From 67609e87f85320666b2379b76a4119745f3400cb Mon Sep 17 00:00:00 2001 From: theznerd Date: Wed, 28 Mar 2018 23:51:47 -0600 Subject: [PATCH 01/18] Add MVC 4.0 requirement to Administration and Monitoring Server While the actual role itself likely does not rely on MVC 4.0, the prerequisite check fails when this component is not installed even if you're not installing the Self Service portal. --- ...-alone-and-configuration-manager-integration-topologies.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md b/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md index 79fac92aba..b5cd982105 100644 --- a/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md +++ b/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md @@ -286,6 +286,10 @@ The following table lists the installation prerequisites for the MBAM Administra +

ASP.NET MVC 4.0

+

[ASP.NET MVC 4 download](https://go.microsoft.com/fwlink/?LinkId=392271)

+ +

Service Principal Name (SPN)

The web applications require an SPN for the virtual host name under the domain account that you use for the web application pools.

If your administrative rights permit you to create SPNs in Active Directory Domain Services, MBAM creates the SPN for you. See [Setspn](http://technet.microsoft.com/library/cc731241.aspx) for information about the rights required to create SPNs.

From dbb6b40b049ca2e93441dedacb9af84420e410d9 Mon Sep 17 00:00:00 2001 From: SergioCalderonR Date: Thu, 29 Mar 2018 11:25:25 -0500 Subject: [PATCH 02/18] Update some names, sample commands and links I have changed Windows Defender Device Guard to Device Guard in the local GPO, updated the sample command for New-CIPolicy and some broken links to the old TechNet to the new Docs. --- ...loy-windows-defender-application-control.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md index be8ccb2590..87e30aef2a 100644 --- a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md +++ b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md @@ -797,9 +797,9 @@ To create a WDAC policy, copy each of the following commands into an elevated Wi ` $CIPolicyBin=$CIPolicyPath+"DeviceGuardPolicy.bin"` -2. Use [New-CIPolicy](https://technet.microsoft.com/library/mt634473.aspx) to create a new WDAC policy by scanning the system for installed applications: +2. Use [New-CIPolicy](https://docs.microsoft.com/en-us/powershell/module/configci/new-cipolicy?view=win10-ps) to create a new WDAC policy by scanning the system for installed applications: - ` New-CIPolicy -Level PcaCertificate -FilePath $InitialCIPolicy –UserPEs 3> CIPolicyLog.txt ` + ` New-CIPolicy -Level FilePublisher -FilePath $InitialCIPolicy –UserPEs -FallBack Hash 3> CIPolicyLog.txt ` > [!Note] @@ -811,7 +811,7 @@ To create a WDAC policy, copy each of the following commands into an elevated Wi > - The preceding example includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**. -3. Use [ConvertFrom-CIPolicy](https://technet.microsoft.com/library/mt733073.aspx) to convert the WDAC policy to a binary format: +3. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/en-us/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the WDAC policy to a binary format: ` ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin` @@ -841,7 +841,7 @@ When WDAC policies are run in audit mode, it allows administrators to discover a > - An alternative method to test a policy is to rename the test file to SIPolicy.p7b and drop it into C:\\Windows\\System32\\CodeIntegrity, rather than deploy it by using the Local Group Policy Editor. -3. Navigate to **Computer Configuration\\Administrative Templates\\System\\Windows Defender Device Guard**, and then select **Deploy Windows Defender Application Control**. Enable this setting by using the appropriate file path, for example, C:\\Windows\\System32\\CodeIntegrity\\DeviceGuardPolicy.bin, as shown in Figure 1. +3. Navigate to **Computer Configuration\\Administrative Templates\\System\\Device Guard**, and then select **Deploy Windows Defender Application Control**. Enable this setting by using the appropriate file path, for example, C:\\Windows\\System32\\CodeIntegrity\\DeviceGuardPolicy.bin, as shown in Figure 1. > [!Note] @@ -887,9 +887,9 @@ Use the following procedure after you have been running a computer with a WDAC p ` $CIAuditPolicy=$CIPolicyPath+"DeviceGuardAuditPolicy.xml"` -3. Use [New-CIPolicy](https://technet.microsoft.com/library/mt634473.aspx) to generate a new WDAC policy from logged audit events. This example uses a file rule level of **Hash** and includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**. +3. Use [New-CIPolicy](https://docs.microsoft.com/en-us/powershell/module/configci/new-cipolicy?view=win10-ps) to generate a new WDAC policy from logged audit events. This example uses a file rule level of **Hash** and includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**. - ` New-CIPolicy -Audit -Level Hash -FilePath $CIAuditPolicy –UserPEs 3> CIPolicylog.txt` + ` New-CIPolicy -Audit -Level Hash -FilePath $CIAuditPolicy –UserPEs 3 -FallBack Hash > CIPolicylog.txt` > [!Note] > When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **Hash** rule level, which is the most specific. Any change to the file (such as replacing the file with a newer version of the same file) will change the Hash value, and require an update to the policy. @@ -959,7 +959,7 @@ To merge two WDAC policies, complete the following steps in an elevated Windows ` Merge-CIPolicy -PolicyPaths $InitialCIPolicy,$AuditCIPolicy -OutputFilePath $MergedCIPolicy` -3. Use [ConvertFrom-CIPolicy](https://technet.microsoft.com/library/mt733073.aspx) to convert the merged WDAC policy to binary format: +3. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/en-us/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the merged WDAC policy to binary format: ` ConvertFrom-CIPolicy $MergedCIPolicy $CIPolicyBin ` @@ -1004,7 +1004,7 @@ Every WDAC policy is created with audit mode enabled. After you have successfull > [!Note] > To enforce a WDAC policy, you delete option 3, the **Audit Mode Enabled** option. There is no “enforced” option that can be placed in a WDAC policy. -5. Use [ConvertFrom-CIPolicy](https://technet.microsoft.com/library/mt733073.aspx) to convert the new WDAC policy to binary format: +5. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/en-us/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the new WDAC policy to binary format: ` ConvertFrom-CIPolicy $EnforcedCIPolicy $CIPolicyBin` @@ -1064,7 +1064,7 @@ If you do not have a code signing certificate, see the [Optional: Create a code ` Set-RuleOption -FilePath $InitialCIPolicy -Option 6 -Delete` -7. Use [ConvertFrom-CIPolicy](https://technet.microsoft.com/library/mt733073.aspx) to convert the policy to binary format: +7. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/en-us/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the policy to binary format: ` ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin` From 1daf1317ef19b94b140a34695777a97664819853 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Tue, 3 Apr 2018 15:40:50 -0700 Subject: [PATCH 03/18] initial import --- .../update/windows-update-sources.md | 159 ++++++++++++++++++ 1 file changed, 159 insertions(+) create mode 100644 windows/deployment/update/windows-update-sources.md diff --git a/windows/deployment/update/windows-update-sources.md b/windows/deployment/update/windows-update-sources.md new file mode 100644 index 0000000000..1f8e758809 --- /dev/null +++ b/windows/deployment/update/windows-update-sources.md @@ -0,0 +1,159 @@ + +--- +title: Determining the Windows Update Service source +description: Determine the source that Windows Update service is currently using. +ms.prod: w10 +ms.mktglfcycl: +ms.sitesec: library +author: kaushika-msft +ms.localizationpriority: high +ms.author: kaushika +ms.date: 04/03/2018 +--- + +# Determining the Windows Update Service source + +Windows 10 devices can receive updates from a variety of sources, including Windows Update online, a Windows Server Update Services server, and others. To determine the source of Windows Updates currently being used on a device, follow these steps:  + +1. Start Windows PowerShell as an administrator +2. Run `\$MUSM = New-Object -ComObject “Microsoft.Update.ServiceManager”`. +3. Run `\$MUSM.Services`. The resulting output should be similar to the following: + +``` +Name : Microsoft Update +ContentValidationCert : {} +ExpirationDate : +IsManaged : False +IsRegisteredWithAU : True +IssueDate : 01-Jan-01 12:00:00 AM +OffersWindowsUpdates : True +RedirectUrls : System.