deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 21:03:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into jd3mak

Browse Source
This commit is contained in:
jdeckerMS
2017-08-07 13:04:00 -07:00
parent 7c99a65fa5 ae687cc820
commit 2e012140de
11 changed files with 1373 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/application-management/index.md
View File

@ -13,7 +13,7 @@ ms.localizationpriority: medium
**Applies to**
- Windows 10
Learn about managing applications in Window 10 and Windows 10 Mobile clients.
Learn about managing applications in Windows 10 and Windows 10 Mobile clients.
| Topic | Description |

1
windows/client-management/mdm/TOC.md
View File

@ -203,6 +203,7 @@
#### [InternetExplorer](policy-csp-internetexplorer.md)
#### [Kerberos](policy-csp-kerberos.md)
#### [Licensing](policy-csp-licensing.md)
#### [LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md)
#### [Location](policy-csp-location.md)
#### [LockDown](policy-csp-lockdown.md)
#### [Maps](policy-csp-maps.md)

63
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -10,7 +10,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 07/28/2017
ms.date: 08/04/2017
---
# What's new in MDM enrollment and management
@ -973,6 +973,30 @@ For details about Microsoft mobile device management protocols for Windows 10 s
<li>DeviceGuard/EnableVirtualizationBasedSecurity</li>
<li>DeviceGuard/RequirePlatformSecurityFeatures</li>
<li>DeviceGuard/LsaCfgFlags</li>
<li>LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts</li>
<li>LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus</li>
<li>LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus</li>
<li>LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly</li>
<li>LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount</li>
<li>LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount</li>
<li>LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</li>
<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn</li>
<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn</li>
<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL</li>
<li>LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit</li>
<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn</li>
<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn</li>
<li>LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests</li>
<li>LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon</li>
<li>LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations</li>
<li>Power/DisplayOffTimeoutOnBattery</li>
<li>Power/DisplayOffTimeoutPluggedIn</li>
<li>Power/HibernateTimeoutOnBattery</li>
@ -1295,13 +1319,40 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
</thead>
<tbody>
<tr class="odd">
<td style="vertical-align:top">[CM_ProxyEntries CSP](cm-proxyentries-csp.md)</td>
<td style="vertical-align:top"><p>Updated the description of PuposeGroups node to add the GUID for applications. This node is required instead of optional.</p>
<td style="vertical-align:top">[CM\_CellularEntries CSP](cm-cellularentries-csp.md)</td>
<td style="vertical-align:top"><p>Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.</p>
</td></tr>
<tr class="even">
<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
<td style="vertical-align:top">Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutoPilotResetCredentials.</td>
</tr>
<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p>
<ul>
<li>LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts</li>
<li>LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus</li>
<li>LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus</li>
<li>LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly</li>
<li>LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount</li>
<li>LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount</li>
<li>LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</li>
<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn</li>
<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn</li>
<li>LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL</li>
<li>LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit</li>
<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn</li>
<li>LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn</li>
<li>LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests</li>
<li>LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon</li>
<li>LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation</li>
<li>LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations</li>
</ul>
<p>Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutoPilotResetCredentials.</p>
</td></tr>
</tbody>
</table>
@ -1338,7 +1389,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
<ul>
<li>Education/DefaultPrinterName</li>
<li>Education/PreventAddingNewPrinters</li>
<li>Education/PrinterNames</li>
<li>Education/PrinterNames</li>
<li>Security/ClearTPMIfNotReady</li>
<li>WindowsDefenderSecurityCenter/CompanyName</li>
<li>WindowsDefenderSecurityCenter/DisableAppBrowserUI</li>

