Unlisted Windows Apps

    Computer and User

    This Group Policy setting defines the default settings sync behavior of the UE-V service for Windows apps that are not explicitly listed in the Windows app list.

    By default, the UE-V service only synchronizes settings of those Windows apps that are included in the Windows app list.

    - - +|Group Policy setting name|Target|Group Policy setting description|Configuration options| +|--- |--- |--- |--- | +|Do not synchronize Windows Apps|Computers and Users|This Group Policy setting defines whether the UE-V service synchronizes settings for Windows apps.|The default is to synchronize Windows apps.| +|Windows App List|Computer and User|This setting lists the family package names of the Windows apps and states expressly whether UE-V synchronizes that app’s settings.|You can use this setting to specify that settings of an app are never synchronized by UE-V, even if the settings of all other Windows apps are synchronized.| +|Sync Unlisted Windows Apps|Computer and User|This Group Policy setting defines the default settings sync behavior of the UE-V service for Windows apps that are not explicitly listed in the Windows app list.|By default, the UE-V service only synchronizes settings of those Windows apps that are included in the Windows app list.| For more information about synchronizing Windows apps, see [Windows App List](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md#win8applist). diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md index 742b25f00e..5946176341 100644 --- a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md +++ b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md @@ -35,52 +35,15 @@ The UE-V Configuration Pack includes tools to: - Create or update a UE-V Agent policy configuration item to set or clear these settings - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Max package size

    Enable/disable Windows app sync

    Wait for sync on application start

    Setting import delay

    Sync unlisted Windows apps

    Wait for sync on logon

    Settings import notification

    IT contact URL

    Wait for sync timeout

    Settings storage path

    IT contact descriptive text

    Settings template catalog path

    Sync enablement

    Tray icon enabled

    Start/Stop UE-V agent service

    Sync method

    First use notification

    Define which Windows apps will roam settings

    Sync timeout

    - - + |Configuration|Setting|Description| + |--- |--- |--- | + |Max package size|Enable/disable Windows app sync|Wait for sync on application start| + |Setting import delay|Sync unlisted Windows apps|Wait for sync on logon| + |Settings import notification|IT contact URL|Wait for sync timeout| + |Settings storage path|IT contact descriptive text|Settings template catalog path| + |Sync enablement|Tray icon enabled|Start/Stop UE-V agent service| + |Sync method|First use notification|Define which Windows apps will roam settings| + |Sync timeout||| - Verify compliance by confirming that UE-V is running. diff --git a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md index d992db0cca..e5c08816cb 100644 --- a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md +++ b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md @@ -112,64 +112,22 @@ WMI and Windows PowerShell commands let you restore application and Windows sett 2. Enter the following Windows PowerShell cmdlet to restore the application settings and Windows settings. - - - - - - - - - - - - - - - - - -
    Windows PowerShell cmdletDescription

    Restore-UevUserSetting -<TemplateID>

    Restores the user settings for an application or restores a group of Windows settings.

    - - - + |**Windows PowerShell cmdlet**|**Description**| + |--- |--- | + |`Restore-UevUserSetting` -|Restores the user settings for an application or restores a group of Windows settings.| + **To restore application settings and Windows settings with WMI** 1. Open a Windows PowerShell window. 2. Enter the following WMI command to restore application settings and Windows settings. - - - - - - - - - - - - - - - - - -
    WMI commandDescription

    Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserSettings -Name RestoreByTemplateId -ArgumentList <template_ID>

    Restores the user settings for an application or restores a group of Windows settings.

    - - - -~~~ -**Note** -UE-V does not provide a settings rollback for Windows apps. -~~~ - - - - - + |**WMI command**|**Description**| + |--- |--- | + |`Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserSettings -Name RestoreByTemplateId -ArgumentList `|Restores the user settings for an application or restores a group of Windows settings.| +>[!NOTE] +>UE-V does not provide a settings rollback for Windows apps. ## Related topics diff --git a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md index 778370f194..328d19c5f6 100644 --- a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md +++ b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md @@ -34,134 +34,39 @@ You must have administrator permissions to update, register, or unregister a set 1. Use an account with administrator rights to open a Windows PowerShell command prompt. 2. Use the following Windows PowerShell cmdlets to register and manage the UE-V settings location templates. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Windows PowerShell commandDescription

    Get-UevTemplate

    Lists all the settings location templates that are registered on the computer.

    Get-UevTemplate -Application <string>

    Lists all the settings location templates that are registered on the computer where the application name or template name contains <string>.