__ComObject +ServiceID : 7971f918-a847-4430-9279-4a52d1efe18d +IsScanPackageService : False +CanRegisterWithAU : True +ServiceUrl : https://fe2.update.microsoft.com/v6/ +SetupPrefix : mu +IsDefaultAUService : False + +Name : DCat Flighting Prod +ContentValidationCert : {} +ExpirationDate : +IsManaged : False +IsRegisteredWithAU : False +IssueDate : 01-Jan-01 12:00:00 AM +OffersWindowsUpdates : False +RedirectUrls : System.__ComObject +ServiceID : 8b24b027-1dee-babb-9a95-3517dfb9c552 +IsScanPackageService : False +CanRegisterWithAU : False +ServiceUrl : https://fe3.delivery.mp.microsoft.com/ +SetupPrefix : wu +IsDefaultAUService : False + +Name : Windows Store (DCat Prod) +ContentValidationCert : {} +ExpirationDate : +IsManaged : False +IsRegisteredWithAU : False +IssueDate : 01-Jan-01 12:00:00 AM +OffersWindowsUpdates : False +RedirectUrls : System.__ComObject +ServiceID : 855e8a7c-ecb4-4ca3-b045-1dfa50104289 +IsScanPackageService : False +CanRegisterWithAU : True +ServiceUrl : https://fe3.delivery.mp.microsoft.com/ +SetupPrefix : ws +IsDefaultAUService : False + +Name : Windows Server Update Service +ContentValidationCert : {} +ExpirationDate : 18-Jun-54 9:21:00 PM +IsManaged : True +IsRegisteredWithAU : True +IssueDate : 01-Jan-03 12:00:00 AM +OffersWindowsUpdates : True +RedirectUrls : System.__ComObject +ServiceID : 3da21691-e39d-4da6-8a4b-b43877bcb1b7 +IsScanPackageService : False +CanRegisterWithAU : True +ServiceUrl : +SetupPrefix : +IsDefaultAUService : True + +Name : Windows Update +ContentValidationCert : {} +ExpirationDate : +IsManaged : False +IsRegisteredWithAU : False +IssueDate : 01-Jan-01 12:00:00 AM +OffersWindowsUpdates : True +RedirectUrls : System.__ComObject +ServiceID : 9482f4b4-e343-43b6-b170-9a65bc822c77 +IsScanPackageService : False +CanRegisterWithAU : True +ServiceUrl : https://fe2.update.microsoft.com/v6/ +SetupPrefix : wu +IsDefaultAUService : False +``` + + +4. Check the category **Name** and **OffersWindowsUpdates**:  + +Name: **Microsoft Update** + +Indicates the source against which we will are checking the Client capability. Microsoft Updates indicates, updates for other Microsoft Products checkbox. + +OffersWindowsUpdates: **True** + +Indicates that the client is configured to receive updates for all Microsoft Products (Office, etc.) + +--- + +Name: **DCat Flighting Prod** + +The update source is the Windows Insider Program. + +OffersWindowsUpdates: **False** + +Indicates that the client will not receive or is not configured to receive these updates. + +--- + +Name: **Windows Store (DCat Prod)** + +The update source is Insider Updates for Store Apps. + +OffersWindowsUpdates: **False** + +Indicates that the client will not receive or is not configured to receive these updates. + +--- + +Name: **Windows Server Update Service** + +The source is a Windows Server Updates Services server. + +OffersWindowsUpdates: **True** + +The client is configured to receive updates from WSUS + +--- + +Name: **Windows Update** + +The source is Windows Update. + +OffersWindowsUpdates: **True** + +The client is configured to receive updates from Windows Update Online + +--- +  + +See also: + +[Understanding the Windowsupdate.log file for advanced users](https://support.microsoft.com/help/4035760) + +[You can't install updates on a Windows-based computer](https://support.microsoft.com/help/2509997/you-can-t-install-updates-on-a-windows-based-computer) + +[How to read the Windowsupdate.log file on Windows 7 and earlier OS versions](https://support.microsoft.com/help/902093/how-to-read-the-windowsupdate-log-file) From 0d915caeb085c71c3b3bcb63989827b2ab83d3c9 Mon Sep 17 00:00:00 2001 From: SergioCalderonR Date: Wed, 4 Apr 2018 08:54:23 -0500 Subject: [PATCH 04/18] Removed en-us and updated some other links --- ...oy-windows-defender-application-control.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md index 87e30aef2a..a184547f2b 100644 --- a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md +++ b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md @@ -797,7 +797,7 @@ To create a WDAC policy, copy each of the following commands into an elevated Wi ` $CIPolicyBin=$CIPolicyPath+"DeviceGuardPolicy.bin"` -2. Use [New-CIPolicy](https://docs.microsoft.com/en-us/powershell/module/configci/new-cipolicy?view=win10-ps) to create a new WDAC policy by scanning the system for installed applications: +2. Use [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy?view=win10-ps) to create a new WDAC policy by scanning the system for installed applications: ` New-CIPolicy -Level FilePublisher -FilePath $InitialCIPolicy –UserPEs -FallBack Hash 3> CIPolicyLog.txt ` @@ -811,7 +811,7 @@ To create a WDAC policy, copy each of the following commands into an elevated Wi > - The preceding example includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**. -3. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/en-us/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the WDAC policy to a binary format: +3. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the WDAC policy to a binary format: ` ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin` @@ -887,7 +887,7 @@ Use the following procedure after you have been running a computer with a WDAC p ` $CIAuditPolicy=$CIPolicyPath+"DeviceGuardAuditPolicy.xml"` -3. Use [New-CIPolicy](https://docs.microsoft.com/en-us/powershell/module/configci/new-cipolicy?view=win10-ps) to generate a new WDAC policy from logged audit events. This example uses a file rule level of **Hash** and includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**. +3. Use [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy?view=win10-ps) to generate a new WDAC policy from logged audit events. This example uses a file rule level of **Hash** and includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**. ` New-CIPolicy -Audit -Level Hash -FilePath $CIAuditPolicy –UserPEs 3 -FallBack Hash > CIPolicylog.txt` @@ -955,11 +955,11 @@ To merge two WDAC policies, complete the following steps in an elevated Windows > [!Note] > The variables in this section specifically expect to find an initial policy on your desktop called **InitialScan.xml** and an audit WDAC policy called **DeviceGuardAuditPolicy.xml**. If you want to merge other WDAC policies, update the variables accordingly. -2. Use [Merge-CIPolicy](https://technet.microsoft.com/library/mt634485.aspx) to merge two policies and create a new WDAC policy: +2. Use [Merge-CIPolicy](https://docs.microsoft.com/powershell/module/configci/merge-cipolicy?view=win10-ps) to merge two policies and create a new WDAC policy: ` Merge-CIPolicy -PolicyPaths $InitialCIPolicy,$AuditCIPolicy -OutputFilePath $MergedCIPolicy` -3. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/en-us/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the merged WDAC policy to binary format: +3. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the merged WDAC policy to binary format: ` ConvertFrom-CIPolicy $MergedCIPolicy $CIPolicyBin ` @@ -997,14 +997,14 @@ Every WDAC policy is created with audit mode enabled. After you have successfull ` copy $InitialCIPolicy $EnforcedCIPolicy` -4. Use [Set-RuleOption](https://technet.microsoft.com/library/mt634483.aspx) to delete the audit mode rule option: +4. Use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption?view=win10-ps) to delete the audit mode rule option: ` Set-RuleOption -FilePath $EnforcedCIPolicy -Option 3 -Delete` > [!Note] > To enforce a WDAC policy, you delete option 3, the **Audit Mode Enabled** option. There is no “enforced” option that can be placed in a WDAC policy. -5. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/en-us/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the new WDAC policy to binary format: +5. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the new WDAC policy to binary format: ` ConvertFrom-CIPolicy $EnforcedCIPolicy $CIPolicyBin` @@ -1052,7 +1052,7 @@ If you do not have a code signing certificate, see the [Optional: Create a code ` cd $env:USERPROFILE\Desktop ` -5. Use [Add-SignerRule](https://technet.microsoft.com/library/mt634479.aspx) to add an update signer certificate to the WDAC policy: +5. Use [Add-SignerRule](https://docs.microsoft.com/powershell/module/configci/add-signerrule?view=win10-ps) to add an update signer certificate to the WDAC policy: ` Add-SignerRule -FilePath $InitialCIPolicy -CertificatePath -Kernel -User –Update` @@ -1060,11 +1060,11 @@ If you do not have a code signing certificate, see the [Optional: Create a code > *<Path to exported .cer certificate>* should be the full path to the certificate that you exported in step 3. Also, adding update signers is crucial to being able to modify or disable this policy in the future. For more information about how to disable signed WDAC policies, see the [Disable signed Windows Defender Application Control policies within Windows](#disable-signed-windows-defender-application-control-policies-within-windows) section. -6. Use [Set-RuleOption](https://technet.microsoft.com/library/mt634483.aspx) to remove the unsigned policy rule option: +6. Use [Set-RuleOption](https://docs.microsoft.com/powershell/module/configci/set-ruleoption?view=win10-ps) to remove the unsigned policy rule option: ` Set-RuleOption -FilePath $InitialCIPolicy -Option 6 -Delete` -7. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/en-us/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the policy to binary format: +7. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy?view=win10-ps) to convert the policy to binary format: ` ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin` From cf790ba4f49bec31670a20d7caa956e7199da269 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Wed, 4 Apr 2018 10:50:41 -0700 Subject: [PATCH 05/18] trying to fix step numbering --- windows/deployment/update/windows-update-sources.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/deployment/update/windows-update-sources.md b/windows/deployment/update/windows-update-sources.md index 1f8e758809..d4b5967b12 100644 --- a/windows/deployment/update/windows-update-sources.md +++ b/windows/deployment/update/windows-update-sources.md @@ -17,10 +17,9 @@ Windows 10 devices can receive updates from a variety of sources, including Wind 1. Start Windows PowerShell as an administrator 2. Run `\$MUSM = New-Object -ComObject “Microsoft.Update.ServiceManager”`. -3. Run `\$MUSM.Services`. The resulting output should be similar to the following: - -``` -Name : Microsoft Update +3. Run `\$MUSM.Services`. The resulting output should be similar to the following: + ``` + Name : Microsoft Update ContentValidationCert : {} ExpirationDate : IsManaged : False From c820a727b01328beeafb8d8de04a01ee91c882a1 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Wed, 4 Apr 2018 13:35:56 -0700 Subject: [PATCH 06/18] trying again with the steps --- windows/deployment/update/windows-update-sources.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/windows-update-sources.md b/windows/deployment/update/windows-update-sources.md index d4b5967b12..d51999abef 100644 --- a/windows/deployment/update/windows-update-sources.md +++ b/windows/deployment/update/windows-update-sources.md @@ -1,4 +1,3 @@ - --- title: Determining the Windows Update Service source description: Determine the source that Windows Update service is currently using. @@ -18,6 +17,7 @@ Windows 10 devices can receive updates from a variety of sources, including Wind 1. Start Windows PowerShell as an administrator 2. Run `\$MUSM = New-Object -ComObject “Microsoft.Update.ServiceManager”`. 3. Run `\$MUSM.Services`. The resulting output should be similar to the following: + ``` Name : Microsoft Update ContentValidationCert : {} From d23d32ad1232a5d2e3c01cf7f1788d4fe1bceb87 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Wed, 4 Apr 2018 14:28:55 -0700 Subject: [PATCH 07/18] still not right --- windows/deployment/update/windows-update-sources.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/windows-update-sources.md b/windows/deployment/update/windows-update-sources.md index d51999abef..9e8a789f4f 100644 --- a/windows/deployment/update/windows-update-sources.md +++ b/windows/deployment/update/windows-update-sources.md @@ -18,8 +18,8 @@ Windows 10 devices can receive updates from a variety of sources, including Wind 2. Run `\$MUSM = New-Object -ComObject “Microsoft.Update.ServiceManager”`. 3. Run `\$MUSM.Services`. The resulting output should be similar to the following: - ``` - Name : Microsoft Update +``` +Name : Microsoft Update ContentValidationCert : {} ExpirationDate : IsManaged : False From 20ea1fd5673988b4d11d0248d58156a7005f8ed6 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Wed, 4 Apr 2018 15:23:38 -0700 Subject: [PATCH 08/18] applying Liza's fix --- .../update/windows-update-sources.md | 198 +++++++++--------- 1 file changed, 99 insertions(+), 99 deletions(-) diff --git a/windows/deployment/update/windows-update-sources.md b/windows/deployment/update/windows-update-sources.md index 9e8a789f4f..5019699f81 100644 --- a/windows/deployment/update/windows-update-sources.md +++ b/windows/deployment/update/windows-update-sources.md @@ -17,136 +17,136 @@ Windows 10 devices can receive updates from a variety of sources, including Wind 1. Start Windows PowerShell as an administrator 2. Run `\$MUSM = New-Object -ComObject “Microsoft.Update.ServiceManager”`. 3. Run `\$MUSM.Services`. The resulting output should be similar to the following: + + ``` + Name : Microsoft Update + ContentValidationCert : {} + ExpirationDate : + IsManaged : False + IsRegisteredWithAU : True + IssueDate : 01-Jan-01 12:00:00 AM + OffersWindowsUpdates : True + RedirectUrls : System.__ComObject + ServiceID : 7971f918-a847-4430-9279-4a52d1efe18d + IsScanPackageService : False + CanRegisterWithAU : True + ServiceUrl : https://fe2.update.microsoft.com/v6/ + SetupPrefix : mu + IsDefaultAUService : False -``` -Name : Microsoft Update -ContentValidationCert : {} -ExpirationDate : -IsManaged : False -IsRegisteredWithAU : True -IssueDate : 01-Jan-01 12:00:00 AM -OffersWindowsUpdates : True -RedirectUrls : System.__ComObject -ServiceID : 7971f918-a847-4430-9279-4a52d1efe18d -IsScanPackageService : False -CanRegisterWithAU : True -ServiceUrl : https://fe2.update.microsoft.com/v6/ -SetupPrefix : mu -IsDefaultAUService : False + Name : DCat Flighting Prod + ContentValidationCert : {} + ExpirationDate : + IsManaged : False + IsRegisteredWithAU : False + IssueDate : 01-Jan-01 12:00:00 AM + OffersWindowsUpdates : False + RedirectUrls : System.__ComObject + ServiceID : 8b24b027-1dee-babb-9a95-3517dfb9c552 + IsScanPackageService : False + CanRegisterWithAU : False + ServiceUrl : https://fe3.delivery.mp.microsoft.com/ + SetupPrefix : wu + IsDefaultAUService : False -Name : DCat Flighting Prod -ContentValidationCert : {} -ExpirationDate : -IsManaged : False -IsRegisteredWithAU : False -IssueDate : 01-Jan-01 12:00:00 AM -OffersWindowsUpdates : False -RedirectUrls : System.