-
+
- + MixedReality/AADGroupMembershipCacheValidityInDays + +
- + MixedReality/BrightnessButtonDisabled + +
- + MixedReality/FallbackDiagnostics + +
- + MixedReality/HeadTrackingMode + +
- + MixedReality/MicrophoneDisabled + +
- + MixedReality/VolumeButtonDisabled + +
-
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
new file mode 100644
index 0000000000..e6bff466a1
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -0,0 +1,497 @@
+---
+title: Policy CSP - MixedReality
+description: Policy CSP - MixedReality
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/06/2020
+ms.reviewer:
+manager: dansimp
+---
+
+# Policy CSP - MixedReality
+
+
+
+
- + MixedReality/AADGroupMembershipCacheValidityInDays + +
- + MixedReality/BrightnessButtonDisabled + +
- + MixedReality/FallbackDiagnostics + +
- + MixedReality/HeadTrackingMode + +
- + MixedReality/MicrophoneDisabled + +
- + MixedReality/VolumeButtonDisabled + +
- MixedReality/FallbackDiagnostics -
- - MixedReality/HeadTrackingMode -
- MixedReality/MicrophoneDisabled diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index e6bff466a1..f56c1835af 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -31,9 +31,6 @@ manager: dansimp
- MixedReality/FallbackDiagnostics -
- - MixedReality/HeadTrackingMode -
- MixedReality/MicrophoneDisabled @@ -262,79 +259,6 @@ The following list shows the supported values:
- Check the system drive for errors and attempt repairs. More information.
- Run the Windows Update troubleshooter. More information.
- Attempt to restore and repair system files. More information. +
- Check for unsigned drivers and update or uninstall them. More information.
- Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. More information.
- Temporarily uninstall non-Microsoft antivirus software. More information. @@ -152,9 +153,67 @@ To check and repair system files: ``` > [!NOTE] - > It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image). + > It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image) and [Use the System File Checker tool](https://support.microsoft.com/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system). +### Remove unsigned drivers + +Drivers that are not properly signed can block the upgrade process. To check your system for unsigned drivers: + +1. Click **Start**. +2. Type **command**. +3. Right-click **Command Prompt** and then left-click **Run as administrator**. +4. If you are prompted by UAC, click **Yes**. +5. Type **sigverif** and press ENTER. +6. The File Signature Verification tool will open. Click **Start**. +7. After the scanning process is complete, click **Advanced**, and then click **View Log**. +8. Locate drivers in the log file that are unsigned and remove or update them using Device Manager. For more information, see [Using Device Manager to uninstall devices and driver packages](https://docs.microsoft.com/windows-hardware/drivers/install/using-device-manager-to-uninstall-devices-and-driver-packages). + +>[!NOTE] +>If a file is corrupted, it might display as unsigned. Be sure to [repair the system drive](#repair-the-system-drive) and [repair system files](#repair-system-files) before attempting to replace unsigned drivers. + +#### Optional: Use sigcheck + +[Sigcheck](https://docs.microsoft.com/sysinternals/downloads/sigcheck) is a tool that you can download and use to review digital signature details of a file. + +To use sigcheck: + +1. Download [sigcheck.zip](https://download.sysinternals.com/files/Sigcheck.zip) and extract the tool to a directory on your computer, for example: **C:\sigcheck**. +2. Click **Start**. +2. Type **command**. +3. Right-click **Command Prompt** and then left-click **Run as administrator**. +4. If you are prompted by UAC, click **Yes**. +5. In the command window, use the **cd** command to switch to the directory where you extracted sigcheck, for example **cd c:\sigcheck**. +6. Next, generate a list of drivers using driverquery.exe. To do this, type **driverquery /v > c:\sigcheck\drivers.txt** and press ENTER. See the following example: + + ```cmd + C:\Sigcheck>Driverquery /v > C:\sigcheck\drivers.txt + + ``` +7. Open the drivers.txt file and locate the problem driver that was reported by sigverif in the procedure above. Copy the path to the driver. +8. To check the driver, type **sigcheck64 -u -e \
- Check the system drive for errors and attempt repairs. More information.
- Run the Windows Update troubleshooter. More information.
- Attempt to restore and repair system files. More information. -
- Check for unsigned drivers and update or uninstall them. More information. +
- Check for unsigned drivers and update or remove them. More information.
- Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. More information.
- Temporarily uninstall non-Microsoft antivirus software. More information. @@ -166,6 +166,9 @@ Drivers that are not properly signed can block the upgrade process. To check you 4. If you are prompted by UAC, click **Yes**. 5. Type **sigverif** and press ENTER. 6. The File Signature Verification tool will open. Click **Start**. + +  + 7. After the scanning process is complete, click **Advanced**, and then click **View Log**. 8. Locate drivers in the log file that are unsigned and remove or update them using Device Manager. For more information, see [Using Device Manager to uninstall devices and driver packages](https://docs.microsoft.com/windows-hardware/drivers/install/using-device-manager-to-uninstall-devices-and-driver-packages). @@ -212,7 +215,7 @@ To use sigcheck: MachineType: 64-bit ``` -In addition to unsigned drivers, drivers might be signed with an invalid certificate, requring the driver to be updated or removed so that Windows upgrade can continue. +In addition to unsigned drivers, drivers might be signed with an invalid certificate, requiring the driver to be updated or removed so that Windows upgrade can continue. ### Update Windows From eb8290ee4e9c8549c262b119fe6b504af852d925 Mon Sep 17 00:00:00 2001 From: greg-lindsay
- Check the system drive for errors and attempt repairs. More information.
- Run the Windows Update troubleshooter. More information.
- Attempt to restore and repair system files. More information. -
- Check for unsigned drivers and update or remove them. More information. +
- Check for unsigned drivers and update or remove them. More information.
- Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. More information.
- Temporarily uninstall non-Microsoft antivirus software. More information. @@ -193,7 +193,7 @@ To use sigcheck: C:\Sigcheck>Driverquery /v > C:\sigcheck\drivers.txt ``` -7. Open the drivers.txt file and locate the problem driver that was reported by sigverif in the procedure above. Copy the path to the driver. +7. Open the drivers.txt file and locate the problem driver that was reported by sigverif in the [procedure above](#remove-unsigned-drivers). Copy the path to the driver. 8. To check the driver, type **sigcheck64 -u -e \
- [Policy CSPs supported by Group Policy - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name. +
- [Policies in Policy CSP supported by Group Policy - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.
- Check the system drive for errors and attempt repairs. More information.
- Run the Windows Update troubleshooter. More information.
- Attempt to restore and repair system files. More information. -
- Check for unsigned drivers and update or remove them. More information. +
- Check for unsigned drivers and update or repair them. More information.
- Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. More information.
- Temporarily uninstall non-Microsoft antivirus software. More information. @@ -156,9 +156,15 @@ To check and repair system files: > It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image) and [Use the System File Checker tool](https://support.microsoft.com/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system). -### Remove unsigned drivers +### Repair unsigned drivers -Drivers that are not properly signed can block the upgrade process. To check your system for unsigned drivers: +Drivers that are not properly signed can block the upgrade process. Drivers might not be properly signed if you: +- Disabled driver signature verification (highly not recommended). +- A catalog file used to sign a driver is corrupt or missing. + +Catalog files are used to sign drivers. If a catalog file is corrupt or missing, the driver will appear to be unsigned, even though it should be signed. This can cause the upgrade process to fail. To restore the catalog file, reinstall the driver or copy the catalog file from another device. You might need to analyze another device to determine the catalog file that is associated with the unsigned driver. All drivers should be signed to ensure the upgrade process works. + +To check your system for unsigned drivers: 1. Click **Start**. 2. Type **command**. @@ -169,53 +175,53 @@ Drivers that are not properly signed can block the upgrade process. To check you  -7. After the scanning process is complete, click **Advanced**, and then click **View Log**. -8. Locate drivers in the log file that are unsigned and remove or update them using Device Manager. For more information, see [Using Device Manager to uninstall devices and driver packages](https://docs.microsoft.com/windows-hardware/drivers/install/using-device-manager-to-uninstall-devices-and-driver-packages). +7. After the scanning process is complete, if you see **Your files have been scanned and verified as digitally signed** then you have no unsigned drivers. Otherwise, you will see **The following files have not been digitally signed** and a list will be provided with name, location, and version of all unsigned drivers. +8. To view and save a log file, click **Advanced**, and then click **View Log**. Save the log file if desired. +9. Locate drivers in the log file that are unsigned, write down the location and file names. Also write down the catalog that is associated to the driver if it is provided. If the name of a catalog file is not provided you might need to analyze another device that has the same driver with sigverif and sigcheck (described below). +10. Download [sigcheck.zip](https://download.sysinternals.com/files/Sigcheck.zip) and extract the tool to a directory on your computer, for example: **C:\sigcheck**. ->[!NOTE] ->If a file is corrupted, it might display as unsigned. Be sure to [repair the system drive](#repair-the-system-drive) and [repair system files](#repair-system-files) before attempting to replace unsigned drivers. - -#### Optional: Use sigcheck - -[Sigcheck](https://docs.microsoft.com/sysinternals/downloads/sigcheck) is a tool that you can download and use to review digital signature details of a file. - -To use sigcheck: - -1. Download [sigcheck.zip](https://download.sysinternals.com/files/Sigcheck.zip) and extract the tool to a directory on your computer, for example: **C:\sigcheck**. -2. Click **Start**. -2. Type **command**. -3. Right-click **Command Prompt** and then left-click **Run as administrator**. -4. If you are prompted by UAC, click **Yes**. -5. In the command window, use the **cd** command to switch to the directory where you extracted sigcheck, for example **cd c:\sigcheck**. -6. A list of drivers with their path is displayed in the File Signature Verification tool (step #7 in the previous procedure). Optionally, you can generate a list of drivers using driverquery.exe. To use driverquery, type **driverquery /v > c:\sigcheck\drivers.txt** and press ENTER. See the following example: - - ```cmd - C:\Sigcheck>Driverquery /v > C:\sigcheck\drivers.txt + [Sigcheck](https://docs.microsoft.com/sysinternals/downloads/sigcheck) is a tool that you can download and use to review digital signature details of a file. To use sigcheck: +11. In the command window, use the **cd** command to switch to the directory where you extracted sigcheck, for example **cd c:\sigcheck**. +12. Using the list of unsigned drivers and their associated paths that you obtained from the File Signature Verification tool, run sigcheck to obtain details about the driver, including the catalog file used for signing. Type **sigcheck64 -u -e \
+ + +## MixedReality policies + +
-
+
+ + +**MixedReality/AADGroupMembershipCacheValidityInDays** + + +
| Windows Edition | +Supported? | +
|---|---|
| Home | + |
+
| Pro | + |
+
| Business | + |
+
| Enterprise | + |
+
| Education | + |
+
| HoloLens (1st gen) Development Edition | + |
+
| HoloLens (1st gen) Commercial Suite | + |
+
| HoloLens 2 | + 9 |
+
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting controls for how many days, AAD group membership cache is allowed to be used for Assigned Access configurations targeting AAD groups for signed in user. Once this policy setting is set only then cache is used otherwise not. In order for this policy setting to take effect, user must sign-out and sign-in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions. + + + + + + + +Supported values are 0-60. The default value is 0 (day) and maximum value is 60 (days). + + + +
+ + +**MixedReality/BrightnessButtonDisabled** + + +
| Windows Edition | +Supported? | +
|---|---|
| Home | + |
+
| Pro | + |
+
| Business | + |
+
| Enterprise | + |
+
| Education | + |
+
| HoloLens (1st gen) Development Edition | + |
+
| HoloLens (1st gen) Commercial Suite | + |
+
| HoloLens 2 | +9 |
+
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting controls if pressing the brightness button changes the brightness or not. It only impacts brightness on Hololens and not the functionality of the button when it is used with other buttons as combination for other purposes. + + + + + + + +The following list shows the supported values: + +- 0 - False (Default) +- 1 - True + + + +
+ + +**MixedReality/FallbackDiagnostics** + + +
| Windows Edition | +Supported? | +
|---|---|
| Home | + |
+
| Pro | + |
+
| Business | + |
+
| Enterprise | + |
+
| Education | + |
+
| HoloLens (1st gen) Development Edition | + |
+
| HoloLens (1st gen) Commercial Suite | + |
+
| HoloLens 2 | +9 |
+
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting controls when and if diagnostic logs can be collected using specific button combination on Hololens. + + + + + + + +The following list shows the supported values: + +- 0 - Disabled +- 1 - Enabled for device owners +- 2 - Enabled for all (Default) + + + +
+ + +**MixedReality/HeadTrackingMode** + + +
| Windows Edition | +Supported? | +
|---|---|
| Home | + |
+
| Pro | + |
+
| Business | + |
+
| Enterprise | + |
+
| Education | + |
+
| HoloLens (1st gen) Development Edition | + |
+
| HoloLens (1st gen) Commercial Suite | + |
+
| HoloLens 2 | +9 |
+
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting configures behavior of HUP to determine which algorithm to use for head tracking. It requires a reboot for the policy to take effect. + + + + + + + +The following list shows the supported values: + +- 0 - Feature. Default feature based/SLAM based tracker (Default) +- 1 - Constellation. LR constellation based tracker + + + +
+ + +**MixedReality/MicrophoneDisabled** + + +
| Windows Edition | +Supported? | +
|---|---|
| Home | + |
+
| Pro | + |
+
| Business | + |
+
| Enterprise | + |
+
| Education | + |
+
| HoloLens (1st gen) Development Edition | + |
+
| HoloLens (1st gen) Commercial Suite | + |
+
| HoloLens 2 | +9 |
+
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting controls whether microphone on HoloLens 2 is disabled or not. + + + + + + + +The following list shows the supported values: + +- 0 - False (Default) +- 1 - True + + + +
+ + +**MixedReality/VolumeButtonDisabled** + + +
| Windows Edition | +Supported? | +
|---|---|
| Home | + |
+
| Pro | + |
+
| Business | + |
+
| Enterprise | + |
+
| Education | + |
+
| HoloLens (1st gen) Development Edition | + |
+
| HoloLens (1st gen) Commercial Suite | + |
+
| HoloLens 2 | +9 |
+
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting controls if pressing the volume button changes the volume or not. It only impacts volume on HoloLens and not the functionality of the button when it is used with other buttons as combination for other purposes. + + + + + + + +The following list shows the supported values: + +- 0 - False (Default) +- 1 - True + + + +
+ +Footnotes: + +- 1 - Available in Windows 10, version 1607. +- 2 - Available in Windows 10, version 1703. +- 3 - Available in Windows 10, version 1709. +- 4 - Available in Windows 10, version 1803. +- 5 - Available in Windows 10, version 1809. +- 6 - Available in Windows 10, version 1903. +- 7 - Available in Windows 10, version 1909. +- 8 - Available in Windows 10, version 2004. +- 9 - Available in Windows 10, version 2010. + + + diff --git a/windows/client-management/mdm/policy-csps-supported-by-hololens2.md b/windows/client-management/mdm/policy-csps-supported-by-hololens2.md index e5cdb0f0ca..4b8afaf626 100644 --- a/windows/client-management/mdm/policy-csps-supported-by-hololens2.md +++ b/windows/client-management/mdm/policy-csps-supported-by-hololens2.md @@ -50,6 +50,12 @@ ms.date: 05/11/2020 - [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength) - [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana) - [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment) +- [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) +- [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) +- [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) +- [MixedReality/HeadTrackingMode](./policy-csp-mixedreality.md#mixedreality-headtrackingmode) +- [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) +- [MixedReality/VolumeButtonDisabled](./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) - [Privacy/AllowInputPersonalization](policy-csp-privacy.md#privacy-allowinputpersonalization) - [Privacy/LetAppsAccessAccountInfo](policy-csp-privacy.md#privacy-letappsaccessaccountinfo) - [Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forceallowtheseapps) From 093740981a0df4ea36859abd0d35834432eb4fc3 Mon Sep 17 00:00:00 2001 From: ManikaDhiman
- -**MixedReality/HeadTrackingMode** - - -
| Windows Edition | -Supported? | -
|---|---|
| Home | - |
-
| Pro | - |
-
| Business | - |
-
| Enterprise | - |
-
| Education | - |
-
| HoloLens (1st gen) Development Edition | - |
-
| HoloLens (1st gen) Commercial Suite | - |
-
| HoloLens 2 | -9 |
-
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -This policy setting configures behavior of HUP to determine which algorithm to use for head tracking. It requires a reboot for the policy to take effect. - - - - - - - -The following list shows the supported values: - -- 0 - Feature. Default feature based/SLAM based tracker (Default) -- 1 - Constellation. LR constellation based tracker - - - -
- **MixedReality/MicrophoneDisabled** @@ -483,14 +407,6 @@ The following list shows the supported values: Footnotes: -- 1 - Available in Windows 10, version 1607. -- 2 - Available in Windows 10, version 1703. -- 3 - Available in Windows 10, version 1709. -- 4 - Available in Windows 10, version 1803. -- 5 - Available in Windows 10, version 1809. -- 6 - Available in Windows 10, version 1903. -- 7 - Available in Windows 10, version 1909. -- 8 - Available in Windows 10, version 2004. - 9 - Available in Windows 10, version 2010. diff --git a/windows/client-management/mdm/policy-csps-supported-by-hololens2.md b/windows/client-management/mdm/policy-csps-supported-by-hololens2.md index 4b8afaf626..b877a6a8aa 100644 --- a/windows/client-management/mdm/policy-csps-supported-by-hololens2.md +++ b/windows/client-management/mdm/policy-csps-supported-by-hololens2.md @@ -53,9 +53,14 @@ ms.date: 05/11/2020 - [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) - [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) - [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) -- [MixedReality/HeadTrackingMode](./policy-csp-mixedreality.md#mixedreality-headtrackingmode) - [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) - [MixedReality/VolumeButtonDisabled](./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) +- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery) +- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin) +- [Power/EnergySaverBatteryThresholdOnBattery](./policy-csp-power.md#power-energysaverbatterythresholdonbattery) +- [Power/EnergySaverBatteryThresholdPluggedIn](./policy-csp-power.md#power-energysaverbatterythresholdpluggedin) +- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery) +- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin) - [Privacy/AllowInputPersonalization](policy-csp-privacy.md#privacy-allowinputpersonalization) - [Privacy/LetAppsAccessAccountInfo](policy-csp-privacy.md#privacy-letappsaccessaccountinfo) - [Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forceallowtheseapps) @@ -79,6 +84,8 @@ ms.date: 05/11/2020 - [Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-forcedenytheseapps) 8 - [Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-userincontroloftheseapps) 8 - [Search/AllowSearchToUseLocation](policy-csp-search.md#search-allowsearchtouselocation) +- [Security/AllowAddProvisioningPackage](policy-csp-security.md#security-allowaddprovisioningpackage) +- [Security/AllowRemoveProvisioningPackage](policy-csp-security.md#security-allowremoveprovisioningpackage) - [Security/RequireDeviceEncryption](policy-csp-security.md#security-requiredeviceencryption) - [Settings/AllowDateTime](policy-csp-settings.md#settings-allowdatetime) - [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn) @@ -87,6 +94,10 @@ ms.date: 05/11/2020 - [System/AllowLocation](policy-csp-system.md#system-allowlocation) - [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard) - [System/AllowTelemetry](policy-csp-system.md#system-allowtelemetry) +- [TimeLanguageSettings/ConfigureTimeZone](./policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone) +- [Update/ActiveHoursEnd](#update-activehoursend) +- [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange) +- [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart) - [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate) - [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice) - [Update/BranchReadinessLevel](policy-csp-update.md#update-branchreadinesslevel) @@ -97,6 +108,7 @@ ms.date: 05/11/2020 - [Update/PauseQualityUpdates](policy-csp-update.md#update-pausequalityupdates) - [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday) - [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime) +- [Update/SetDisablePauseUXAccess](policy-csp-update.md#update-setdisablepauseuxaccess) - [Update/UpdateServiceUrl](policy-csp-update.md#update-updateserviceurl) - [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration) - [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi) 8 From dcbeadfeada3227c4d52dd24ad616f2ed1b5247c Mon Sep 17 00:00:00 2001 From: Gary Moore
-
-
- - UDP Inspection - - Network Protection on Server 2019 - - IP Address exclusions for Network Protection -- Improved visibility into TPM measurements -- Improved Office VBA module scanning - -### Known Issues -No known issues -
-
September-2020 (Platform: 4.18.2009.x | Engine: 1.1.17500.4)
- - Security intelligence update version: **1.323.2254.0** - Released: **October 6, 2020** - Platform: **4.18.2009.x** - Engine: **1.1.17500.4** - Support phase: **Security and Critical Updates** - -### What's new - -- Admin permissions are required to restore files in quarantine -- XML formatted events are now supported -- CSP support for ignoring exclusion merge -- New management interfaces for:- - UDP Inspection - - Network Protection on Server 2019 - - IP Address exclusions for Network Protection -- Improved visibility into TPM measurements -- Improved Office VBA module scanning - -### Known Issues -No known issues -
-
-
Date: Wed, 7 Oct 2020 15:29:34 -0700
Subject: [PATCH 32/65] new procedure for drivers
---
windows/deployment/upgrade/quick-fixes.md | 61 ++++++++++++++++++++++-
1 file changed, 60 insertions(+), 1 deletion(-)
diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md
index fa2817f19b..c4a602aacd 100644
--- a/windows/deployment/upgrade/quick-fixes.md
+++ b/windows/deployment/upgrade/quick-fixes.md
@@ -38,6 +38,7 @@ The Microsoft Virtual Agent provided by [Microsoft Support](https://support.micr
** and press ENTER. See the following example:
+
+ ```
+ C:\Sigcheck>sigcheck64.exe -i c:\windows\system32\DolbyMATEnc.dll
+
+ Sigcheck v2.80 - File version and signature viewer
+ Copyright (C) 2004-2020 Mark Russinovich
+ Sysinternals - www.sysinternals.com
+
+ c:\windows\system32\DolbyMATEnc.dll:
+ Verified: Unsigned
+ Link date: 6:43 PM 9/20/2028
+ Publisher: n/a
+ Company: Microsoft Corporation
+ Description: Dolby MAT Encoder DLL
+ Product: Microsoft« Windows« Operating System
+ Prod version: 10.0.18362.1
+ File version: 10.0.18362.1 (WinBuild.160101.0800)
+ MachineType: 64-bit
+
+ ```
+In addition to unsigned drivers, drivers might be signed with an invalid certificate, requring the driver to be updated or removed so that Windows upgrade can continue.
