-System audit policy -Category/Subcategory Setting -Logon/Logoff - Network Policy Server Success and Failure -- -If it says, "No auditing," you can run this command to enable it: -```console -auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable -``` - -Even if audit policy appears to be fully enabled, it sometimes helps to disable and then re-enable this setting. You can also enable Network Policy Server logon/logoff auditing by using Group Policy. To get to the success/failure setting, select **Computer Configuration** > **Policies** > **Windows Settings** > **Security Settings** > **Advanced Audit Policy Configuration** > **Audit Policies** > **Logon/Logoff** > **Audit Network Policy Server**. - -## More references - -[Troubleshooting Windows Vista 802.11 Wireless Connections](/previous-versions/windows/it-pro/windows-vista/cc766215(v=ws.10))
Try our Virtual Agent - It can help you quickly identify and fix common Windows boot issues. - -> [!NOTE] -> This article is intended for use by support agents and IT professionals. If you're looking for more general information about recovery options, see [Recovery options in Windows 10](https://support.microsoft.com/windows/recovery-options-in-windows-31ce2444-7de3-818c-d626-e3b5a3024da5). - -## Summary - -There are several reasons why a Windows-based computer may have problems during startup. To troubleshoot boot problems, first determine in which of the following phases the computer gets stuck: - -| Phase | Boot Process | BIOS | UEFI | -|-----------|----------------------|------------------------------------|-----------------------------------| -| 1 | PreBoot | MBR/PBR (Bootstrap Code) | UEFI Firmware | -| 2 | Windows Boot Manager | %SystemDrive%\bootmgr | \EFI\Microsoft\Boot\bootmgfw.efi | -| 3 | Windows OS Loader | %SystemRoot%\system32\winload.exe | %SystemRoot%\system32\winload.efi | -| 4 | Windows NT OS Kernel | %SystemRoot%\system32\ntoskrnl.exe | | - -1. **PreBoot**: The PC's firmware initiates a power-on self test (POST) and loads firmware settings. This pre-boot process ends when a valid system disk is detected. Firmware reads the master boot record (MBR), and then starts Windows Boot Manager. - -2. **Windows Boot Manager**: Windows Boot Manager finds and starts the Windows loader (Winload.exe) on the Windows boot partition. - -3. **Windows operating system loader**: Essential drivers required to start the Windows kernel are loaded and the kernel starts to run. - -4. **Windows NT OS Kernel**: The kernel loads into memory the system registry hive and other drivers that are marked as BOOT_START. - - The kernel passes control to the session manager process (Smss.exe) which initializes the system session, and loads and starts the devices and drivers that aren't marked BOOT_START. - - - -Here's a summary of the boot sequence, what will be seen on the display, and typical boot problems at that point in the sequence. Before you start troubleshooting, you have to understand the outline of the boot process and display status to ensure that the issue is properly identified at the beginning of the engagement. Select the thumbnail to view it larger. - -:::image type="content" source="images/boot-sequence-thumb.png" alt-text="Diagram of the boot sequence flowchart." lightbox="images/boot-sequence.png"::: - -Each phase has a different approach to troubleshooting. This article provides troubleshooting techniques for problems that occur during the first three phases. - -> [!NOTE] -> If the computer repeatedly boots to the recovery options, run the following command at a command prompt to break the cycle: -> -> `Bcdedit /set {default} recoveryenabled no` -> -> If the F8 options don't work, run the following command: -> -> `Bcdedit /set {default} bootmenupolicy legacy` - -## BIOS phase - -To determine whether the system has passed the BIOS phase, follow these steps: - -1. If there are any external peripherals connected to the computer, disconnect them. - -2. Check whether the hard disk drive light on the physical computer is working. If it's not working, this dysfunction indicates that the startup process is stuck at the BIOS phase. - -3. Press the NumLock key to see whether the indicator light toggles on and off. If it doesn't toggle, this dysfunction indicates that the startup process is stuck at BIOS. - - If the system is stuck at the BIOS phase, there may be a hardware problem. - -## Boot loader phase - -If the screen is black except for a blinking cursor, or if you receive one of the following error codes, this status indicates that the boot process is stuck in the Boot Loader phase: - -- Boot Configuration Data (BCD) missing or corrupted -- Boot file or MBR corrupted -- Operating system Missing -- Boot sector missing or corrupted -- Bootmgr missing or corrupted -- Unable to boot due to system hive missing or corrupted - -To troubleshoot this problem, use Windows installation media to start the computer, press **Shift** + **F10** for a command prompt, and then use any of the following methods. - -### Method 1: Startup Repair tool - -The Startup Repair tool automatically fixes many common problems. The tool also lets you quickly diagnose and repair more complex startup problems. When the computer detects a startup problem, the computer starts the Startup Repair tool. When the tool starts, it performs diagnostics. These diagnostics include analyzing startup log files to determine the cause of the problem. When the Startup Repair tool determines the cause, the tool tries to fix the problem automatically. - -To do this task of invoking the Startup Repair tool, follow these steps. - -> [!NOTE] -> For additional methods to start WinRE, see [Windows Recovery Environment (Windows RE)](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#entry-points-into-winre). - -1. Start the system to the installation media for the installed version of Windows. For more information, see [Create installation media for Windows](https://support.microsoft.com/windows/create-installation-media-for-windows-99a58364-8c02-206f-aa6f-40c3b507420d). - -2. On the **Install Windows** screen, select **Next** > **Repair your computer**. - -3. On the **Choose an option** screen, select **Troubleshoot**. - -4. On the **Advanced options** screen, select **Startup Repair**. - -5. After Startup Repair, select **Shutdown**, then turn on your PC to see if Windows can boot properly. - -The Startup Repair tool generates a log file to help you understand the startup problems and the repairs that were made. You can find the log file in the following location: - -`%windir%\System32\LogFiles\Srt\Srttrail.txt` - -For more information, see [Troubleshoot blue screen errors](https://support.microsoft.com/sbs/windows/troubleshoot-blue-screen-errors-5c62726c-6489-52da-a372-3f73142c14ad). - -### Method 2: Repair Boot Codes - -To repair boot codes, run the following command: - -```command -BOOTREC /FIXMBR -``` - -To repair the boot sector, run the following command: - -```command -BOOTREC /FIXBOOT -``` - -> [!NOTE] -> Running `BOOTREC` together with `Fixmbr` overwrites only the master boot code. If the corruption in the MBR affects the partition table, running `Fixmbr` may not fix the problem. - -### Method 3: Fix BCD errors - -If you receive BCD-related errors, follow these steps: - -1. Scan for all the systems that are installed. To do this step, run the following command: - - ```command - Bootrec /ScanOS - ``` - -2. Restart the computer to check whether the problem is fixed. - -3. If the problem isn't fixed, run the following commands: - - ```command - bcdedit /export c:\bcdbackup - - attrib c:\boot\bcd -r -s -h - - ren c:\boot\bcd bcd.old - - bootrec /rebuildbcd - ``` - -4. Restart the system. - -### Method 4: Replace Bootmgr - -If methods 1, 2 and 3 don't fix the problem, replace the Bootmgr file from drive C to the System Reserved partition. To do this replacement, follow these steps: - -1. At a command prompt, change the directory to the System Reserved partition. - -2. Run the `attrib` command to unhide the file: - - ```command - attrib -r -s -h - ``` - -3. Navigate to the system drive and run the same command: - - ```command - attrib -r -s -h - ``` - -4. Rename the `bootmgr` file as `bootmgr.old`: - - ```command - ren c:\bootmgr bootmgr.old - ``` - -5. Navigate to the system drive. - -6. Copy the `bootmgr` file, and then paste it to the System Reserved partition. - -7. Restart the computer. - -### Method 5: Restore system hive - -If Windows can't load the system registry hive into memory, you must restore the system hive. To do this step, use the Windows Recovery Environment or use the Emergency Repair Disk (ERD) to copy the files from the `C:\Windows\System32\config\RegBack` directory to `C:\Windows\System32\config`. - -If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced. - -> [!NOTE] -> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more information, see [The system registry is no longer backed up to the RegBack folder starting in Windows 10 version 1803](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder). - -## Kernel Phase - -If the system gets stuck during the kernel phase, you experience multiple symptoms or receive multiple error messages. These error messages include, but aren't limited to, the following examples: - -- A Stop error appears after the splash screen (Windows Logo screen). - -- Specific error code is displayed. For example, `0x00000C2` , `0x0000007B` , or `inaccessible boot device`. - - [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md) - - [Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first"](troubleshoot-event-id-41-restart.md) - -- The screen is stuck at the "spinning wheel" (rolling dots) "system busy" icon. - -- A black screen appears after the splash screen. - -To troubleshoot these problems, try the following recovery boot options one at a time. - -### Scenario 1: Try to start the computer in Safe mode or Last Known Good Configuration - -On the **Advanced Boot Options** screen, try to start the computer in **Safe Mode** or **Safe Mode with Networking**. If either of these options works, use Event Viewer to help identify and diagnose the cause of the boot problem. To view events that are recorded in the event logs, follow these steps: - -1. Use one of the following methods to open Event Viewer: - - - Go to the **Start** menu, select **Administrative Tools**, and then select **Event Viewer**. - - - Start the Event Viewer snap-in in Microsoft Management Console (MMC). - -2. In the console tree, expand Event Viewer, and then select the log that you want to view. For example, choose **System log** or **Application log**. - -3. In the details pane, open the event that you want to view. - -4. On the **Edit** menu, select **Copy**. Open a new document in the program in which you want to paste the event. For example, Microsoft Word. Then select **Paste**. - -5. Use the up arrow or down arrow key to view the description of the previous or next event. - -### Clean boot - -To troubleshoot problems that affect services, do a clean boot by using System Configuration (`msconfig`). -Select **Selective startup** to test the services one at a time to determine which one is causing the problem. If you can't find the cause, try including system services. However, in most cases, the problematic service is third-party. - -Disable any service that you find to be faulty, and try to start the computer again by selecting **Normal startup**. - -For detailed instructions, see [How to perform a clean boot in Windows](https://support.microsoft.com/topic/how-to-perform-a-clean-boot-in-windows-da2f9573-6eec-00ad-2f8a-a97a1807f3dd). - -If