__ComObject -ServiceID : 8b24b027-1dee-babb-9a95-3517dfb9c552 -IsScanPackageService : False -CanRegisterWithAU : False -ServiceUrl : https://fe3.delivery.mp.microsoft.com/ -SetupPrefix : wu -IsDefaultAUService : False + Name : Windows Store (DCat Prod) + ContentValidationCert : {} + ExpirationDate : + IsManaged : False + IsRegisteredWithAU : False + IssueDate : 01-Jan-01 12:00:00 AM + OffersWindowsUpdates : False + RedirectUrls : System.__ComObject + ServiceID : 855e8a7c-ecb4-4ca3-b045-1dfa50104289 + IsScanPackageService : False + CanRegisterWithAU : True + ServiceUrl : https://fe3.delivery.mp.microsoft.com/ + SetupPrefix : ws + IsDefaultAUService : False -Name : Windows Store (DCat Prod) -ContentValidationCert : {} -ExpirationDate : -IsManaged : False -IsRegisteredWithAU : False -IssueDate : 01-Jan-01 12:00:00 AM -OffersWindowsUpdates : False -RedirectUrls : System.__ComObject -ServiceID : 855e8a7c-ecb4-4ca3-b045-1dfa50104289 -IsScanPackageService : False -CanRegisterWithAU : True -ServiceUrl : https://fe3.delivery.mp.microsoft.com/ -SetupPrefix : ws -IsDefaultAUService : False - -Name : Windows Server Update Service -ContentValidationCert : {} -ExpirationDate : 18-Jun-54 9:21:00 PM -IsManaged : True -IsRegisteredWithAU : True -IssueDate : 01-Jan-03 12:00:00 AM -OffersWindowsUpdates : True -RedirectUrls : System.__ComObject -ServiceID : 3da21691-e39d-4da6-8a4b-b43877bcb1b7 -IsScanPackageService : False -CanRegisterWithAU : True -ServiceUrl : -SetupPrefix : -IsDefaultAUService : True - -Name : Windows Update -ContentValidationCert : {} -ExpirationDate : -IsManaged : False -IsRegisteredWithAU : False -IssueDate : 01-Jan-01 12:00:00 AM -OffersWindowsUpdates : True -RedirectUrls : System.__ComObject -ServiceID : 9482f4b4-e343-43b6-b170-9a65bc822c77 -IsScanPackageService : False -CanRegisterWithAU : True -ServiceUrl : https://fe2.update.microsoft.com/v6/ -SetupPrefix : wu -IsDefaultAUService : False -``` + Name : Windows Server Update Service + ContentValidationCert : {} + ExpirationDate : 18-Jun-54 9:21:00 PM + IsManaged : True + IsRegisteredWithAU : True + IssueDate : 01-Jan-03 12:00:00 AM + OffersWindowsUpdates : True + RedirectUrls : System.__ComObject + ServiceID : 3da21691-e39d-4da6-8a4b-b43877bcb1b7 + IsScanPackageService : False + CanRegisterWithAU : True + ServiceUrl : + SetupPrefix : + IsDefaultAUService : True + Name : Windows Update + ContentValidationCert : {} + ExpirationDate : + IsManaged : False + IsRegisteredWithAU : False + IssueDate : 01-Jan-01 12:00:00 AM + OffersWindowsUpdates : True + RedirectUrls : System.__ComObject + ServiceID : 9482f4b4-e343-43b6-b170-9a65bc822c77 + IsScanPackageService : False + CanRegisterWithAU : True + ServiceUrl : https://fe2.update.microsoft.com/v6/ + SetupPrefix : wu + IsDefaultAUService : False + ``` 4. Check the category **Name** and **OffersWindowsUpdates**:  -Name: **Microsoft Update** + Name: **Microsoft Update** -Indicates the source against which we will are checking the Client capability. Microsoft Updates indicates, updates for other Microsoft Products checkbox. + Indicates the source against which we will are checking the Client capability. Microsoft Updates indicates, updates for other Microsoft Products checkbox. -OffersWindowsUpdates: **True** + OffersWindowsUpdates: **True** -Indicates that the client is configured to receive updates for all Microsoft Products (Office, etc.) + Indicates that the client is configured to receive updates for all Microsoft Products (Office, etc.) ---- + --- -Name: **DCat Flighting Prod** + Name: **DCat Flighting Prod** -The update source is the Windows Insider Program. + The update source is the Windows Insider Program. -OffersWindowsUpdates: **False** + OffersWindowsUpdates: **False** -Indicates that the client will not receive or is not configured to receive these updates. + Indicates that the client will not receive or is not configured to receive these updates. ---- + --- -Name: **Windows Store (DCat Prod)** + Name: **Windows Store (DCat Prod)** -The update source is Insider Updates for Store Apps. + The update source is Insider Updates for Store Apps. -OffersWindowsUpdates: **False** + OffersWindowsUpdates: **False** -Indicates that the client will not receive or is not configured to receive these updates. + Indicates that the client will not receive or is not configured to receive these updates. ---- + --- -Name: **Windows Server Update Service** + Name: **Windows Server Update Service** -The source is a Windows Server Updates Services server. + The source is a Windows Server Updates Services server. -OffersWindowsUpdates: **True** + OffersWindowsUpdates: **True** -The client is configured to receive updates from WSUS + The client is configured to receive updates from WSUS ---- + --- -Name: **Windows Update** + Name: **Windows Update** -The source is Windows Update. + The source is Windows Update. -OffersWindowsUpdates: **True** + OffersWindowsUpdates: **True** -The client is configured to receive updates from Windows Update Online + The client is configured to receive updates from Windows Update Online ---- + --- +    See also: From fd24a1aa206608e3b87464126a0231e5bdbde3b7 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Thu, 5 Apr 2018 10:23:41 -0700 Subject: [PATCH 09/18] rearranged as table --- .../update/windows-update-sources.md | 141 ++---------------- 1 file changed, 10 insertions(+), 131 deletions(-) diff --git a/windows/deployment/update/windows-update-sources.md b/windows/deployment/update/windows-update-sources.md index 5019699f81..351417d13b 100644 --- a/windows/deployment/update/windows-update-sources.md +++ b/windows/deployment/update/windows-update-sources.md @@ -7,7 +7,7 @@ ms.sitesec: library author: kaushika-msft ms.localizationpriority: high ms.author: kaushika -ms.date: 04/03/2018 +ms.date: 04/05/2018 --- # Determining the Windows Update Service source @@ -16,138 +16,17 @@ Windows 10 devices can receive updates from a variety of sources, including Wind 1. Start Windows PowerShell as an administrator 2. Run `\$MUSM = New-Object -ComObject “Microsoft.Update.ServiceManager”`. -3. Run `\$MUSM.Services`. The resulting output should be similar to the following: - - ``` - Name : Microsoft Update - ContentValidationCert : {} - ExpirationDate : - IsManaged : False - IsRegisteredWithAU : True - IssueDate : 01-Jan-01 12:00:00 AM - OffersWindowsUpdates : True - RedirectUrls : System.__ComObject - ServiceID : 7971f918-a847-4430-9279-4a52d1efe18d - IsScanPackageService : False - CanRegisterWithAU : True - ServiceUrl : https://fe2.update.microsoft.com/v6/ - SetupPrefix : mu - IsDefaultAUService : False +3. Run `\$MUSM.Services`. Compare the resulting output to this table: - Name : DCat Flighting Prod - ContentValidationCert : {} - ExpirationDate : - IsManaged : False - IsRegisteredWithAU : False - IssueDate : 01-Jan-01 12:00:00 AM - OffersWindowsUpdates : False - RedirectUrls : System.__ComObject - ServiceID : 8b24b027-1dee-babb-9a95-3517dfb9c552 - IsScanPackageService : False - CanRegisterWithAU : False - ServiceUrl : https://fe3.delivery.mp.microsoft.com/ - SetupPrefix : wu - IsDefaultAUService : False +| Output | Interpretation | +|-----------------------------------------------|-----------------------------------| +| Name : Microsoft Update
ContentValidationCert : {}
ExpirationDate :
IsManaged : False
IsRegisteredWithAU : True
IssueDate : 01-Jan-01 12:00:00 AM
OffersWindowsUpdates : True
RedirectUrls : System.__ComObject
ServiceID : 7971f918-a847-4430-9279-4a52d1efe18d
IsScanPackageService : False
CanRegisterWithAU : True
ServiceUrl : https://fe2.update.microsoft.com/v6/
SetupPrefix : mu
IsDefaultAUService : False | - Name: **Microsoft Update** Indicates the source against which we will are checking the Client capability. Microsoft Updates indicates, updates for other Microsoft Products checkbox.