+
### Update Windows
You should ensure that all important updates are installed before attempting to upgrade. This includes updates to hardware drivers on your computer.
From a979898513556b30d2ff01c437794b1307fc117c Mon Sep 17 00:00:00 2001
From: greg-lindsay
Date: Wed, 7 Oct 2020 15:41:27 -0700
Subject: [PATCH 33/65] typo and add graphic
---
windows/deployment/images/sigverif.png | Bin 0 -> 38498 bytes
windows/deployment/upgrade/quick-fixes.md | 9 ++++++---
2 files changed, 6 insertions(+), 3 deletions(-)
create mode 100644 windows/deployment/images/sigverif.png
diff --git a/windows/deployment/images/sigverif.png b/windows/deployment/images/sigverif.png
new file mode 100644
index 0000000000000000000000000000000000000000..0ed0c2fd0c452ba73af39bdfa1ef0494fee155c8
GIT binary patch
literal 38498
zcmc%xdpy(qA3u(Frj$d8a+*WYkxS(;hpik^$+1G_P$;nwbDB9^m7Hy)oJ~l$9F{Pa
zQ$b$sh*`&HXx^V_z)$R3Vwy+dhD1y
z<6iT*ymu2X?lJB{(miftE1YRy1qqeQ?cuY{D|(2^h|NQhAtp&jBw$r|AR~m<)4bv-
z7O*ks${T#n-yG$ye{kKLbQRsG=dXh!b;J@#|E9tDRvy^HO*4IXSs5U
zbhp|U=~Rt*jm>e5J)7N8YZ`wBHk}x>scF5B>21j|44v#!1f*HhcV9gGD_p|=?ph&#
zgUAp63Fg!J*9A8fH|jJi*7I5!G{m`F)hZ?AqAr!PUprKM34A%-(7CZ~bC$SSu}~7l
zE%|fr@SE>Y_pK_Q!-!m7!SRk=7hk*)1lk=zrehb4gh}vaA<3N;)^z2AjjkS-9b`<3k=H$=MH3B
z1G)k;*RQ>_Yb<+`-T8+`y?>SAovYU~%l#z(+!ECtWnD}6xcz!>34-siA7h;y+X0+v3b
zI&hbIIt%ISm3txhmH#CrLc{bZpEnw{8p59&HQb;?t@{BYS)54L*yu)1RMEy9Yg2s-
zLt!Pr%SSe$CpRR~GKKO1@{OcN!znXOki23&C-{w0l!sn$vC_AcY4Hb6PFL6=E$qBl
zL0I|AZLAFf%V1;0kH6B^%C+ZTTdN%9p8c~r(5bP)dE3>KPKOEmKE^o3I<)yQd=x!j
zb8U>|_4{>?S|*8n_@l54n$8PX
z{<7qe;o&Wif<|4LwX0GakrIzpA
z4(B6lLQ=#l%O?wBuDdH`>Q%@$_WuRnr}gjHr$Q(M=x0sC;a&9_H2U^x|D;AuqkkA;
zr+oJYU0GHfC?EON5F!H^Z=gpT_5SY(=&dKzcNh-BGu}t8n~f9`jPgRtz~znoO8wRP
z$)^5(dwn?{uAUtDJ)z&%&8_`S-28&sNZ5R(Joh2ad1kN@VAeR0W{sb_;2|S&r=VeE
zr>oWzgvE*f?~A@^@Samw9_#=06ZgFs>Bsv%R1A`wX&6!QUH-7cK{#=I*LTs_&o@fp
zg0=sd;xK!AKJS_9>TX_Ga|3f{y$)VIh({7zU6{cNn8jc!C=IM_dJWeeNG!2t|DTKI
z8|XVh>qPzgX+tIE6xlE02)z=)|<=g*x}E=VEH%mQ8-ZhS@!<{{3+fL
zF#jW;zm^}hD$O5voz{qmr+~1*Wi%{G+`HI%r$!XBcrBYh3Smy;P;ewcI+UCLV=1%u#
z+?rPQkDC95{3*UzD15~;YQ=L|=nxI$J-qVRVxpM>3VtR-A)hYjFnSw!M89QhCnw9m
zw3Ox$??16AU~p{z>etPr|HgGufWUb$`@C4|YGP}tY{$IQM$?@Zrn`CRSZ~QQ8IhX>
z9TBQl65gGQ$4ejl7jc6&0ph>%H@$doP^%x?E7wZ_$G0$^wKOiRwhq5XEjHo}s7%@Z
zCrAc(!6lyj+5BHR5fgyxJscYr@6LGQKCSW5tNNti3KJZ?F!-SN(#aqHOCkmMaHVy~
z<4EhWJ)X$S`v2k>67qpDe^wR+wB|d7oDmH3d`vLn{qT%3a|Z=jhLjWshwdomIaxgb
zMb4alH^<>mwCOYxY5n?3hObx{jKRhW`WAV%LPA7bMDk<#L_VkXCK$Up-2f@*kZ?;b
zEu0;9a+jMHGh*gG|CP^8AXTm=WPcNod~v-ve-{`2Y>2Eu-`vbk8l)1(yG)c4gH~bn@Uv#L667F^g}XZjZN6MiUr(os
z{Q(M(2O>SzWX>hiszOSMa<|?Zm)`rJi;&y59BzQJ#Z~E&^D0
zz{_vRKHU6QP&u9D@P8Shfp~b8UFRW#9}&@th9^!+C?DuDGC(wCT7&Ut_X5@$G(S?(
zr=Xz!8wFZ1@)VK$!b>jX%)sfR1YENAF}=_pf1}d!iyF^{CWX#na>acQeR9uo6=^be
z-^p-L?{>+7RQX96jcQtH-M+$fw5LJznXne;#8ITC!5cM$sCTbOmL)FDZ-f|r&XoCK
zyhDc-XrRuW1&o+sHwRS>=B`C)4-L0*cK#`6{yApp)6g#$kXCl3N
zZO9Eg`Qv#{*s+r?!nSe{x-6LmwJ>rfyT+GJTrSI=G$81MD$Mq2RTYz5xEn9umo$MO
zWbMjH7@qFEo=Xc0Xzq(zWH-N8jZ%ooCBNhZBXV)U%aQ+94&T+)BLc9I&-9QgnhN)1
zz|p0JiUu=}vNErHve|uq)~_?a3emKlM9bk;O0eOy@8BpsRsW@-UwVYSj6ihpPoK)V
z@|k~2)0PxBrt1o+=1t$*Z^H6G{Ice0a;oG>QM#(T|Ew3nXIn^1l0&btcwKSiC>7)C4epe6_gd^slGb?Fn(m;
z^3is2)ti?+4z!!e6ORo%l{}6t{zpOeN)DZJxU@v1ZUr@^zMBP)eh>2dxWLvydor@^
zp-&y6;64F8Yln=Ql|HR~4J(6hu$>tz&m0pb4gRIDKOdiN;Cka9mTjs3{_$Be!Wc=E
zhy0Zwr*U!sKOVBVIyF}{emI)@qM@t00-;dQGO@-WlE-mC+-4d5D#}xQCK1hYtk)P=
zXB9_2octpND2Oid_1c4tGW^J1Eo2j{!R+OX+9)`gW?PWXuX?ulE4HfjG61F1~+%o)UqqDJzvnN2xFB+fh7@Pezj682UtM&9PF5K{HY5jyW?(STN
z@AT5D^MoC=3Z15A7`1kVju_|C(Q0zRRS^a0?#nV`xkIh9YiPn@Oav|x0t-j=qVUK{
zgFk7$@Eq?hs2j!HK@lxvj)b?Il6Abz&zUh>Elt<%#qg`I4$J57o~^z3a`|n?811^)
zd=69SR5E5`U~R<4P=U9RY?d4KoTn>F0`m;6GG16SG+R5ExzYxs3|KM0OxV&;K_9#L
zZ!IxbST#UY$Q3ED(X`dq(b;Bls*g|-HviKv1}#n8TVe9+NDpr$_ir+2tAH5Yq
ziHQEk!iXtI%l%gh4Agc1Ya&9O9$EiKcjg;@zWR^q|MdU(|I>q!IpW?)f2?u<%DQy#
zZ)=9zwomJiN0Yu-p!(a3PV6`_@W+5VZF`pe+wZ1`yt4lH%I%Wge+;Jj-$oXHI)L5(
zf4|vWLVbS3%KQ&?KLAx@N}laPj%3fZxy?#6MV%(kPmPVle*SL07|r0$&-K#siJqYw
zYEyu6jOPh!O_JX8HUwS*wKZe@Ife~`E#m{0&_86OOj$a=#{yToSKAuv
z#r#a#XY*x74Vof2n`3Q-1Ys`(e;!0coR1RkWvKSaR+VAas(5K7OQS9NA@V-RT;q@s
zkJ;pWY4S?|CpP39iKv<9Nqdh~D31^>sTvEio}Y_zK@L^3@dauqw^FQEms-W
zl0m4J76Z%?#5%~uy{m+gL*S7J_I$OrnQ_hDSzcBsAB({>MSuw$sDU1RGrutuZ4aF_
zkS@a(us-Xe6frMd+OinK*_0XX_cb!GIaYz~$q{b~`2rtZhuaeesq1^l`b{h`5(k#c
zKM#HvZZ*mMJlqC0*T;;Q|A96(Dz&6qY~`-bRiifiJyDQ2vu(VsO@HHa-c)T+w~%A`
z(W;ZATCv;CH>!%NfZs4GpaG*@)LOCeFlSzMofwWAnnAAPI|y~zRKd_+rr=^EV7SjI
z;$m*DK4!3;p~h(9WILRm^7wIz#abAS^zmEd=T-*f-H1~C0yIMs;o+i;e2E$7g{ABk
zHRYW{b>(&S_vw
zxe($)JbA8oiz;&&m93pTjgepI=8@J_V$@d*)D9rd&;mrrCvpdcBJY&~{hfn)&(pVM
zpi9o7!2Qs)#V;@eHBUn0LZp*3-};6Nrw#febpMwQt?R7HA&prydjLpiP4CysGOuFa
zQO}%O*J8F1%JEoTa=4HFnf%0KljREmgkRzCjR(AR*`p+bFc3p9uc~_-AV`n=Z~j7}
zaK4in0ELh7V%+l#QLR5SVx!lrsVysqP(gj8Oh(e!gfpeosW
z%IW{~{D?SX#_;>A0$zJrepHW7(p%F+hcaFE{Z92Ct0JN6JE6S0EjsDsciNlhT#I0_
z&>_816^#3WZV7(%BkO59;khfSn)_8hvZ5RI_vu^#U;vCeGt44y62{w4?8;)3fZcWZ
z%9rn{+3<1Uv|v;vG*f{y-mLvDf&ioIE*N0YiH94O@4TnIKQeGUDS^zKmBhs>lYgV18Sh@dQ$KH|AQM65Unlr
zDTM_b`Ga0734RJfZ(bG9>;GbBb#NvZ;u_`7&||=@4A8wWv>ra54(AZ@dz5dV`szjf
zMZX_XMa~U%N&gqOA~t9;A`LGF$S{1v{yn2gHo&F($!93XcB|BKx=F4dAb`%ssJpK7
zms-~f-Y#6){LXL~$X~lisRAxINb{h1|7I1t|NEi*wDa_lQee|&0F%vDZf^?FN1Z3j
z8-fu;`?o=a8}x>sbq0k5%6r1$dvj?n^g(xsL4G&cKXDQc9yc6FWC*oo%W5U-q1R){
zw%!4t@7bKxg5Now*ZP2Bm54vGnPt8CEjelj8lGg`^`2Ss^_~JKd^|rb7P<%{aq%wr
zaeqy6Jc-v0gkZ6=zUC(|FW)v1&cmdMZ3~R1P%)pX
z^DcCSl_RgIWQT}ud=XWrIO;xc3&h#H)+Bil-X?1Ped{iPhIR4+=B3v*Ib(KGfS6A+
zZGKMnQ*mdm14v;OEmM>Q#En>Pd`ZL!ju;S(&#B)WA(x9a*P!b7FmK^L0cd6Ph&SXn
zi`R+qgYtRypw(sg4DG3Ku0&BX3^EeVJT1z0c#qKhZXOG)if>*33q}Tt1xXvS&-9
zos#QbOYA`M@#Du%-O@LL9dH@XwHi~XIz(qz|*=kKaKvPK&^6FGn(5Gx_5i?8}a6L8cxt0x;IR%)9beE%kWXj8Tth9-t<+d
zO(}RES+X!A)F8vSAaXxBoZloRSW}9=%BFG@e|~cW!h3d<+uY*!B{n9Kr2*O%E(fD>
z{fZ$Qg$M2cWSpl#6U)c>!JIY~XEG&{8cb-<3gSR5K|+TBuQz+G`IeYLx`h#hF{!r%
z%wsTdY`p@*dIZMU(6e?l9}%%p!Q%JU{`cFso^pE4pN5WR%EWCAQilsj!Z*^mG1~2(9pUW-E}h)
z$ryCd3U2yX&SdS?)d_CY(jG>8vgS#zv{*I@+-aUYPfYocS5A*t_cEvd_`=D
z>FVCppbn&mI@3vpRY0~}&-eF>kLdtAfRmH`lZ_W)>pyz|rDm9?OZG;*vDM}3TpH0z
zdQWOb9^Xbc+(|8el#Q9B;`W)LOdrsfwMyuLAE%%->qo4bB0n_+Pxk1Uk=dP`=)b_6
zP(Zt%rGcL7Ke*}lKGZDE$KMMmdKcycqOQ~73jJd;I)CE%-F1Seafh~Q98pmnylH(k
zs@f{5i@xSX_`rR?CriI(t_%hq1I`CAFn1NE&QvW2M#xj{!jcEj@G)5M&hK+UrS>0YmGZylrFtaUUgr%8H$rL@)btVg
zV)L22N$)B#jY~|}w8CTU(C2N5J{6eLbYcZ!Zdfh<=^=MxP(-L9Hd00e=@Q%2@s_&6
z=qC|==2w;=oO$`tfb|ATgI3ZU{huZB;Dpxul`b-atFM}rVdc|9ua}S;w*Tf3ZB=8j^kb~gaE&fm
z_>|)`gjbe_u^^GPW?$#t<_zG7213u0gJOZWsp{pR>%axQ+1whkk3l`8Q>Zq9JOc-_
z8wduivW)$?dgSd0)VZ8@FicaK-cB>S8>_Z|Y
zY*9LRy(<8y0ZJNuI1+q^tkruGntz+q&_NoB5S9Aw{?eZ>{w|DI@Fx6r}?*`bROH_S{%d12eP9H*j>LvRnr$39+(aEh_
zb6^3wodwm7)UbO?h>R?2By*vKjnSs>FdxjKoF;ySzvi^pjUncO1ZpM_s)MaU%PN~U
z%CDIX-EI^G@cmOu*#6W**6ETH
z10jOe+sLAm@kF4pIPgkzqEUp9b?M20=qB~8QH{ziiP*=i*S$NiDb->u>WqfnTcDo;
z)h@MsRAPOK`M4({G}M*cGkUU|aVeOa?MIy&jgvB3i*zz0G@do{vTPhFu7b*esCy02
zI=}QhkSl~tfaAXt7t{tgi|EE4?XJ45=rQ+x^{IVK$sPRlkf+MABNoM;K|Ya4A0+g
z=UN2v>Km6`GiD=j>cZ~^*D%V|jpDoM9u%HlOTQy^r}D<7rR+&|3t#SY
zm{KQG3XLVrkk7ODU#4jIfH|OyLJsUcb(0oJ2%_Unh2g;8$Q5-`-dJ0`dl>z}V!7=8
zAy-&a)cTc}@+*1b1M$nbW?NgJecvY?ee}pQ0$ifFK0<#H-
z`_!?mn@U3^j9m6_@q4rMVD37EX#f^UsJDrws8R9iV^R>P!e3vA=l2Cgp7B)hBRow8
zqFSiuiHJ5bo8tDy^>`kg3>}56_qhMab|su|mhzlpI_I!+8J2%;yL@=9pmjY8w2{o`
z@k3YhsXTyK)J_wG8YnCO%7WTv@Qk^>TU8g%!1Lw$XxPT%VGSH$entG_=)17?-2QAm
zYyxDW4(XlOx>+CDwDgQWiHFE_ID%3(2S5qUya?l5*eC~#!m-v;0THVdK8MeqFX3;B
z0XFA3yW^v{`TV6Z4L-wFebg^s^44Dg;5rLk#cpV};&^(}FEoAGmwhsR?I)+t>I4
z54vHIb;-sre9m`0dM4Pvxu4y#towIm3HfzBS@O1=%cy^>y<*9`u
z3`fr?pFFT&y=WjnX@YjKphZ~;1AgUp>bdH-l88=M6CbndxZ&8J#T%|foIwnhQ=@CN
z59TYE11sN<+Z~rrcMLo_F#Y5K(2t&5drLu!ZiGvPG9~MKo;Le_MbS6
zF|XxsR?NW<;^<-C72&it<>d`T-}09FliTd0k(#U0)O1oNlw{Q~AsDvHU50
zu~F_yy+VtMM8JVEm*!E>Ny~l9H$!3?G;VuLY3je1&oE7GX&616v}pCWil6qxpWqHs0mfU@;^K8d+gPKl|pO{5dH58eCfhg~SaF6W<1KQ_HtW~y!`
zUsLL%#s%iP_nub9ocdVSd=PrYmvAc{xsWneO(;axVSDpD!oKvbvFr*q`QUJdPHS;E
zJ*1^be^Ao9VBh6AdT_Jz9cbh|D0RwV$kgySn0R6!14R9uplu9?QR7N?mr?F=n0vFJ
z2~;674bzje!w6f8@VgD0Q<%YH8XXeF7u~E&F~Y&6#?RLYwaXT@H)J(SBjU>I)w&ER5KUINCvX6ks%
zbu;kPB{%o$Y~@;(TIaG>zWPAF`z7@e
zbbz3STt}IaJINHkx;T(`4E`pXGeUo`unOV1Rf2rUZxA!rT&3*HZj?|qxYI}wx0gp9DaWaItsu`$+Uw8{ZBY~7I_7gIPrXHx6d+@hvwjlrDHm!>IYtQx>lTW3
zG|4t{F13BWZhp6Gbm6qJ+K%kv3ZyI7aKQOhvQB@<9->hh`{r}(t}c3~;~I6A>+qqE
zmKTrNH@nQ{-wdC}|1GmV(^7ChjLJb54btj|r_@`gW^xZNS9kJvok5dn^wLr8`AxCz
zz9t^0!;~=xs`6LM6<_o(uy&Q86o?jB`q!P$8-h!R)tx^OKd3#SyQu!00j}6fteqQ=ExqtCxL?Ms~r)Qb*2opK4X=J0}{S
z>^Py+Q(1LcVmM_=m8h5;D=DVg5!f^U2bl+&Ok`V^$a^=V1Ud%Vu^zzRF-?d{eP|?%
zlMt}PgIW-5^hBheDJSB1z(YDB^@nOZ8W2#*4(^5e9`Dc;{pd^@z+SoU4Fwl={xhXm
zr2unr_o6p^nXDd;m8{oHwSVdEr?VZU-JvO@)d}~x^5_usN)<<`QR=Mc4kvE+0w8Kt
zAs-bvJkw_y)`QPwZ9b_FPsyN>q8%}@jhN^Z*=I%(ri+FHPaRayujZ~n0Z(Qld=TJW
zxXD^Dz39N>oL1Izgbi4A%&~dtEB8;IDW?7UH@*3s>Q+_R>GWxn9u-Y2xxLYuD6e(K?REQ-c!hH4NThPgh-o6r+U!HJR
zBHTIIry!K7uKD-8Z}M)7*L{}nDsbYo0qxY4@FbNI_vVof6K`_gPz(nWDK+7g5mHd|
z&`h7+vK~u^fKCidxci?rk_RWnArkCq0^1}a$ofvI=(1w(<4*4ZEq|nDtx}7G5>_E-
zc>UDSkd%oNEH4>i(S6A`Rpc%qqP8x7=w)V+gM4)G>6q*F1_1=cugZ0CN?kbh#9HNZ
z`W+xESlOuCgjT`_-#XKWDlyaE15PI0_flQz8qbsrqh9A?D@CvC4>ZMYZ7bleZsoyh
zLHqUh%%X&v%M#zUMHdFAai#;=%_kPU`xr$Uw4y6yCmHqvmOab35RYsUX4>2|aa8)}
zsR`7@M0@CP&(T7%(ci|epe=Q#cA6~`7O&1`|IFSW@-4GN&jrRKC09Dd!3ZHAE$hP{
z{duO>R)uc$m0PTM?i5^li5g*NVheGZ)J|5?2%r=q&62p{bV2iWXeusE*StMf#=Y`x