    Get-UevTemplate -TemplateID <string>

    Lists all the settings location templates that are registered on the computer where the template ID contains <string>.

    Get-UevTemplate [-ApplicationOrTemplateID] <string>

    Lists all the settings location templates that are registered on the computer where the application or template name, or template ID contains <string>.

    Get-UevTemplateProgram [-ID] <template ID>

    Gets the name of the program and version information, which depend on the template ID.

    Get-UevAppXPackage

    Gets the effective list of Windows apps.

    Get-UevAppXPackage -Computer

    Gets the list of Windows apps that are configured for the computer.

    Get-UevAppXPackage -CurrentComputerUser

    Gets the list of Windows apps that are configured for the current user.

    Register-UevTemplate [-Path] <template file path>[,<template file path>]

    Registers one or more settings location template with UE-V by using relative paths and/or wildcard characters in file paths. After a template is registered, UE-V synchronizes the settings that are defined in the template between computers that have the template registered.

    Register-UevTemplate -LiteralPath <template file path>[,<template file path>]

    Registers one or more settings location template with UE-V by using literal paths, where no characters can be interpreted as wildcard characters. After a template is registered, UE-V synchronizes the settings that are defined in the template between computers that have the template registered.

    Unregister-UevTemplate [-ID] <template ID>

    Unregisters a settings location template with UE-V. When a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers.

    Unregister-UevTemplate -All

    Unregisters all settings location templates with UE-V. When a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers.

    Update-UevTemplate [-Path] <template file path>[,<template file path>]

    Updates one or more settings location templates with a more recent version of the template. Use relative paths and/or wildcard characters in the file paths. The new template should be a newer version than the existing template.

    Update-UevTemplate -LiteralPath <template file path>[,<template file path>]

    Updates one or more settings location templates with a more recent version of the template. Use full paths to template files, where no characters can be interpreted as wildcard characters. The new template should be a newer version than the existing template.

    Clear-UevAppXPackage -Computer [-PackageFamilyName] <package family name>[,<package family name>]

    Removes one or more Windows apps from the computer Windows app list.

    Clear-UevAppXPackage -CurrentComputerUser

    Removes Windows app from the current user Windows app list.

    Clear-UevAppXPackage -Computer -All

    Removes all Windows apps from the computer Windows app list.

    Clear-UevAppXPackage [-CurrentComputerUser] [-PackageFamilyName] <package family name>[,<package family name>]

    Removes one or more Windows apps from the current user Windows app list.

    Clear-UevAppXPackage [-CurrentComputerUser] -All

    Removes all Windows apps from the current user Windows app list.

    Disable-UevTemplate [-ID] <template ID>

    Disables a settings location template for the current user of the computer.

    Disable-UevAppXPackage -Computer [-PackageFamilyName] <package family name>[,<package family name>]

    Disables one or more Windows apps in the computer Windows app list.

    Disable-UevAppXPackage [-CurrentComputerUser] [-PackageFamilyName] <package family name>[,<package family name>]

    Disables one or more Windows apps in the current user Windows app list.

    Enable-UevTemplate [-ID] <template ID>

    Enables a settings location template for the current user of the computer.

    Enable-UevAppXPackage -Computer [-PackageFamilyName] <package family name>[,<package family name>]

    Enables one or more Windows apps in the computer Windows app list.

    Enable-UevAppXPackage [-CurrentComputerUser] [-PackageFamilyName] <package family name>[,<package family name>]

    Enables one or more Windows apps in the current user Windows app list.

    Test-UevTemplate [-Path] <template file path>[,<template file path>]

    Determines whether one or more settings location templates comply with its XML schema. Can use relative paths and wildcard characters.

    Test-UevTemplate -LiteralPath <template file path>[,<template file path>]

    Determines whether one or more settings location templates comply with its XML schema. The path must be a full path to the template file, but does not include wildcard characters.

    - - - + + |Windows PowerShell command|Description| + |--- |--- | + |`Get-UevTemplate`|Lists all the settings location templates that are registered on the computer.| + |`Get-UevTemplate -Application `|Lists all the settings location templates that are registered on the computer where the application name or template name contains .| + |`Get-UevTemplate -TemplateID `|Lists all the settings location templates that are registered on the computer where the template ID contains .| + |`Get-UevTemplate [-ApplicationOrTemplateID] `|Lists all the settings location templates that are registered on the computer where the application or template name, or template ID contains .| + |`Get-UevTemplateProgram [-ID]