- OffersWindowsUpdates: **True** Indicates that the client is configured to receive updates for all Microsoft Products (Office, etc.)| +| Name : Microsoft Update
ContentValidationCert : {}
ExpirationDate :
IsManaged : False
IsRegisteredWithAU : True
IssueDate : 01-Jan-01 12:00:00 AM
OffersWindowsUpdates : True
RedirectUrls : System.__ComObject
ServiceID : 7971f918-a847-4430-9279-4a52d1efe18d
IsScanPackageService : False
CanRegisterWithAU : True
ServiceUrl : https://fe2.update.microsoft.com/v6/
SetupPrefix : mu
IsDefaultAUService : False |- Name: **DCat Flighting Prod** The update source is the Windows Insider Program.
- OffersWindowsUpdates: **False** Indicates that the client will not receive or is not configured to receive these updates.| +|Name : DCat Flighting Prod
ContentValidationCert : {}
ExpirationDate :
IsManaged : False
IsRegisteredWithAU : False
IssueDate : 01-Jan-01 12:00:00 AM
OffersWindowsUpdates : False
RedirectUrls : System.__ComObject
ServiceID : 8b24b027-1dee-babb-9a95-3517dfb9c552
IsScanPackageService : False
CanRegisterWithAU : False
ServiceUrl: https://fe3.delivery.mp.microsoft.com/
SetupPrefix : wu
IsDefaultAUService : False | - Name: **DCat Flighting Prod** The update source is the Windows Insider Program.
- OffersWindowsUpdates: **False** Indicates that the client will not receive or is not configured to receive these updates. | +|Name : Windows Store (DCat Prod)
ContentValidationCert : {}
ExpirationDate :
IsManaged : False
IsRegisteredWithAU : False
IssueDate : 01-Jan-01 12:00:00 AM
OffersWindowsUpdates : False
RedirectUrls : System.__ComObject
ServiceID : 855e8a7c-ecb4-4ca3-b045-1dfa50104289
IsScanPackageService : False
CanRegisterWithAU : True
ServiceUrl : https://fe3.delivery.mp.microsoft.com/
SetupPrefix : ws
IsDefaultAUService : False | - Name: **Windows Store (DCat Prod)** The update source is Insider Updates for Store Apps.
- OffersWindowsUpdates: **False** Indicates that the client will not receive or is not configured to receive these updates. | +| Name : Windows Server Update Service
ContentValidationCert : {}
ExpirationDate : 18-Jun-54 9:21:00 PM
IsManaged : True
IsRegisteredWithAU : True
IssueDate : 01-Jan-03 12:00:00 AM
OffersWindowsUpdates : True
RedirectUrls : System.__ComObject
ServiceID : 3da21691-e39d-4da6-8a4b-b43877bcb1b7
IsScanPackageService : False
CanRegisterWithAU : True
ServiceUrl :
SetupPrefix :
IsDefaultAUService : True|- Name: **Windows Server Update Service** The source is a Windows Server Updates Services server.
- OffersWindowsUpdates: **True** The client is configured to receive updates from WSUS | +| Name : Windows Update
ContentValidationCert : {}
ExpirationDate :
IsManaged : False
IsRegisteredWithAU : False
IssueDate : 01-Jan-01 12:00:00 AM
OffersWindowsUpdates : True
RedirectUrls : System.__ComObject
ServiceID : 9482f4b4-e343-43b6-b170-9a65bc822c77
IsScanPackageService : False
CanRegisterWithAU : True
ServiceUrl : https://fe2.update.microsoft.com/v6/
SetupPrefix : wu
IsDefaultAUService : False |- Name: **Windows Update** The source is Windows Update.
- OffersWindowsUpdates: **True** The client is configured to receive updates from Windows Update Online | - Name : Windows Store (DCat Prod) - ContentValidationCert : {} - ExpirationDate : - IsManaged : False - IsRegisteredWithAU : False - IssueDate : 01-Jan-01 12:00:00 AM - OffersWindowsUpdates : False - RedirectUrls : System.__ComObject - ServiceID : 855e8a7c-ecb4-4ca3-b045-1dfa50104289 - IsScanPackageService : False - CanRegisterWithAU : True - ServiceUrl : https://fe3.delivery.mp.microsoft.com/ - SetupPrefix : ws - IsDefaultAUService : False - - Name : Windows Server Update Service - ContentValidationCert : {} - ExpirationDate : 18-Jun-54 9:21:00 PM - IsManaged : True - IsRegisteredWithAU : True - IssueDate : 01-Jan-03 12:00:00 AM - OffersWindowsUpdates : True - RedirectUrls : System.__ComObject - ServiceID : 3da21691-e39d-4da6-8a4b-b43877bcb1b7 - IsScanPackageService : False - CanRegisterWithAU : True - ServiceUrl : - SetupPrefix : - IsDefaultAUService : True - - Name : Windows Update - ContentValidationCert : {} - ExpirationDate : - IsManaged : False - IsRegisteredWithAU : False - IssueDate : 01-Jan-01 12:00:00 AM - OffersWindowsUpdates : True - RedirectUrls : System.__ComObject - ServiceID : 9482f4b4-e343-43b6-b170-9a65bc822c77 - IsScanPackageService : False - CanRegisterWithAU : True - ServiceUrl : https://fe2.update.microsoft.com/v6/ - SetupPrefix : wu - IsDefaultAUService : False - ``` - -4. Check the category **Name** and **OffersWindowsUpdates**:  - - Name: **Microsoft Update** - - Indicates the source against which we will are checking the Client capability. Microsoft Updates indicates, updates for other Microsoft Products checkbox. - - OffersWindowsUpdates: **True** - - Indicates that the client is configured to receive updates for all Microsoft Products (Office, etc.) - - --- - - Name: **DCat Flighting Prod** - - The update source is the Windows Insider Program. - - OffersWindowsUpdates: **False** - - Indicates that the client will not receive or is not configured to receive these updates. - - --- - - Name: **Windows Store (DCat Prod)** - - The update source is Insider Updates for Store Apps. - - OffersWindowsUpdates: **False** - - Indicates that the client will not receive or is not configured to receive these updates. - - --- - - Name: **Windows Server Update Service** - - The source is a Windows Server Updates Services server. - - OffersWindowsUpdates: **True** - - The client is configured to receive updates from WSUS - - --- - - Name: **Windows Update** - - The source is Windows Update. - - OffersWindowsUpdates: **True** - - The client is configured to receive updates from Windows Update Online - - --- -  -  See also: From 93ac10dd15eb2c8dff05a7ec8d50a8319f54e81a Mon Sep 17 00:00:00 2001 From: jaimeo Date: Thu, 5 Apr 2018 11:27:54 -0700 Subject: [PATCH 10/18] trying a different layout --- .../update/windows-update-sources.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/deployment/update/windows-update-sources.md b/windows/deployment/update/windows-update-sources.md index 351417d13b..490b2664d9 100644 --- a/windows/deployment/update/windows-update-sources.md +++ b/windows/deployment/update/windows-update-sources.md @@ -6,7 +6,7 @@ ms.mktglfcycl: ms.sitesec: library author: kaushika-msft ms.localizationpriority: high -ms.author: kaushika +ms.author: jaimeo ms.date: 04/05/2018 --- @@ -16,16 +16,16 @@ Windows 10 devices can receive updates from a variety of sources, including Wind 1. Start Windows PowerShell as an administrator 2. Run `\$MUSM = New-Object -ComObject “Microsoft.Update.ServiceManager”`. -3. Run `\$MUSM.Services`. Compare the resulting output to this table: +3. Run `\$MUSM.Services`. Check the resulting output for the **Name** and **OffersWindowsUPdates** parameters, which you can intepret according to this table: + +| Output | Interpretation | +|-----------------------------------------------------|-----------------------------------| +| - Name: **Microsoft Update**
-OffersWindowsUpdates: **True** | - The update source is Microsoft Update, which means that updates for other Microsoft products besides the operating system could also be delivered.