zh5NZYkH*Wwm49`y6~vw5%k#V@w0G+DdwG)=sGe@4rcV)IGut1EIIA*Ge>LK3#+Ov#|C
z%Si}*&J9qzE-Cx9WAv?Ojzt4zN!roDDwaN}x0WE1ig=rnCpoX-hbiG1qpHMHU#L?4
zgTNu3$Ag+L9cBGYBB4#GA(_oAW?ZW5@u4ZLrWLkE%NO~rO`8ePtz--9j%D72AUaJY
zyR`PM1W){h4iJZw*F5mKw9Af?GAvm{3ZRlS+e_I_X_GPt1XNA$2v_}+YPWK=QX?Ar
zZa?msI0D3hG_XK#ifGV5
zZ>sUuPSLP}q~QF*P=V;1JnxrOs@TWNH~m*~u|;;Y6Xfzzx5Slm+*L(VB1K2>J=LzZ
zwfXc&VbSwkw_Y8^I`z*_9n9Ms5~}I9k|4<(mC-^GEd9(ri8V~ShnvK`{Q(2oNqmJ({Iq9zYC(?havp@S;AYv(SO$i3ES$8}t-
zQmWHbWvY@oJqv@6Fg_(krv23R#dSgrxwsK-v$IOas&TxaZRw2IGCx7FVaG|TE#Fpj
z2NXw#s%g0tSdxG8)4z&bJC5Jqd)b*)GD7e40xx1+223CeL!=O8a`caNoO3Ze4wQZm
zF5_qO`ewCO-GRNnJ}j|?xE99#3ZLf{5uI=Ai-M>%I<(Rgc@Vn*8`$7TCaWS+=UV*48+85{nxu0)SPPL;&
zu97y6v}(|mK9o`0b?a}4`bbmH^cg2LnN=YLoA
zD1GijE@(?VoV^@-9a@Xs++!@yX?pd9!gaX;n=Z0DW`}n}(~X|jTsU2qEQ5kXy!1rD
zrS(K~+UvgrCNnfAd@5B*%4IhwDgrJh2X=SZT_1<6Yk}KKflmi)f2Z>L--1-05j+0R
znZ%yU`~4NzN<_4|&!NeKO6}!w{#Se_URMTG*esR-a4C~YQ<}v3Bkil+`!C*M`)ak@
z7w&r`AF|*>>ob$=+OMe)4Rn(MC@(fT95{wWUh;+N3-;YKlZncCzN}8zwMg!e!N1Hs
zCP=En`tXKT(Qmn?ddG(FkO*)3#tFicFBNo0!vM5ZU%L*|0D8eu);0%5js5AZzN{4n
zd8WG9yy)Zd*(jKPXQrUc@
zdrj()t9PG?<9ZoVf2;HVL!q^FvBMtimtL9L9&i0}VE?CK3J?8YU{&`u)>Kw(q4%8p
zr(wK-(F2%?%aBCKRjoE;O^15-sgK69G-tG7!X3x`x3LejPGWpex}HmvCN1&rLka=P
z*t*J3vYPa3o0*ZUrHpS);tx07q_^rMXsb?sFYrB=EZpVe(;adfndc=un<;i1Tm2&T
zn3#k+)vU2vic#7pj5CE4PT961$<>_)^uJy7(B>%Br<+wKmv3`NCq5d`(%kd(N=bOi
zXCVH8yWF>#ac`XEgwdOvBW8gyLk2E0_rEda;=dPH`MfgXaT@**SWkfUqE4jShJyE%
zNA2RjY_MlNHMeKU2T)N>asFxdGk#sgy2~vxle2v&
z@%-Vr3U&a%#zc$!&vk@v(kF4le3Kz=@!9eBgwGo{)5hVCE$d+un_>u8@><{BSjY8)
zB@j@k*l!l4Z5e{M#%J9i#d;n?yN)`vBnEsbJ5usK#RCH!9Zr3Hn+;5OI}_S|p-L;e
zKKF~CxckYHgU&NI3wH`vU&ajjr+LU5yGUGJ9+p#jYpe3^hj$-xWO`bxn*8jTm5qlM
zUU8Q_rBBSZbufM7qA={TH$y#e>1_5Dyc2ct(w0UD{aO8|$sb;g{g;@YWiETM^qWtN
z-x^mOkJ*o6YTjQYT=1}mI>k{OX6o~%Z|ZFOm7M*cB+g(+3GZA1o23c7!6itZ;hlO67Y1a@`$e&=ds=)FDRz<`yPI*Jt!FtL0MkZk?w0FiMc&FM#Yls{<
z(|7I9sS2IFg2MSzVJ784oS!t~Vh5I+LLnhrI!hC3OkTQnV}{}^Qf>%r-re5#6z!9j
zEsvPsme^+%{E32N(AxNWIJ2_ll}r{+wLgL0?6>$3cj{}UYGLQEuNZj7aA%f7NrP$X
z1LuNCIFk=ZdUZPN?<<(Z|>uJ;D`8`y*e_T1%
z)aC5uDC9M0teo_akAl({&vMAMbS5Lf!)lqG;#I&aZy(D5D<0hgXW&pWbDdWtc>uZv^rXe>?JnF>8EN~}D!G$bcgy@s=m7>=|`T+e;e+MNTO>h?E<>>UV3OBbe81b`Ow#|;N8PdveAN5QE!Y3
z>%d)swf#N{Xt5ti&AHzi$=NOl^~T>+V`kz0tG?s86hqP0G3z05XL(}+F-It?gy3XPG;0VjP-=gkRqLCa=2@v6D#{B9Vn595bZ3SWhwr2#odgQ5r@mm!g(}5pNtj+P*
zf2-Se0l&Y6lq!8vB~}8MFZ}e05=xCJZp5;ULUp=QV;RP$YcenZHs+IqDxs>yc`^0)!M<9a$`
z)Y~|-4&y-JYMaGlQBfSRMTOr6Sg=d#Dsjj=m2#}_y=-2<@(NNZMzSP0d7p_k{sFxy
zt<_9#=u}7CDg4#klH38~M=Dd*(_;RZvlrtG!NUHvb*jsKQhjo66NY5G#hoI%g_V@@
z2H~eERCRKZAT2~c+G!%?rpzHly}i|m!I--5_@#8Qe>G)F(1NFqDR?JSrHoki)-mT(Gfs>7MgTv&RkYG5o@x9kgc9IGWVU<
z`7(Dwe62_8RK4O*DmgNJd|10Ix#dG%58MxAZXt{r7(q
z{5h*&j&n8VA_s8sjD(iOtF*roJMF4{H9HiWOP9Ivl?ER5@v!74oo8oaw2vL389PmW
zJJL>~DU#yiZvhJbVdj0`eS7>bDfr!6vhD(@8&dtIUByg!fTAI5;~%x6hG0k1w64F}
z>XMhioV7~3RrNnfAF`G7J^BMu#xd@mdUT^W7-G;~v8^sS(^^w~EoGAA3y&B7d8|Le
zeh4;Q-!M3*$-mr2<;Zkaa*PY@&pA`hCImWOx6Nf!32QH}7`w1FJU?bmh3|h(@h&1v
z>Ub}T9sB2qSRVxxmEf2`i4zFtmWaFjZg#}9+U+Rf!*N5wcahU@A7k$#UlmWdAKn4^
ziR1B71jMYm$xH0$U?Yb{_FRgQhsZj1^70K&Kd7k2y;Up7VveA{=XeGrwF!
zi?y{OV&r>p-}2!u{Q<%E1zM&_qCaB9_3Oaf)_VO@`PAv6WMM(u1pmcwNGxRl2WE~e
zPFwjGjhHy@y78J6@NFfN0wi~sXlq>t(~nse4s(^-oD=NFE8^b9+$mQ?0F)_(ac8}i
za8mf{6gOv;W4c4|k{|Tz)x8q&$gpI2UV+KKNoTMn<~zaLZ(}KjiX}0bD??hwe(tfU_83N1)oIH7ymJg
zY{A~}O^%=cDs?p(J9kA$+#y*Nm!1|Z%NVbKNffab%w6wP^|J09=uU3zD<2*v1FlW{
zk+)uBfxJ~4kN7b&Kg0dh9Px^ug7z=UN<7JBy8zA!5+E3TT&Uo4CS9wx5-oKAo#^=HH_8+f4#iM@{0C`u)w#4ly*b+R@kvp>QX6U-SKs_gEy|
z06cG$3z0zkF*}*Jd>__RbW-}Kfkd6h$mxk-M&i=t0RuN5KeunWpY=@i+TUM2S2$&e
z1r13x-ht?wKT4m#8RFmXl;=qqcQh0Kgnw?QApBk&>+82xz80{P#iBl$>aRms^6e6JJXT)9-r$
z(slZItBjai&gY}H22494aat)mbNBnMn#90~FxTi?#~l}Cn#H>E#xFxWupO#hj%pI_
z)B1fRAXP#9uKc376R|#6R@T(9NVpVxrrPi2bWDqElyyQ_Cd
ztvi%+^5~^~So*u0Rz|&ls!~pj0F$@ImHM6PgOG1Y;Uiw8YPq~inGp{ULgW789&}gJ
zo59}GbMsE@DLhbS3U*shN7X_`@MorgmkvEhCE2_&4KT#iVkg&;TG0+%g^Y`~hJ_eq
zMzwh`@qkT-(Gz=`MT}w036um)+`U}Zu9kbt5!xqlZHgyy&|Q-^Z*(RNkl-shvEfnZBFiwj`l6{M4kr1$Fgb=Kp^EvSJ+X
z{3=5^Lfkmz>9F6y17kiC0Z?9ppW|*|VPZg{a^(X`rEL1s&MLRK1;xHNDv>E8EB;fi
zF7Fpjwe4VRi|{FL$7V&_e`s;1Dv=5Q#8+NDJuc=YEAffDCZ>FiP_zhE9|HQ`fo2Lv
zwZt82K*m`fdWgHfK1lnOF1B@WOFZCrSLKQqoTZbW*&e5Hg?FZxV?XF*WbT)L6ag=+TSC^f>ghWTT(thD}CR7znaJAS&5An_fce`
zt^|-a)rm^pATE5E4(W-=Qei6CXt*oXsR#H(#vkDv2`BR(pe7qt60Yo=i2eU)@#5yJ
z8&4Qlup_>yHeH<1Sw!b_sN}CJH@QouE=Q($Vsva)vZX2yc$w;tEB0s=zG)vKoM9_{
z(Gt2X>XaFzb9?vsiSt)6W@+~sA&)I3*pAUnT!)I?z{^e~Iy|$#2peRHI-Bp_ldM~7
znyX^JF791MI}6xq=9yb5(5OG4+$d50pgvdJy~cr_+X?N4AjF}<)l;_MLg7lR5_X6P
zKSUL$m9hLWBf_b^`n^2u*fG0(84hV4DMP6mL4x;+eKW-)9x`x-nG5V}m_;HQpPiZ*
zROnh*N!k5lkp%FbtfuRYi=a^u6n*-CY)SgAuG(lIg=TX>Br+3(~`#4DBq>D6>P
z&Rqef%nh6FKEjQtz=P0SnY4>$`X+ky_tZm5>sRLm(+qzgw&TFZj@Vn=M`4SxgU5}0
zV7E?Dn-HsSE3$BET?XUR)x-Vn5f+&4!9K7bY8}vp4`5-0My)W?0;TvUTDK3j?W8(0
zW#)F_rIDBEE!P470OfZ3-7+SlMN1YhiZwo!<7#Cq-I8S5Nt`3R;ov0eQjWYkXb)6
zb>^Foy(3?(h@PQ8uwWeD6#KrKQ}DX6P3fJ6(m{wtB`zUHa`LO
zqvJT_r>qjPhydmN`U7#)n2F0tE5`^_9TS%u5P_;o7^7h~tFe)@x=_Fl!AtWa?m)MP
zeHfqJ2P+$i>T#!PpLLeUAuqr$2in{!GbQZClC-)k*X|7joyq>*5hi%+jWLs)Y0~Tn
zbv2)?pG`r(oO|YlVc8JkyQ!uNr&!>e|afI|YP>2H`k6qw8b%bvxvoH(&7%f9SQ%cw=2laVv
zvGwhB)}RC87;96ZRhy8-d9e~gVrx-bP>c+y68f;@f
zaLyRn7b8gq4QX9VMt)|>Ml$wz1d1GPdtj`mbq(-t+6I5ip@>kpy|1>^y|RVC0nNY$
z7W|WkT`yNWgXi>Nc1BeESY$ZdqjVT$-x#J8q-zP3`NV(<^J#>pT^GP^@@e<3S0cSa
z@~9x1aW`nz*g%wcyQ+7p7cjua`Je|om}hRMzz9_bK7H!|FXav*T&s=(n(TB$HaB77
zw8h+KORF@Bs|r}E`<5NiTt5SI9{eVY#{jst-O;TFqg_-!*>8IO^db-C^Tj(t#g^AM
zx*0aqd=;0RDq0V;9~fqp=b*ub@DDvIjG9{hw1yoeCz9Ra$iM?u8#Ok-)~c?ms?%CQ
zBd7qL8kIb;wzZSmJZZcuM4(81U&_vi*)oBCV#)^;KWeFZ`AWcQq3yDn(ti>5OTkyV8RmfA=sGmtsa=|ZVjYR-gZk^*~g3j2}Z=(^p
zvWtV@n+&0ep3u2SUXGR-@nZ)t7OKDC5D*Cqch4IkbEmn2Q+aAsbE`(uXPh)$4{_Em
zg8-kZySg^%;6m#OE5|!y;F#8MD$+DK6e-1{!CqvaXC;2w%^=YyikzZ=YHPZ`-?2Lu
z>+TKOeB3@3d#H~%-ZY3=JOe!JmP9{6QzbaRianw%?^Ce1mUS_w6n*D-*YWI9$0%{;
zksGhI15(V15Lx$g(m+5BTw8Felw`FgwZ5T>DV66Q3_6fcubzyVKA1}}YD{jUNWpq7
zE6uf81=KN3fD|scyg6GM;J8U7`UQjL^|d`;?39jaI^W)Z?LR^#RYCr9pPO!AVy94K+Z8lMFP*Gg
zL-l6r`C(dvkUMACt?OYA^Jvp`5^sXeOIJYh>jj~ALDgaZ8-3|-!^a$VHCzqs4w{V>
zH4TUjUsC!YVOV18hivH}{{ude<-h7GQNiWRYE;NxHTs1Z2Q$e<(K@=)
zH|_N3Z2bY1$(`OA$ztUrVpg9)wb$R+G_IzUPjj_B-w;RjIGKQuxuyKaH7}y(5jHmG
zbJeB*QPT>BLfS55)*U7cb?*(*kL-6P;ZY#+#`yMmtC{|YMqX3`I=C_srs3h`06lpF
zO9(B$+`}M4ZX3EHSYkK5HPi1BV<_uAzY7&sfVD1i^bF99Jo!716_uAiRKmMauY?`Q)U9
z#StVa@(?%R*#=ba^+Ozg9UEy>A&%s&0V+d6;+d|26}|C;9t4*0%oplju^y~yu%Id0TV
z#u%${uucKAav)HFbedImp5c6A08iItw}1pEZV7^~!U{LC5=BUrL`tF)e>}nh4fw65
zTE}!v96tk@*Er!j#wlF&_N#AhJue~@{|L@gk#-x2m*HI&J*;(QGQnWV=kQnY-Xl4C
z@6L@UVS7%pEglpF8^p$YB~5~66thcfw2bcrDRdNyx&v9TKm)D=8G0rx>I;hIoUKpd
zjNGg3cC71|X6k9rT6a5gjpO~hg`NqdbWAgjNs1l3CK@B(v{*2?+#h?-oz^x`4Y;t#
za7H7RGavTW`}vQ^0zOn?3E+hS#FE@YC;9?Abbd_zU+PSA^OY4|Rjk)SopTWj4l#Az
z4atU6)glOD#=8ZyUJdo1H)sK649voswX2#z{Ci_i60U+>rJ`EkB&Ok41GtZ%osX>yNk#^F8bDdHTl|I?X3qGPG@TP4?&
zdUof2d_OTf+Rww_n#WgG@n;vA?s#0Ria1z1HGA1NViGvVn*pHtg}8X^;PS
z?i;yfQkD+FeHvASX9W7H5I&RhUOF|gk=P@ivi(qnsR3__$A1fDU6Xv<_tCr-CWM6&fmIVJ23};!EI)=M)a82
ze3{8gYTW2`G#XZq44?NX+X1S6KY&reyk`tgkw~&(eBD_Fw@GGG_w~Ibjrnw@ytnp259-Yoq4m0O9&UX;EUGSLkoT-sw;P)K
zg+H2IIQO|FY-BmF;VU-A8P*}^@j|10ieqjn$^ryK~@xLn5vA^AohZQ7*
zNN~H&jkT+pv^`z=%s
z6FVK_{*>2mde&OzizzepRmbL`^!XT9UMShH$5y2dCKmR|va1Z?!?hKiiykNn@oM|w
z7pUPFOVZ5!DQ&GziLqb7(=j=|j2-eM9NQr+K}(H#RRT$w?^X}}tC^tKao{xwo2Z0f
zg6yyTEtj7`%x=b{`;(J&0@5wg&;KMf{IeA1TRvA``R0R&V$%2ch$|H=F#v^uZJ2?T
z9_U5t7#0aD5Mi8$%PP7s@4!rZ)EVt
zhj+Q|-45O8+tw2uEYNiIqe6MZ?u8^IQDY9#Tv>i6bJ|USs+^>Px!lHM3Xg^q@_JYB
z)t>P8bPeRsUMZ+L>UD$|>-G4$&RJ=e7Ti;`fcW1pA<`N5ui5Q*`?4-3hE$nEU4Evw
zXG_;uNvfWR2G`k9AbK{~#4FfjsPG16?04@pRer1J^w44-Mhgd6eQM~G#OrN`AkHPr
zn$y&6)KN*VL*ubP1NF#QjkD-d4A`Ng@O?1n{%^%opS00dahEqHgi})L6KP_~`X7qy
z>e4V~$vOG>Vycr#Q#fiv=-tGlaHr?0YcBf_c_5#>5oFNdgq&HuMBNO`?%z8}7CD2c
z(-*|O9rv^qA!o{Vi4)|WO8B;^{ir5}LbHTO0dupxoDxk~l$ab4-~tQRF%Cx7O+G}d
z<0JDXB>~QysGI-lKc1_fp+2}b{|qJJ%}LD0+x66+dxMX}9kWQS&?`TIq?*Z{;c4kH
zsG848Vbn=#+NDpGz05k;1NrAkJhWtr9;zN
zk)^#71NE9t;{wAuy>91{A9W_l>JYfqx?vAAy!g1P#HhRX51P;CpRVq_FkS1FKvC(k
z5I-AyestQ*4KP5JiY7BiXEb3D#Sw2|UrpX`Jqq&fDLo2zbf
zwI5)~viZTC%-caPcdb=NdZfz;%e8jd(*r4TD|5IHri3&VuCv!7+-rcF`TXN>L|Ia{
zJ^A987x8(F>J4HSdq_J>joco*aLjk|5~*0Ze_!lIn@{&HbgW~rf`yWX9;5PrrEM7Y
zg5K>LWRfgD;+-vd@}4|+!yW_EgC}qmJMJqCv1F3uz>oP(YRl@lUD+^WV0g)}SgGhH
z;Q)#DkY5S~n+6sR7O*qwPhIIi2?`STD-J$BFkZDAo!&z@JRw7IG)c6SN@R+tFpt|+
zTak|Bj78>wP!kSU5nuNw4xhoYkN*xy!DQ`rw4r-t;>w;G#%0a9RP-)7A!5;(rNl|n
ze$G4W29b~RN;b&WkE=KailUovcz;lMerZ-1gi)JUmkQf$cXY#_<8br&
zc4@^btX#V?JiKKacv`jF!x$uKbbsh+zekA*8-Q1n?-0O~PBlqnwlh`lqZ?099X{hK
zR+Sln1l#KP
z=^s0j*e^j;;3#o;TJ%Y}=#GKK<8R%>KdU*~fN#*yqJ#})k7+JJf(njKb@P=)Te#_d{j;Wis0}k4Q}(t&|52Do#+Ag>^Blf97LyH%c>Z%!rn!^P
zk80NiIkJ=TitEE`Ce5w=Y(U(u>LVz0J30)1^K0EhcA74-=K9YSPXIOHL9DCh<@z%<
zu`#6blfBroKjcW8Na-5uvrqB{e#WsSf4#MsQj`y*vtnNy-UrI~bIxygMyPA2HK?ytvxUbivAePt?OP
z4aYMH;cZjZ+_M-1AJG{0LFTvsYp&mTk&o@rer`yWWIAMw^yW+m@ofZJ8|v@RGDNQ9
zo(lSZ{?G~BOznhSP(%KaqkL`gKa-#@pxahlqO$hl?;G_#TKYv-{qyse<@jY~wbFKw
zcR1_>{Ogy`P>DcTe(rDu5Uo!J~v!Wr4jUEac
zv$0DBVSI4U>d!EIm`W96jYx7EX?c|D1nCN9FATA}#<4n3${8!>bgq@mFL1a`Xffpn
zKNf??Qv$l;;m_=!G&Hc!l0ZXS|}-uPKxZ9uI)j(^AJ^7x3K2$$RlY<~hh^Z;8rH~f-U96A(&uKU_5
zQ*c;v%~erl@v(Axz~@s>{g3N-95VO-e8~n9P8>CdXRYV
z@xynBWb91_!m{m6m~AGmF|%hDx~y%SA<3X5OTulbeerIoo`Vr!f|GAok`4_(
z14vtJ&o112m=9G8nRrbMGY($$M@O|xY_Pv7w40x|`wMpKbgxUz{1s?YGj*c;h0K`!
