deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 11:53:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into vs-10202987

Browse Source
This commit is contained in:
LizRoss
2017-01-10 07:43:36 -08:00
parent bb33319790 a0f487a91c
commit 2c62363d5f
9 changed files with 82 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
devices/surface-hub/save-bitlocker-key-surface-hub.md
View File

@ -24,7 +24,7 @@ There are several ways to manage your BitLocker key on the Surface Hub.
2. If youve joined the Surface Hub to Azure Active Directory (Azure AD), the BitLocker key will be stored under the account that was used to join the device.
3. If youre using a local admin account to manage the device, you can save the BitLocker key by going to the **Settings** app and navigating to **Update & security** > **Recovery**. Insert a USB drive and select the option to save the BitLocker key. The key will be saved to a text file on the USB drive.
3. If youre using an admin account to manage the device, you can save the BitLocker key by going to the **Settings** app and navigating to **Update & security** > **Recovery**. Insert a USB drive and select the option to save the BitLocker key. The key will be saved to a text file on the USB drive.
## Related topics

2
devices/surface-hub/use-room-control-system-with-surface-hub.md
View File

@ -184,7 +184,7 @@ In Replacement PC mode, the power states are only Ready and Off and only change
</tr>
<tr class="even">
<td align="left"><p>5</p></td>
<td align="left"><p>50</p></td>
<td align="left"><p>S0</p></td>
<td align="left"><p>Ready</p></td>
</tr>
</tbody>

5
windows/deploy/change-history-for-deploy-windows-10.md
View File

@ -11,6 +11,11 @@ author: greg-lindsay
# Change history for Deploy Windows 10
This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
## January 2017
| New or changed topic | Description |
|----------------------|-------------|
| [Get started with Upgrade Analytics](upgrade-analytics-get-started.md) | Updated exit code table with suggested fixes, and added link to the Upgrade Analytics blog |
## October 2016
| New or changed topic | Description |
|----------------------|-------------|

1
windows/keep-secure/TOC.md
View File

@ -875,4 +875,5 @@
### [Microsoft Passport guide](microsoft-passport-guide.md)
### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md)
### [Windows 10 security overview](windows-10-security-guide.md)
### [Windows 10 credential theft mitigation guide abstract](windows-credential-theft-mitigation-guide-abstract.md)
## [Change history for Keep Windows 10 secure](change-history-for-keep-windows-10-secure.md)

BIN
windows/keep-secure/images/security-stages.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 16 KiB

2
windows/keep-secure/smart-card-architecture.md
View File

@ -74,7 +74,7 @@ Credential providers must be registered on a computer running Windows, and they
## Smart card subsystem architecture
Vendors provide smart cards and smart card readers, and in many cases the vendors are different for the smart card and the smart card reader. Drivers for smart card readers are written to the [Personal Computer/Smart Card (PC/SC) standard](http://www.pcscworkgroup.com/specifications/overview.php). Each smart card must have a Credential Service Provider (CSP) that uses the CryptoAPI interfaces to enable cryptographic operations, and the WinSCard APIs to enable communications with smart card hardware.
Vendors provide smart cards and smart card readers, and in many cases the vendors are different for the smart card and the smart card reader. Drivers for smart card readers are written to the [Personal Computer/Smart Card (PC/SC) standard](https://www.pcscworkgroup.com/). Each smart card must have a Credential Service Provider (CSP) that uses the CryptoAPI interfaces to enable cryptographic operations, and the WinSCard APIs to enable communications with smart card hardware.
### Base CSP and smart card minidriver architecture

2
windows/keep-secure/smart-card-smart-cards-for-windows-service.md
View File

@ -14,7 +14,7 @@ Applies To: Windows 10, Windows Server 2016
This topic for the IT professional and smart card developers describes how the Smart Cards for Windows service (formerly called Smart Card Resource Manager) manages readers and application interactions.
The Smart Cards for Windows service provides the basic infrastructure for all other smart card components as it manages smart card readers and application interactions on the computer. It is fully compliant with the specifications set by the PC/SC Workgroup. For information about these specifications, see the [PC/SC Workgroup Specifications Overview](http://www.pcscworkgroup.com/specifications/overview.php).
The Smart Cards for Windows service provides the basic infrastructure for all other smart card components as it manages smart card readers and application interactions on the computer. It is fully compliant with the specifications set by the PC/SC Workgroup. For information about these specifications, see the [PC/SC Workgroup Specifications website](https://www.pcscworkgroup.com/).
The Smart Cards for Windows service runs in the context of a local service, and it is implemented as a shared service of the services host (svchost) process. The Smart Cards for Windows service, Scardsvr, has the following service description:

67
windows/keep-secure/windows-credential-theft-mitigation-guide-abstract.md Normal file
View File

@ -0,0 +1,67 @@
---
title: Windows 10 Credential Theft Mitigation Guide Abstract (Windows 10)
description: Provides a summary of the Windows 10 credential theft mitigation guide.
ms.assetid: 821ddc1a-f401-4732-82a7-40d1fff5a78a
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: justinha
---
# Windows 10 Credential Theft Mitigation Guide Abstract
**Applies to**
- Windows 10
This topic provides a summary of the Windows 10 credential theft mitigation guide, which can be downloaded from the Microsoft Download Center.
This guide explains how credential theft attacks occur and the strategies and countermeasures you can implement to mitigate them, following these security stages:
- Identify high-value assets
- Protect against known and unknown threats
- Detect pass-the-hash and related attacks
- Respond to suspicious activity
- Recover from a breach
![Security stages](images\security-stages.png)
## Attacks that steal credentials
Learn about the different types of attacks that are used to steal credentials, and the factors that can place your organization at risk.
The types of attacks that are covered include:
- Pass the hash
- Kerberos pass the ticket
- Kerberos golden ticket and silver ticket
- Key loggers
- Shoulder surfing
## Credential protection strategies
This part of the guide helps you consider the mindset of the attacker, with prescriptive guidance about how to prioritize high-value accounts and computers.
You'll learn how to architect a defense against credential theft:
- Establish a containment model for account privileges
- Harden and restrict administrative hosts
- Ensure that security configurations and best practices are implemented
## Technical countermeasures for credential theft
Objectives and expected outcomes are covered for each of these countermeasures:
- Use Windows 10 with Credential Guard
- Restrict and protect high-privilege domain accounts
- Restrict and protect local accounts with administrative privileges
- Restrict inbound network traffic
Many other countermeasures are also covered, such as using Microsoft Passport and Windows Hello, or multifactor authentication.
## Detecting credential attacks
This sections covers how to detect the use of stolen credentials and how to collect computer events to help you detect credential theft.
## Responding to suspicious activity
Learn Microsoft's recommendations for responding to incidents, including how to recover control of compromised accounts, how to investigate attacks, and how to recover from a breach.

5
windows/plan/change-history-for-plan-for-windows-10-deployment.md
View File

@ -13,6 +13,11 @@ author: TrudyHa
This topic lists new and updated topics in the [Plan for Windows 10 deployment](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
## January 2017
| New or changed topic | Description |
|----------------------|-------------|
| [Windows 10 Infrastructure Requirements](windows-10-infrastructure-requirements.md) | Added link for Windows Server 2008 R2 and Windows 7 activation and a link to Windows Server 2016 Volume Activation Tips |
## September 2016
| New or changed topic | Description |