- Indicates that the client is configured to receive updates for all Microsoft Products (Office, etc.)| +|- Name: **DCat Flighting Prod**
- OffersWindowsUpdates: **False**|- The update source is the Windows Insider Program.
- Indicates that the client will not receive or is not configured to receive these updates. | +| - Name: **Windows Store (DCat Prod)**
- OffersWindowsUpdates: **False** |-The update source is Insider Updates for Store Apps.
- Indicates that the client will not receive or is not configured to receive these updates.| +|- Name: **Windows Server Update Service**
- OffersWindowsUpdates: **True** |- The source is a Windows Server Updates Services server.
- The client is configured to receive updates from WSUS.| +|- Name: **Windows Update**
- OffersWindowsUpdates: **True** |- The source is Windows Update.
- The client is configured to receive updates from Windows Update Online.| -| Output | Interpretation | -|-----------------------------------------------|-----------------------------------| -| Name : Microsoft Update
ContentValidationCert : {}
ExpirationDate :
IsManaged : False
IsRegisteredWithAU : True
IssueDate : 01-Jan-01 12:00:00 AM
OffersWindowsUpdates : True
RedirectUrls : System.__ComObject
ServiceID : 7971f918-a847-4430-9279-4a52d1efe18d
IsScanPackageService : False
CanRegisterWithAU : True
ServiceUrl : https://fe2.update.microsoft.com/v6/
SetupPrefix : mu
IsDefaultAUService : False | - Name: **Microsoft Update** Indicates the source against which we will are checking the Client capability. Microsoft Updates indicates, updates for other Microsoft Products checkbox.
- OffersWindowsUpdates: **True** Indicates that the client is configured to receive updates for all Microsoft Products (Office, etc.)| -| Name : Microsoft Update
ContentValidationCert : {}
ExpirationDate :
IsManaged : False
IsRegisteredWithAU : True
IssueDate : 01-Jan-01 12:00:00 AM
OffersWindowsUpdates : True
RedirectUrls : System.__ComObject
ServiceID : 7971f918-a847-4430-9279-4a52d1efe18d
IsScanPackageService : False
CanRegisterWithAU : True
ServiceUrl : https://fe2.update.microsoft.com/v6/
SetupPrefix : mu
IsDefaultAUService : False |- Name: **DCat Flighting Prod** The update source is the Windows Insider Program.
- OffersWindowsUpdates: **False** Indicates that the client will not receive or is not configured to receive these updates.| -|Name : DCat Flighting Prod
ContentValidationCert : {}
ExpirationDate :
IsManaged : False
IsRegisteredWithAU : False
IssueDate : 01-Jan-01 12:00:00 AM
OffersWindowsUpdates : False
RedirectUrls : System.__ComObject
ServiceID : 8b24b027-1dee-babb-9a95-3517dfb9c552
IsScanPackageService : False
CanRegisterWithAU : False
ServiceUrl: https://fe3.delivery.mp.microsoft.com/
SetupPrefix : wu
IsDefaultAUService : False | - Name: **DCat Flighting Prod** The update source is the Windows Insider Program.
- OffersWindowsUpdates: **False** Indicates that the client will not receive or is not configured to receive these updates. | -|Name : Windows Store (DCat Prod)
ContentValidationCert : {}
ExpirationDate :
IsManaged : False
IsRegisteredWithAU : False
IssueDate : 01-Jan-01 12:00:00 AM
OffersWindowsUpdates : False
RedirectUrls : System.__ComObject
ServiceID : 855e8a7c-ecb4-4ca3-b045-1dfa50104289
IsScanPackageService : False
CanRegisterWithAU : True
ServiceUrl : https://fe3.delivery.mp.microsoft.com/
SetupPrefix : ws
IsDefaultAUService : False | - Name: **Windows Store (DCat Prod)** The update source is Insider Updates for Store Apps.
- OffersWindowsUpdates: **False** Indicates that the client will not receive or is not configured to receive these updates. | -| Name : Windows Server Update Service
ContentValidationCert : {}
ExpirationDate : 18-Jun-54 9:21:00 PM
IsManaged : True
IsRegisteredWithAU : True
IssueDate : 01-Jan-03 12:00:00 AM
OffersWindowsUpdates : True
RedirectUrls : System.__ComObject
ServiceID : 3da21691-e39d-4da6-8a4b-b43877bcb1b7
IsScanPackageService : False
CanRegisterWithAU : True
ServiceUrl :
SetupPrefix :
IsDefaultAUService : True|- Name: **Windows Server Update Service** The source is a Windows Server Updates Services server.
- OffersWindowsUpdates: **True** The client is configured to receive updates from WSUS | -| Name : Windows Update
ContentValidationCert : {}
ExpirationDate :
IsManaged : False
IsRegisteredWithAU : False
IssueDate : 01-Jan-01 12:00:00 AM
OffersWindowsUpdates : True
RedirectUrls : System.__ComObject
ServiceID : 9482f4b4-e343-43b6-b170-9a65bc822c77
IsScanPackageService : False
CanRegisterWithAU : True
ServiceUrl : https://fe2.update.microsoft.com/v6/
SetupPrefix : wu
IsDefaultAUService : False |- Name: **Windows Update** The source is Windows Update.