z_3flq(01L(ex?v6yW@tUiOX#K-+mO|oV4Tfsv#Vd;6AjZYdZVz)%tJEIX{_Rj}3Qz}kl1>kk9c4yK=;EFB#oL~|yGk8Vcm
zu$fAh4&|FdO6TMrx>7JmLJT>SS5WcCq5xxi_qk2;
zv^x@=R7Yd|M4+VT@fV*tnfXpiG7~GCuEqmF4fj}$qh_!;b3rNO0jBEN=S>}|Bhj+>
z)Es4T^PGcH7?7=bN{T(J50Yogmu^kGgT$d~%>bwe>FXnxyvY6zD^t5zuZEM0AX*F%
znBwP1Ab#F&da!D;7t}+zif*@>a!S(>#Z4r!l<_aOui*Y^MB2RR7`I+{BpzxL@;&H?
zcT+;eZD6KVT~g66YQEOF?lAu#ZZD6&{o=9K$hMalPhBY6QNWtM#IwKfQEQs3G}gm7
z92Dl=&9&2(g(wmEtSY)EneLekecVmOcnb(r8(J~g>+ISdHX5n&Q3}=c3Kdwu_VGq^
zM!dDc4wzj{@t4xJNQbl+D5Nlayv3?T&3txcJ1BgZ28+vhU0Hwj600`G^YrXUsrTgV
zWi61mT|X1r5&g^=;>oL-`?S<6ZiC7+$`$I`@xM2%d=7H7*QDYu9^nQ1~{F
z>l57rhmu%TkwHK^gq@iX&%Q)?{0U)y9~L1U)!af*&5<@wudnI3Nq&kq9^&Ys)y+i&
z3&3V=O`%j?{EsSfD?A7llzSd^zML7J(gzYhN%d{>oq0OX)K1WQ%8j=wkV>{nAITOd
z-W=lc;eAcdM5@II4~*uH058C>W&pCa0?b=)Q3{jF3bF4^{EiWgU{#3EyvDeSz!iQj#FO~+MwiLuM52JMJ=}k;EJ^u=*T*l)
z6^I=&-Nm2i*Iak-1Ql;}F?|RB9HOwFa33inB&}G1`SxZjyz!!m4AWqCHfqU}9U*Fy
zgim9C3U{`RGBF&YRO0Rm@v*+-RhmW56p9v^{1k}FhP_`t93JTma4W2~o#sUkQ7z@V
zDle#8)Pb?Fq_}X#%H-1*_QqpTh&&ZwHR-DN(;RvZrmHjdytFQ#cAW&1w&6LCV#;?F
zP%mzmX>_=D2-ZS!x5afjVO?2@G!1<1Xk$4(w2JHt5PWX?LkOW~QIoQ?ylFLsH
zmDN@+{(f4JP)U#9KdKE6c1rddC3s%Ro^zS}G^aJbA!Vw{$J$#wSFz*~`;QUq^k&ci
zd(dFZ*d%ED_*b#my&^VJGty{s8er6H9;oHERo|Gjyuq`Yg+8?@GQOl+is+6U@QXp4
z!Db>rUqv$O(D`cXAuL6bjXETww;0v?V3A}Y!*2lK9)8I())fvxePE)~z+~DgpDiC7
zmK}8gEi!l$^VWZQ)KsWjEl>U~6#EV@;X)A+@`%PK4Y9Cos}pLRM`P={&LKC?p;J-m
zl^$(UduM|5f*24*5;llkK5kP@k)OZ7*y_G+yz*s3PNkIr$
zHhgY(6zfg8oIJ~oBrf;OX7y$!neY!*dl$a;4CT{H{+57wmwi4|L(g=54%w0n*eO%b
zZs^yGe&JRB?SWf?2bQ?lJ-e{mPJb^Au?wTu{x>u+l*5~K!=p`oOU-R}YlS!;Eb0mh
zy@^HRF6;?ju5}ymO2J~hlI2)TP-@68J6)w|7$K;4WSE;bu4fVC%0UA&-5CG_3UA@Cn{XL2{bq=HdA
z==wdhxk8G)GeVn0l$E
zyY7Wg>oK!Qw_uhYZ&+Qm;^d58d4SR$GZIykjjDtm?8uVQ%8xkwf(#HWq)8T1C17=Y
z05aY~zu~)|b@kMFtv=pE1^c@G10S+Ez>z+8Uxlk#Sk63|Nf#KVLV5Si%N-Z%Z+y0J
z4AOPNwzrGNU75Qdk2>BIzKN{x&A8MOuoK!dMWDj?0lEr3TBkSskHMYsA!tu+Zg)(u
zX@bspcre-TsHOLbw7#ah@0*8hVm7q3?rwF?v|=oW?0yiOJb`6J?;BCdD=a{`2A6UL-y#I>9wPqChL8
zCcZly2-6p9#2k1#l=0i=bK{p9{`n`hmWgD?K1Puj;kh$bsm7wA5A^=YdZY1o?@N81uu|&zj^{C6yaWjWv(*(;
z+B7PdH=28AwGmZ$@s#TGNlH1r$L#WitG$NmIf*K?^sH)F7tMW2?sAAy(JfP>GxgRd+M|9-;UO?N{sq)w#z?D&*v!yTr?=nmg3x94~?YzgLI&lGrN
z412WqmRExNOr@REKGf{8CQld*@Gf{?n`rl&&8f+&!!CZAKtHTG>5p0lD(ip08rah*
zi8G&s^=g6!7P61d&i23C;1!D~qyju0n_`HzCF{X03047}`Oevit@QaaCF;k$#93PT
zT)b;D90FwtLfhlnP`$Y5zrX3AVJDD@2Lq8l_p3zlQH4pEmjR6T?#RPWWDaaGI3Wb>
zkuKV5$;Ofgf_!q~!--RwxA94()fbgq1qX`=U2__emtP#}Xj2~UI2EbY3*li==QyrX
z9*yAj7UUt5nYq`@_j77`O)FH=FqEZ#hN|~+NaVZ-Z|BofrP)t^TMRBlH4I?)azHSv
z+I!j!Cx?uEEyUVs0f;8@%NR!F|-Mv(H
zu#lkAHCk-(OOM3_mV5x*$m6Ds;!$&QeSS67gkGoi$ZPDS>9e!>-v7M56ic4o{r0jI
z2#~hJdl3dy`f%-p$Dt96a2DIDoQT;5NpBQqv9gm?Y+*n#?9#RKC6H=DfzERF*#bT*
zY9Q`IFJDiW#as%^$p?wkHGu3?P8cl5PqGrwSP2tV#vn503S*j2a;)@259WbQ4g(QO
zL-FoXRjGUz245!c^zNW$28h#pnesmH1Y@rcTDn5T>VG$h@Ox7`j!&2k&t3p%K%Y3!
z(&QinX^5)9lJ1#AvX1pyIKJ9du^i_T>~*$&;=EWtF7@oHy~Q=(jdIsTFVV>1=3O4^
z^xx-*4#B84z<-LQO2t#r!Je_dkPXS5<$E=F%D&R*6!5;kN0&W{myeO)I^7ybYih5K@lmy2u?1#%c_#_A}n02OFCdD^Z>LdW}`0V0Qfv^_yi+d-Z-
z#C4!s%2R@P^M#cg*C_y+Co<{&fCZ(x-{3Fup6)un486Blm$xaO7H)HC9fqCrZ=G-F=Z=MTJt`IOUn2HY{kc$7z;+)~7v(~h>V1Au(
z;y{cX>Pb(^M5s=Rwhk(SftLM_u=6%(G-rzT&s!MVjNDR6+GXiSvbN#sj0n|ID^~EE
zd=H`I+ErS1`=p$Jm4bs&m&<#w#FRxVPa7V|zkI?0RT(_%Pr)lg?ne!^
zE!STD&uWiU6UL)BimC?@lCbcP)pFpNWMRP3l31-E0RI2jYK+CXWbStYH%3)pNMyi5
zpPL0%`>!`M-9p=p^f)B)=kRx?@jQG4;%yRao3uZ(BOgj49+x{Mq>Vhj)F$EXrhFM__C7w1pmx3*KRmkW6=OypCB&FWxoIw*ql*1{gJrfP9EG~tc_Qe4+t#|a2_8bo#kpaef8nOFsiv2eGgn=d+dtPFp+ECnLGvC7x+K}AWM{6cX+Zo*;05+
z-#!20V?6ni3rTzJZ9;RzTOHho((Ma2w^Za?kl3o
zil$$Unna|1KJ=v%qz)J-H_IWL^2-mq7Y>-Y%5qyVb{lINnI>TmuMeN|(!Jz+lfun3
zJrPq2^5kbZLAK%g{7VV?%xV>;p2Gm|RHx|U5(3y-plo3*zOECw{0>Y6*QHV(CW
zS>3Z3gSlT~ew``qAJs%g@cEfe`Sog+4TzCbC8OT>xmlr&2@oULIbM3W-%e_Ktnq+f
zfkpB*;Q`p=9g?`CPp^bS%{zC}6c9xuk+B{F0d)$Y&Mh|k+9yr3|ww&tPi+z0SMZPUmxw)<=q3+FN3e<%fvPJ
z0j7-}d^IrAV+^{y(Yf(d1JRE%OA|j$tzNp@J2J6mtWy#dTlR*bMjzvK1tN(*VQV{Q
zqppPd3#EL$6kW1m;Q5`tK}mXl8Y?`yg2dAVFi}IRpi_Ku26gFbknCn{&o~qp<9&!!
zu~<{n4Q1(!i|vQc$2On2)*Wfk#fUYPVN`9Bd+VJPQ0&{)w<%gRZu%&$o=|N>ZAhb&
z{kuero+?qz1(Gn=6!RkUS7<*$V-ET*tjB_={}3u}jQ-;^XcF7(H-lc$MyJdIn|I#$
z!r@$B?{1M^o_NGU>wHT&M31Ms1!6we-ErHnfA$Xa9*`ye#uV(+Up>nLF(D_wO#4@^
zd5a|EY%~V3Xh(9LCBcgv3W5?)~^vlu1{G+K7!6}ImZy2od;!gX?!RxWh!Vm_YlIMVz&n&bHN
zyAiwpTX6{`^Nsh2&>`#CKC$P-m6Lk-0D>b)VUj_^wNE!64c-J{0<3K@7A}u8sXCR8IaR^oq(G|~UCf()?d+bnf)F0F*
zzCI~)zjR$-Z{e#pKL6i#=o6n^?2?Tpp8b7He0nshGP;kM79{pZ?p^PlK5}W1KP!=G
z^DlP9OPZ;#xg
zqGc<3McTL%f@YU`9;a|4mF)5z%yDSUKK^eJbk+NPVldzAssz1n518(?6J^4?Y*f>2
zoHwM;>-fZQy*8q0Js4Q1OMN-WJzn2&oP+QQzPLk74byuBorQRSBml%{PYZMqrJ8o6
z()z^hHZP8oS8k1Ogw-{yKP%<-z?1Ng9jhnNe`ENoMyye#Fn&&l>wS|wn2MZ)=;q2_
z%ibh!1X
zaokx+!VZ|i>zVuxJkg|?I{`VBF0ya)HAc6IzlUqSIl6^P@{{XTseSv&2NYH3n2(_e
z?+`Qge5U^bfZnYTIktF-jUU5?T@4f}A07s;K}d{ep-_?LJMKyB7!S)$sSaxxNncB%
zhYr(-B(wmV>x=%85h{x{+-XNnlLoQ}&bT63_B|a#d(IHMZ@?LwzeG}>UJA8XGgfY@5=CPob}FdRN$#397TC^4ZnX(Djti$+mh3L{3B4zAp0d6rFPS
zb*kuOBr+(`Bc3)Sw&R36&9k?d2KyoQjh{z*V+d}8yaZYkO|5{#o6=p(Y(Fj_gtHTR
zX|wK@568b~;)~{t#b$T?)-s)2ggS0hkUDBF9>CJE_m&s
z$Cyr@V&~$qg62Mz#mKf!nCR3^G$(+VjO&lw#tmj@U++L9g((EWL&^C2<4}gAl-Q7JQfwke1Lt3`db@2
zb3TWS5*mAWW!vOgk{n}uCLn@JSrH=R)AkMUM1%22_)mYAbx!9QxKX%@CS%Yy3gWQg
zcRTdYmYmd2Dk8%U{Xl-oXjNR+4Ei6)lM-cDH^jrmOnHr!WAYTGoV?dnK&bLg#%fEP
zI3WQNtKj13x^l3um55oZy9hmZ#@B}@63kmX7%pddMQ>S9XHGFA15vBmWJoUR7FckGbaO_eI*N}C`me3tz7iVU7-h1@*Y7Okivw^#-4sEyO
z9BfOZ>m{h{BOSb-cB!BrQ+RteCRqz#n}jMR*?R$^-b+p-Cx&ys3}^yBAvgFOpjXcx
z%C!970r5dIOro)rC@i&QB)kC0eZT>;hUSDT42@F5V
z69HC4wj?Y7(d5QISgIzgb*~t?kctoLz$HgD((I&_wKM}}WS%+$JJB1Y`g&ZtK8`v(
zt$DCY7ecB(CwjTWbRV|9gyaPJWQsf&ohWw3s$!Ay-tE8{guc2Ol}+Z)?tfi`CU!=o
zaq7hvOmMihcW{ISx?0z)I`$)
z!rDi&$1J2G?7$Edjei>K%a>@nN+>N6iSM!qDu~LTfAI#jQej-AIuPPHaNS5AQvd1y
zo>5az1K1OG<@&_{&ujMs!w@wx$lXVb8yt_$;RJ^rZ0riQZ1XM-X`2gEmu40-Sa464
z?+kCjD&qa3Ozo?|;W7~WWs0XD5Lc<0ajE^JCosPZeK$|94dYpLL1iF*gG4Wg)q!$bkM-}cm2LV_tyxAHeq6GPG@
zxvdL*vjkkp-tSl+!Ky!xuSA_V2WUW#yHX&-2OOKPaqOMdPHUOEriEpIMHBWFm=JCZ
zN{pCb3;hKie)=M*BmPX0x8Oj9E3=XeE`P^=j480TS9P1D%d=-C?+OR^&|QYH4~Gu6
zlk-Afk_(I{wU0tz)Z!mc{dol
zy9BK&$VTBm>*8YmBfKMi<(^SulU$|gBmH+4UmewHQ;(Gs^qsI9EJ9ODawmn(mFwVy
zmv_PHr_y^$w2+0rKz?v4+fGNZnQ8o>`HXNoAe<>rwT6_viOxOJx8`p4OrdqtRX?1muQN%}
zd(K8&*FT-+$)O`OpN1X?B0AQSrFXUT`y^H%;m;3~7_PNEQ#?@d>(*k`Q(s
za`vC^Xe{&9<*Lt)yr!>+uh0wPs_!O|gM}7AyfE52YFkkU2G6qGQ`wPF-8Z{``S?w0
zaG3FUN?0HN2@cfzbpF2ah%d1t8DI*W~B?p9%a*+t4m1>Ma(v^bE|1t=4S1TCdCHBv%fv{<*4D!%j
ztCPKuEThqaxi?X82%l)By9mmP8p@&t;-@7b)IO(&Ffv@|c(%?T1aRncOp-qTu1W
z3dSQkt8Yf-bx?9C%b;ayg
zJ
z2wwR8FWXm7T^v292h2~O!VMIRtUa-Nm@V922HV$iv(*uVve!jrOl6uoaNyeFwuJ#U
z=A!<2A7o2_08}`OM}TlCXBt?$@C5(ix*MIr1!efB6+&X|4I<2Z+zs49mBLt=)WwwB
zOWQLDxolfw)V9Itw?FdbtEDo&F-V1H*u{O|A`kDt)>HA?Xo5~-SRlY4cwF03Pb%{ux*Mh-UO-b7|fq!-R3$w_^oH&Z|Vg(2(AP!`lu
z_-tr`Uh5O1uIEJ5@b@nLZTME%p;dh$^819sXNmtD)R1KsofVt|g$AM;qf6;ix;4!v
zOly!333pCG#@rNm*yZFFay~^B5Nmmre6IT2nHZmlvL}V@6zZP>6xM4C;{Y((Q3rS*
zLIB@2xkFK!GYY<;a2Jquukl$IOIrV%_*Mj5Nm#Q%Wg&SgRitKM>Kb^|cdPGc7he%j
zCUp>dly$=+K1V=19%@rdSKN!yUKNgYZltOaP7Uu0vlFvyquJwr_*-re>2}G$hJ4uEM(ja9wS~c|8+QzSFENT-D
zPMZv6?xRe4Y@m22Hmj#~(4+k=;oiAYIR)J(dzj?;;eD8+&L20IG-sP$IXPv`IQZ-u0PMzs(B6w&ifdw
z?Pe+IkKe3sOR(Z=7Mez)lLk`y(WOK)QK61xSmWl%7X6lPC2HgBayJ%{xf*g?O^biy
zQsu>tu$~$zPk$b+r(JA@2SPj==*G%dZ-O^sXEkc-4%WOwBpoE_HJ7wZm7T!FKxo>*
zVrNJ$3dvXxI3LyQk0Ol{XvDb~PkN6&6H#%#E9&Q$;hFdRdzECFNAxBbv@P3?dk^np
zn4o|87nbvlTe3hpo(%u8Ikog;0hkK_Gl~dV5vm5^##Z>hBt{9?uEbKb-+AX?}icmD-kr{c6F6S
zLBjf3g#Hj8S8*KxttCXj+SB_Gr7G0L0esUDV~_HaWu)UfSy2IwO6Pjl0_5b;gS>&+
zOtvaCN$-QIaRb$G$R#6`dZRzy-@~TdzUj#L&J!hcBto#4hQ-G`RmX&G1G)treY5Yr
z!wj@jU6iHkTol_Ey8VqiU1xl?mhnFm)@!OAdD^Y;_mUGqqjrJRj{6$WH0vh8JtLG!