78
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 07/27/2017
ms.date: 08/04/2017
---
# Policy CSP
@ -1778,6 +1778,82 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
</dl>
### LocalPoliciesSecurityOptions policies
<dl>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts_blockmicrosoftaccounts" id="localpoliciessecurityoptions-accounts_blockmicrosoftaccounts">LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts_enableadministratoraccountstatus" id="localpoliciessecurityoptions-accounts_enableadministratoraccountstatus">LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus </a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts_enableguestaccountstatus" id="localpoliciessecurityoptions-accounts_enableguestaccountstatus">LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts_limitlocalaccountuseofblankpasswordstoconsolelogononly" id="localpoliciessecurityoptions-accounts_limitlocalaccountuseofblankpasswordstoconsolelogononly">LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly</a>
</dd><dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts_renameadministratoraccount" id="localpoliciessecurityoptions-accounts_renameadministratoraccount">LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-accounts_renameguestaccount" id="localpoliciessecurityoptions-accounts_renameguestaccount">LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon_displayuserinformationwhenthesessionislocked" id="localpoliciessecurityoptions-interactivelogon_displayuserinformationwhenthesessionislocked">LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon_donotdisplaylastsignedin" id="localpoliciessecurityoptions-interactivelogon_donotdisplaylastsignedin">LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon_donotdisplayusernameatsignin" id="localpoliciessecurityoptions-interactivelogon_donotdisplayusernameatsignin">LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon_donotrequirectrlaltdel" id="localpoliciessecurityoptions-interactivelogon_donotrequirectrlaltdel">LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon_machineinactivitylimit" id="localpoliciessecurityoptions-interactivelogon_machineinactivitylimit">LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon_messagetextforusersattemptingtologon" id="localpoliciessecurityoptions-interactivelogon_messagetextforusersattemptingtologon">LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon_messagetitleforusersattemptingtologon" id="localpoliciessecurityoptions-interactivelogon_messagetitleforusersattemptingtologon">LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity_allowpku2uauthenticationrequests" id="localpoliciessecurityoptions-networksecurity_allowpku2uauthenticationrequests">LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-recoveryconsole_allowautomaticadministrativelogon" id="localpoliciessecurityoptions-recoveryconsole_allowautomaticadministrativelogon">LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-shutdown_allowsystemtobeshutdownwithouthavingtologon" id="localpoliciessecurityoptions-shutdown_allowsystemtobeshutdownwithouthavingtologon">LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol_allowuiaccessapplicationstopromptforelevation" id="localpoliciessecurityoptions-useraccountcontrol_allowuiaccessapplicationstopromptforelevation">LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol_behavioroftheelevationpromptforadministrators" id="localpoliciessecurityoptions-useraccountcontrol_behavioroftheelevationpromptforadministrators">LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol_behavioroftheelevationpromptforstandardusers" id="localpoliciessecurityoptions-useraccountcontrol_behavioroftheelevationpromptforstandardusers">LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol_onlyelevateexecutablefilesthataresignedandvalidated" id="localpoliciessecurityoptions-useraccountcontrol_onlyelevateexecutablefilesthataresignedandvalidated">LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol_onlyelevateuiaccessapplicationsthatareinstalledinsecurelocations" id="localpoliciessecurityoptions-useraccountcontrol_onlyelevateuiaccessapplicationsthatareinstalledinsecurelocations">LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol_runalladministratorsinadminapprovalmode" id="localpoliciessecurityoptions-useraccountcontrol_runalladministratorsinadminapprovalmode">LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol_switchtothesecuredesktopwhenpromptingforelevation" id="localpoliciessecurityoptions-useraccountcontrol_switchtothesecuredesktopwhenpromptingforelevation">LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation</a>
</dd>
<dd>
<a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-useraccountcontrol_virtualizefileandregistrywritefailurestoperuserlocations" id="localpoliciessecurityoptions-useraccountcontrol_virtualizefileandregistrywritefailurestoperuserlocations">LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations</a>
</dd>
</dl>
### Location policies
<dl>

1197
windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md Normal file
View File

File diff suppressed because it is too large Load Diff

3
windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
View File

@ -1690,6 +1690,9 @@ If you're running Windows 10, version 1607 or later, you only need to enable the
- **User Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Turn off all Windows spotlight features**
> [!NOTE]
> This must be done within 15 minutes after Windows 10 is installed. Alternatively, you can create an image with this setting.
-or-
- Create a new REG\_DWORD registry setting in **HKEY\_CURRENT\_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent!DisableWindowsSpotlightFeatures**, with a value of 1 (one).

1
windows/configuration/start-secondary-tiles.md
View File

@ -72,6 +72,7 @@ In Windows 10, version 1703, by using the PowerShell cmdlet `export-StartLayoutE
3. If youd like to change the image for a secondary tile to your own custom image, open the layout.xml file, and look for the images that the tile references.
- For example, your layout.xml contains `Square150x150LogoUri="ms-appdata:///local/PinnedTiles/21581260870/hires.png" Wide310x150LogoUri="ms-appx:///"`
- Open `C:\Users\<username>\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState` and replace those images with your customized images
>[!TIP]
>A quick method for getting appropriately sized images for each tile size is to upload your image at [BuildMyPinnedSite](http://www.buildmypinnedsite.com/) and then download the resized tile images.

2
windows/deployment/vda-subscription-activation.md
View File

@ -12,7 +12,7 @@ author: greg-lindsay
# Configure VDA for Windows 10 Subscription Activation
This document describes how to configure virtual machines (VMs) to enable [Windows 10 Subscription Activation](windows-10-enterprise-subscription-activation.md) in a Windows Virtual Desktop Access (VDA) scenario. Windows VDA is a device or user-based license.
This document describes how to configure virtual machines (VMs) to enable [Windows 10 Subscription Activation](windows-10-enterprise-subscription-activation.md) in a Windows Virtual Desktop Access (VDA) scenario. Windows VDA is a device or user-based licensing mechanism for managing access to virtual desktops.
## Requirements