- OffersWindowsUpdates: **True** The client is configured to receive updates from Windows Update Online | See also: From d0801522fdea7557c3792d5728e9ac49703a1533 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Thu, 5 Apr 2018 12:31:58 -0700 Subject: [PATCH 11/18] tweak to title; wired into TOC --- windows/deployment/TOC.md | 1 + windows/deployment/update/windows-update-sources.md | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md index 94f70ce62d..3c88941d73 100644 --- a/windows/deployment/TOC.md +++ b/windows/deployment/TOC.md @@ -230,6 +230,7 @@ ### [Deploy Windows 10 updates using System Center Configuration Manager](update/waas-manage-updates-configuration-manager.md) ### [Manage device restarts after updates](update/waas-restart.md) ### [Manage additional Windows Update settings](update/waas-wu-settings.md) +### [Determining the source of Windows updates](update/windows-update-sources.md) ### [Windows Insider Program for Business](update/waas-windows-insider-for-business.md) #### [Introduction to the Windows Insider Program for Business](update/WIP4Biz-intro.md) #### [Windows Insider Program for Business Frequently Asked Questions](update/waas-windows-insider-for-business-faq.md) diff --git a/windows/deployment/update/windows-update-sources.md b/windows/deployment/update/windows-update-sources.md index 490b2664d9..c9b0be52ce 100644 --- a/windows/deployment/update/windows-update-sources.md +++ b/windows/deployment/update/windows-update-sources.md @@ -1,5 +1,5 @@ --- -title: Determining the Windows Update Service source +title: Determining the source of Windows updates description: Determine the source that Windows Update service is currently using. ms.prod: w10 ms.mktglfcycl: @@ -10,7 +10,7 @@ ms.author: jaimeo ms.date: 04/05/2018 --- -# Determining the Windows Update Service source +# Determining the source of Windows updates Windows 10 devices can receive updates from a variety of sources, including Windows Update online, a Windows Server Update Services server, and others. To determine the source of Windows Updates currently being used on a device, follow these steps:  From 971c875ff86fafbf37ec84e64de9b2b73a8a934d Mon Sep 17 00:00:00 2001 From: Patti Short Date: Thu, 5 Apr 2018 18:37:30 -0700 Subject: [PATCH 13/18] Updated the voice and tone, plus deleted duplicate content --- browsers/edge/available-policies.md | 66 ++++++++++++++++++----------- 1 file changed, 41 insertions(+), 25 deletions(-) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 65193cad8d..bedff7e283 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -8,7 +8,7 @@ ms.mktglfcycl: explore ms.sitesec: library title: Group Policy and Mobile Device Management settings for Microsoft Edge (Microsoft Edge for IT Pros) ms.localizationpriority: high -ms.date: 09/13/2017 #Previsou release date +ms.date: 4/5/2018 #Previsou release date 09/13/2017 --- # Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge @@ -34,8 +34,9 @@ Microsoft Edge works with these Group Policy settings (`Computer Configuration\A ## Allow Address bar drop-down list suggestions >*Supporteded versions: Windows 10, version 1703 or later* +The Address bar drop-down list, when enabled, allows the Address bar drop-down functionality in Microsoft Edge. By default, this policy is enabled. If disabled, you do not see the address bar drop-down functionality and disables the user-defined policy "Show search and site suggestions as I type." Therefore, because search suggestions are shown in the drop-down, this policy takes precedence over the [Configure search suggestions in Address bar](https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/available-policies?branch=pashort_edge-backlog_vsts15846461#configure-search-suggestions-in-address-bar) or [AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) policy. -This policy settings specifies whether to allow the address bar drop-down functionality in Microsoft Edge. By default, this setting is enabled. We recommend that you disable this setting if you want to minimize network connections from Microsoft Edge to Microsoft services. If disabled, you do not see the address bar drop-down functionality and also disables the user-defined settting "Show search and site suggestions as I type." Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the [Configure search suggestions in Address bar](https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/available-policies?branch=pashort_edge-backlog_vsts15846461#configure-search-suggestions-in-address-bar) or [AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) setting. +If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend that you disable this policy. **Microsoft Intune to manage your MDM settings** | | | @@ -44,31 +45,30 @@ This policy settings specifies whether to allow the address bar drop-down functi |Supported devices |Desktop | |URI full path | ./Vendor/MSFT/Policy/Config/Browser/AllowAddressBarDropdown | |Data type | Integer | -|Allowed values |
  • **0** - Not Allowed. Address bar drop-down is disabled, which also disables the user-defined setting, "Show search and site suggestions as I type."
  • **1 (default)** - Allowed. Address bar drop-down is enabled.
| +|Allowed values |
  • **0** - Not Allowed. Address bar drop-down is disabled, which also disables the user-defined policy, "Show search and site suggestions as I type."
  • **1 (default)** - Allowed. Address bar drop-down is enabled.
| ## Allow Adobe Flash >*Supporteded version: Windows 10* - -This policy setting specifies whether Adobe Flash can run in Microsoft Edge. By default, this setting is enabled or not configured, which allows you to use Adobe Flash. +Adobe Flash is integrated with Microsoft Edge and is updated via Windows Update. By default, this policy is enabled or not configured allowing you to use Adobe Flash Player in Microsoft Edge. **Microsoft Intune to manage your MDM settings** | | | |---|---| |MDM name |[AllowFlash](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowflash) | |Supported devices |Desktop | -|URI full path | ./Vendor/MSFT/Policy/Config/Browser/AllowAutofill | +|URI full path | ./Vendor/MSFT/Policy/Config/Browser/AllowAdobeFlash | |Data type | Integer | -|Allowed values |
  • **0** - Adobe Flash cannot be used Microsoft Edge.
  • **1 (default)** - Adobe Flash can be used Microsoft Edge.
| +|Allowed values |
  • **0** - Adobe Flash cannot be used Microsoft Edge.
  • **1 (default)** - Adobe Flash can be used in Microsoft Edge.
| ## Allow clearing browsing data on exit >*Supporteded versions: Windows 10, version 1703* +Your browsing data is the information that Microsoft Edge remembers and stores as you browse websites. Browsing data includes information you entered into forms, passwords, and the websites you visited. By default, this policy is disabled or not configured, the browsing data is not cleared when exiting. When this policy is disabled or not configured, you can turn on and configure the Clear browsing data option under Settings. -This policy setting specifies whether to clear browsing data on exiting Microsoft Edge. By default, this setting is disabled or not configured, which means you can turn on and configure Clear browsing data option under Settings. If enabled, browsing history on exit is turned on. -**Microsoft Intune to manage your MDM settings** +**Microsoft Intune to manage your MDM settings** | | | |---|---| |MDM name |[ClearBrowsingDataOnExit](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-clearbrowsingdataonexit) | @@ -80,7 +80,7 @@ This policy setting specifies whether to clear browsing data on exiting Microsof ## Allow configuration updates for the Books Library >*Supporteded versions: Windows 10* -This policy setting specifies whether Microsoft Edge can automatically update the configuration data for the Books Library. By default, this setting is enabled, which means Microsoft Edge retrieves configuration data for the Books Library. If disabled, Microsoft Edge does not retrieve configuration data. +Microsoft Edge automatically retrieves the configuration data for the Books Library, when this policy is enabled or not configured. If disabled, Microsoft Edge does not retrieve the Books configuration data. **Microsoft Intune to manage your MDM settings** | | | @@ -95,7 +95,7 @@ This policy setting specifies whether Microsoft Edge can automatically update th ## Allow Cortana >*Supported versions: Windows 10, version 1607 or later* -This policy setting specifies whether Cortana is allowed on the device. By default, this setting is enabled (allowed), which allows you to use Cortana on your devices. If disabled (not allowed), Cortana is not available for use, but you can use search to find items on your device. +Cortana is integrated with Microsoft Edge, and when enabled, Cortana allows you use the voice assistant on your device. If disabled, Cortana is not available for use, but you can search to find items on your device. **Microsoft Intune to manage your MDM settings** | | | @@ -103,14 +103,14 @@ This policy setting specifies whether Cortana is allowed on the device. By defau |MDM name |[AllowCortana](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | |Supported devices |Mobile | |URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowCortana | -|Location |Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana | +|Location |Computer Configuration\Administrative Templates\Windows Components\Search\AllowCortana | |Data type | Integer | |Allowed values |
  • **0** - Not allowed.
  • **1 (default)** - Allowed.
| ## Allow Developer Tools >*Supporteded versions: Windows 10, version 1511 or later* -This policy setting specifies whether you can use the F12 Developer Tools on Microsoft Edge. By default, this setting is enabled making the F12 Developer Tools availabe to use. If disabled, the F12 Developer Tools are not available. +F12 developer tools is a suite of tools to help you build and debug your webpage. By default, this policy is enabled making the F12 Developer Tools availabe to use. **Microsoft Intune to manage your MDM settings** | | | @@ -119,12 +119,12 @@ This policy setting specifies whether you can use the F12 Developer Tools on Mic |Supported devices |Desktop | |URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowDeveloperTools | |Data type | Integer | -|Allowed values |
  • **0** - Employees cannot use the F12 Developer Tools./li>
  • **1 (default)** - Employees can use the F12 Developer Tools.
| +|Allowed values |
  • **0** - The F12 Developer Tools are disabled.