zpg}N|(w&XMRbl}z`Vg(&u{0?v0bSmdY2HMnG)pwertJO?AQmb)ifrdunCxg0NYxP@
zpfQdQyQE9b;S!%TA+E}`RJF*#cl%eZ(BGEeZeUp=EW7BdJlS&6VWxhF;g53W9De|b
zDks)_E|@IX7;-^>Qr~*G79HAmpD`%uWh17dnhlLRCKajYcwksMkRce
zGiW=QK`@$psTPDOG^67OZlze|A~(*QD&mF^mh!+hy+4=pYm>IfTOnvkPlucjMjN^P=xpu0fza)8ZY1aD%hqos|}7
zx;Y@$U_6_XJH(B&-RnNBT3Fsf5qrcQZw0dDlSQKM)AlNP4B(1iOpaaqaIdRT!C@M@DAT>0U!zO7m|Hg_?xfZ^md$|#+=cm&l%6gXz{SR@!(+G
z))s0#6-S&aG>nVfbw50aeW;V>Z`omeysYi6?wBe<4uo^X$|4`Y(>%DwsD&=vsaV$?k?3E>Xbwaz=}7I&y9X*hm5`w5d+{vSECbMVpTI5SUvY-M
z8sGzrSOu{~1jx0Q)Ghk{1Qp01?B@I&41jF_6q8ByZl{QRy1rvZ4g^blP@B6X~k(S6KjW%nuR(3Vq>iRw8|&7b$I;46DX7Z
zOV-0O6ROiJsn?ogll#9X@8$UII(2g7BZ=OtRJ|VDv6J_+?Uz7739%h(Xqf_Sja2kqO}3Kr>If0)7c?b;+s+p0K%$Rax)8jFlyO5kV0Y0AqiFmTS9}(Lv1!uC(oU=wGLUq_wfnGCs3ZE##+}uaZ+tzmT~yo
z@B^fO><5<52>01vd?#ylbzRkkj
z0d}z>(5a&@xwHve{Y(6V7r3-hOsaam#MR}e$`ZN$6=M=2u@uo9_}PJnAlq>eGw~se
zayLI-$xsO<5KeSNykRD{19|l8Qg2Hd9htiLQp)xNZFz6uk)b~gp%az|#t(ModNx)K
z0`aBQJ5|4}LzOy#%_eI%h3eo3853)C!u%s_GsEiN=ge8JXAGja7!R@&SyWV4p2PER
zT-wuOCk=JR)*hIJSb1jvU;J$4q
zX}s!I3<1No*P7J&fudXkOiztU)Rh;FsbYV-^5;I!E#jgceI|GtoGbPv)H=)n;uXrP
zVv@lz>9Uly0Y{{6AP-j>{P1HiJM0Y^Ax
zc}|wai>m!}M8?=lL#p&C>`T@UNjP67|>a0$}`TH#(5DXHK%dOG5XW*
zwA0=me{2x1xVUq7j7KRt;bbPV%&|3?s(J)%#MR!zFL!S0#;7eaeA^Vy>(izcRZ%x(
zOIQG47}U;+3~;(hzXkVZO=ns2jrFE2oU$Wc7?e+Bm_YIE&PB%T@6`zJ)o|8ql2_IV
zPtW`2a)^G$qK7)t5JNb4Uw5A?H~Rfm6MmL#_Eoq!zgAaPg-BxM-vB^uLat+b?HNvo
zG$!c7xSaB=Un0uNUzGM68OlhUgSvaP
z*dZ3kx>56Fj0VEFBPU*qk{<_)cb;+{o>u-sZ5$*Us6nQaXfH8bJ5=u-DG9|esp%fb1$L(Yhk{Jl1Q|ZjsHz&8z0Q+w7q^sn
zI_#tFqTz>^0H?J&?cN?5fzn5V!MpemNmK1BG0EZ2YPxKb(m=j8@d*$B8gqzMq9ghg
z@}i_!*aOup{K{Ec@ZWy(Ce`uvuUkSIX8yF4x<>r_Jmpn^rY_!M=pauYt_o4PLNZqV
zXgh$cM3;##!qRyAPh3dzPJU8SUcjN(b4uqs7Wla>SewaEqdAl|Mj9Pii~f87eViA0
zdgn)C{lm2jf8q@vTx%6R3h)0>D57rw275GnP$8&xTK2EsF0FWxU72xVd
zRO8mC=KjuT1r28t*e`VEL
z!+&!9OSm}o)iX{3+(L8C`8#%U$G0v441oVHUndO!p;bcvUwP5>|NmzH&s&R-}U~=ukf^
z2im;m;J(!z3U*yw_9xTXhFRW*Vb;cKex8&rh0hh}wuO1P-f70_SZ5VAq
z+vcwT@vnxMZ?Cg?BNXsi;Q!JYKf7hKT=MNmQ}KK1n;xH;VY7UfSb#X;WApEug~Tgh
z|0v0e*ZtQ!eH=GcJpD(@Cw6|Q)hA~D^BcCN&&ssAvd>qh`y8<%-(mW|+=W~W8TBP9
zPN4<-nGgJL0Ecc^xj)>n^o2Sd6??Gnp-b%Y796pDUJ(`DME-g?YAY|w=-;RI4=Yid
zcV3gU`YbBmnS1DNzi~Imrq|||{1|IX&S2y`Kg0gR`a3B+vrR|u17Nc9stJ_QSES@?
zx9np^!{ZgJ3A=pQgVm$jkKbiVoFEw6)Y>r>y~X;Re;^y>0~o8?iJjvk62{Q03QE1w
zbd>e9{Fw{r-**2fmAcd%jh&J=^%C$OPLgFK75I0|`YGx{c$(?MXRXJ=|7w`G2s-q3
z9{6nn4~avhjwOdCU@Y|A2=Lt4XZ}C{uV4Do^u<);ZvDhEq|qeum%p$?K~&B?fy(%j
zU&ti;`SKP!ocC01?5FMHvD|S~P;B_J+*%>y519Laf`9qDA+!i0wRkUClt&E|@?yo5
ztzp0ow7|u?K(AQ+0vU$zU7%M$o7aD7t8rX8%b9*VxUO1U77UseqBoRMgOY00$7gL0
zCs9tR2G)?wH_b9p{3hqd5`v4T!Jb0{8=Ou?UkbGlsNWc
zU}!mGN36F1y-&Yd8e4GVZC=IClR!`N^ZvTb@@0ruZxj61wohy0Jv1U7#+fdrT-$iD
z)N+i|JI1)2^UjU23L7z<`Zq{&&3CWP9OJJeW~7-P|e*S#(X&#UIH?x
zI2lCq`M+wr)}W@6ER0%~jLS;}k?imqR#8M8QE*lscZd@hP$2^gSOf?RG87NxWzYmn
zMj$+fl?1cODvwkKA20$jGDtMUhyemP!Ylz2g$RfPMFL3>Lf*;V1kkPhxmDYB|J+-B
zPn~o6bf50i-RG<^v
zvFAJ9Ji&(jKCUlVl=#1OJA7yaOgyC-ie8A#^rdpids|LU&dPZU-DKW1`71E(l&T)B
z1=9$nd}@kuia)=n+3|wNQe0#S6T?}1@`sk3vX!U_OxWka;q`J5YqYG|MyS;suC^u)S&MFD)6yS&)ea7
zB*Y6-VcMG9zDxb6^A5aYE>$#i)t{$rPb*xMd4tCu>qqbM%xaa(n7~H-{D}e7nt*dZ
zZrB=vSqec$M@mXZCB-d3#y-c#OJVAz00BTW*TjgX8Rt5RF|@H3X-ri*C~IRTS@2Yf7=hsDq@3;hsR)%
zul4^R%yv7dwoXzoH!a6XONKH>EQr(V>7}A21gT;Wx=`MbP|Dh4wk}ZyAop$!GySv{_
z>Q*~s#p}Z53_VZ5t%A>VHFmz*0juTV;{0p@qJqIvGcb(Y0yZb4arzYlS|@4feQ%ZK
zUU@#NmS~JzT0zBjiiIKV#E_rn19%geovG=~JPi;{De(dT-0S2&YXx!L{#n+NnNc+3
z>a-zk{nep&2bU|wN6V$F
zH_O8~@-T@&T!lX&2|Z3JNp5hO42sKCKMzij&`rP=25XCNskB@KgR9h~Dsq^D8LCc5
zeF~QdRyRd(g0nm)e!Z4|<{_+79V$h+@I5(K_S2vI88}i-b?(X}D_!;P$-bHyoQB}2
z`xl@JGMY_sf%Ozw3Rmp!w8m}^(<;e&G%8y22&%{^U~tAPT`ma3*&&Td)sR1R4br~+
zyWbtiKEgPVAXCg*?(z390}hl|bXT97DGVs{UbADzEs7NS8Z~^|i@52B52yn#8C*n1
zK6n|oj+kcM`fPE_&HB3#*Iwp6tMphiEW^yhOioFdgVMob*$G(>6b7l2In4}n%6|z<8EKUe&amK-^uBxAK@w<7!ch;@O`&3zKos&@
zENH!B=suL`hW1HW-(5bSIaYB@bka8aNR3OQJOYd;1*wLc_)rXm^~y
z#2%Ztc+mOD9<#6!9u2R%^dNiKZ7j02
z=(5SWZrmRcekgDKqAvMFt-Sek(Or0Eux#uC$Uq-z_k#QDPqjdTZBbPgw=Cua*Hekf
d5MQupSbux>oI~!etS|vfFf8<&R%k-uzX9vP2P*&o
literal 0
HcmV?d00001
diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md
index c4a602aacd..b6a64d28e9 100644
--- a/windows/deployment/upgrade/quick-fixes.md
+++ b/windows/deployment/upgrade/quick-fixes.md
@@ -3,7 +3,7 @@ title: Quick fixes - Windows IT Pro
ms.reviewer:
manager: laurawi
ms.author: greglin
-description: Learn how to quickly resolve many problems which may come up during a Windows 10 upgrade.
+description: Learn how to quickly resolve many problems, which may come up during a Windows 10 upgrade.
keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro
ms.prod: w10
ms.mktglfcycl: deploy
@@ -38,7 +38,7 @@ The Microsoft Virtual Agent provided by [Microsoft Support](https://support.micr
Date: Wed, 7 Oct 2020 15:47:09 -0700
Subject: [PATCH 34/65] added txt
---
windows/deployment/upgrade/quick-fixes.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md
index b6a64d28e9..837199548a 100644
--- a/windows/deployment/upgrade/quick-fixes.md
+++ b/windows/deployment/upgrade/quick-fixes.md
@@ -215,7 +215,7 @@ To use sigcheck:
MachineType: 64-bit
```
-In addition to unsigned drivers, drivers might be signed with an invalid certificate, requiring the driver to be updated or removed so that Windows upgrade can continue.
+In addition to unsigned drivers, drivers might be signed with an invalid certificate, requiring the driver to be updated or removed so that Windows upgrade can continue. Sigcheck will report whether or not the certificate chain is valid.
### Update Windows
From 697519637081d513b664800c47556840e8e712c5 Mon Sep 17 00:00:00 2001
From: greg-lindsay
Date: Wed, 7 Oct 2020 15:53:11 -0700
Subject: [PATCH 35/65] fix link
---
windows/deployment/upgrade/quick-fixes.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md
index 837199548a..a4619b4f14 100644
--- a/windows/deployment/upgrade/quick-fixes.md
+++ b/windows/deployment/upgrade/quick-fixes.md
@@ -38,7 +38,7 @@ The Microsoft Virtual Agent provided by [Microsoft Support](https://support.micr
** and press ENTER. See the following example:
```
From ffd4ebc8dca3e52f965f995c58fe7e15c6259f97 Mon Sep 17 00:00:00 2001
From: greg-lindsay
Date: Wed, 7 Oct 2020 16:00:14 -0700
Subject: [PATCH 36/65] update resolution proc doc
---
windows/deployment/upgrade/resolution-procedures.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md
index a96205d6fd..6b8a9587d2 100644
--- a/windows/deployment/upgrade/resolution-procedures.md
+++ b/windows/deployment/upgrade/resolution-procedures.md
@@ -36,7 +36,7 @@ A frequently observed [result code](upgrade-error-codes.md#result-codes) is 0xC1
The device install log is particularly helpful if rollback occurs during the sysprep operation (extend code 0x30018).
-To resolve a rollback that was caused by driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process.
+To resolve a rollback that was caused by driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process. Also check to be sure that your drivers are properly signed. For more information, see [Remove unsigned drivers](quick-fixes.md#remove-unsigned-drivers).
See the following general troubleshooting procedures associated with a result code of 0xC1900101:
@@ -49,7 +49,7 @@ See the following general troubleshooting procedures associated with a result co | 0xC1900101 - 0x30018 | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
Contact your hardware vendor to obtain updated device drivers.
Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. | A device driver has stopped responding to setup.exe during the upgrade process. | | 0xC1900101 - 0x3000D | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
Update or uninstall the display driver. | Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.
This can occur due to a problem with a display driver. | | 0xC1900101 - 0x4000D | Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.
Review the rollback log and determine the stop code.
The rollback log is located in the $Windows.~BT\Sources\Rollback folder. An example analysis is shown below. This example is not representative of all cases:
Info SP Crash 0x0000007E detected
Info SP Module name :
Info SP Bugcheck parameter 1 : 0xFFFFFFFFC0000005
Info SP Bugcheck parameter 2 : 0xFFFFF8015BC0036A
Info SP Bugcheck parameter 3 : 0xFFFFD000E5D23728
Info SP Bugcheck parameter 4 : 0xFFFFD000E5D22F40
Info SP Cannot recover the system.
Info SP Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.
Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:
1. Make sure you have enough disk space.
2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.
3. Try changing video adapters.
4. Check with your hardware vendor for any BIOS updates.
5. Disable BIOS memory options such as caching or shadowing. | A rollback occurred due to a driver configuration issue.
Installation failed during the second boot phase while attempting the MIGRATE_DATA operation.
This can occur because of incompatible drivers. | -| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).
Ensure that you select the option to "Download and install updates (recommended)."
Computers that run Citrix VDA
You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.
This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.
**Resolution**
To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).
You can work around this problem in two ways:
**Workaround 1**
1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.
2. Run the Windows upgrade again.
3. Reinstall Citrix VDA.
**Workaround 2**
If you cannot uninstall Citrix VDA, follow these steps to work around this problem:
1. In Registry Editor, go to the following subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**
2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.
3. Go to the following subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**
4. Delete the **CtxMcsWbc** entry.
5. Restart the computer, and then try the upgrade again.
**Non-Microsoft information disclaimer**
The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.
This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. | +| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).
Ensure that you select the option to "Download and install updates (recommended)." Also be sure to [remove unsigned drivers](quick-fixes.md#remove-unsigned-drivers).
Computers that run Citrix VDA
You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.
This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.
**Resolution**
To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).
You can work around this problem in two ways:
**Workaround 1**
1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.
2. Run the Windows upgrade again.
3. Reinstall Citrix VDA.
**Workaround 2**
If you cannot uninstall Citrix VDA, follow these steps to work around this problem:
1. In Registry Editor, go to the following subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**
2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.
3. Go to the following subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**
4. Delete the **CtxMcsWbc** entry.
5. Restart the computer, and then try the upgrade again.
**Non-Microsoft information disclaimer**
The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.
This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. | ## 0x800xxxxx From 4f348378a25dd517ec6ad2c951d3ca9bbb0a70d9 Mon Sep 17 00:00:00 2001 From: greg-lindsay
Date: Wed, 7 Oct 2020 16:12:42 -0700
Subject: [PATCH 37/65] update
---
windows/deployment/upgrade/quick-fixes.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md
index a4619b4f14..3f2fc11c16 100644
--- a/windows/deployment/upgrade/quick-fixes.md
+++ b/windows/deployment/upgrade/quick-fixes.md
@@ -187,7 +187,7 @@ To use sigcheck:
3. Right-click **Command Prompt** and then left-click **Run as administrator**.
4. If you are prompted by UAC, click **Yes**.
5. In the command window, use the **cd** command to switch to the directory where you extracted sigcheck, for example **cd c:\sigcheck**.
-6. Next, generate a list of drivers using driverquery.exe. To do this, type **driverquery /v > c:\sigcheck\drivers.txt** and press ENTER. See the following example:
+6. A list of drivers with their path is displayed in the File Signature Verification tool (step #7 in the previous procedure). Optionally, you can generate a list of drivers using driverquery.exe. To use driverquery, type **driverquery /v > c:\sigcheck\drivers.txt** and press ENTER. See the following example:
```cmd
C:\Sigcheck>Driverquery /v > C:\sigcheck\drivers.txt
From 8afbba9a89f8d304b7db5db7e68d2d642b25d07a Mon Sep 17 00:00:00 2001
From: ManikaDhiman
Date: Wed, 7 Oct 2020 16:44:47 -0700
Subject: [PATCH 38/65] Updated topic titles and filenames
---
.openpublishing.redirection.json | 45 +++++++++++++++++++
windows/client-management/mdm/TOC.md | 16 +++----
.../mdm/enable-admx-backed-policies-in-mdm.md | 2 +-
...ew-in-windows-mdm-enrollment-management.md | 2 +-
... => policies-in-policy-csp-admx-backed.md} | 10 ++---
...n-policy-csp-supported-by-group-policy.md} | 10 ++---
...d-by-hololens-1st-gen-commercial-suite.md} | 6 +--
...y-hololens-1st-gen-development-edition.md} | 6 +--
...s-in-policy-csp-supported-by-hololens2.md} | 6 +--
...es-in-policy-csp-supported-by-iot-core.md} | 6 +--
...policy-csp-supported-by-iot-enterprise.md} | 6 +--
...in-policy-csp-supported-by-surface-hub.md} | 6 +--
...n-policy-csp-that-can-be-set-using-eas.md} | 6 +--
.../policy-configuration-service-provider.md | 30 ++++++-------
.../mdm/policy-csp-controlpolicyconflict.md | 2 +-
15 files changed, 102 insertions(+), 57 deletions(-)
rename windows/client-management/mdm/{policy-csps-admx-backed.md => policies-in-policy-csp-admx-backed.md} (99%)
rename windows/client-management/mdm/{policy-csps-supported-by-group-policy.md => policies-in-policy-csp-supported-by-group-policy.md} (99%)
rename windows/client-management/mdm/{policy-csps-supported-by-hololens-1st-gen-commercial-suite.md => policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md} (95%)
rename windows/client-management/mdm/{policy-csps-supported-by-hololens-1st-gen-development-edition.md => policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md} (95%)
rename windows/client-management/mdm/{policy-csps-supported-by-hololens2.md => policies-in-policy-csp-supported-by-hololens2.md} (98%)
rename windows/client-management/mdm/{policy-csps-supported-by-iot-core.md => policies-in-policy-csp-supported-by-iot-core.md} (97%)
rename windows/client-management/mdm/{policy-csps-supported-by-iot-enterprise.md => policies-in-policy-csp-supported-by-iot-enterprise.md} (96%)
rename windows/client-management/mdm/{policy-csps-supported-by-surface-hub.md => policies-in-policy-csp-supported-by-surface-hub.md} (97%)
rename windows/client-management/mdm/{policy-csps-that-can-be-set-using-eas.md => policies-in-policy-csp-that-can-be-set-using-eas.md} (90%)
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 8d507ba71a..b15fa65bb2 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -14565,41 +14565,86 @@
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-surface-hub",
"redirect_document_id": false
},
+ {
+ "source_path": "windows/client-management/mdm/policy-csps-supported-by-surface-hub.md",
+ "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub",
+ "redirect_document_id": false
+ },
{
"source_path": "windows/client-management/mdm/policies-supported-by-iot-enterprise.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise",
"redirect_document_id": false
},
+ {
+ "source_path": "windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md",
+ "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise",
+ "redirect_document_id": false
+ },
{
"source_path": "windows/client-management/mdm/policies-supported-by-iot-core.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-iot-core",
"redirect_document_id": false
},
+ {
+ "source_path": "windows/client-management/mdm/policy-csps-supported-by-iot-core.md",
+ "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core",
+ "redirect_document_id": false
+ },
{
"source_path": "windows/client-management/mdm/policies-supported-by-hololens2.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens2",
"redirect_document_id": false
},
+ {
+ "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens2.md",
+ "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2",
+ "redirect_document_id": false
+ },
{
"source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-development-edition.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition",
"redirect_document_id": false
},
+ {
+ "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition.md",
+ "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition",
+ "redirect_document_id": false
+ },
{
"source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-commercial-suite.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite",
"redirect_document_id": false
},
+ {
+ "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite.md",
+ "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite",
+ "redirect_document_id": false
+ },
{
"source_path": "windows/client-management/mdm/policies-admx-backed.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-admx-backed",
"redirect_document_id": false
},
+ {
+ "source_path": "windows/client-management/mdm/policy-csps-admx-backed.md",
+ "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-admx-backed",
+ "redirect_document_id": false
+ },
{
"source_path": "windows/client-management/mdm/policies-supported-by-group-policy.md",
"redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-group-policy",
"redirect_document_id": false
},
+ {
+ "source_path": "windows/client-management/mdm/policy-csps-supported-by-group-policy.md",
+ "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/client-management/mdm/policy-csps-that-can-be-set-using-eas.md",
+ "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas",
+ "redirect_document_id": false
+ },
{
"source_path": "windows/keep-secure/collect-wip-audit-event-logs.md",
"redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs",
diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index a7fbff363b..6b92d9991b 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -159,14 +159,14 @@
#### [Personalization DDF file](personalization-ddf.md)
### [Policy CSP](policy-configuration-service-provider.md)
#### [Policy DDF file](policy-ddf-file.md)
-#### [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
-#### [ADMX-backed policy CSPs](policy-csps-admx-backed.md)
-#### [Policy CSPs supported by HoloLens 2](policy-csps-supported-by-hololens2.md)
-#### [Policy CSPs supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
-#### [Policy CSPs supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
-#### [Policy CSPs supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
-#### [Policy CSPs supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
-#### [Policy CSPs supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
+#### [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
+#### [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
+#### [Policies in Policy CSP supported by HoloLens 2](policy-csps-supported-by-hololens2.md)
+#### [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
+#### [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
+#### [Policies in Policy CSP supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
+#### [Policies in Policy CSP supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
+#### [Policies in Policy CSP supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
#### [Policy CSPs that can be set using Exchange Active Sync (EAS)](policy-csps-that-can-be-set-using-eas.md)
#### [AboveLock](policy-csp-abovelock.md)
#### [Accounts](policy-csp-accounts.md)
diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
index 805f9ee481..d79b428c0e 100644
--- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
@@ -33,7 +33,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
## Enable a policy
> [!NOTE]
-> See [Understanding ADMX-backed policy CSPs](https://docs.microsoft.com/windows/client-management/mdm/understanding-admx-backed-policies).