the computer starts in Disable Driver Signature mode, start the computer in Disable Driver Signature Enforcement mode, and then follow the steps that are documented in the following article to determine which drivers or files require driver signature enforcement: -[Troubleshooting boot problem caused by missing driver signature (x64)](/archive/blogs/askcore/troubleshooting-boot-issues-due-to-missing-driver-signature-x64) - -> [!NOTE] -> If the computer is a domain controller, try Directory Services Restore mode (DSRM). -> -> This method is an important step if you encounter Stop error "0xC00002E1" or "0xC00002E2" - -#### Examples - -> [!WARNING] -> Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft can't guarantee that these problems can be solved. Modify the registry at your own risk. - -*Error code INACCESSIBLE_BOOT_DEVICE (STOP 0x7B)* - -To troubleshoot this Stop error, follow these steps to filter the drivers: - -1. Go to Windows Recovery Environment (WinRE) by putting an ISO disk of the system in the disk drive. The ISO should be of the same version of Windows or a later version. - -2. Open the registry. - -3. Load the system hive, and name it **test**. - -4. Under the following registry subkey, check for lower filter and upper filter items for non-Microsoft drivers: - - `HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class` - -5. For each third-party driver that you locate, select the upper or lower filter, and then delete the value data. - -6. Search through the whole registry for similar items. Process as appropriate, and then unload the registry hive. - -7. Restart the server in Normal mode. - -For more troubleshooting steps, see [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md). - -To fix problems that occur after you install Windows updates, check for pending updates by using these steps: - -1. Open a Command Prompt window in WinRE. - -2. Run the command: - - ```command - DISM /image:C:\ /get-packages - ``` - -3. If there are any pending updates, uninstall them by running the following commands: - - ```command - DISM /image:C:\ /remove-package /packagename: name of the package - - DISM /Image:C:\ /Cleanup-Image /RevertPendingActions - ``` - - Try to start the computer. - -If the computer doesn't start, follow these steps: - -1. Open a command prompt window in WinRE, and start a text editor, such as Notepad. - -2. Navigate to the system drive, and search for `windows\winsxs\pending.xml`. - -3. If the pending.xml file is found, rename the file as `pending.xml.old`. - -4. Open the registry, and then load the component hive in HKEY_LOCAL_MACHINE as test. - -5. Highlight the loaded test hive, and then search for the `pendingxmlidentifier` value. - -6. If the `pendingxmlidentifier` value exists, delete it. - -7. Unload the test hive. - -8. Load the system hive, name it **test**. - -9. Navigate to the following subkey: - - `HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstaller` - -10. Change the **Start** value from `1` to `4`. - -11. Unload the hive. - -12. Try to start the computer. - -If the Stop error occurs late in the startup process, or if the Stop error is still being generated, you can capture a memory dump. A good memory dump can help determine the root cause of the Stop error. For more information, see [Generate a kernel or complete crash dump](./generate-kernel-or-complete-crash-dump.md). - -For more information about page file problems in Windows 10 or Windows Server 2016, see [Introduction to page files](./introduction-page-file.md). - -For more information about Stop errors, see [Advanced troubleshooting for Stop error or blue screen error issue](./troubleshoot-stop-errors.md). - -Sometimes the dump file shows an error that's related to a driver. For example, `windows\system32\drivers\stcvsm.sys` is missing or corrupted. In this instance, follow these guidelines: - -- Check the functionality that's provided by the driver. If the driver is a third-party boot driver, make sure that you understand what it does. - -- If the driver isn't important and has no dependencies, load the system hive, and then disable the driver. - -- If the stop error indicates system file corruption, run the system file checker in offline mode. - - - To do this action, open WinRE, open a command prompt, and then run the following command: - - ```command - SFC /Scannow /OffBootDir=C:\ /OffWinDir=C:\Windows - ``` - - For more information, see [Using system file checker (SFC) to fix issues](/archive/blogs/askcore/using-system-file-checker-sfc-to-fix-issues). - - - If there's disk corruption, run the check disk command: - - ```command - chkdsk /f /r - ``` - -- If the Stop error indicates general registry corruption, or if you believe that new drivers or services were installed, follow these steps: - - 1. Start WinRE, and open a command prompt window. - 2. Start a text editor, such as Notepad. - 3. Navigate to `C:\Windows\System32\Config\`. - 4. Rename the all five hives by appending `.old` to the name. - 5. Copy all the hives from the `Regback` folder, paste them in the `Config` folder, and then try to start the computer in Normal mode. - -> [!NOTE] -> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more information, see [The system registry is no longer backed up to the RegBack folder starting in Windows 10 version 1803](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder). diff --git a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md deleted file mode 100644 index 35484e641a..0000000000 --- a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md +++ /dev/null @@ -1,324 +0,0 @@ ---- -title: Advanced Troubleshooting Wireless Network Connectivity -ms.reviewer: -manager: dougeby -description: Learn how to troubleshoot Wi-Fi connections. Troubleshooting Wi-Fi connections requires understanding the basic flow of the Wi-Fi autoconnect state machine. -ms.prod: w10 -author: aczechowski -ms.localizationpriority: medium -ms.author: aaroncz -ms.topic: troubleshooting ---- - -# Advanced troubleshooting wireless network connectivity - -> [!NOTE] -> Home users: This article is intended for use by support agents and IT professionals. If you're looking for more general information about Wi-Fi problems in Windows 10, check out this [Windows 10 Wi-Fi fix article](https://support.microsoft.com/en-in/help/4000432/windows-10-fix-wi-fi-problems). - -## Overview - -This overview describes the general troubleshooting of establishing Wi-Fi connections from Windows clients. -Troubleshooting Wi-Fi connections requires understanding the basic flow of the Wi-Fi autoconnect state machine. Understanding this flow makes it easier to determine the starting point in a repro scenario in which a different behavior is found. -This workflow involves knowledge and use of [TextAnalysisTool](https://github.com/TextAnalysisTool/Releases), an extensive text filtering tool that is useful with complex traces with numerous ETW providers such as wireless_dbg trace scenario. - -## Scenarios - -This article applies to any scenario in which Wi-Fi connections fail to establish. The troubleshooter is developed with Windows 10 clients in focus, but also may be useful with traces as far back as Windows 7. - -> [!NOTE] -> This troubleshooter uses examples that demonstrate a general strategy for navigating and interpreting wireless component [Event Tracing for Windows](/windows/desktop/etw/event-tracing-portal) (ETW). It's not meant to be representative of every wireless problem scenario. - -Wireless ETW is incredibly verbose and calls out many innocuous errors (rather flagged behaviors that have little or nothing to do with the problem scenario). Searching for or filtering on "err", "error", and "fail" will seldom lead you to the root cause of a problematic Wi-Fi scenario. Instead it will flood the screen with meaningless logs that will obfuscate the context of the actual problem. - -It's important to understand the different Wi-Fi components involved, their expected behaviors, and how the problem scenario deviates from those expected behaviors. -The intention of this troubleshooter is to show how to find a starting point in the verbosity of wireless_dbg ETW and home in on the responsible components that are causing the connection problem. - -### Known Issues and fixes - -| OS version | Fixed in | -| --- | --- | -| **Windows 10, version 1803** | [KB4284848](https://support.microsoft.com/help/4284848) | -| **Windows 10, version 1709** | [KB4284822](https://support.microsoft.com/help/4284822) | -| **Windows 10, version 1703** | [KB4338827](https://support.microsoft.com/help/4338827) | - -Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update-history webpage for your system: -- [Windows 10 version 1809](https://support.microsoft.com/help/4464619) -- [Windows 10 version 1803](https://support.microsoft.com/help/4099479) -- [Windows 10 version 1709](https://support.microsoft.com/en-us/help/4043454) -- [Windows 10 version 1703](https://support.microsoft.com/help/4018124) -- [Windows 10 version 1607 and Windows Server 2016](https://support.microsoft.com/help/4000825) -- [Windows 10 version 1511](https://support.microsoft.com/help/4000824) -- [Windows 8.1 and Windows Server 2012 R2](https://support.microsoft.com/help/4009470) -- [Windows Server 2012](https://support.microsoft.com/help/4009471) -- [Windows 7 SP1 and Windows Server 2008 R2 SP1](https://support.microsoft.com/help/4009469) - -## Data Collection - -1. Network Capture with ETW. Enter the following command at an elevated command prompt: - - ```console - netsh trace start wireless_dbg capture=yes overwrite=yes maxsize=4096 tracefile=c:\tmp\wireless.etl - ``` -2. Reproduce the issue. - - If there's a failure to establish connection, try to manually connect. - - If it's intermittent but easily reproducible, try to manually connect until it fails. Record the time of each connection attempt, and whether it was a success or failure. - - If the issue is intermittent but rare, netsh trace stop command needs to be triggered automatically (or at least alerted to admin quickly) to ensure trace doesn’t overwrite the repro data. - - If intermittent connection drops trigger stop command on a script (ping or test network constantly until fail, then netsh trace stop). -3. Stop the trace by entering the following command: - - ```console - netsh trace stop - ``` -4. To convert the output file to text format: - - ```console - netsh trace convert c:\tmp\wireless.etl - ``` - -See the [example ETW capture](#example-etw-capture) at the bottom of this article for an example of the command output. After running these commands, you'll have three files: wireless.cab, wireless.etl, and wireless.txt. - -## Troubleshooting - -The following view is a high-level one of the main wifi components in Windows. - -|Wi-fi Components|Description| -|--- |--- | -||The Windows Connection Manager (Wcmsvc) is closely associated with the UI controls (taskbar icon) to connect to various networks, including wireless networks. It accepts and processes input from the user and feeds it to the core wireless service.| -||The WLAN Autoconfig Service (WlanSvc) handles the following core functions of wireless networks in windows:
Microsoft Application Virtualization (App-V) apps have typically been configured, deployed, and managed through on-premises group policies using Microsoft Endpoint Manager or App-V server. In Windows 10, version 1703, App-V apps can be configured, deployed, and managed using mobile device management (MDM), matching their on-premises counterparts.
+Microsoft Application Virtualization (App-V) apps have typically been configured, deployed, and managed through on-premises group policies or App-V server. In Windows 10, version 1703, App-V apps can be configured, deployed, and managed using mobile device management (MDM), matching their on-premises counterparts.
MDM services can be used to publish App-V packages to clients running Windows 10, version 1703 (or later). All capabilities such as App-V enablement, configuration, and publishing can be completed using the EnterpriseAppVManagement CSP.
### EnterpriseAppVManagement CSP node structure -[EnterpriseAppVManagement CSP reference](./enterpriseappvmanagement-csp.md) +[EnterpriseAppVManagement CSP reference](mdm/enterpriseappvmanagement-csp.md) The following example shows the EnterpriseAppVManagement configuration service provider in tree format. @@ -72,7 +72,7 @@ EnterpriseAppVManagementSync command:
-[App-V Sync protocol reference]( https://msdn.microsoft.com/enus/library/mt739986.aspx) +[App-V Sync protocol reference](https://msdn.microsoft.com/enus/library/mt739986.aspx)AppVDynamicPolicy - A read/write node that contains the App-V dynamic configuration for an MDM device (applied globally to all users for that device) or a specific MDM user.
@@ -85,7 +85,7 @@ EnterpriseAppVManagementDynamic policy examples:
-[Dynamic configuration processing](/windows/application-management/app-v/appv-application-publishing-and-client-interaction#bkmk-dynamic-config">Dynamic configuration processing) +[Dynamic configuration processing](/windows/application-management/app-v/appv-application-publishing-and-client-interaction#dynamic-configuration-processing)AppVPackageManagement - Primarily read-only App-V package inventory data for MDM servers to query current packages.
@@ -114,9 +114,9 @@ EnterpriseAppVManagementA complete list of App-V policies can be found here:
-[ADMX-backed policy reference](./policy-configuration-service-provider.md) +[ADMX-backed policy reference](mdm/policy-configuration-service-provider.md) -[EnterpriseAppVManagement CSP reference](./enterpriseappvmanagement-csp.md) +[EnterpriseAppVManagement CSP reference](mdm/enterpriseappvmanagement-csp.md) ### SyncML examples @@ -147,24 +147,24 @@ EnterpriseAppVManagementThis example shows how to allow package scripts to run during package operations (publish, run, and unpublish). Allowing package scripts helps package deployments (add and publish of App-V apps).
```xml -Complete list of App-V policies can be found here:
-[Policy CSP](./policy-configuration-service-provider.md) +[Policy CSP](mdm/policy-configuration-service-provider.md) #### SyncML with package published for a device (global to all users for that device) @@ -199,11 +199,11 @@ EnterpriseAppVManagement*PackageUrl can be a UNC or HTTP/HTTPS endpoint.
@@ -236,7 +236,7 @@ EnterpriseAppVManagementOptional. Integer. Specifies the default roaming value. Valid values are:
|Value|Setting| @@ -48,4 +48,4 @@ CellularSettings ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) +[Configuration service provider reference](index.yml) diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md index 585bfdba94..7f9a4ba349 100644 --- a/windows/client-management/mdm/certificatestore-csp.md +++ b/windows/client-management/mdm/certificatestore-csp.md @@ -5,8 +5,8 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: windows-client +ms.technology: itpro-manage author: vinaypamnani-msft ms.date: 02/28/2020 --- @@ -114,7 +114,7 @@ CertificateStore ----------------TemplateName ``` -**Root/System** +**Root/System** Defines the certificate store that contains root, or self-signed, certificates. Supported operation is Get. @@ -122,7 +122,7 @@ Supported operation is Get. > [!NOTE] > Root/System is case sensitive. Please use the RootCATrustedCertificates CSP moving forward for installing root certificates. -**CA/System** +**CA/System** Defines the certificate store that contains cryptographic information, including intermediary certification authorities. Supported operation is Get. @@ -130,7 +130,7 @@ Supported operation is Get. > [!NOTE] > CA/System is case sensitive. Please use the RootCATrustedCertificates CSP moving forward for installing CA certificates. -**My/User** +**My/User** Defines the certificate store that contains public keys for client certificates. This certificate store is only used by enterprise servers to push down the public key of a client certificate. The client certificate is used by the device client to authenticate itself to the enterprise server for device management and downloading enterprise applications. Supported operation is Get. @@ -138,7 +138,7 @@ Supported operation is Get. > [!NOTE] > My/User is case sensitive. -**My/System** +**My/System** Defines the certificate store that contains public key for client certificate. This certificate store is only used by enterprise server to push down the public key of the client cert. The client cert is used by the device to authenticate itself to the enterprise server for device management and enterprise app downloading. Supported operation is Get. @@ -146,42 +146,42 @@ Supported operation is Get. > [!NOTE] > My/System is case sensitive. -***CertHash*** +***CertHash*** Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value. Supported operations are Get, Delete, and Replace. -***CertHash*/EncodedCertificate** +***CertHash*/EncodedCertificate** Required. Specifies the X.509 certificate as a Base64-encoded string. The Base-64 string value can't include extra formatting characters such as embedded linefeeds, etc. Supported operations are Get, Add, Delete, and Replace. -***CertHash*/IssuedBy** +***CertHash*/IssuedBy** Required. Returns the name of the certificate issuer. This name is equivalent to the *Issuer* member in the CERT\_INFO data structure. Supported operation is Get. -***CertHash*/IssuedTo** +***CertHash*/IssuedTo** Required. Returns the name of the certificate subject. This name is equivalent to the *Subject* member in the CERT\_INFO data structure. Supported operation is Get. -***CertHash*/ValidFrom** +***CertHash*/ValidFrom** Required. Returns the starting date of the certificate's validity. This date is equivalent to the *NotBefore* member in the CERT\_INFO structure. Supported operation is Get. -***CertHash*/ValidTo** +***CertHash*/ValidTo** Required. Returns the expiration date of the certificate. This expiration date is equivalent to the *NotAfter* member in the CERT\_INFO structure. Supported operation is Get. -***CertHash*/TemplateName** +***CertHash*/TemplateName** Required. Returns the certificate template name. Supported operation is Get. -**My/SCEP** +**My/SCEP** Required for Simple Certificate Enrollment Protocol (SCEP) certificate enrollment. The parent node grouping the SCEP certificate related settings. Supported operation is Get. @@ -189,12 +189,12 @@ Supported operation is Get. > [!NOTE] > Please use the ClientCertificateInstall CSP to install SCEP certificates moving forward. All enhancements to SCEP will happen in that CSP. -**My/SCEP/***UniqueID* +**My/SCEP/***UniqueID* Required for SCEP certificate enrollment. A unique ID to differentiate certificate enrollment requests. Format is node. Supported operations are Get, Add, Replace, and Delete. -**My/SCEP/*UniqueID*/Install** +**My/SCEP/*UniqueID*/Install** Required for SCEP certificate enrollment. Parent node to group SCEP certificate installs related request. Format is node. Supported operations are Add, Replace, and Delete. @@ -202,30 +202,30 @@ Supported operations are Add, Replace, and Delete. > [!NOTE] > Though the children nodes under Install support Replace commands, after the Exec command is sent to the device, the device takes the values that are set when the Exec command is accepted. You should not expect the node value change that occurs after the Exec command is accepted to impact the current undergoing enrollment. You should check the Status node value and make sure that the device is not at an unknown stage before changing the children node values. -**My/SCEP/*UniqueID*/Install/ServerURL** +**My/SCEP/*UniqueID*/Install/ServerURL** Required for SCEP certificate enrollment. Specifies the certificate enrollment server. The server could specify multiple server URLs separated by a semicolon. Value type is string. Supported operations are Get, Add, Delete, and Replace. -**My/SCEP/*UniqueID*/Install/Challenge** +**My/SCEP/*UniqueID*/Install/Challenge** Required for SCEP certificate enrollment. B64 encoded SCEP enrollment challenge. Value type is chr. Supported operations are Get, Add, Replace, and Delete. Challenge will be deleted shortly after the Exec command is accepted. -**My/SCEP/*UniqueID*/Install/EKUMapping** +**My/SCEP/*UniqueID*/Install/EKUMapping** Required. Specifies the extended key usages and subject to SCEP server configuration. The list of OIDs is separated by a plus sign **+**, such as OID1+OID2+OID3. Value type is chr. Supported operations are Get, Add, Delete, and Replace. -**My/SCEP/*UniqueID*/Install/KeyUsage** +**My/SCEP/*UniqueID*/Install/KeyUsage** Required for enrollment. Specifies the key usage bits (0x80, 0x20, 0xA0, etc.) for the certificate in decimal format. The value should at least have second (0x20) or fourth (0x80) or both bits set. If the value doesn't have those bits set, configuration will fail. Value type is an integer. Supported operations are Get, Add, Delete, and Replace. -**My/SCEP/*UniqueID*/Install/SubjectName** -Required. Specifies the subject name. +**My/SCEP/*UniqueID*/Install/SubjectName** +Required. Specifies the subject name. The SubjectName value is quoted if it contains leading or trailing white space or one of the following characters: (“,” “=” “+” “;”). @@ -235,7 +235,7 @@ Value type is chr. Supported operations are Get, Add, Delete, and Replace. -**My/SCEP/*UniqueID*/Install/KeyProtection** +**My/SCEP/*UniqueID*/Install/KeyProtection** Optional. Specifies the location of the private key. Although the private key is protected by TPM, it isn't protected with TPM PIN. SCEP enrolled certificate doesn't support TPM PIN protection. Supported values are one of the following values: @@ -250,17 +250,17 @@ Value type is an integer. Supported operations are Get, Add, Delete, and Replace. -**My/SCEP/*UniqueID*/Install/RetryDelay** +**My/SCEP/*UniqueID*/Install/RetryDelay** Optional. Specifies the device retry waiting time in minutes when the SCEP server sends the pending status. Default value is 5 and the minimum value is 1. Value type is an integer. Supported operations are Get, Add, and Delete. -**My/SCEP/*UniqueID*/Install/RetryCount** +**My/SCEP/*UniqueID*/Install/RetryCount** Optional. Special to SCEP. Specifies the device retry times when the SCEP server sends pending status. Value type is an integer. Default value is 3. Max value can't be larger than 30. If it's larger than 30, the device will use 30. The min value is 0, which means no retry. Supported operations are Get, Add, Delete, and Replace. -**My/SCEP/*UniqueID*/Install/TemplateName** +**My/SCEP/*UniqueID*/Install/TemplateName** Optional. OID of certificate template name. > [!Note] @@ -268,29 +268,29 @@ Optional. OID of certificate template name. Supported operations are Get, Add, and Delete. -**My/SCEP/*UniqueID*/Install/KeyLength** +**My/SCEP/*UniqueID*/Install/KeyLength** Required for enrollment. Specifies private key length (RSA). Value type is an integer. Valid values are 1024, 2048, 4096. NGC key lengths supported should be specified. Supported operations are Get, Add, Delete, and Replace. -**My/SCEP/*UniqueID*/Install/HashAlgorithm** +**My/SCEP/*UniqueID*/Install/HashAlgorithm** Required for enrollment. Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by the MDM server. If multiple hash algorithm families are specified, they must be separated with +. Value type is chr. Supported operations are Get, Add, Delete, and Replace. -**My/SCEP/*UniqueID*/Install/CAThumbprint** +**My/SCEP/*UniqueID*/Install/CAThumbprint** Required. Specifies the root CA thumbprint. It's a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. When client authenticates the SCEP server, it checks CA certificate from SCEP server for a match with this certificate. If it doesn't match, the authentication fails. Value type is chr. Supported operations are Get, Add, Delete, and Replace. -**My/SCEP/*UniqueID*/Install/SubjectAlternativeNames** +**My/SCEP/*UniqueID*/Install/SubjectAlternativeNames** Optional. Specifies the subject alternative name. Multiple alternative names can be specified. Each name is the combination of name format+actual name. Refer to the name type definition in MSDN. Each pair is separated by semicolon. For example, multiple subject alternative names are presented in the format *\The root node for the CleanPC configuration service provider.
-**CleanPCWithoutRetainingUserData** +**CleanPCWithoutRetainingUserData**An integer specifying a CleanPC operation without any retention of user data.
The only supported operation is Execute. -**CleanPCRetainingUserData** -
An integer specifying a CleanPC operation with retention of user data. +**CleanPCRetainingUserData** +
An integer specifying a CleanPC operation with retention of user data.
The only supported operation is Execute.
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/cleanpc-ddf.md b/windows/client-management/mdm/cleanpc-ddf.md
index 9677737584..b9905656b8 100644
--- a/windows/client-management/mdm/cleanpc-ddf.md
+++ b/windows/client-management/mdm/cleanpc-ddf.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
---
@@ -15,7 +15,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the **CleanPC** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
@@ -50,7 +50,7 @@ The XML below is the current version for this CSP.
The root node for the DeveloperSetup configuration service provider. -**EnableDeveloperMode** +**EnableDeveloperMode**
A Boolean value that is used to enable Developer Mode on the device. The default value is false.
The only supported operation is Replace. -**DevicePortal** -
The node for the Windows Device Portal. +**DevicePortal** +
The node for the Windows Device Portal. -**DevicePortal/Authentication** -
The node that describes the characteristics of the authentication mechanism that is used for the Windows Device Portal. +**DevicePortal/Authentication** +
The node that describes the characteristics of the authentication mechanism that is used for the Windows Device Portal. -**DevicePortal/Authentication/Mode** -
An integer value that specifies the mode of authentication that is used when making requests to the Windows Device Portal. +**DevicePortal/Authentication/Mode** +
An integer value that specifies the mode of authentication that is used when making requests to the Windows Device Portal.
The only supported operation is Replace. -**DevicePortal/Authentication/BasicAuth** -
The node that describes the credentials that are used for basic authentication with the Windows Device Portal. +**DevicePortal/Authentication/BasicAuth** +
The node that describes the credentials that are used for basic authentication with the Windows Device Portal. -**DevicePortal/Authentication/BasicAuth/Username** -
A string value that specifies the user name to use when performing basic authentication with the Windows Device Portal. +**DevicePortal/Authentication/BasicAuth/Username** +
A string value that specifies the user name to use when performing basic authentication with the Windows Device Portal. The user name must contain only ASCII characters and cannot contain a colon (:).
The only supported operation is Replace. -**DevicePortal/Authentication/BasicAuth/Password** -
A string value that specifies the password to use when authenticating requests against the Windows Device Portal. +**DevicePortal/Authentication/BasicAuth/Password** +
A string value that specifies the password to use when authenticating requests against the Windows Device Portal.
The only supported operation is Replace. -**DevicePortal/Connection** -
The node for configuring connections to the Windows Device Portal service. +**DevicePortal/Connection** +
The node for configuring connections to the Windows Device Portal service. -**DevicePortal/Connection/HttpPort** -
An integer value that is used to configure the HTTP port for incoming connections to the Windows Device Portal service. -If authentication is enabled, HttpPort will redirect the user to the (required) HttpsPort. +**DevicePortal/Connection/HttpPort** +
An integer value that is used to configure the HTTP port for incoming connections to the Windows Device Portal service. +If authentication is enabled, HttpPort will redirect the user to the (required) HttpsPort.
The only supported operation is Replace. -**DevicePortal/Connection/HttpsPort** -
An integer value that is used to configure the HTTPS port for incoming connections to the Windows Device Portal service. +**DevicePortal/Connection/HttpsPort** +
An integer value that is used to configure the HTTPS port for incoming connections to the Windows Device Portal service.
The only supported operation is Replace.
\ No newline at end of file
diff --git a/windows/client-management/mdm/developersetup-ddf.md b/windows/client-management/mdm/developersetup-ddf.md
index ae96fa64df..5194793e17 100644
--- a/windows/client-management/mdm/developersetup-ddf.md
+++ b/windows/client-management/mdm/developersetup-ddf.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
---
@@ -15,7 +15,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the DeveloperSetup configuration service provider. This CSP was added in Windows 10, version 1703.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
diff --git a/windows/client-management/mdm/devicelock-csp.md b/windows/client-management/mdm/devicelock-csp.md
index 29938e34dc..b10bd93a62 100644
--- a/windows/client-management/mdm/devicelock-csp.md
+++ b/windows/client-management/mdm/devicelock-csp.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -61,10 +61,10 @@ DeviceLock
-------------MinDevicePasswordComplexCharacters
```
-**Provider**
+**Provider**
Required. An interior node to group all policy providers. Scope is permanent. Supported operation is Get.
- ***ProviderID***
+ ***ProviderID***
Optional. The node that contains the configured management server's ProviderID. Exchange ActiveSync policies set by Exchange are saved by the Sync client separately. Scope is dynamic. The following operations are supported:
- **Add** - Add the management account to the configuration service provider tree.
@@ -76,7 +76,7 @@ Optional. The node that contains the configured management server's ProviderID.
-***ProviderID*/DevicePasswordEnabled**
+***ProviderID*/DevicePasswordEnabled**
Optional. An integer value that specifies whether device lock is enabled. Possible values include:
- 0 - Device lock is enabled.
@@ -86,7 +86,7 @@ The scope is dynamic.
Supported operations are Get, Add, and Replace.
-***ProviderID*/AllowSimpleDevicePassword**
+***ProviderID*/AllowSimpleDevicePassword**
Optional. An integer value that specifies whether simple passwords, such as "1111" or "1234", are allowed. Possible values include:
- 0 - Not allowed.
@@ -96,12 +96,12 @@ Invalid values are treated as a configuration failure. The scope is dynamic.
Supported operations are Get, Add, and Replace.
-***ProviderID*/MinDevicePasswordLength**
+***ProviderID*/MinDevicePasswordLength**
Optional. An integer value that specifies the minimum number of characters required in the PIN. Valid values are 4 to 18 inclusive. The default value is 4. Invalid values are treated as a configuration failure. The scope is dynamic.
Supported operations are Get, Add, and Replace.
-***ProviderID*/AlphanumericDevicePasswordRequired**
+***ProviderID*/AlphanumericDevicePasswordRequired**
Optional. An integer value that specifies the complexity of the password or PIN allowed.
Possible values include:
@@ -114,39 +114,39 @@ Invalid values are treated as a configuration failure. The scope is dynamic.
Supported operations are Get, Add, and Replace.
-***ProviderID*/DevicePasswordExpiration**
+***ProviderID*/DevicePasswordExpiration**
Deprecated in Windows 10.
-***ProviderID*/DevicePasswordHistory**
+***ProviderID*/DevicePasswordHistory**
Deprecated in Windows 10.
-***ProviderID*/MaxDevicePasswordFailedAttempts**
+***ProviderID*/MaxDevicePasswordFailedAttempts**
Optional. An integer value that specifies the number of authentication failures allowed before the device will be wiped. Valid values are 0 to 999. The default value is 0, which indicates the device won't be wiped, whatever the number of authentication failures.
Invalid values are treated as a configuration failure. The scope is dynamic.
Supported operations are Get, Add, and Replace.
-***ProviderID*/MaxInactivityTimeDeviceLock**
+***ProviderID*/MaxInactivityTimeDeviceLock**
Optional. An integer value that specifies the amount of time (in minutes) that the device can remain idle before it's password locked. Valid values are 0 to 999. A value of 0 indicates no time-out is specified. In this case, the maximum screen time-out allowed by the UI applies.
Invalid values are treated as a configuration failure. The scope is dynamic.
Supported operations are Get, Add, and Replace.
-***ProviderID*/MinDevicePasswordComplexCharacters**
+***ProviderID*/MinDevicePasswordComplexCharacters**
Optional. An integer value that specifies the number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong password. Valid values are 1 to 3 for Windows client. The default value is 1.
Invalid values are treated as a configuration failure. The scope is dynamic.
Supported operations are Get, Add, and Replace.
-**DeviceValue**
+**DeviceValue**
Required. A permanent node that groups the policy values applied to the device. The server can query this node to discover what policy values are applied to the device. The scope is permanent.
Supported operation is Get.
-**DeviceValue/DevicePasswordEnable, …, MinDevicePasswordComplexCharacters**
+**DeviceValue/DevicePasswordEnable, …, MinDevicePasswordComplexCharacters**
Required. This node has the same set of policy nodes as the **ProviderID** node. All nodes under **DeviceValue** are read-only permanent nodes. Each node represents the current device lock policy. For detailed descriptions of each policy, see the ***ProviderID*** subnode descriptions.
## OMA DM examples
@@ -312,4 +312,4 @@ The value applied to the device can be queried via the nodes under the **DeviceV
[Policy CSP](policy-configuration-service-provider.md)
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/devicelock-ddf-file.md b/windows/client-management/mdm/devicelock-ddf-file.md
index 974d878b01..a7baeea8fe 100644
--- a/windows/client-management/mdm/devicelock-ddf-file.md
+++ b/windows/client-management/mdm/devicelock-ddf-file.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md
index b650e3c405..ba8c8543ab 100644
--- a/windows/client-management/mdm/devicemanageability-csp.md
+++ b/windows/client-management/mdm/devicemanageability-csp.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 11/01/2017
---
@@ -26,7 +26,7 @@ The table below shows the applicability of Windows:
The DeviceManageability configuration service provider (CSP) is used to retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607.
-For performance reasons, DeviceManageability CSP directly reads the CSP version from the registry. Specifically, the value csp\_version is used to determine each of the CSP versions. The csp\_version is a value under each of the CSP registration keys. To have consistency on the CSP version, the CSP GetProperty implementation for CFGMGR\_PROPERTY\_SEMANTICTYPE has to be updated to read from the registry as well, so that both the paths return the same information.
+For performance reasons, DeviceManageability CSP directly reads the CSP version from the registry. Specifically, the value csp\_version is used to determine each of the CSP versions. The csp\_version is a value under each of the CSP registration keys. To have consistency on the CSP version, the CSP GetProperty implementation for CFGMGR\_PROPERTY\_SEMANTICTYPE has to be updated to read from the registry as well, so that both the paths return the same information.
The following example shows the DeviceManageability configuration service provider in a tree format.
```
@@ -40,40 +40,40 @@ DeviceManageability
------------EnrollmentInfo (Added in Windows 10, version 1709)
```
-**./Device/Vendor/MSFT/DeviceManageability**
+**./Device/Vendor/MSFT/DeviceManageability**
Root node to group information about runtime MDM configuration capability on the target device.
-**Capabilities**
+**Capabilities**
Interior node.
-**Capabilities/CSPVersions**
+**Capabilities/CSPVersions**
Returns the versions of all configuration service providers supported on the device for the MDM service.
-**Provider**
+**Provider**
Added in Windows 10, version 1709. Interior node.
-**Provider/_ProviderID_**
+**Provider/_ProviderID_**
Added in Windows 10, version 1709. Provider ID of the configuration source. ProviderID should be unique among the different config sources.
-**Provider/_ProviderID_/ConfigInfo**
+**Provider/_ProviderID_/ConfigInfo**
Added in Windows 10, version 1709. Configuration information string value set by the configuration source. Recommended to use during sync session.
ConfigInfo value can only be set by the provider that owns the ProviderID. The value is readable by other config sources.
-Data type is string.
+Data type is string.
Supported operations are Add, Get, Delete, and Replace.
-**Provider/_ProviderID_/EnrollmentInfo**
+**Provider/_ProviderID_/EnrollmentInfo**
Added in Windows 10, version 1709. Enrollment information string value set by the configuration source and sent during MDM enrollment. It's readable by MDM server during sync session.
-Data type is string.
+Data type is string.
Supported operations are Add, Get, Delete, and Replace.
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/devicemanageability-ddf.md b/windows/client-management/mdm/devicemanageability-ddf.md
index 23dd9b8cf6..8854d21cfc 100644
--- a/windows/client-management/mdm/devicemanageability-ddf.md
+++ b/windows/client-management/mdm/devicemanageability-ddf.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
---
@@ -16,7 +16,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the DeviceManageability configuration service provider. This CSP was added in Windows 10, version 1607.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is for Windows 10, version 1709.
diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index 72be68417e..0f4c3a631c 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -1,12 +1,12 @@
---
title: DeviceStatus CSP
description: Learn how the DeviceStatus configuration service provider keeps track of device inventory and queries the compliance state of devices within the enterprise.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/25/2021
---
@@ -372,4 +372,4 @@ Supported operation is Get.
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md
index f081bf1262..758d3d324d 100644
--- a/windows/client-management/mdm/devicestatus-ddf.md
+++ b/windows/client-management/mdm/devicestatus-ddf.md
@@ -1,12 +1,12 @@
---
title: DeviceStatus DDF
description: This topic shows the OMA DM device description framework (DDF) for the DeviceStatus configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.reviewer:
+ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 03/12/2018
---
@@ -15,7 +15,7 @@ ms.date: 03/12/2018
This topic shows the OMA DM device description framework (DDF) for the **DeviceStatus** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is for Windows 10, version 1803.
diff --git a/windows/client-management/mdm/devinfo-csp.md b/windows/client-management/mdm/devinfo-csp.md
index fe9309086b..eeef8c18ab 100644
--- a/windows/client-management/mdm/devinfo-csp.md
+++ b/windows/client-management/mdm/devinfo-csp.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -43,7 +43,7 @@ DevInfo
----Lang
```
-**DevId**
+**DevId**
Required. Returns an application-specific global unique device identifier by default.
Supported operation is Get.
@@ -55,30 +55,30 @@ The **UseHWDevID** parm of the [DMAcc configuration service provider](dmacc-csp.
- For dual SIM phones, this value is retrieved from the UICC of the primary data line.
- For Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), it returns an application specific global unique identifier (GUID) irrespective of the value of UseHWDevID.
-**Man**
+**Man**
Required. Returns the name of the OEM. For Windows 10 for desktop editions, it returns the SystemManufacturer as defined in HKEY\_LOCAL\_MACHINE\\HARDWARE\\DESCRIPTION\\System\\BIOS\\SystemManufacturer.
If no name is found, this returns to "Unknown".
Supported operation is Get.
-**Mod**
+**Mod**
Required. Returns the name of the hardware device model as specified by the mobile operator. For Windows 10/Windows 11 desktop editions, it returns the SystemProductName as defined in HKEY\_LOCAL\_MACHINE\\HARDWARE\\DESCRIPTION\\System\\BIOS\\SystemProductName.
If no name is found, this returns to "Unknown".
Supported operation is Get.
-**DmV**
+**DmV**
Required. Returns the current management client revision of the device.
Supported operation is Get.
-**Lang**
+**Lang**
Required. Returns the current user interface (UI) language setting of the device as defined by RFC1766.
Supported operation is Get.
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md
index ae70ac7ba1..dca49363e3 100644
--- a/windows/client-management/mdm/devinfo-ddf-file.md
+++ b/windows/client-management/mdm/devinfo-ddf-file.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
---
@@ -15,7 +15,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the **DevInfo** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The XML below is the current version for this CSP.
diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md
index aea55b2259..7f88c701b6 100644
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 11/19/2019
---
@@ -102,7 +102,7 @@ The data type is string.
Expected value:
Set and Execute are functionality equivalent, and each accepts a `Collection` XML snippet (as a string) describing what data to gather and where to upload it. The results are zipped and uploaded to the specified SasUrl. The zipped filename format is "DiagLogs-{ComputerName}-YYYYMMDDTHHMMSSZ.zip".
-With Windows 10 KB5011543, Windows 11 KB5011563, we have added support for an extra element that will determine whether the output file generated by the CSP is a flattened folder structure, instead of having individual folders for each directive in the XML.
+With Windows 10 KB5011543, Windows 11 KB5011563, we have added support for an extra element that will determine whether the output file generated by the CSP is a flattened folder structure, instead of having individual folders for each directive in the XML.
The following example shows a `Collection` XML:
@@ -195,7 +195,7 @@ The SasUrl value is the target URI to which the CSP uploads the zip file contain
- **OutputFileFormat**
- Flattens folder structure, instead of having individual folders for each directive in the XML.
- - The value “Flattened” is the only supported value for the OutputFileFormat. If the OutputFileFormat is absent in the XML, or if explicitly set to something other than Flattened, it will leave the file structure in old structure.
+ - The value “Flattened” is the only supported value for the OutputFileFormat. If the OutputFileFormat is absent in the XML, or if explicitly set to something other than Flattened, it will leave the file structure in old structure.
**DiagnosticArchive/ArchiveResults**
Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting displays the results of the last archive run.
@@ -268,7 +268,7 @@ la--- 1/4/2021 2:45 PM 2
la--- 12/2/2020 6:27 PM 2701 results.xml
```
-Each data gathering directive from the original `Collection` XML corresponds to a folder in the output.
+Each data gathering directive from the original `Collection` XML corresponds to a folder in the output.
For example, the first directive was:
```xml
@@ -921,7 +921,7 @@ For each channel node, the user can:
- Enable or disable the channel from Event Log service to allow or disallow event data being written into the channel.
- Specify an XPath query to filter events while exporting the channel event data.
-For more information about using DiagnosticLog to collect logs remotely from a PC or mobile device, see [Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md).
+For more information about using DiagnosticLog to collect logs remotely from a PC or mobile device, see [Diagnose MDM failures in Windows 10]((../diagnose-mdm-failures-in-windows-10.md).
To gather diagnostics using this CSP:
@@ -1677,4 +1677,4 @@ To read a log file:
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md
index 30dddf70ca..a268523ce4 100644
--- a/windows/client-management/mdm/diagnosticlog-ddf.md
+++ b/windows/client-management/mdm/diagnosticlog-ddf.md
@@ -1,12 +1,12 @@
---
title: DiagnosticLog DDF
-description: Learn about the the OMA DM device description framework (DDF) for the DiagnosticLog configuration service provider (CSP).
+description: Learn about the OMA DM device description framework (DDF) for the DiagnosticLog configuration service provider (CSP).
ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 12/05/2017
---
@@ -15,7 +15,7 @@ ms.date: 12/05/2017
This topic shows the OMA DM device description framework (DDF) for the DiagnosticLog configuration service provider.
-Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md).
The content below are the latest versions of the DDF files:
diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md
index ad9d6ccc76..aa91c7caf5 100644
--- a/windows/client-management/mdm/dmacc-csp.md
+++ b/windows/client-management/mdm/dmacc-csp.md
@@ -5,8 +5,8 @@ ms.reviewer:
manager: aaroncz
ms.author: vinpa
ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
author: vinaypamnani-msft
ms.date: 06/26/2017
---
@@ -71,76 +71,76 @@ DMAcc
----------------DisableOnRoaming
----------------SSLCLIENTCERTSEARCHCRITERIA
```
-**DMAcc**
+**DMAcc**
Required. Defines the root node of all OMA DM server accounts that use the OMA DM version 1.2 protocol.
-***AccountUID***
+***AccountUID***
Optional. Defines the unique identifier for an OMA DM server account that uses the OMA DM version 1.2 protocol.
For a [w7 APPLICATION configuration service provider](w7-application-csp.md) bootstrapped account, this element is assigned a unique name by the OMA DM Client. The unique name is the hexadecimal representation of the 256-bit SHA-2 hash of the provider ID. The OMA DM server can change this node name in subsequent OMA DM sessions.
-***AccountUID*/AppID**
+***AccountUID*/AppID**
Required. Specifies the application identifier for the OMA DM account.
This value must be set to "w7".
Value type is string. Supported operations are Add, Get, and Replace.
-***AccountUID*/ServerID**
+***AccountUID*/ServerID**
Required. Specifies the OMA DM server's unique identifier for the current OMA DM account. This value is case-sensitive.
Value type is string. Supported operations are Add, Get, and Replace.
-***AccountUID*/Name**
+***AccountUID*/Name**
Optional. Specifies the display name of the application.
Value type is string. Supported operations are Add, Get, and Replace.
-***AccountUID*/PrefConRef**
+***AccountUID*/PrefConRef**
Optional. Specifies the preferred connectivity for the OMA DM account.
This element contains either a URI to a NAP management object or a connection GUID used by Connection Manager. If this element is missing, the device uses the default connection that is provided by Connection Manager.
Value type is string. Supported operations are Add, Get, and Replace.
-***AccountUID*/AppAddr**
+***AccountUID*/AppAddr**
Interior node for DM server address.
Required.
-**AppAddr/***ObjectName*
+**AppAddr/***ObjectName*
Required. Defines the OMA DM server address. Only one server address can be configured.
When the [w7 APPLICATION configuration service provider](w7-application-csp.md) is being mapped to the DMAcc Configuration Service Provider, the name of this element is "1". This DM address is the first one encountered in the w7 APPLICATION configuration service provider; other DM accounts are ignored.
-***ObjectName*/Addr**
+***ObjectName*/Addr**
Required. Specifies the address of the OMA DM account. The type of address stored is specified by the AddrType element.
Value type is string. Supported operations are Add, Get, and Replace.
-***ObjectName*/AddrType**
+***ObjectName*/AddrType**
Required. Specifies the format and interpretation of the Addr node value. The default is "URI".
The default value of "URI" specifies that the OMA DM account address in **Addr** is a URI address. A value of "IPv4" specifies that the OMA DM account address in **Addr** is an IP address.
Value type is string. Supported operations are Add, Get, and Replace.
-***ObjectName*/Port**
+***ObjectName*/Port**
Interior node for port information.
Optional.
-**Port/***ObjectName*
+**Port/***ObjectName*
Required. Only one port number can be configured.
When the [w7 APPLICATION configuration service provider](w7-application-csp.md) is being mapped to the DMAcc Configuration Service Provider, the name of this element is "1".
-***ObjectName*/PortNbr**
+***ObjectName*/PortNbr**
Required. Specifies the port number of the OMA MD account address. This number must be a decimal number that fits within the range of a 16-bit unsigned integer.
Value type is string. Supported operations are Add, Get, and Replace.
-***AccountUID*/AAuthPref**
+***AccountUID*/AAuthPref**
Optional. Specifies the application authentication preference.
A value of "BASIC" specifies that the client attempts BASIC authentication. A value of "DIGEST' specifies that the client attempts MD5 authentication.
@@ -149,98 +149,98 @@ If this value is empty, the client attempts to use the authentication mechanism
Value type is string. Supported operations are Add, Get, and Replace.
-***AccountUID*/AppAuth**
+***AccountUID*/AppAuth**
Optional. Defines authentication settings.
-**AppAuth/***ObjectName*
+**AppAuth/***ObjectName*
Required. Defines one set of authentication settings.
When the [w7 APPLICATION configuration service provider](w7-application-csp.md) is being mapped to the DMAcc Configuration Service Provider, the name of this element is same name as the AAuthLevel value ("CLRED" or "SRVCRED").
-***ObjectName*/AAuthlevel**
+***ObjectName*/AAuthlevel**
Required. Specifies the application authentication level.
A value of "CLCRED" indicates that the credentials client will authenticate itself to the OMA DM server at the OMA DM protocol level. A value of "SRVCRED" indicates that the credentials server will authenticate itself to the OMA DM Client at the OMA DM protocol level.
Value type is string. Supported operations are Add and Replace.
-***ObjectName*/AAuthType**
+***ObjectName*/AAuthType**
Required. Specifies the authentication type.
If the AAuthlevel is "CLCRED", the supported values are "BASIC" and "DIGEST". If the AAuthlevel is "SRVCRED", the supported value is "DIGEST".
Value type is string. Supported operations are Add, Get, and Replace.
-***ObjectName*/AAuthName**
+***ObjectName*/AAuthName**
Optional. Specifies the authentication name.
Value type is string. Supported operations are Add, Get, and Replace.
-***ObjectName*/AAuthSecret**
+***ObjectName*/AAuthSecret**
Optional. Specifies the password or secret used for authentication.
Value type is string. Supported operations are Add and Replace.
-***ObjectName*/AAuthData**
+***ObjectName*/AAuthData**
Optional. Specifies the next nonce used for authentication.
"Nonce" refers to a number used once. It's often a random or pseudo-random number issued in an authentication protocol to ensure that old communications can't be reused in repeat attacks.
Value type is binary. Supported operations are Add and Replace.
-***AccountUID*/Ext**
+***AccountUID*/Ext**
Required. Defines a set of extended parameters.
This element holds vendor-specific information about the OMA DM account and is created automatically when the OMA DM account is created.
-**Ext/Microsoft**
+**Ext/Microsoft**
Required. Defines a set of Microsoft-specific extended parameters.
This element is created automatically when the OMA DM account is created.
-**Microsoft/BackCompatRetryDisabled**
+**Microsoft/BackCompatRetryDisabled**
Optional. Specifies whether to retry resending a package with an older protocol version (for example, 1.1) in the SyncHdr on subsequent attempts (not including the first time). The default is "FALSE".
The default value of "FALSE" indicates that backward-compatible retries are enabled. A value of "TRUE" indicates that backward-compatible retries are disabled.
Value type is bool. Supported operations are Add, Get, and Replace.
-**Microsoft/ConnRetryFreq**
+**Microsoft/ConnRetryFreq**
Optional. Specifies the number of retries the DM client performs when there are Connection Manager level or wininet level errors.
The default value is 3.
Value type is integer. Supported operations are Add, Get, and Replace.
-**Microsoft/DefaultEncoding**
+**Microsoft/DefaultEncoding**
Optional. Specifies whether the OMA DM client will use WBXML or XML for the DM package when communicating with the server. The default is "application/vnd.syncml.dm+xml".
The default value of "application/vnd.syncml.dm+xml" specifies that XML is used. A value of "application/vnd.syncml.dm+wbxml" specifies that WBXML is used.
Value type is string. Supported operations are Add, Get, and Replace.
-**Microsoft/InitialBackOffTime**
+**Microsoft/InitialBackOffTime**
Optional. Specifies the initial wait time in milliseconds when the OMA DM client retries for the first time. The wait time grows exponentially.
The default value is 16000.
Value type is integer. Supported operations are Add, Get, and Replace.
-**Microsoft/MaxBackOffTime**
+**Microsoft/MaxBackOffTime**
Optional. This node specifies the maximum number of milliseconds to wait before attempting a connection retry.
The default value is 86400000.
Value type is integer. Supported operations are Add, Get, and Replace.
-**Microsoft/ProtoVer**
+**Microsoft/ProtoVer**
Optional. Specifies the OMA DM Protocol version that the server supports. There's no default value.
Valid values are "1.1" and "1.2". The protocol version set by this element will match the protocol version that the DM client reports to the server in SyncHdr in package 1. If this element isn't specified when adding a DM server account, the latest DM protocol version that the client supports is used. Windows 10 clients support version 1.2.
Value type is string. Supported operations are Add, Get, and Replace.
-**Microsoft/Role**
+**Microsoft/Role**
Required. Specifies the role mask that the OMA DM session runs with when it communicates with the server.
If this parameter isn't present, the DM session is given the role mask of the OMA DM session that the server created. The following list shows the valid security role masks and their values.
@@ -254,7 +254,7 @@ The acceptable access roles for this node can't be more than the roles assigned
Value type is integer. Supported operations are Get and Replace.
-**Microsoft/UseHWDevID**
+**Microsoft/UseHWDevID**
Optional. Specifies whether to use the hardware ID for the ./DevInfo/DevID element in the DM account to identify the device. The default is "FALSE".
The default value of "FALSE" specifies that an application-specific GUID is returned for the ./DevInfo/DevID rather than the hardware device ID.
@@ -267,7 +267,7 @@ A value is "TRUE" specifies that the hardware device ID will be provided for the
Value type is bool. Supported operations are Add, Get, and Replace.
-**Microsoft/UseNonceResync**
+**Microsoft/UseNonceResync**
Optional. Specifies whether the OMA DM client should use the nonce resynchronization procedure if the server trigger notification fails authentication. The default is "FALSE".
If the authentication fails because the server nonce doesn't match the server nonce that is stored on the device, then the device can use the backup nonce as the server nonce. For this procedure to be successful, if the device didn't authenticate with the preconfigured nonce value, the server must then use the backup nonce when sending the signed server notification message.
@@ -276,17 +276,17 @@ The default value of "FALSE" specifies that the client doesn't try to authentica
Value type is bool. Supported operations are Add, Get, and Replace.
-**CRLCheck**
+**CRLCheck**
Optional. Allows connection to the DM server to check the Certificate Revocation List (CRL). Set to true to enable SSL revocation.
Value type is bool. Supported operations are Add, Get, and Replace.
-**DisableOnRoaming**
+**DisableOnRoaming**
Optional. Determines whether the OMA DM client should be launched when roaming.
Value type is bool. Supported operations are Add, Get, and Replace.
-**SSLCLIENTCERTSEARCHCRITERIA**
+**SSLCLIENTCERTSEARCHCRITERIA**
Optional. The SSLCLIENTCERTSEARCHCRITERIA parameter is used to specify the client certificate search criteria. This parameter supports search by subject attribute and certificate stores. If any other criteria are provided, it's ignored.
The string is a concatenation of name/value pairs, each member of the pair delimited by the "&" character. The name and values are delimited by the "=" character. If there are multiple values, each value is delimited by the Unicode character "U+F000". If the name or value contains characters not in the UNRESERVED set (as specified in RFC2396), then those characters are URI-escaped per the RFC.
@@ -301,17 +301,17 @@ Stores specifies which certificate stores the DM client will search to find the
Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following schema:
```xml
-
The root node for the NetworkQoSPolicy configuration service provider.
-**Version** +**Version**Specifies the version information. -
The data type is int. +
The data type is int.
The only supported operation is Get. -***Name*** +***Name***
Node for the QoS policy name. -***Name*/IPProtocolMatchCondition** -
Specifies the IP protocol used to match the network traffic. +***Name*/IPProtocolMatchCondition** +
Specifies the IP protocol used to match the network traffic.
Valid values are: -- 0 (default) - Both TCP and UDP +- 0 (default) - Both TCP and UDP - 1 - TCP - 2 - UDP -
The data type is int. +
The data type is int.
The supported operations are Add, Get, Delete, and Replace. -***Name*/AppPathNameMatchCondition** +***Name*/AppPathNameMatchCondition**
Specifies the name of an application to be used to match the network traffic, such as `application.exe` or `%ProgramFiles%\application.exe`. -
The data type is char. +
The data type is char.
The supported operations are Add, Get, Delete, and Replace. -***Name*/SourcePortMatchCondition** -
Specifies a single port or a range of ports to be used to match the network traffic source. +***Name*/SourcePortMatchCondition** +
Specifies a single port or a range of ports to be used to match the network traffic source. -
Valid values are: +
Valid values are: - A range of source ports: _[first port number]_-_[last port number]_ - A single source port: _[port number]_ - -
The data type is char. + +
The data type is char.
The supported operations are Add, Get, Delete, and Replace. -***Name*/DestinationPortMatchCondition** +***Name*/DestinationPortMatchCondition**
Specifies a single source port or a range of ports to be used to match the network traffic destination. -
Valid values are: +
Valid values are: - A range of destination ports: _[first port number]_-_[last port number]_ - A single destination port: _[port number]_ - -
The data type is char. + +
The data type is char.
The supported operations are Add, Get, Delete, and Replace. -***Name*/PriorityValue8021Action** +***Name*/PriorityValue8021Action**
Specifies the IEEE 802.1p priority value to apply to matching network traffic.
Valid values are 0-7. @@ -121,7 +121,7 @@ NetworkQoSPolicy
The supported operations are Add, Get, Delete, and Replace. -***Name*/DSCPAction** +***Name*/DSCPAction**
The Differentiated Services Code Point (DSCP) value to apply to matching network traffic.
Valid values are 0-63. @@ -136,4 +136,4 @@ NetworkQoSPolicy Read more about the XML DDF structure to create this policy by following the links below: - [More Information about DDF and structure](networkqospolicy-ddf.md) -- [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download) +- [CSP DDF files download](configuration-service-provider-ddf.md) diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md index 972f823ac5..f90310942f 100644 --- a/windows/client-management/mdm/networkqospolicy-ddf.md +++ b/windows/client-management/mdm/networkqospolicy-ddf.md @@ -5,8 +5,8 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: windows-client +ms.technology: itpro-manage author: vinaypamnani-msft ms.date: 12/05/2017 --- @@ -15,7 +15,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **NetworkQoSPolicy** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/nodecache-csp.md b/windows/client-management/mdm/nodecache-csp.md index dc9bf7a054..b7fa0fbc34 100644 --- a/windows/client-management/mdm/nodecache-csp.md +++ b/windows/client-management/mdm/nodecache-csp.md @@ -5,8 +5,8 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: windows-client +ms.technology: itpro-manage author: vinaypamnani-msft ms.date: 06/26/2017 --- @@ -77,45 +77,45 @@ NodeCache ----------------ExpectedValue ----------------AutoSetExpectedValue ``` -**./Device/Vendor/MSFT and ./User/Vendor/MSFT** +**./Device/Vendor/MSFT and ./User/Vendor/MSFT** Required. The root node for the NodeCache object. Supported operation is Get. This configuration service provider is used for enterprise device management only. This parameter's value is a predefined MIME type to identify this managed object in OMA DM syntax. -***ProviderID*** +***ProviderID*** Optional. Group settings per DM server. Each group of settings is distinguished by the server’s Provider ID. It should be the same DM server **PROVIDER-ID** value that was supplied through the [w7 APPLICATION configuration service provider](w7-application-csp.md) XML during the enrollment process. Only one enterprise management server is supported. That is, there should be only one **ProviderID** node under **NodeCache**. Scope is dynamic. Supported operations are Get, Add, and Delete. -***ProviderID*/CacheVersion** +***ProviderID*/CacheVersion** Optional. Character string representing the cache version set by the server. Scope is dynamic. Data type is string. Supported operations are Get, Add, and Replace. -***ProviderID*/ChangedNodes** +***ProviderID*/ChangedNodes** Optional. List of nodes whose values don't match their expected values as specified in **/*NodeID*/ExpectedValue**. Scope is dynamic. Data type is string. Supported operation is Get. -***ProviderID*/ChangedNodesData** +***ProviderID*/ChangedNodesData** Added in Windows 10, version 1703. Optional. XML containing nodes whose values don't match their expected values as specified in /NodeID/ExpectedValue. Supported operation is Get. -***ProviderID*/Nodes** +***ProviderID*/Nodes** Required. Root node for cached nodes. Scope is dynamic. Supported operation is Get. -**/Nodes/***NodeID* +**/Nodes/***NodeID* Optional. Information about each cached node is stored under *NodeID* as specified by the server. This value must not contain a comma. Scope is dynamic. Supported operations are Get, Add, and Delete. -**/*NodeID*/NodeURI** +**/*NodeID*/NodeURI** Required. This node's value is a complete OMA DM node URI. It can specify either an interior or leaf node in the device management tree. Scope is dynamic. Data type is string. Supported operations are Get, Add, and Delete. -**/*NodeID*/ExpectedValue** +**/*NodeID*/ExpectedValue** Required. The server expects this value to be on the device. When the configuration service provider initiates a session, it checks the expected value against the node's actual value. Scope is dynamic. Supported values are string and x-nodemon-nonexistent. Supported operations are Get, Add, and Delete. @@ -137,7 +137,7 @@ Here's an example for setting the ExpectedValue to nonexistent. ``` -**/*NodeID*/AutoSetExpectedValue** +**/*NodeID*/AutoSetExpectedValue** Added in Windows 10, version 1703. Required. This parameter's value automatically sets the value on the device to match the actual value of the node. The node is specified in NodeURI. Supported operations are Add, Get, and Delete. @@ -402,11 +402,11 @@ The value inside of the node tag is the actual value returned by the Uri, which ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) - - - - +[Configuration service provider reference](index.yml) + + + + diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md index 8fb7117803..f5f3d05408 100644 --- a/windows/client-management/mdm/nodecache-ddf-file.md +++ b/windows/client-management/mdm/nodecache-ddf-file.md @@ -5,8 +5,8 @@ ms.reviewer: manager: aaroncz ms.author: vinpa ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: windows-client +ms.technology: itpro-manage author: vinaypamnani-msft ms.date: 12/05/2017 --- @@ -16,7 +16,7 @@ ms.date: 12/05/2017 This topic shows the OMA DM device description framework (DDF) for the **NodeCache** configuration service provider. DDF files are used only with OMA DM provisioning XML. -Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-ddf.md). The XML below is the current version for this CSP. diff --git a/windows/client-management/mdm/office-csp.md b/windows/client-management/mdm/office-csp.md index 5fc7af65c0..ce956ea412 100644 --- a/windows/client-management/mdm/office-csp.md +++ b/windows/client-management/mdm/office-csp.md @@ -3,8 +3,8 @@ title: Office CSP description: The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device. This CSP was added in Windows 10, version 1703. ms.author: vinpa ms.topic: article -ms.prod: w10 -ms.technology: windows +ms.prod: windows-client +ms.technology: itpro-manage author: vinaypamnani-msft ms.date: 08/15/2018 ms.reviewer: @@ -24,7 +24,7 @@ The table below shows the applicability of Windows: |Enterprise|Yes|Yes| |Education|Yes|Yes| -The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool (ODT). For more information, see [Configuration options for the Office Deployment Tool](/deployoffice/office-deployment-tool-configuration-options) and [How to assign Office 365 apps to Windows 10 devices with Microsoft Intune](/intune/apps-add-office365). +The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool (ODT). For more information, see [Configuration options for the Office Deployment Tool](/deployoffice/office-deployment-tool-configuration-options) and [How to assign Office 365 apps to Windows 10 devices with Microsoft Intune](/intune/apps-add-office365). This CSP was added in Windows 10, version 1703. @@ -58,41 +58,41 @@ Office ------------Status ``` -**./Device/Vendor/MSFT/Office/ or ./User/Vendor/MSFT/Office** +**./Device/Vendor/MSFT/Office/ or ./User/Vendor/MSFT/Office** The root node for the Office configuration service provider.
-**Installation** +**Installation** Specifies the options for the Microsoft Office installation. The supported operations are Add, Delete, and Get. -**Installation/_id_** -Specifies a unique identifier that represents the ID of the Microsoft Office product to install. +**Installation/_id_** +Specifies a unique identifier that represents the ID of the Microsoft Office product to install. The supported operations are Add, Delete, and Get. -**Installation/_id_/Install** -Installs Office by using the XML data specified in the configuration.xml file. +**Installation/_id_/Install** +Installs Office by using the XML data specified in the configuration.xml file. The supported operations are Get and Execute. -**Installation/_id_/Status** -The Microsoft Office installation status. +**Installation/_id_/Status** +The Microsoft Office installation status. The only supported operation is Get. -**Installation/_id_/FinalStatus** +**Installation/_id_/FinalStatus** Added in Windows 10, version 1809. Indicates the status of the Final Office 365 installation. The only supported operation is Get. -Behavior: +Behavior: - When Office CSP is triggered to install, it will first check if the FinalStatus node exists or not. If the node exists, delete it. -- When Office installation reaches any terminal states (either success or failure), this node is created that contains the following values: +- When Office installation reaches any terminal states (either success or failure), this node is created that contains the following values: - When status = 0: 70 (succeeded) - When status!= 0: 60 (failed) -**Installation/CurrentStatus** +**Installation/CurrentStatus** Returns an XML of current Office 365 installation status on the device. The only supported operation is Get. @@ -112,7 +112,7 @@ Sample SyncML to install Microsoft 365 Apps for business Retail from current chaDefines the root node for the Personalization configuration service provider.
-**DesktopImageUrl** +**DesktopImageUrl**Specify a jpg, jpeg or png image to be used as Desktop Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.
Value type is string. Supported operations are Add, Get, Delete, and Replace.
-**DesktopImageStatus** +**DesktopImageStatus**Represents the status of the desktop image. Valid values:
Specify a jpg, jpeg or png image to be used as Lock Screen Image. This setting can take an http or https Url to a remote image to be downloaded, a file Url to a local image.
Value type is string. Supported operations are Add, Get, Delete, and Replace.
-**LockScreenImageStatus** +**LockScreenImageStatus**Represents the status of the lock screen image. Valid values:
./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall. Each ADMX-backed policy or preference that is added is assigned a unique ID. For more information about using Policy CSP to configure Win32 and Desktop Bridge app policies, see [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md).
+Added in Windows 10, version 1703. Allows settings for ADMX files for Win32 and Desktop Bridge apps to be imported (ingested) by your device and processed into new ADMX-backed policies or preferences. By using ADMXInstall, you can add ADMX-backed policies for those Win32 or Desktop Bridge apps that have been added between OS releases. ADMX-backed policies are ingested to your device by using the Policy CSP URI: ./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall. Each ADMX-backed policy or preference that is added is assigned a unique ID. For more information about using Policy CSP to configure Win32 and Desktop Bridge app policies, see [Win32 and Desktop Bridge app policy configuration](../win32-and-centennial-app-policy-configuration.md).
> [!NOTE]
> The OPAX settings that are managed by the Microsoft Office Customization Tool are not supported by MDM. For more information about this tool, see [Office Customization Tool](/previous-versions/office/office-2013-resource-kit/cc179097(v=office.15)).
@@ -6643,6 +6643,14 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
+### FederatedAuthentication policies
+
+
+
### Feeds policies