  • **1 (default)** - The F12 Developer Tools are enabled.
| ## Allow extended telemetry for the Books tab >*Supporteded versions: Windows 10* -This policy setting allows you to specify how much data to send to Microsoft about the books you are reading from the Books tab in Microsoft Edge. By default, this setting is disabled or not configured, which means Microsoft Edge only sends basic diagnostic data, depending on your device configuration. If enabled, Microsoft Edge sends additional diagnostic data in addition to the basic diagnostic data, from the Books tab. +If you enable this policy, both basic and additional diagnostic data is sent to Microsoft about the books you are reading from Books in Microsoft Edge. By default, this policy is disabled or not configured and only basic diagnostic data, depending on your device configuration, is sent to Microsoft. **Microsoft Intune to manage your MDM settings** | | | @@ -133,12 +133,12 @@ This policy setting allows you to specify how much data to send to Microsoft abo |Supported devices |Desktop
Mobile | |URI full path | ./Vendor/MSFT/Policy/Config/Browser/EnableExtendedBooksTelemetry | |Data type | Integer | -|Allowed values |
  • **0 (default)** - Disable. No additional diagnostic data.
  • **1** - Enable. Additional diagnostic data for schools.
| +|Allowed values |
  • **0 (default)** - Disable. Only basic diagnostic data is sent.
  • **1** - Enable. Both Basic and additional diagnostic data is sent.
| ## Allow Extensions >*Supporteded versions: Windows 10, version 1607 or later* -This policy setting specifies whether you can use Edge Extensions. By default, this setting is enabled allowing you to use extensions. If disabled, you cannot use extensions. +If you enable this policy, you can personalize and add new features to Microsoft Edge with extensions. By default, this policy is enabled. If you want to prevent others from installing unwanted extensions, disable this policy. **Microsoft Intune to manage your MDM settings** | | | @@ -147,12 +147,12 @@ This policy setting specifies whether you can use Edge Extensions. By default, |Supported devices |Desktop | |URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowExtensions | |Data type | Integer | -|Allowed values |
  • **0** - Employees cannot use Edge Extensions.
  • **1 (default)** - Employees can use Edge Extensions.
| +|Allowed values |
  • **0** - Microsoft Edge extensions are disabled.
  • **1 (default)** - Microsoft Edge Extensions are enabled.
| ## Allow InPrivate browsing >*Supporteded versions: Windows 10, version 1511 or later* -This policy setting specifies whether InPrivate browsing is allowed on corporate networks. By default, this setting is enabled allowing you to use InPrivate website browsing. If disabled, you cannot use InPrivate website browsing. +InPrivate browsing, when enabled, prevents your browsing data is not saved on your device. Microsoft Edge deletes temporary data from your device after all your InPrivate tabs are closed. **Microsoft Intune to manage your MDM settings** | | | @@ -161,12 +161,13 @@ This policy setting specifies whether InPrivate browsing is allowed on corporate |Supported devices |Desktop
Mobile | |URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowInPrivate | |Data type | Integer | -|Allowed values |
  • **0** - Employees cannot use InPrivate browsing.
  • **1 (default)** - Employees can use InPrivate browsing.
| +|Allowed values |
  • **0** - InPrivate browsing is disabled.
  • **1 (default)** - InPrivate browsing is enabled.
| ## Allow Microsoft Compatibility List >*Supporteded versions: Windows 10, version 1703 or later* -This policy setting specifies whether to use the Microsoft compatibility list in Microsoft Edge. The list helps websites with known compatibility issues to display properly. By default, the Microsoft compatibility list is enabled and used during browser navigation. The list can be viewed by visiting "about:compat". By default, this setting is enabled allowing periodic downloads and installation of updates. Visiting any site on the Microsoft Compatibility List prompts the employee to use Internet Explorer 11, where the site renders as though it is in whatever version of IE is necessary for it to appear properly. If disabled, the compatibility list is not used. +Microsoft Edge uses the compatibility list that helps websites with known compatibility issues display properly. When enabled, Microsoft Edge checks the list to determine if the website has compatibility issues during browser navigation. By default, this policy is enabled allowing periodic downloads and installation of updates. Visiting any site on the Microsoft compatibility list prompts the employee to use Internet Explorer 11, where the site renders as though it is in whatever version of IE is necessary for it to appear properly. If disabled, the compatibility list is not used. + **Microsoft Intune to manage your MDM settings** | | | @@ -175,7 +176,7 @@ This policy setting specifies whether to use the Microsoft compatibility list in |Supported devices |Desktop
Mobile | |URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowMicrosoftCompatibilityList | |Data type | Integer | -|Allowed values |
  • **0** - Additional search engines are not allowed and the default cannot be changed in the Address bar.
  • **1 (default)** - Additional search engines are allowed and the default can be changed in the Address bar.
| +|Allowed values |
  • **0** - Disabled. The Microsoft compatibility list is ignored.
  • **1 (default)** - Enabled. The Microsoft compatibility list is periodically update and used during browser navigation.
| ## Allow search engine customization >*Supported versions: Windows 10, version 1703 or later* @@ -298,6 +299,15 @@ You can export a set of favorites from Edge and use that html file for provision |URI full path |./Vendor/MSFT/Policy/Config/Browser/ProvisionFavorites | |Data type | String | + + ## Configure Password Manager >*Supported versions: Windows 10* @@ -498,9 +508,15 @@ This policy setting specifies whether you can add, import, sort, or edit the Fav >[!Important] >Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops you from syncing their favorites between Internet Explorer and Microsoft Edge. - + +**Microsoft Intune to manage your MDM settings** +| | | +|---|---| +|MDM name |[LockdownFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | +|Supported devices |Desktop
Mobile | +|URI full path |./Vendor/MSFT/Policy/Config/Browser/LockdownFavorites | +|Data type | Integer | +|Allowed values |
  • **0 (default)** - Disabled. Do not lockdown Favorites.
  • **1** - Enabled. Lockdown Favorites.
| ## Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start >*Supported versions: Windows 10, version 1703 or later* From 96e90d2f9f791aa5da738c8e896c9819ac2b7cd3 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Fri, 6 Apr 2018 06:11:38 -0700 Subject: [PATCH 14/18] Updated the voice and tone, plus deleted duplicate content --- browsers/edge/available-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index bedff7e283..3b66180dfe 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -274,6 +274,7 @@ This policy setting specifies whether Do Not Track requests to websites is allow |Data type | Integer | |Allowed values |
  • **0 (default)** - Stops you from sending Do Not Track headers to websites requesting tracking info.
  • **1** - Employees can send Do Not Track headers to websites requesting tracking info.
| + @@ -132,7 +133,7 @@ Added in Windows 10, version 1803. List of exceptions to the blocked website URL Added in Windows 10, version 1803. List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. > [!Note] -> This policy only applies to kiosk browser. +> This policy only applies to the Kiosk Browser app in Microsoft Store. @@ -179,7 +180,7 @@ Added in Windows 10, version 1803. List of blocked website URLs (with wildcard s Added in Windows 10, version 1803. Configures the default URL kiosk browsers to navigate on launch and restart. > [!Note] -> This policy only applies to kiosk browser. +> This policy only applies to the Kiosk Browser app in Microsoft Store. @@ -226,7 +227,7 @@ Added in Windows 10, version 1803. Configures the default URL kiosk browsers to Added in Windows 10, version 1803. Enable/disable kiosk browser's home button. > [!Note] -> This policy only applies to kiosk browser. +> This policy only applies to the Kiosk Browser app in Microsoft Store. @@ -273,7 +274,7 @@ Added in Windows 10, version 1803. Enable/disable kiosk browser's home button. Added in Windows 10, version 1803. Enable/disable kiosk browser's navigation buttons (forward/back). > [!Note] -> This policy only applies to kiosk browser. +> This policy only applies to the Kiosk Browser app in Microsoft Store. @@ -322,7 +323,7 @@ Added in Windows 10, version 1803. Amount of time in minutes the session is idle The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. > [!Note] -> This policy only applies to kiosk browser. +> This policy only applies to the Kiosk Browser app in Microsoft Store.