+> See [Understanding ADMX-backed policies in Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/understanding-admx-backed-policies).
1. Find the policy from the list [ADMX-backed policies](policy-csps-admx-backed.md). You need the following information listed in the policy description.
- GP English name
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index d919c5f1a7..ba8dc31c1f 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -2515,7 +2515,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
similarity index 99%
rename from windows/client-management/mdm/policy-csps-admx-backed.md
rename to windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index a580f4a524..75ac21a8b3 100644
--- a/windows/client-management/mdm/policy-csps-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -1,6 +1,6 @@
---
-title: ADMX-backed policy CSPs
-description: ADMX-backed policy CSPs
+title: ADMX-backed policies in Policy CSP
+description: ADMX-backed policies in Policy CSP
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -12,12 +12,12 @@ ms.localizationpriority: medium
ms.date: 08/18/2020
---
-# ADMX-backed policy CSPs
+# ADMX-backed policies in Policy CSP
> [!div class="op_single_selector"]
>
-> - [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
-> - [ADMX-backed policy-CSPs](policy-csps-admx-backed.md)
+> - [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
+> - [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
>
- [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
diff --git a/windows/client-management/mdm/policy-csps-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
similarity index 99%
rename from windows/client-management/mdm/policy-csps-supported-by-group-policy.md
rename to windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
index 651f088e72..09c680512c 100644
--- a/windows/client-management/mdm/policy-csps-supported-by-group-policy.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
@@ -1,6 +1,6 @@
---
-title: Policy CSPs supported by Group Policy
-description: Policy CSPs supported by Group Policy
+title: Policies in Policy CSP supported by Group Policy
+description: Policies in Policy CSP supported by Group Policy
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -12,12 +12,12 @@ ms.localizationpriority: medium
ms.date: 07/18/2019
---
-# Policy CSPs supported by Group Policy
+# Policies in Policy CSP supported by Group Policy
> [!div class="op_single_selector"]
>
-> - [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
-> - [ADMX-backed policy CSPs](policy-csps-admx-backed.md)
+> - [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
+> - [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
>
- [AboveLock/AllowCortanaAboveLock](./policy-csp-abovelock.md#abovelock-allowcortanaabovelock)
diff --git a/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
similarity index 95%
rename from windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite.md
rename to windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
index f77d3c1308..0a8beec733 100644
--- a/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
@@ -1,6 +1,6 @@
---
-title: Policy CSPs supported by HoloLens (1st gen) Commercial Suite
-description: Policy CSPs supported by HoloLens (1st gen) Commercial Suite
+title: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
+description: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
ms.date: 09/17/2019
---
-# Policy CSPs supported by HoloLens (1st gen) Commercial Suite
+# Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
> [!div class="op_single_selector"]
>
diff --git a/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
similarity index 95%
rename from windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition.md
rename to windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
index 2dec2fdb8b..256ddb3528 100644
--- a/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
@@ -1,6 +1,6 @@
---
-title: Policy CSPs supported by HoloLens (1st gen) Development Edition
-description: Policy CSPs supported by HoloLens (1st gen) Development Edition
+title: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
+description: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
ms.date: 07/18/2019
---
-# Policy CSPs supported by HoloLens (1st gen) Development Edition
+# Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
> [!div class="op_single_selector"]
>
diff --git a/windows/client-management/mdm/policy-csps-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
similarity index 98%
rename from windows/client-management/mdm/policy-csps-supported-by-hololens2.md
rename to windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index e5cdb0f0ca..4757f9c46c 100644
--- a/windows/client-management/mdm/policy-csps-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -1,6 +1,6 @@
---
-title: Policy CSPs supported by HoloLens 2
-description: Policy CSPs supported by HoloLens 2
+title: Policies in Policy CSP supported by HoloLens 2
+description: Policies in Policy CSP supported by HoloLens 2
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
ms.date: 05/11/2020
---
-# Policy CSPs supported by HoloLens 2
+# Policies in Policy CSP supported by HoloLens 2
> [!div class="op_single_selector"]
>
diff --git a/windows/client-management/mdm/policy-csps-supported-by-iot-core.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
similarity index 97%
rename from windows/client-management/mdm/policy-csps-supported-by-iot-core.md
rename to windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
index c43363b357..f3143ed222 100644
--- a/windows/client-management/mdm/policy-csps-supported-by-iot-core.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
@@ -1,6 +1,6 @@
---
-title: Policy CSPs supported by Windows 10 IoT Core
-description: Policy CSPs supported by Windows 10 IoT Core
+title: Policies in Policy CSP supported by Windows 10 IoT Core
+description: Policies in Policy CSP supported by Windows 10 IoT Core
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
ms.date: 09/16/2019
---
-# Policy CSPs supported by Windows 10 IoT Core
+# Policies in Policy CSP supported by Windows 10 IoT Core
> [!div class="op_single_selector"]
>
diff --git a/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md
similarity index 96%
rename from windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md
rename to windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md
index 8e70dd707e..afb79c5bfe 100644
--- a/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md
@@ -1,6 +1,6 @@
---
-title: Policy CSPs supported by Windows 10 IoT Enterprise
-description: Policy CSPs supported by Windows 10 IoT Enterprise
+title: Policies in Policy CSP supported by Windows 10 IoT Enterprise
+description: Policies in Policy CSP supported by Windows 10 IoT Enterprise
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
ms.date: 07/18/2019
---
-# Policy CSPs supported by Windows 10 IoT Enterprise
+# Policies in Policy CSP supported by Windows 10 IoT Enterprise
> [!div class="op_single_selector"]
>
diff --git a/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
similarity index 97%
rename from windows/client-management/mdm/policy-csps-supported-by-surface-hub.md
rename to windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
index 1d89eb88de..e39b0aef27 100644
--- a/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
@@ -1,6 +1,6 @@
---
-title: Policy CSPs supported by Microsoft Surface Hub
-description: Policy CSPs supported by Microsoft Surface Hub
+title: Policies in Policy CSP supported by Microsoft Surface Hub
+description: Policies in Policy CSP supported by Microsoft Surface Hub
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
ms.date: 07/22/2020
---
-# Policy CSPs supported by Microsoft Surface Hub
+# Policies in Policy CSP supported by Microsoft Surface Hub
- [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)
diff --git a/windows/client-management/mdm/policy-csps-that-can-be-set-using-eas.md b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md
similarity index 90%
rename from windows/client-management/mdm/policy-csps-that-can-be-set-using-eas.md
rename to windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md
index 171652aa2b..4fa3380c87 100644
--- a/windows/client-management/mdm/policy-csps-that-can-be-set-using-eas.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md
@@ -1,6 +1,6 @@
---
-title: Policy CSPs that can be set using Exchange Active Sync (EAS)
-description: Policy CSPs that can be set using Exchange Active Sync (EAS)
+title: Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
+description: Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
ms.reviewer:
manager: dansimp
ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
ms.date: 07/18/2019
---
-# Policy CSPs that can be set using Exchange Active Sync (EAS)
+# Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
- [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera)
- [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 0349f6cde6..ba400e3ffb 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -4901,27 +4901,27 @@ The following diagram shows the Policy configuration service provider in tree fo
-## Policy CSPs supported by Group Policy and ADMX-backed policy CSPs
-- [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
-- [ADMX-backed policy CSPs](policy-csps-admx-backed.md)
+## Policies in Policy CSP supported by Group Policy and ADMX-backed policies in Policy CSP
+- [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
+- [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
> [!NOTE]
-> Not all Policy CSPs supported by Group Policy are ADMX-backed. For more details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> Not all Policies in Policy CSP supported by Group Policy are ADMX-backed. For more details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-## Policy CSPs supported by HoloLens devices
-- [Policy CSPs supported by HoloLens 2](policy-csps-supported-by-hololens2.md)
-- [Policy CSPs supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
-- [Policy CSPs supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
+## Policies in Policy CSP supported by HoloLens devices
+- [Policies in Policy CSP supported by HoloLens 2](policy-csps-supported-by-hololens2.md)
+- [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
+- [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
-## Policy CSPs supported by Windows 10 IoT
-- [Policy CSPs supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
-- [Policy CSPs supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
+## Policies in Policy CSP supported by Windows 10 IoT
+- [Policies in Policy CSP supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
+- [Policies in Policy CSP supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
-## Policy CSPs supported by Microsoft Surface Hub
-- [Policy CSPs supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
+## Policies in Policy CSP supported by Microsoft Surface Hub
+- [Policies in Policy CSP supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
-## Policy CSPs that can be set using Exchange ActiveSync (EAS)
-- [Policy CSPs that can be set using Exchange ActiveSync (EAS)](policy-csps-that-can-be-set-using-eas.md)
+## Policies in Policy CSP that can be set using Exchange ActiveSync (EAS)
+- [Policies in Policy CSP that can be set using Exchange ActiveSync (EAS)](policy-csps-that-can-be-set-using-eas.md)
## Related topics
diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index 9a867b0778..2cde160250 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -100,7 +100,7 @@ The [Policy DDF](policy-ddf-file.md) contains the following tags to identify the
- \
- \
-For the list MDM-GP mapping list, see [Policy CSPs supported by Group Policy
+For the list MDM-GP mapping list, see [Policies in Policy CSP supported by Group Policy
](policy-csps-supported-by-group-policy.md).
The MDM Diagnostic report shows the applied configurations states of a device including policies, certificates, configuration sources, and resource information. The report includes a list of blocked GP settings because MDM equivalent is configured, if any. To get the diagnostic report, go to **Settings** > **Accounts** > **Access work or school** > and then click the desired work or school account. Scroll to the bottom of the page to **Advanced Diagnostic Report** and then click **Create Report**.
From 06fb11bd53e606a642a9c3daa863c7455d505bcc Mon Sep 17 00:00:00 2001
From: Aasawari Navathe
Date: Wed, 7 Oct 2020 18:06:22 -0700
Subject: [PATCH 39/65] Boolean value that indicates compliance with the
enterprise encryption policy for OS (system) drives
---
windows/client-management/mdm/devicestatus-csp.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index 06e4d21323..97daf7a3ce 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -107,7 +107,7 @@ Supported operation is Get.
Node for the compliance query.
**DeviceStatus/Compliance/EncryptionCompliance**
-Boolean value that indicates compliance with the enterprise encryption policy. The value is one of the following:
+Boolean value that indicates compliance with the enterprise encryption policy for OS (system) drives. The value is one of the following:
- 0 - not encrypted
- 1 - encrypted
From 5713121545fdc0cf96777a410047500c510d1837 Mon Sep 17 00:00:00 2001
From: greg-lindsay
Date: Thu, 8 Oct 2020 02:12:53 -0700
Subject: [PATCH 40/65] update
---
windows/deployment/upgrade/quick-fixes.md | 88 ++++++++++---------
.../upgrade/resolution-procedures.md | 4 +-
2 files changed, 49 insertions(+), 43 deletions(-)
diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md
index 3f2fc11c16..e69527eeb0 100644
--- a/windows/deployment/upgrade/quick-fixes.md
+++ b/windows/deployment/upgrade/quick-fixes.md
@@ -38,7 +38,7 @@ The Microsoft Virtual Agent provided by [Microsoft Support](https://support.micr
** and press ENTER. See the following example:
```
-7. Open the drivers.txt file and locate the problem driver that was reported by sigverif in the [procedure above](#remove-unsigned-drivers). Copy the path to the driver.
-8. To check the driver, type **sigcheck64 -u -e \** and press ENTER. See the following example:
-
- ```
- C:\Sigcheck>sigcheck64.exe -i c:\windows\system32\DolbyMATEnc.dll
+ C:\Sigcheck>sigcheck64.exe -i c:\windows\system32\drivers\afd.sys
Sigcheck v2.80 - File version and signature viewer
Copyright (C) 2004-2020 Mark Russinovich
Sysinternals - www.sysinternals.com
-
- c:\windows\system32\DolbyMATEnc.dll:
- Verified: Unsigned
- Link date: 6:43 PM 9/20/2028
- Publisher: n/a
- Company: Microsoft Corporation
- Description: Dolby MAT Encoder DLL
- Product: Microsoft« Windows« Operating System
- Prod version: 10.0.18362.1
- File version: 10.0.18362.1 (WinBuild.160101.0800)
- MachineType: 64-bit
+ c:\windows\system32\drivers\afd.sys:
+ Verified: Signed
+ Signing date: 6:18 PM 11/29/2017
+ Signing date: 6:18 PM 11/29/2017
+ Catalog: C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_163_for_KB4054518~31bf3856ad364e35~x86~~6.1.1.2.cat
+ Signers:
+ Microsoft Windows
+ Cert Status: This certificate or one of the certificates in the certificate chain is not time valid.
+ Valid Usage: NT5 Crypto, Code Signing
+ Cert Issuer: Microsoft Windows Verification PCA
+ Serial Number: 33 00 00 00 4B 76 63 2D 24 A2 39 9A 8B 00 01 00 00 00 4B
+ Thumbprint: B8037C46D0DB7A8CEE502407469B0EE3234D3365
+ Algorithm: sha1RSA
+ Valid from: 11:46 AM 3/1/2017
+ Valid to: 11:46 AM 5/9/2018
+ (output truncated)
```
-In addition to unsigned drivers, drivers might be signed with an invalid certificate, requiring the driver to be updated or removed so that Windows upgrade can continue. Sigcheck will report whether or not the certificate chain is valid.
+
+13. Optionally, you can generate a list of drivers using driverquery.exe, which is included with Windows. To save a list of signed and unsigned drivers with driverquery, type **driverquery /si > c:\drivers.txt** and press ENTER. See the following example:
+
+ ```cmd
+ C:\>Driverquery /si
+
+ DeviceName InfName IsSigned Manufacturer
+ ============================== ============= ======== =========================
+ Microsoft ISATAP Adapter nettun.inf TRUE Microsoft
+ Generic volume shadow copy volsnap.inf TRUE Microsoft
+ Generic volume volume.inf TRUE Microsoft
+ (truncated)
+ ```
+ For more information about using driverquery, see [Two Minute Drill: DriverQuery.exe](https://techcommunity.microsoft.com/t5/ask-the-performance-team/two-minute-drill-driverquery-exe/ba-p/374977) and [driverquery](https://docs.microsoft.com/windows-server/administration/windows-commands/driverquery).
### Update Windows
diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md
index 6b8a9587d2..1d75d19367 100644
--- a/windows/deployment/upgrade/resolution-procedures.md
+++ b/windows/deployment/upgrade/resolution-procedures.md
@@ -36,7 +36,7 @@ A frequently observed [result code](upgrade-error-codes.md#result-codes) is 0xC1
The device install log is particularly helpful if rollback occurs during the sysprep operation (extend code 0x30018).
-To resolve a rollback that was caused by driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process. Also check to be sure that your drivers are properly signed. For more information, see [Remove unsigned drivers](quick-fixes.md#remove-unsigned-drivers).
+To resolve a rollback that was caused by driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/kb/929135) before initiating the upgrade process. Also check to be sure that your drivers are properly signed. For more information, see [Remove unsigned drivers](quick-fixes.md#repair-unsigned-drivers).
See the following general troubleshooting procedures associated with a result code of 0xC1900101:
@@ -49,7 +49,7 @@ See the following general troubleshooting procedures associated with a result co | 0xC1900101 - 0x30018 | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
Contact your hardware vendor to obtain updated device drivers.
Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. | A device driver has stopped responding to setup.exe during the upgrade process. | | 0xC1900101 - 0x3000D | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
Update or uninstall the display driver. | Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.
This can occur due to a problem with a display driver. | | 0xC1900101 - 0x4000D | Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.
Review the rollback log and determine the stop code.
The rollback log is located in the $Windows.~BT\Sources\Rollback folder. An example analysis is shown below. This example is not representative of all cases:
Info SP Crash 0x0000007E detected
Info SP Module name :
Info SP Bugcheck parameter 1 : 0xFFFFFFFFC0000005
Info SP Bugcheck parameter 2 : 0xFFFFF8015BC0036A
Info SP Bugcheck parameter 3 : 0xFFFFD000E5D23728
Info SP Bugcheck parameter 4 : 0xFFFFD000E5D22F40
Info SP Cannot recover the system.
Info SP Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.
Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:
1. Make sure you have enough disk space.
2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.
3. Try changing video adapters.
4. Check with your hardware vendor for any BIOS updates.
5. Disable BIOS memory options such as caching or shadowing. | A rollback occurred due to a driver configuration issue.
Installation failed during the second boot phase while attempting the MIGRATE_DATA operation.
This can occur because of incompatible drivers. | -| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).
Ensure that you select the option to "Download and install updates (recommended)." Also be sure to [remove unsigned drivers](quick-fixes.md#remove-unsigned-drivers).
Computers that run Citrix VDA
You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.
This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.
**Resolution**
To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).
You can work around this problem in two ways:
**Workaround 1**
1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.
2. Run the Windows upgrade again.
3. Reinstall Citrix VDA.
**Workaround 2**
If you cannot uninstall Citrix VDA, follow these steps to work around this problem:
1. In Registry Editor, go to the following subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**
2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.
3. Go to the following subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**
4. Delete the **CtxMcsWbc** entry.
5. Restart the computer, and then try the upgrade again.
**Non-Microsoft information disclaimer**
The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.
This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. | +| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).
Ensure that you select the option to "Download and install updates (recommended)." Also be sure to [remove unsigned drivers](quick-fixes.md#repair-unsigned-drivers).
Computers that run Citrix VDA
You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.
This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.
**Resolution**
To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).
You can work around this problem in two ways:
**Workaround 1**
1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.
2. Run the Windows upgrade again.
3. Reinstall Citrix VDA.
**Workaround 2**
If you cannot uninstall Citrix VDA, follow these steps to work around this problem:
1. In Registry Editor, go to the following subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**
2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.
3. Go to the following subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**
4. Delete the **CtxMcsWbc** entry.
5. Restart the computer, and then try the upgrade again.
**Non-Microsoft information disclaimer**
The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.
This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. | ## 0x800xxxxx From 96a295c4f02ced1e7a2ea0f33f9ee8a9d84535bf Mon Sep 17 00:00:00 2001 From: greg-lindsay
Date: Thu, 8 Oct 2020 02:34:44 -0700
Subject: [PATCH 41/65] up
---
windows/deployment/upgrade/quick-fixes.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md
index e69527eeb0..f1d655d44b 100644
--- a/windows/deployment/upgrade/quick-fixes.md
+++ b/windows/deployment/upgrade/quick-fixes.md
@@ -183,7 +183,7 @@ To check your system for unsigned drivers:
[Sigcheck](https://docs.microsoft.com/sysinternals/downloads/sigcheck) is a tool that you can download and use to review digital signature details of a file. To use sigcheck:
11. In the command window, use the **cd** command to switch to the directory where you extracted sigcheck, for example **cd c:\sigcheck**.
-12. Using the list of unsigned drivers and their associated paths that you obtained from the File Signature Verification tool, run sigcheck to obtain details about the driver, including the catalog file used for signing. Type **sigcheck64 -u -e \** and press ENTER. See the following example:
+12. Using the list of unsigned drivers and their associated paths that you obtained from the File Signature Verification tool, run sigcheck to obtain details about the driver, including the catalog file used for signing. Type **sigcheck64 -i \** and press ENTER (or sigcheck -i for a 32 bit OS). See the following example:
```
C:\Sigcheck>sigcheck64.exe -i c:\windows\system32\drivers\afd.sys
From bf9fdab616073a163800b1c819fd847803cb5ea5 Mon Sep 17 00:00:00 2001
From: Tina Burden
Date: Thu, 8 Oct 2020 08:54:03 -0700
Subject: [PATCH 42/65] pencil edit
---
windows/client-management/mdm/devicestatus-csp.md | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index 97daf7a3ce..6ab35ba018 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -36,9 +36,8 @@ Supported operation is Get.
**DeviceStatus/CellularIdentities**
Required. Node for queries on the SIM cards.
-> **Note** Multiple SIMs are supported.
-
-
+>[!NOTE]
+>Multiple SIMs are supported.
**DeviceStatus/CellularIdentities/***IMEI*
The unique International Mobile Station Equipment Identity (IMEI) number of the mobile device. An IMEI is present for each SIM card on the device.
From fce88befcc084ff10f297162d632cc11c86ed68a Mon Sep 17 00:00:00 2001
From: ManikaDhiman
Date: Thu, 8 Oct 2020 09:34:01 -0700
Subject: [PATCH 43/65] minor update to trigger build
---
.../client-management/mdm/policies-in-policy-csp-admx-backed.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 75ac21a8b3..5a62b30b51 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -9,7 +9,7 @@ ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
-ms.date: 08/18/2020
+ms.date: 10/08/2020
---
# ADMX-backed policies in Policy CSP
From 62c79b0aa1014c007cf8e01b2633925c0bfd6f89 Mon Sep 17 00:00:00 2001
From: ManikaDhiman
Date: Thu, 8 Oct 2020 11:42:03 -0700
Subject: [PATCH 44/65] minor update to trigger build
---
.../mdm/policies-in-policy-csp-supported-by-hololens2.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index 4eb84a8e80..20d7139bc6 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -9,7 +9,7 @@ ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
-ms.date: 05/11/2020
+ms.date: 10/08/2020
---
# Policies in Policy CSP supported by HoloLens 2
From b566b00acea20c62c2fe6711930273f6b1d856a8 Mon Sep 17 00:00:00 2001
From: ManikaDhiman
Date: Thu, 8 Oct 2020 11:45:17 -0700
Subject: [PATCH 45/65] update
---
.../mdm/policies-in-policy-csp-supported-by-hololens2.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index 20d7139bc6..12fc2dea7c 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -50,6 +50,8 @@ ms.date: 10/08/2020
- [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength)
- [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana)
- [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment)
+- MemoryDump/AllowCrashDump
+- MemoryDump/AllowLiveDump
- [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
- [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
- [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
From 6b10684bbc99dd211879247e1101a2110c53a936 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Thu, 8 Oct 2020 11:50:57 -0700
Subject: [PATCH 46/65] Update
prevent-changes-to-security-settings-with-tamper-protection.md
---
...ent-changes-to-security-settings-with-tamper-protection.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
index 6b6a753cf0..94d1519031 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -1,6 +1,6 @@
---
title: Protect security settings with tamper protection
-ms.reviewer:
+ms.reviewer: shwjha
manager: dansimp
description: Use tamper protection to prevent malicious apps from changing important security settings.
keywords: malware, defender, antivirus, tamper protection
@@ -14,7 +14,7 @@ audience: ITPro
author: denisebmsft
ms.author: deniseb
ms.custom: nextgen
-ms.date: 08/31/2020
+ms.date: 10/08/2020
---
# Protect security settings with tamper protection
From 7db6caa5f7a2d9fd2054cacf1d54984e138a92e7 Mon Sep 17 00:00:00 2001
From: ManikaDhiman
Date: Thu, 8 Oct 2020 11:53:41 -0700
Subject: [PATCH 47/65] Updated SKU table
---
.../mdm/policy-csp-mixedreality.md | 100 ------------------
1 file changed, 100 deletions(-)
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
index f56c1835af..ec855a1a28 100644
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -51,26 +51,6 @@ manager: dansimp
Windows Edition
Supported?
-
- Home
-
-
- Pro
-
-
- Business
-
-
- Enterprise
-
-
- Education
-
HoloLens (1st gen) Development Edition
Windows Edition
Supported?
-
- Home
-
-
- Pro
-
-
- Business
-
-
- Enterprise
-
-
- Education
-
HoloLens (1st gen) Development Edition
Windows Edition
Supported?
-
- Home
-
-
- Pro
-
-
- Business
-
-
- Enterprise
-
-
- Education
-
HoloLens (1st gen) Development Edition
Windows Edition
Supported?
-
- Home
-
-
- Pro
-
-
- Business
-
-
- Enterprise
-
-
- Education
-
HoloLens (1st gen) Development Edition
Windows Edition
Supported?
-
- Home
-
-
- Pro
-
-
- Business
-
-
- Enterprise
-
-
- Education
-
HoloLens (1st gen) Development Edition
Date: Thu, 8 Oct 2020 12:50:29 -0700
Subject: [PATCH 48/65] Minor update
---
.../mdm/policies-in-policy-csp-supported-by-hololens2.md | 2 --
windows/client-management/mdm/policy-csp-mixedreality.md | 2 +-
2 files changed, 1 insertion(+), 3 deletions(-)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index 12fc2dea7c..20d7139bc6 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -50,8 +50,6 @@ ms.date: 10/08/2020
- [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength)
- [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana)
- [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment)
-- MemoryDump/AllowCrashDump
-- MemoryDump/AllowLiveDump
- [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
- [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
- [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
index ec855a1a28..131a087561 100644
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -307,7 +307,7 @@ The following list shows the supported values:
Footnotes:
-- 9 - Available in Windows 10, version 2010.
+- 9 - Available in the next major release of Windows 10.
From 292b55448dd1d5126e182d200caaf8274b754c1d Mon Sep 17 00:00:00 2001
From: ManikaDhiman
Date: Thu, 8 Oct 2020 12:55:07 -0700
Subject: [PATCH 49/65] added prerelease warning
---
windows/client-management/mdm/policy-csp-mixedreality.md | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
index 131a087561..7e46b61a7d 100644
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -13,7 +13,8 @@ manager: dansimp
---
# Policy CSP - MixedReality
-
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
From 9b2031bf49407b4dc2dc365557fb6b7acfbd9fec Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT
Date: Thu, 8 Oct 2020 13:01:33 -0700
Subject: [PATCH 50/65] Update
prevent-changes-to-security-settings-with-tamper-protection.md
---
...ecurity-settings-with-tamper-protection.md | 22 ++++++++++++++++++-
1 file changed, 21 insertions(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
index 94d1519031..d2ed2e7ca4 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -25,6 +25,7 @@ ms.date: 10/08/2020
**Applies to:**
- Windows 10
+- Windows Server 2019
## Overview
@@ -41,7 +42,7 @@ With tamper protection, malicious apps are prevented from taking actions such as
### How it works
- Tamper protection essentially locks Microsoft Defender Antivirus and prevents your security settings from being changed through apps and methods such as:
+Tamper protection essentially locks Microsoft Defender Antivirus and prevents your security settings from being changed through apps and methods such as:
- Configuring settings in Registry Editor on your Windows machine
- Changing settings through PowerShell cmdlets
@@ -125,6 +126,25 @@ If you are using Windows 10 OS [1709](https://docs.microsoft.com/windows/release
3. In the list of results, look for `IsTamperProtected`. (A value of *true* means tamper protection is enabled.)
+## Manage tamper protection with Configuration Manager, version 2006
+
+> [!IMPORTANT]
+> The procedure can be used to extend tamper protection to devices running Windows 10 and Windows Server 2019. Otherwise, tamper protection is supported on Windows 10 only.
+
+If you're using [version 2006 of Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/changes/whats-new-in-version-2006), you can manage tamper protection settings on Windows 10 and Windows Server 2019 using tenant attach. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Microsoft Endpoint Manager admin center, and then deliver your endpoint security configuration policies to your on-premises collections & devices.
+
+1. Set up tenant attach. See [Microsoft Endpoint Manager tenant attach: Device sync and device actions](https://docs.microsoft.com/mem/configmgr/tenant-attach/device-sync-actions).
+
+2. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** > **Antivirus**, and choose **+ Create Policy**.
+
+3. Configure tamper protection as part of the new policy.
+
+4. Deploy the policy to your device collection.
+
+Need help? See the following resources:
+
+-
+
## View information about tampering attempts
Tampering attempts typically indicate bigger cyberattacks. Bad actors try to change security settings as a way to persist and stay undetected. If you're part of your organization's security team, you can view information about such attempts, and then take appropriate actions to mitigate threats.
From bf6305fe8d3e0b33cf35e0d5ba30cc58ea59f5d4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Thu, 8 Oct 2020 13:07:20 -0700
Subject: [PATCH 51/65] Update
prevent-changes-to-security-settings-with-tamper-protection.md
---
...t-changes-to-security-settings-with-tamper-protection.md | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
index d2ed2e7ca4..190da47cf3 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -143,7 +143,11 @@ If you're using [version 2006 of Configuration Manager](https://docs.microsoft.c
Need help? See the following resources:
--
+- [Tech Community Blog: Announcing Tamper Protection for Configuration Manager Tenant Attach clients](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/announcing-tamper-protection-for-configuration-manager-tenant/ba-p/1700246#.X3QLR5Ziqq8.linkedin)
+
+- [Tenant attach: Create and deploy endpoint security Antivirus policy from the admin center (preview)](https://docs.microsoft.com/mem/configmgr/tenant-attach/deploy-antivirus-policy)
+
+- [Antivirus policy for endpoint security in Intune](https://docs.microsoft.com/mem/intune/protect/endpoint-security-antivirus-policy)
## View information about tampering attempts
From 4299c090623706a320c5185b5c4b3caca0eed240 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Thu, 8 Oct 2020 13:27:46 -0700
Subject: [PATCH 52/65] Update
prevent-changes-to-security-settings-with-tamper-protection.md
---
...nt-changes-to-security-settings-with-tamper-protection.md | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
index 190da47cf3..3ee78515ef 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -143,11 +143,14 @@ If you're using [version 2006 of Configuration Manager](https://docs.microsoft.c
Need help? See the following resources:
+- [Antivirus policy for endpoint security in Intune](https://docs.microsoft.com/mem/intune/protect/endpoint-security-antivirus-policy)
+
+- [Settings for the Windows Security experience profile in Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/antivirus-security-experience-windows-settings)
+
- [Tech Community Blog: Announcing Tamper Protection for Configuration Manager Tenant Attach clients](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/announcing-tamper-protection-for-configuration-manager-tenant/ba-p/1700246#.X3QLR5Ziqq8.linkedin)
- [Tenant attach: Create and deploy endpoint security Antivirus policy from the admin center (preview)](https://docs.microsoft.com/mem/configmgr/tenant-attach/deploy-antivirus-policy)
-- [Antivirus policy for endpoint security in Intune](https://docs.microsoft.com/mem/intune/protect/endpoint-security-antivirus-policy)
## View information about tampering attempts
From 5f0dbed362be305a5b1bfe2b09c990542bef6f7f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Thu, 8 Oct 2020 13:32:40 -0700
Subject: [PATCH 53/65] Update
prevent-changes-to-security-settings-with-tamper-protection.md
---
...nt-changes-to-security-settings-with-tamper-protection.md | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
index 3ee78515ef..0567d06391 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -25,7 +25,7 @@ ms.date: 10/08/2020
**Applies to:**
- Windows 10
-- Windows Server 2019
+- Windows Server 2019 (if using tenant attach with [Configuation Manager, version 2006](#manage-tamper-protection-with-configuration-manager-version-2006))
## Overview
@@ -55,6 +55,7 @@ Tamper protection doesn't prevent you from viewing your security settings. And,
1. Turn tamper protection on
- [For an individual machine, use Windows Security](#turn-tamper-protection-on-or-off-for-an-individual-machine). - [For your organization, use Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune). + - [Use tenant attach with Configuration Manager, version 2006, for devices running Windows 10 or Windows Server 2019](#manage-tamper-protection-with-configuration-manager-version-2006) 2. [View information about tampering attempts](#view-information-about-tampering-attempts). @@ -129,7 +130,7 @@ If you are using Windows 10 OS [1709](https://docs.microsoft.com/windows/release ## Manage tamper protection with Configuration Manager, version 2006 > [!IMPORTANT] -> The procedure can be used to extend tamper protection to devices running Windows 10 and Windows Server 2019. Otherwise, tamper protection is supported on Windows 10 only. +> The procedure can be used to extend tamper protection to devices running Windows 10 and Windows Server 2019. Make sure to review the prerequisites and other information in the resources mentioned in this procedure. If you're using [version 2006 of Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/changes/whats-new-in-version-2006), you can manage tamper protection settings on Windows 10 and Windows Server 2019 using tenant attach. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Microsoft Endpoint Manager admin center, and then deliver your endpoint security configuration policies to your on-premises collections & devices. From 1aa42c42ad086c96e0d10e3805a0b9ff70433adb Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT
Date: Thu, 8 Oct 2020 13:37:12 -0700
Subject: [PATCH 54/65] Update
prevent-changes-to-security-settings-with-tamper-protection.md
---
...event-changes-to-security-settings-with-tamper-protection.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
index 0567d06391..6c6e149977 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -123,7 +123,7 @@ If you are using Windows 10 OS [1709](https://docs.microsoft.com/windows/release
1. Open the Windows PowerShell app.
-2. Use the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps) PowerShell cmdlet.
+2. Use the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps&preserve-view=true) PowerShell cmdlet.
3. In the list of results, look for `IsTamperProtected`. (A value of *true* means tamper protection is enabled.)
From ab42b3ab7124d126cbdbbafac18cabc1cd6a0175 Mon Sep 17 00:00:00 2001
From: ManikaDhiman
Date: Thu, 8 Oct 2020 13:39:33 -0700
Subject: [PATCH 55/65] Added Acrolinx suggestion
---
windows/client-management/mdm/policy-csp-mixedreality.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
index 7e46b61a7d..5984507040 100644
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -79,7 +79,7 @@ manager: dansimp
-This policy setting controls for how many days, AAD group membership cache is allowed to be used for Assigned Access configurations targeting AAD groups for signed in user. Once this policy setting is set only then cache is used otherwise not. In order for this policy setting to take effect, user must sign-out and sign-in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions.
+This policy setting controls for how many days, AAD group membership cache is allowed to be used for Assigned Access configurations targeting AAD groups for signed in user. Once this policy setting is set only then cache is used otherwise not. In order for this policy setting to take effect, user must sign out and sign in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions.
From 84bc28dfc12ff2f95c2f63d80f2c03f522b1669b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Thu, 8 Oct 2020 14:01:43 -0700
Subject: [PATCH 56/65] Update
prevent-changes-to-security-settings-with-tamper-protection.md
---
...security-settings-with-tamper-protection.md | 18 ++++++++----------
1 file changed, 8 insertions(+), 10 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
index 6c6e149977..efae8a1640 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -181,9 +181,7 @@ To learn more about Threat & Vulnerability Management, see [Threat & Vulnerabili
Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019), or later together with [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp).
-### Is configuring tamper protection in Intune supported on servers?
-
-No
+If you are using Configuration Manager, version 2006 with tenant attach, tamper protection can be extended to Windows Server 2019. See [Tenant attach: Create and deploy endpoint security Antivirus policy from the admin center (preview)](https://docs.microsoft.com/mem/configmgr/tenant-attach/deploy-antivirus-policy)
### Will tamper protection have any impact on third party antivirus registration?
@@ -197,7 +195,11 @@ Tamper protection will not have any impact on such devices.
If you are a home user, see [Turn tamper protection on (or off) for an individual machine](#turn-tamper-protection-on-or-off-for-an-individual-machine).
-If you are an organization using [Microsoft Defender ATP E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage tamper protection in Intune similar to how you manage other endpoint protection features. See [Turn tamper protection on (or off) for your organization using Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune).
+If you are an organization using [Microsoft Defender ATP E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage tamper protection in Intune similar to how you manage other endpoint protection features. See the following sections of this article:
+
+- [Turn tamper protection on (or off) for your organization using Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune)
+
+- [Manage tamper protection with Configuration Manager, version 2006](#manage-tamper-protection-with-configuration-manager-version-2006)
### How does configuring tamper protection in Intune affect how I manage Microsoft Defender Antivirus through my group policy?
@@ -220,7 +222,7 @@ Configuring tamper protection in Intune can be targeted to your entire organizat
### Can I configure Tamper Protection in Microsoft Endpoint Configuration Manager?
-Currently we do not have support to manage Tamper Protection through Microsoft Endpoint Configuration Manager.
+If you are using tenant attach, you can use Microsoft Endpoint Configuration Manager. See [Manage tamper protection with Configuration Manager, version 2006](#manage-tamper-protection-with-configuration-manager-version-2006) and [Tech Community blog: Announcing Tamper Protection for Configuration Manager Tenant Attach clients](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/announcing-tamper-protection-for-configuration-manager-tenant/ba-p/1700246#.X3QLR5Ziqq8.linkedin).
### I have the Windows E3 enrollment. Can I use configuring tamper protection in Intune?
@@ -248,11 +250,7 @@ In addition, your security operations team can use hunting queries, such as the
[View information about tampering attempts](#view-information-about-tampering-attempts).
-### Will there be a group policy setting for tamper protection?
-
-No.
-
-## Related articles
+## See also
[Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/intune/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune)
From 6f43aad10b51a41854b81bd16822290a59d5ba54 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Thu, 8 Oct 2020 14:05:22 -0700
Subject: [PATCH 57/65] Update
prevent-changes-to-security-settings-with-tamper-protection.md
---
...event-changes-to-security-settings-with-tamper-protection.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
index efae8a1640..c9adfbfd6a 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -181,7 +181,7 @@ To learn more about Threat & Vulnerability Management, see [Threat & Vulnerabili
Windows 10 OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019), or later together with [Microsoft Defender Advanced Threat Protection E5](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp).
-If you are using Configuration Manager, version 2006 with tenant attach, tamper protection can be extended to Windows Server 2019. See [Tenant attach: Create and deploy endpoint security Antivirus policy from the admin center (preview)](https://docs.microsoft.com/mem/configmgr/tenant-attach/deploy-antivirus-policy)
+If you are using Configuration Manager, version 2006 with tenant attach, tamper protection can be extended to Windows Server 2019. See [Tenant attach: Create and deploy endpoint security Antivirus policy from the admin center (preview)](https://docs.microsoft.com/mem/configmgr/tenant-attach/deploy-antivirus-policy).
### Will tamper protection have any impact on third party antivirus registration?
From 514a85ee9042187d499ab22fb282f1f27b0dc6a8 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Thu, 8 Oct 2020 14:26:36 -0700
Subject: [PATCH 58/65] Update
manage-updates-baselines-microsoft-defender-antivirus.md
---
...ates-baselines-microsoft-defender-antivirus.md | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index 69288217fe..a44d487b2b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -13,7 +13,7 @@ ms.author: deniseb
ms.custom: nextgen
ms.reviewer:
manager: dansimp
-ms.date: 10/06/2020
+ms.date: 10/08/2020
---
# Manage Microsoft Defender Antivirus updates and apply baselines
@@ -110,11 +110,14 @@ No known issues
Support phase: **Security and Critical Updates**
### What's new
-* Add more telemetry events
-* Improved scan event telemetry
-* Improved behavior monitoring for memory scans
-* Improved macro streams scanning
-* Added `AMRunningMode` to Get-MpComputerStatus PowerShell CmdLet
+
+- Add more telemetry events
+- Improved scan event telemetry
+- Improved behavior monitoring for memory scans
+- Improved macro streams scanning
+- Added `AMRunningMode` to Get-MpComputerStatus PowerShell cmdlet
+- [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware) is ignored
+
### Known Issues
No known issues
From 6bff7182b95065bcbedfc49b90d536d4c34f4755 Mon Sep 17 00:00:00 2001
From: Gary Moore
Date: Thu, 8 Oct 2020 14:42:31 -0700
Subject: [PATCH 59/65] Acrolinx: "Hololens", "AAD"
---
windows/client-management/mdm/policy-csp-mixedreality.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
index 5984507040..79fa5b1264 100644
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -79,7 +79,7 @@ manager: dansimp
-This policy setting controls for how many days, AAD group membership cache is allowed to be used for Assigned Access configurations targeting AAD groups for signed in user. Once this policy setting is set only then cache is used otherwise not. In order for this policy setting to take effect, user must sign out and sign in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions.
+This policy setting controls for how many days Azure AD group membership cache is allowed to be used for Assigned Access configurations targeting Azure AD groups for signed in user. Once this policy setting is set only then cache is used otherwise not. In order for this policy setting to take effect, user must sign out and sign in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions.
@@ -129,7 +129,7 @@ Supported values are 0-60. The default value is 0 (day) and maximum value is 60
-This policy setting controls if pressing the brightness button changes the brightness or not. It only impacts brightness on Hololens and not the functionality of the button when it is used with other buttons as combination for other purposes.
+This policy setting controls if pressing the brightness button changes the brightness or not. It only impacts brightness on HoloLens and not the functionality of the button when it is used with other buttons as combination for other purposes.
@@ -182,7 +182,7 @@ The following list shows the supported values:
-This policy setting controls when and if diagnostic logs can be collected using specific button combination on Hololens.
+This policy setting controls when and if diagnostic logs can be collected using specific button combination on HoloLens.
From 670a32d09acfe89b68e89e63d201d76809e69053 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Thu, 8 Oct 2020 15:46:30 -0700
Subject: [PATCH 60/65] Update
manage-updates-baselines-microsoft-defender-antivirus.md
---
.../manage-updates-baselines-microsoft-defender-antivirus.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index a44d487b2b..d352e882bd 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -116,7 +116,7 @@ No known issues
- Improved behavior monitoring for memory scans
- Improved macro streams scanning
- Added `AMRunningMode` to Get-MpComputerStatus PowerShell cmdlet
-- [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware) is ignored
+- [DisableAntiSpyware](https://docs.microsoft.com/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware) is ignored. Microsoft Defender Antivirus automatically turns itself off when it detects another antivirus program.
### Known Issues
From 24e16d1f873c2baae804aac73beb2efe24320a34 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Thu, 8 Oct 2020 16:09:36 -0700
Subject: [PATCH 61/65] Update attack-surface-reduction.md
---
.../microsoft-defender-atp/attack-surface-reduction.md | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index 21443608c3..f0de0e3d85 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -11,9 +11,10 @@ ms.localizationpriority: medium
audience: ITPro
author: denisebmsft
ms.author: deniseb
-ms.reviewer:
+ms.reviewer: sugamar, jcedola
manager: dansimp
ms.custom: asr
+ms.date: 10/08/2020
---
# Reduce attack surfaces with attack surface reduction rules
From 17dd944440c57751638b6bb2e81efb585549d677 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Thu, 8 Oct 2020 16:11:43 -0700
Subject: [PATCH 62/65] Update attack-surface-reduction.md
---
.../microsoft-defender-atp/attack-surface-reduction.md | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index f0de0e3d85..45db3aa0c7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -327,10 +327,7 @@ GUID: `d1e49aac-8f56-4280-b9ba-993a6d77406c`
### Block untrusted and unsigned processes that run from USB
-With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards. Blocked file types include:
-
-* Executable files (such as .exe, .dll, or .scr)
-* Script files (such as a PowerShell .ps, Visual Basic .vbs, or JavaScript .js file)
+With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards. Blocked file types include executable files (such as .exe, .dll, or .scr)
This rule was introduced in:
- [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803)
From 0d2f73a6ddf50632e91293026019bed1d72a87fd Mon Sep 17 00:00:00 2001
From: Gary Moore
Date: Thu, 8 Oct 2020 16:23:25 -0700
Subject: [PATCH 63/65] Acrolinx: "Configuation"
---
...event-changes-to-security-settings-with-tamper-protection.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
index c9adfbfd6a..c49d6a763f 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@@ -25,7 +25,7 @@ ms.date: 10/08/2020
**Applies to:**
- Windows 10
-- Windows Server 2019 (if using tenant attach with [Configuation Manager, version 2006](#manage-tamper-protection-with-configuration-manager-version-2006))
+- Windows Server 2019 (if using tenant attach with [Configuration Manager, version 2006](#manage-tamper-protection-with-configuration-manager-version-2006))
## Overview
From 7b7f30c8c6cf68b5ce773881e07e5938263e80ed Mon Sep 17 00:00:00 2001
From: v-miegge <49650192+v-miegge@users.noreply.github.com>
Date: Fri, 9 Oct 2020 08:38:37 -0700
Subject: [PATCH 64/65] Removed hyperlinks
---
.../credential-guard/credential-guard-requirements.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
index 3c4371019f..239fc8e129 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
@@ -100,8 +100,8 @@ The following tables describe baseline protections, plus protections for improve
|Hardware: **64-bit CPU** |A 64-bit computer is required for the Windows hypervisor to provide VBS.|
|Hardware: **CPU virtualization extensions**, plus **extended page tables**|**Requirements**: - These hardware features are required for VBS: One of the following virtualization extensions: - VT-x (Intel) or - AMD-V And: - Extended page tables, also called Second Level Address Translation (SLAT).|VBS provides isolation of secure kernel from normal operating system. Vulnerabilities and Day 0s in normal operating system cannot be exploited because of this isolation.|
|Hardware: **Trusted Platform Module (TPM)**|**Requirement**: - TPM 1.2 or TPM 2.0, either discrete or firmware. [TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations)|A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access.|
-|Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot**|**Requirements**: - See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)|UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots.|
-|Firmware: **Secure firmware update process**|**Requirements**: - UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](https://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).|UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed.|
+|Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot**|**Requirements**: - See the following Windows Hardware Compatibility Program requirement: System.Fundamentals.Firmware.UEFISecureBoot|UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots.|
+|Firmware: **Secure firmware update process**|**Requirements**: - UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: System.Fundamentals.Firmware.UEFISecureBoot.|UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed.|
|Software: Qualified **Windows operating system**|**Requirement**: - Windows 10 or Windows Server 2016.|Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard.|
> [!IMPORTANT]
@@ -125,7 +125,7 @@ The following tables describe baseline protections, plus protections for improve
|Protections for Improved Security|Description|Security Benefits|
|---|---|---|
-|Firmware: **Hardware Rooted Trust Platform Secure Boot**|**Requirements**: - Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under [System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby](https://msdn.microsoft.com/library/windows/hardware/dn932807(v=vs.85).aspx#system_fundamentals_firmware_cs_uefisecureboot_connectedstandby) - The Hardware Security Test Interface (HSTI) must be implemented. See [Hardware Security Testability Specification](https://msdn.microsoft.com/library/windows/hardware/mt712332(v=vs.85).aspx).|Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware. - HSTI provides additional security assurance for correctly secured silicon and platform.|
+|Firmware: **Hardware Rooted Trust Platform Secure Boot**|**Requirements**: - Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby - The Hardware Security Test Interface (HSTI) must be implemented. See [Hardware Security Testability Specification](https://msdn.microsoft.com/library/windows/hardware/mt712332(v=vs.85).aspx).|Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware. - HSTI provides additional security assurance for correctly secured silicon and platform.|
|Firmware: **Firmware Update through Windows Update**|**Requirements**: - Firmware must support field updates through Windows Update and UEFI encapsulation update.|Helps ensure that firmware updates are fast, secure, and reliable.|
|Firmware: **Securing Boot Configuration and Management**|**Requirements**: - Required BIOS capabilities: Ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time. - Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should leverage ISV-provided certificates or OEM certificate for the specific UEFI software.|- Enterprises can choose to allow proprietary EFI drivers/applications to run. - Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots.|
From ba9066e0a8ebb4649b20a4f4764a052981980829 Mon Sep 17 00:00:00 2001
From: v-miegge <49650192+v-miegge@users.noreply.github.com>
Date: Fri, 9 Oct 2020 08:44:29 -0700
Subject: [PATCH 65/65] Acrolinx
---
.../credential-guard-requirements.md | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
index 239fc8e129..ec08c99def 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
@@ -23,7 +23,7 @@ ms.reviewer:
- Windows 10
- Windows Server 2016
-For Windows Defender Credential Guard to provide protection, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Windows Defender Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to this as [Application requirements](#application-requirements). Beyond that, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations).
+For Windows Defender Credential Guard to provide protection, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements, which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Windows Defender Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to these requirements as [Application requirements](#application-requirements). Beyond these requirements, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations).
## Hardware and software requirements
@@ -31,7 +31,7 @@ To provide basic protections against OS level attempts to read Credential Manage
- Support for Virtualization-based security (required)
- Secure boot (required)
-- TPM (preferred - provides binding to hardware) versions 1.2 and 2.0 are supported, either discrete or firmware
+- Trusted Platform Module (TPM, preferred - provides binding to hardware) versions 1.2 and 2.0 are supported, either discrete or firmware
- UEFI lock (preferred - prevents attacker from disabling with a simple registry key change)
The Virtualization-based security requires:
@@ -48,7 +48,7 @@ Credential Guard can protect secrets in a Hyper-V virtual machine, just as it wo
- The Hyper-V host must have an IOMMU, and run at least Windows Server 2016 or Windows 10 version 1607.
- The Hyper-V virtual machine must be Generation 2, have an enabled virtual TPM, and be running at least Windows Server 2016 or Windows 10.
- - Please note that TPM is not a requirement, but we highly recommend to implement TPM.
+ - TPM is not a requirement, but we recommend that you implement TPM.
For information about other host platforms, see [Enabling Windows Server 2016 and Hyper-V virtualization based security features on other platforms](https://blogs.technet.microsoft.com/windowsserver/2016/09/29/enabling-windows-server-2016-and-hyper-v-virtualization-based-security-features-on-other-platforms/).
@@ -99,8 +99,8 @@ The following tables describe baseline protections, plus protections for improve
|---|---|---|
|Hardware: **64-bit CPU** |A 64-bit computer is required for the Windows hypervisor to provide VBS.|
|Hardware: **CPU virtualization extensions**, plus **extended page tables**|**Requirements**: - These hardware features are required for VBS: One of the following virtualization extensions: - VT-x (Intel) or - AMD-V And: - Extended page tables, also called Second Level Address Translation (SLAT).|VBS provides isolation of secure kernel from normal operating system. Vulnerabilities and Day 0s in normal operating system cannot be exploited because of this isolation.|
-|Hardware: **Trusted Platform Module (TPM)**|**Requirement**: - TPM 1.2 or TPM 2.0, either discrete or firmware. [TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations)|A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access.|
-|Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot**|**Requirements**: - See the following Windows Hardware Compatibility Program requirement: System.Fundamentals.Firmware.UEFISecureBoot|UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots.|
+|Hardware: **Trusted Platform Module (TPM)**|**Requirement**: - TPM 1.2 or TPM 2.0, either discrete or firmware. [TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations)|A TPM provides protection for VBS encryption keys that are stored in the firmware. TPM helps protect against attacks involving a physically present user with BIOS access.|
+|Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot**|**Requirements**: - See the following Windows Hardware Compatibility Program requirement: System.Fundamentals.Firmware.UEFISecureBoot|UEFI Secure Boot helps ensure that the device boots only authorized code, and can prevent boot kits and root kits from installing and persisting across reboots.|
|Firmware: **Secure firmware update process**|**Requirements**: - UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: System.Fundamentals.Firmware.UEFISecureBoot.|UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed.|
|Software: Qualified **Windows operating system**|**Requirement**: - Windows 10 or Windows Server 2016.|Support for VBS and for management features that simplify configuration of Windows Defender Credential Guard.|
@@ -114,7 +114,7 @@ The following tables describe baseline protections, plus protections for improve
|Protections for Improved Security|Description|
|---|---|
-|Hardware: **IOMMU** (input/output memory management unit)|**Requirement**: - VT-D or AMD Vi IOMMU **Security benefits**: - An IOMMU can enhance system resiliency against memory attacks. For more information, see [ACPI description tables](https://msdn.microsoft.com/windows/hardware/drivers/bringup/acpi-system-description-tables)|
+|Hardware: **IOMMU** (input/output memory management unit)|**Requirement**: - VT-D or AMD Vi IOMMU **Security benefits**: - An IOMMU can enhance system resiliency against memory attacks. For more information, see [Advanced Configuration and Power Interface (ACPI) description tables](https://msdn.microsoft.com/windows/hardware/drivers/bringup/acpi-system-description-tables)|
|Firmware: **Securing Boot Configuration and Management**|**Requirements**: - BIOS password or stronger authentication must be supported. - In the BIOS configuration, BIOS authentication must be set. - There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system. - In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.|
|Firmware: **Secure MOR, revision 2 implementation**|**Requirement**: - Secure MOR, revision 2 implementation|
@@ -135,8 +135,8 @@ The following table lists qualifications for Windows 10, version 1703, which are
|Protections for Improved Security|Description|Security Benefits
|---|---|---|
-|Firmware: **VBS enablement of NX protection for UEFI runtime services**|**Requirements**: - VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable. UEFI runtime service must meet these requirements: - Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table. - PE sections need to be page-aligned in memory (not required for in non-volatile storage). - The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS: - All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both. - No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writeable and non-executable. (**SEE IMPORTANT INFORMATION AFTER THIS TABLE**)|Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable) - Reduces the attack surface to VBS from system firmware.|
-|Firmware: **Firmware support for SMM protection**|**Requirements**: - The [Windows SMM Security Mitigations Table (WSMT) specification](https://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.|- Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable) - Reduces the attack surface to VBS from system firmware. - Blocks additional security attacks against SMM.|
+|Firmware: **VBS enablement of No-Execute (NX) protection for UEFI runtime services**|**Requirements**: - VBS will enable NX protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable. UEFI runtime service must meet these requirements: - Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table. - PE sections must be page-aligned in memory (not required for in non-volatile storage). - The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS: - All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both. - No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writeable and non-executable. (**SEE IMPORTANT INFORMATION AFTER THIS TABLE**)|Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable) - Reduces the attack surface to VBS from system firmware.|
+|Firmware: **Firmware support for SMM protection**|**Requirements**: - The [Windows SMM Security Mitigations Table (WSMT) specification](https://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an ACPI table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.|- Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable) - Reduces the attack surface to VBS from system firmware. - Blocks additional security attacks against SMM.|
> [!IMPORTANT]
>
September-2020 (Platform: 4.18.2009.X | Engine: 1.1.17500.4)
+September-2020 (Platform: 4.18.2009.7 | Engine: 1.1.17500.4)
Security intelligence update version: **1.325.10.0** Released: **October 01, 2020** - Platform: **4.18.2009.X** + Platform: **4.18.2009.7** Engine: **1.1.17500.4** Support phase: **Security and Critical Updates** From 69b918851e2664befcaf0155b5a43b0a75d41336 Mon Sep 17 00:00:00 2001 From: greg-lindsay@@ -49,7 +49,7 @@ See the following general troubleshooting procedures associated with a result co | 0xC1900101 - 0x30018 | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
Contact your hardware vendor to obtain updated device drivers.
Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. | A device driver has stopped responding to setup.exe during the upgrade process. | | 0xC1900101 - 0x3000D | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
Update or uninstall the display driver. | Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.
This can occur due to a problem with a display driver. | | 0xC1900101 - 0x4000D | Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.
Review the rollback log and determine the stop code.
The rollback log is located in the $Windows.~BT\Sources\Rollback folder. An example analysis is shown below. This example is not representative of all cases:
Info SP Crash 0x0000007E detected
Info SP Module name :
Info SP Bugcheck parameter 1 : 0xFFFFFFFFC0000005
Info SP Bugcheck parameter 2 : 0xFFFFF8015BC0036A
Info SP Bugcheck parameter 3 : 0xFFFFD000E5D23728
Info SP Bugcheck parameter 4 : 0xFFFFD000E5D22F40
Info SP Cannot recover the system.
Info SP Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.
Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:
1. Make sure you have enough disk space.
2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.
3. Try changing video adapters.
4. Check with your hardware vendor for any BIOS updates.
5. Disable BIOS memory options such as caching or shadowing. | A rollback occurred due to a driver configuration issue.
Installation failed during the second boot phase while attempting the MIGRATE_DATA operation.
This can occur because of incompatible drivers. | -| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).
Ensure that you select the option to "Download and install updates (recommended)."
Computers that run Citrix VDA
You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.
This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.
**Resolution**
To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).
You can work around this problem in two ways:
**Workaround 1**
1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.
2. Run the Windows upgrade again.
3. Reinstall Citrix VDA.
**Workaround 2**
If you cannot uninstall Citrix VDA, follow these steps to work around this problem:
1. In Registry Editor, go to the following subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**
2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.
3. Go to the following subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**
4. Delete the **CtxMcsWbc** entry.
5. Restart the computer, and then try the upgrade again.
**Non-Microsoft information disclaimer**
The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.
This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. | +| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).
Ensure that you select the option to "Download and install updates (recommended)." Also be sure to [remove unsigned drivers](quick-fixes.md#remove-unsigned-drivers).
Computers that run Citrix VDA
You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.
This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.
**Resolution**
To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).
You can work around this problem in two ways:
**Workaround 1**
1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.
2. Run the Windows upgrade again.
3. Reinstall Citrix VDA.
**Workaround 2**
If you cannot uninstall Citrix VDA, follow these steps to work around this problem:
1. In Registry Editor, go to the following subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**
2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.
3. Go to the following subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**
4. Delete the **CtxMcsWbc** entry.
5. Restart the computer, and then try the upgrade again.
**Non-Microsoft information disclaimer**
The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.
This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. | ## 0x800xxxxx From 4f348378a25dd517ec6ad2c951d3ca9bbb0a70d9 Mon Sep 17 00:00:00 2001 From: greg-lindsay
Added a new section:
-
-
@@ -49,7 +49,7 @@ See the following general troubleshooting procedures associated with a result co | 0xC1900101 - 0x30018 | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
Contact your hardware vendor to obtain updated device drivers.
Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. | A device driver has stopped responding to setup.exe during the upgrade process. | | 0xC1900101 - 0x3000D | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
Update or uninstall the display driver. | Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.
This can occur due to a problem with a display driver. | | 0xC1900101 - 0x4000D | Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.
Review the rollback log and determine the stop code.
The rollback log is located in the $Windows.~BT\Sources\Rollback folder. An example analysis is shown below. This example is not representative of all cases:
Info SP Crash 0x0000007E detected
Info SP Module name :
Info SP Bugcheck parameter 1 : 0xFFFFFFFFC0000005
Info SP Bugcheck parameter 2 : 0xFFFFF8015BC0036A
Info SP Bugcheck parameter 3 : 0xFFFFD000E5D23728
Info SP Bugcheck parameter 4 : 0xFFFFD000E5D22F40
Info SP Cannot recover the system.
Info SP Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.
Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:
1. Make sure you have enough disk space.
2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.
3. Try changing video adapters.
4. Check with your hardware vendor for any BIOS updates.
5. Disable BIOS memory options such as caching or shadowing. | A rollback occurred due to a driver configuration issue.
Installation failed during the second boot phase while attempting the MIGRATE_DATA operation.
This can occur because of incompatible drivers. | -| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).
Ensure that you select the option to "Download and install updates (recommended)." Also be sure to [remove unsigned drivers](quick-fixes.md#remove-unsigned-drivers).
Computers that run Citrix VDA
You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.
This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.
**Resolution**
To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).
You can work around this problem in two ways:
**Workaround 1**
1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.
2. Run the Windows upgrade again.
3. Reinstall Citrix VDA.
**Workaround 2**
If you cannot uninstall Citrix VDA, follow these steps to work around this problem:
1. In Registry Editor, go to the following subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**
2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.
3. Go to the following subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**
4. Delete the **CtxMcsWbc** entry.
5. Restart the computer, and then try the upgrade again.
**Non-Microsoft information disclaimer**
The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.
This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. | +| 0xC1900101 - 0x40017 | Clean boot into Windows, and then attempt the upgrade to Windows 10. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/kb/929135).
Ensure that you select the option to "Download and install updates (recommended)." Also be sure to [remove unsigned drivers](quick-fixes.md#repair-unsigned-drivers).
Computers that run Citrix VDA
You may see this message after you upgrade a computer from Windows 10, version 1511 to Windows 10, version 1607. After the second system restart, the system generates this error and then rolls back to the previous version. This problem has also been observed in upgrades to Windows 8.1 and Windows 8.
This problem occurs because the computer has Citrix Virtual Delivery Agent (VDA) installed. Citrix VDA installs device drivers and a file system filter driver (CtxMcsWbc). This Citrix filter driver prevents the upgrade from writing changes to the disk, so the upgrade cannot complete and the system rolls back.
**Resolution**
To resolve this problem, install [Cumulative update for Windows 10 Version 1607 and Windows Server 2016: November 8, 2016](https://support.microsoft.com/help/3200970/cumulative-update-for-windows-10-version-1607-and-windows-server-2016).
You can work around this problem in two ways:
**Workaround 1**
1. Use the VDA setup application (VDAWorkstationSetup_7.11) to uninstall Citrix VDA.
2. Run the Windows upgrade again.
3. Reinstall Citrix VDA.
**Workaround 2**
If you cannot uninstall Citrix VDA, follow these steps to work around this problem:
1. In Registry Editor, go to the following subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\CtxMcsWbc**
2. Change the value of the **Start** entry from **0** to **4**. This change disables the Citrix MCS cache service.
3. Go to the following subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}**
4. Delete the **CtxMcsWbc** entry.
5. Restart the computer, and then try the upgrade again.
**Non-Microsoft information disclaimer**
The non-Microsoft products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. | Windows 10 upgrade failed after the second reboot.
This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers. | ## 0x800xxxxx From 96a295c4f02ced1e7a2ea0f33f9ee8a9d84535bf Mon Sep 17 00:00:00 2001 From: greg-lindsay
From 9b2031bf49407b4dc2dc365557fb6b7acfbd9fec Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT
- [For an individual machine, use Windows Security](#turn-tamper-protection-on-or-off-for-an-individual-machine). - [For your organization, use Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune). + - [Use tenant attach with Configuration Manager, version 2006, for devices running Windows 10 or Windows Server 2019](#manage-tamper-protection-with-configuration-manager-version-2006) 2. [View information about tampering attempts](#view-information-about-tampering-attempts). @@ -129,7 +130,7 @@ If you are using Windows 10 OS [1709](https://docs.microsoft.com/windows/release ## Manage tamper protection with Configuration Manager, version 2006 > [!IMPORTANT] -> The procedure can be used to extend tamper protection to devices running Windows 10 and Windows Server 2019. Otherwise, tamper protection is supported on Windows 10 only. +> The procedure can be used to extend tamper protection to devices running Windows 10 and Windows Server 2019. Make sure to review the prerequisites and other information in the resources mentioned in this procedure. If you're using [version 2006 of Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/changes/whats-new-in-version-2006), you can manage tamper protection settings on Windows 10 and Windows Server 2019 using tenant attach. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Microsoft Endpoint Manager admin center, and then deliver your endpoint security configuration policies to your on-premises collections & devices. From 1aa42c42ad086c96e0d10e3805a0b9ff70433adb Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT