deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 04:13:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' into do-meta

Browse Source
This commit is contained in:
Meghan Stewart
2023-10-02 11:46:29 -07:00
committed by GitHub
parent 91b9ebcf87 25b52ab25b
commit 3254a60e40
344 changed files with 8063 additions and 3523 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
windows/deployment/customize-boot-image.md
View File

@ -7,7 +7,7 @@ author: frankroj
manager: aaroncz
ms.author: frankroj
ms.topic: article
ms.date: 08/22/2023
ms.date: 09/05/2023
ms.technology: itpro-deploy
appliesto:
-<a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
@ -108,7 +108,7 @@ Before modifying the desired boot image, make a backup copy of the boot image th
Adjust the above paths for 32-bit boot images (only available with Windows 10 ADKs).
The following commands backs up the 64-bit boot image included with the **Windows PE add-on for the Windows ADK**:
The following command backs up the 64-bit boot image included with the **Windows PE add-on for the Windows ADK**:
### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
From an elevated **PowerShell** command prompt, run the following command to create a backup copy of the 64-bit boot image included with the Windows ADK. If a backed-up boot image already exists, this command needs confirmation before it overwrites the existing backed up boot image:
@ -634,7 +634,7 @@ copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windo
copy "<Mount_folder_path>\Windows\Boot\EFI\bootmgr.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\bootmgr.efi"
copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.bak.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.efi"
copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.bak.efi"
copy "<Mount_folder_path>\Windows\Boot\EFI\bootmgfw.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.efi"
```
@ -646,7 +646,7 @@ copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windo
copy "C:\Mount\Windows\Boot\EFI\bootmgr.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\bootmgr.efi"
copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.bak.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.efi"
copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.bak.efi"
copy "C:\Mount\Windows\Boot\EFI\bootmgfw.efi" "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\Media\EFI\Boot\bootx64.efi"
```
@ -840,7 +840,7 @@ For more information, see [Modify a Windows image using DISM: Unmounting an imag
**Example**:
```powershell
Remove-Item - Path "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim" -Force
Remove-Item -Path "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\en-us\winpe.wim" -Force
```
For more information, see [Remove-Item](/powershell/module/microsoft.powershell.management/remove-item).
@ -1019,7 +1019,7 @@ This process updates the boot image used by Configuration Manager. It also updat
### Updating Configuration Manager boot media
After completing the walkthrough, including updating boot images in Configuration Manager, update any Configuration Manager task sequence media. Updating any Configuration Manager task sequence media ensures that the task sequence media has both the updated boot image. If applicable, it will also updat bootmgr boot files on the media by extracting the latest versions from the boot image. For more information on creating Configuration Manager task sequence media, see [Create task sequence media](/mem/configmgr/osd/deploy-use/create-task-sequence-media).
After completing the walkthrough, including updating boot images in Configuration Manager, update any Configuration Manager task sequence media. Updating any Configuration Manager task sequence media ensures that the task sequence media has both the updated boot image. If applicable, it will also update bootmgr boot files on the media by extracting the latest versions from the boot image. For more information on creating Configuration Manager task sequence media, see [Create task sequence media](/mem/configmgr/osd/deploy-use/create-task-sequence-media).
## Microsoft Deployment Toolkit (MDT) considerations
@ -1154,7 +1154,7 @@ then follow these steps to update the boot image in WDS:
---
2. Once the existing boot image in WDS has been replaced, restart the WDS service:
1. Once the existing boot image in WDS has been replaced, restart the WDS service:
#### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
@ -1233,7 +1233,7 @@ then follow these steps to add the boot image in WDS:
---
2. Once the existing boot image in WDS has been replaced, restart the WDS service:
1. Once the existing boot image in WDS has been replaced, restart the WDS service:
#### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
@ -1271,7 +1271,12 @@ The **boot.wim** that is part of Windows installation media isn't supported for
## Windows Server 2012 R2
This walk-through isn't intended for use with Windows Server 2012 R2. Although the steps in this article may work with Windows Server 2012 R2 when using older versions of the Windows ADK. However it may have compatibility problems with versions of the Windows ADK that are newer than the [ADK for Windows 10, version 2004](/windows-hardware/get-started/adk-install#other-adk-downloads). For server OSes, it's recommended to use Windows Server 2016 or later for this walk-through. For more information, see [Windows Server 2012 R2 Lifecycle](/lifecycle/products/windows-server-2012-r2).
This walk-through isn't intended for use with Windows Server 2012 R2. The steps in this article may work with Windows Server 2012 R2 when using older versions of the Windows ADK. However, it may have compatibility problems with versions of the Windows ADK that are newer than the [ADK for Windows 10, version 2004](/windows-hardware/get-started/adk-install#other-adk-downloads). To resolve compatibility problems with newer ADKs and Windows Server 2012 R2:
1. Upgrade Windows Server 2012 R2 to a newer version of Windows Server.
1. Perform the boot image customizations on a computer running a version of Windows that supports the newer ADKs, for example Windows 10 or Windows 11, and then transfer the modified boot image to the Windows Server 2012 R2 server.
For more information, see [Windows Server 2012 R2 Lifecycle](/lifecycle/products/windows-server-2012-r2).
## Related articles

4
windows/deployment/update/check-release-health.md
View File

@ -13,7 +13,7 @@ ms.localizationpriority: medium
appliesto:
-<a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-<a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
ms.date: 06/07/2023
ms.date: 09/08/2023
---
# How to check Windows release health
@ -36,7 +36,7 @@ Ensure the following prerequisites are met to display the Windows release health
- Most roles containing the word `administrator` give you access to the Windows release health page such as [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator), [Helpdesk Administrator](/azure/active-directory/roles/permissions-reference#helpdesk-administrator), and [Service Support Administrator](/azure/active-directory/roles/permissions-reference#service-support-administrator). For more information, see [Assign admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/assign-admin-roles).
> [!NOTE]
> Currently, Windows release health isn't available for Government Community Cloud (GCC) tenants.
> Currently, Windows release health is available for Government Community Cloud (GCC) tenants, but isn't available for GCC High and DoD. <!--8337541-->
## How to review Windows release health information

2
windows/deployment/usmt/usmt-best-practices.md
View File

@ -69,7 +69,7 @@ As the authorized administrator, it is your responsibility to protect the privac
- **Maintain security of the file server and the deployment server**
We recommend that you manage the security of the file and deployment servers. It's important to make sure that the file server where you save the store is secure. You must also secure the deployment server, to ensure that the user data that is in the log files isn't exposed. We also recommend that you only transmit data over a secure Internet connection, such as a virtual private network. For more information about network security, see [Microsoft Security Compliance Manager](https://go.microsoft.com/fwlink/p/?LinkId=215657).
We recommend that you manage the security of the file and deployment servers. It's important to make sure that the file server where you save the store is secure. You must also secure the deployment server, to ensure that the user data that is in the log files isn't exposed. We also recommend that you only transmit data over a secure Internet connection, such as a virtual private network. For more information about network security, see [Microsoft Security Compliance Manager](https://www.microsoft.com/download/details.aspx?id=53353).
- **Password Migration**

198
windows/deployment/usmt/usmt-exclude-files-and-settings.md
View File

@ -5,14 +5,14 @@ manager: aaroncz
ms.author: frankroj
ms.prod: windows-client
author: frankroj
ms.date: 11/01/2022
ms.date: 09/18/2023
ms.topic: article
ms.technology: itpro-deploy
---
# Exclude files and settings
When you specify the migration .xml files, `MigApp.xml`, `MigDocs.xml`, and `MigUser.xml`, the User State Migration Tool (USMT) 10.0 migrates the settings and components listed, as discussed in [What does USMT migrate?](usmt-what-does-usmt-migrate.md) You can create a custom .xml file to further specify what to include or exclude in the migration. In addition you can create a `Config.xml` file to exclude an entire component from a migration. You can't, however, exclude users by using the migration .xml files or the `Config.xml` file. The only way to specify which users to include and exclude is by using the user options on the command line in the ScanState tool. For more information, see the [User options](usmt-scanstate-syntax.md#user-options) section of the [ScanState syntax](usmt-scanstate-syntax.md) article.
When you specify the migration .xml files, `MigApp.xml`, `MigDocs.xml`, and `MigUser.xml`, the User State Migration Tool (USMT) 10.0 migrates the settings and components listed, as discussed in [What does USMT migrate?](usmt-what-does-usmt-migrate.md) You can create a custom .xml file to further specify what to include or exclude in the migration. In addition, you can create a `Config.xml` file to exclude an entire component from a migration. You can't, however, exclude users by using the migration .xml files or the `Config.xml` file. The only way to specify which users to include and exclude is by using the user options on the command line in the ScanState tool. For more information, see the [User options](usmt-scanstate-syntax.md#user-options) section of the [ScanState syntax](usmt-scanstate-syntax.md) article.
Methods to customize the migration and include and exclude files and settings include:
@ -33,7 +33,8 @@ We recommend that you create a custom .xml file instead of modifying the default
The migration .xml files, `MigApp.xml`, `MigDocs.xml`, and `MigUser.xml`, contain the **&lt;component&gt;** element, which typically represents a self-contained component or an application such as Microsoft® Office Outlook® and Word. To exclude the files and registry settings that are associated with these components, use the **&lt;include&gt;** and **&lt;exclude&gt;** elements. For example, you can use these elements to migrate all files and settings with pattern X except files and settings with pattern Y, where Y is more specific than X. For the syntax of these elements, see [USMT XML Reference](usmt-xml-reference.md).
> [!NOTE]
> If you specify an **&lt;exclude&gt;** rule, always specify a corresponding **&lt;include&gt;** rule. Otherwise, if you do not specify an **&lt;include&gt;** rule, the specific files or settings will not be included. They will already be excluded from the migration. Thus, an unaccompanied **&lt;exclude&gt;** rule is unnecessary.
>
> If you specify an **&lt;exclude&gt;** rule, always specify a corresponding **&lt;include&gt;** rule. Otherwise, if you don't specify an **&lt;include&gt;** rule, the specific files or settings aren't included. They're already excluded from the migration. Thus, an unaccompanied **&lt;exclude&gt;** rule is unnecessary.
- [Example 1: How to migrate all files from C:\\ except .mp3 files](#example-1-how-to-migrate-all-files-from-c-except-mp3-files)
@ -82,16 +83,16 @@ The following .xml file migrates all files and subfolders in `C:\Data`, except t
<displayName _locID="miguser.sharedvideo">Test component</displayName>
<role role="Data">
<rules>
<include>
<objectSet>
<pattern type="File">C:\Data\* [*]</pattern>
</objectSet>
</include>
<exclude>
<objectSet>
<pattern type="File"> C:\Data\temp\* [*]</pattern>
</objectSet>
</exclude>
<include>
<objectSet>
<pattern type="File">C:\Data\* [*]</pattern>
</objectSet>
</include>
<exclude>
<objectSet>
<pattern type="File"> C:\Data\temp\* [*]</pattern>
</objectSet>
</exclude>
</rules>
</role>
</component>
@ -104,23 +105,23 @@ The following .xml file migrates any subfolders in `C:\`EngineeringDrafts`, but
```xml
<migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
<component type="Documents" context="System">
<displayName>Component to migrate all Engineering Drafts Documents without subfolders</displayName>
<role role="Data">
<rules>
<include>
<objectSet>
<pattern type="File"> C:\EngineeringDrafts\* [*]</pattern>
</objectSet>
</include>
<exclude>
<objectSet>
<pattern type="File"> C:\EngineeringDrafts\ [*]</pattern>
</objectSet>
</exclude>
</rules>
</role>
</component>
<component type="Documents" context="System">
<displayName>Component to migrate all Engineering Drafts Documents without subfolders</displayName>
<role role="Data">
<rules>
<include>
<objectSet>
<pattern type="File"> C:\EngineeringDrafts\* [*]</pattern>
</objectSet>
</include>
<exclude>
<objectSet>
<pattern type="File"> C:\EngineeringDrafts\ [*]</pattern>
</objectSet>
</exclude>
</rules>
</role>
</component>
</migration>
```
@ -130,35 +131,35 @@ The following .xml file migrates all files and subfolders in `C:\EngineeringDraf
```xml
<migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
<component type="Documents" context="System">
<displayName>Component to migrate all Engineering Drafts Documents except Sample.doc</displayName>
<role role="Data">
<rules>
<include>
<objectSet>
<pattern type="File"> C:\EngineeringDrafts\* [*]</pattern>
</objectSet>
</include>
<exclude>
<objectSet>
<pattern type="File"> C:\EngineeringDrafts\ [Sample.doc]</pattern>
</objectSet>
</exclude>
</rules>
</role>
</component>
<component type="Documents" context="System">
<displayName>Component to migrate all Engineering Drafts Documents except Sample.doc</displayName>
<role role="Data">
<rules>
<include>
<objectSet>
<pattern type="File"> C:\EngineeringDrafts\* [*]</pattern>
</objectSet>
</include>
<exclude>
<objectSet>
<pattern type="File"> C:\EngineeringDrafts\ [Sample.doc]</pattern>
</objectSet>
</exclude>
</rules>
</role>
</component>
</migration>
```
### Example 5: How to exclude a file from any location
To exclude a Sample.doc file from any location on the C: drive, use the **&lt;pattern&gt;** element. If multiple files exist with the same name on the C: drive, all of these files will be excluded.
To exclude a Sample.doc file from any location on the C: drive, use the **&lt;pattern&gt;** element. If multiple files exist with the same name on the C: drive, all of these files are excluded.
```xml
<pattern type="File"> C:\* [Sample.doc] </pattern>
```
To exclude a Sample.doc file from any drive on the computer, use the **&lt;script&gt;** element. If multiple files exist with the same name, all of these files will be excluded.
To exclude a Sample.doc file from any drive on the computer, use the **&lt;script&gt;** element. If multiple files exist with the same name, all of these files are excluded.
```xml
<script>MigXmlHelper.GenerateDrivePatterns("* [sample.doc]", "Fixed")</script>
@ -174,15 +175,15 @@ The following .xml file excludes all `.mp3` files from the migration:
```xml
<migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/excludefiles">
<component context="System" type="Documents">
<component context="System" type="Documents">
<displayName>Test</displayName>
<role role="Data">
<rules>
<unconditionalExclude>
<objectSet>
<script>MigXmlHelper.GenerateDrivePatterns ("* [*.mp3]", "Fixed")</script>
</objectSet>
</unconditionalExclude>
<unconditionalExclude>
<objectSet>
<script>MigXmlHelper.GenerateDrivePatterns ("* [*.mp3]", "Fixed")</script>
</objectSet>
</unconditionalExclude>
</rules>
</role>
</component>
@ -199,11 +200,11 @@ The following .xml file excludes only the files located on the C: drive.
<displayName>Test</displayName>
<role role="Data">
<rules>
<unconditionalExclude>
<unconditionalExclude>
<objectSet>
<pattern type="File">c:\*[*]</pattern>
<pattern type="File">c:\*[*]</pattern>
</objectSet>
</unconditionalExclude>
</unconditionalExclude>
</rules>
</role>
</component>
@ -217,53 +218,53 @@ The following .xml file unconditionally excludes the `HKEY_CURRENT_USER` registr
```xml
<?xml version="1.0" encoding="UTF-8"?>
<migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/miguser">
<component type="Documents" context="User">
<displayName>Test</displayName>
<role role="Data">
<rules>
<include>
<objectSet>
<pattern type="Registry">HKCU\testReg[*]</pattern>
</objectSet>
</include>
<unconditionalExclude>
<objectSet>
<pattern type="Registry">HKCU\*[*]</pattern>
</objectSet>
</unconditionalExclude>
</rules>
</role>
</component>
<component type="Documents" context="User">
<displayName>Test</displayName>
<role role="Data">
<rules>
<include>
<objectSet>
<pattern type="Registry">HKCU\testReg[*]</pattern>
</objectSet>
</include>
<unconditionalExclude>
<objectSet>
<pattern type="Registry">HKCU\*[*]</pattern>
</objectSet>
</unconditionalExclude>
</rules>
</role>
</component>
</migration>
```
##### Example 4: How to Exclude `C:\Windows` and `C:\Program Files`
The following .xml file unconditionally excludes the system folders of `C:\Windows` and `C:\Program Files`. Note that all `*.docx`, `*.xls` and `*.ppt` files won't be migrated because the **&lt;unconditionalExclude&gt;** element takes precedence over the **&lt;include&gt;** element.
The following .xml file unconditionally excludes the system folders of `C:\Windows` and `C:\Program Files`. All `*.docx`, `*.xls` and `*.ppt` files aren't migrated because the **&lt;unconditionalExclude&gt;** element takes precedence over the **&lt;include&gt;** element.
```xml
<?xml version="1.0" encoding="UTF-8"?>
<migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/miguser">
<component type="Documents" context="System">
<displayName>Test</displayName>
<role role="Data">
<rules>
<include>
<objectSet>
<script>MigXmlHelper.GenerateDrivePatterns ("* [*.doc]", "Fixed")</script>
<script>MigXmlHelper.GenerateDrivePatterns ("* [*.xls]", "Fixed")</script>
<script>MigXmlHelper.GenerateDrivePatterns ("* [*.ppt]", "Fixed")</script>
</objectSet>
</include>
<unconditionalExclude>
<objectSet>
<pattern type="File">C:\Program Files\* [*]</pattern>
<pattern type="File">C:\Windows\* [*]</pattern>
</objectSet>
</unconditionalExclude>
</rules>
</role>
</component>
<component type="Documents" context="System">
<displayName>Test</displayName>
<role role="Data">
<rules>
<include>
<objectSet>
<script>MigXmlHelper.GenerateDrivePatterns ("* [*.doc]", "Fixed")</script>
<script>MigXmlHelper.GenerateDrivePatterns ("* [*.xls]", "Fixed")</script>
<script>MigXmlHelper.GenerateDrivePatterns ("* [*.ppt]", "Fixed")</script>
</objectSet>
</include>
<unconditionalExclude>
<objectSet>
<pattern type="File">C:\Program Files\* [*]</pattern>
<pattern type="File">C:\Windows\* [*]</pattern>
</objectSet>
</unconditionalExclude>
</rules>
</role>
</component>
</migration>
```
@ -275,12 +276,13 @@ You can create and modify a `Config.xml` file if you want to exclude components
- **To exclude an operating system setting:** Specify `migrate="no"` for the setting under the **&lt;WindowsComponents&gt;** section.
- **To exclude My Documents:** Specify `migrate="no"` for **My Documents** under the **&lt;Documents&gt;** section. Note that any **&lt;include&gt;** rules in the .xml files will still apply. For example, if you have a rule that includes all the .docx files in My Documents, then only the .docx files will be migrated, but the rest of the files won't.
- **To exclude My Documents:** Specify `migrate="no"` for **My Documents** under the **&lt;Documents&gt;** section. Any **&lt;include&gt;** rules in the .xml files are still applied. For example, if you have a rule that includes all the .docx files in My Documents, then .docx files are still migrated. However, any additional files that aren't .docx aren't migrated.
For more information, see [Config.xml File](usmt-configxml-file.md).
> [!NOTE]
> To exclude a component from the `Config.xml` file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the `Config.xml` file will not exclude the component from your migration.
>
> To exclude a component from the `Config.xml` file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the `Config.xml` file doesn't exclude the component from your migration.
## Related articles

4
windows/deployment/windows-autopatch/TOC.yml
View File

@ -123,10 +123,10 @@
href: references/windows-autopatch-windows-update-unsupported-policies.md
- name: Microsoft 365 Apps for enterprise update policies
href: references/windows-autopatch-microsoft-365-policies.md
- name: Conflicting configurations
href: references/windows-autopatch-conflicting-configurations.md
- name: Changes made at tenant enrollment
href: references/windows-autopatch-changes-to-tenant.md
- name: Driver and firmware updates public preview addendum
href: references/windows-autopatch-driver-and-firmware-updates-public-preview-addendum.md
- name: What's new
href:
items:

2
windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md
View File

@ -1,7 +1,7 @@
---
title: Add and verify admin contacts
description: This article explains how to add and verify admin contacts
ms.date: 05/30/2022
ms.date: 09/15/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: how-to

2
windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
View File

@ -68,7 +68,7 @@ Before you start managing Autopatch groups, ensure youve met the following pr
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Select **Devices** from the left navigation menu.
1. Under the **Windows Autopatch** section, select **Release management**.
1. In the **Release management** blade, select **Autopatch groups (preview)**.
1. In the **Release management** blade, select **Autopatch groups**.
1. In the **Autopatch groups** blade, select **Create**.
1. In **Basics** page, enter a **name** and a **description** then select **Next: Deployment rings**.
1. Enter up to 64 characters for the Autopatch group name and 150 characters maximum for the description. The Autopatch group name is appended to both the update rings and the DSS policy names that get created once the Custom Autopatch group is created.

2
windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md
View File

@ -1,7 +1,7 @@
---
title: Microsoft Edge
description: This article explains how Microsoft Edge updates are managed in Windows Autopatch
ms.date: 05/30/2022
ms.date: 09/15/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: conceptual

2
windows/deployment/windows-autopatch/operate/windows-autopatch-manage-driver-and-firmware-updates.md
View File

@ -29,7 +29,7 @@ Switching the toggle between Automatic and Self-managed modes creates driver pro
| Modes | Description |
| ----- | -----|
| Automatic | We recommend using **Automatic** mode.<p>Automatic mode (default) is recommended for organizations with standard Original Equipment Manufacturer (OEM) devices where no recent driver or hardware issues have occurred due to Windows Updates. Automatic mode ensures the most secure drivers are installed using Autopatch deployment ring rollout.</p> |
| Self-managed | When you use the the **Self-managed** mode for drivers and firmware, no drivers are installed in your environment without your explicit approval. You can still use Intune to choose specific drivers and deploy them on a ring-by-ring basis.<p>Self-managed mode turns off Windows Autopatchs automatic driver deployment. Instead, the Administrator controls the driver deployment.<p>The Administrator selects the individual driver within an Intune driver update profile. Then, Autopatch creates an Intune driver update profile per deployment ring. Drivers can vary between deployment rings.</p><p>The drivers listed for selection represent only the drivers needed for the targeted clients, which are the Autopatch rings. Therefore, the drivers offered may vary between rings depending on the variety of device hardware in an organization.</p> |
| Self-managed | When you use **Self-managed** mode, no drivers are installed in your environment without your explicit approval. You can still use Intune to choose specific drivers and deploy them on a ring-by-ring basis.<p>Self-managed mode turns off Windows Autopatchs automatic driver deployment. Instead, the Administrator controls the driver deployment.<p>The Administrator selects the individual driver within an Intune driver update profile. Then, Autopatch creates an Intune driver update profile per deployment ring. Drivers can vary between deployment rings.</p><p>The drivers listed for selection represent only the drivers needed for the targeted clients, which are the Autopatch rings. Therefore, the drivers offered may vary between rings depending on the variety of device hardware in an organization.</p> |
## Set driver and firmware updates to Automatic or Self-managed mode

2
windows/deployment/windows-autopatch/operate/windows-autopatch-teams.md
View File

@ -1,7 +1,7 @@
---
title: Microsoft Teams
description: This article explains how Microsoft Teams updates are managed in Windows Autopatch
ms.date: 05/30/2022
ms.date: 09/15/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: conceptual

4
windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md
View File

@ -55,7 +55,7 @@ For more information and assistance with preparing for your Windows Autopatch de
| [Register devices](../deploy/windows-autopatch-register-devices.md)<ul><li>[Review your device registration options](../deploy/windows-autopatch-device-registration-overview.md)</li><li>[Register your first devices](../deploy/windows-autopatch-register-devices.md) | :heavy_check_mark: | :x: |
| [Run the pre-registration device readiness checks](../deploy/windows-autopatch-register-devices.md#about-the-registered-not-ready-and-not-registered-tabs) | :x: | :heavy_check_mark: |
| Automatically assign devices to deployment rings at device registration<ul><li>[Default Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group)</li><li>[Custom Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul>| :x: | :heavy_check_mark: |
| Remediate registration issues<ul><li>[For devices displayed in the **Not ready** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade)</li><li>[For devices displayed in the **Not registered** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade)</li></ul> | :heavy_check_mark: | :x: |
| Remediate registration issues<ul><li>[For devices displayed in the **Not ready** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade)</li><li>[For devices displayed in the **Not registered** tab](../deploy/windows-autopatch-post-reg-readiness-checks.md#about-the-three-tabs-in-the-devices-blade)</li><li>[For devices with conflicting configurations](../references/windows-autopatch-conflicting-configurations.md)</li></ul> | :heavy_check_mark: | :x: |
| Populate the Test and Last deployment ring membership<ul><li>[Default Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-the-default-autopatch-group)</li><li>[Custom Windows Autopatch group deployment rings](../deploy/windows-autopatch-groups-overview.md#about-custom-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
| [Manually override device assignments to deployment rings](../operate/windows-autopatch-update-management.md#moving-devices-in-between-deployment-rings) | :heavy_check_mark: | :x: |
| Review device conflict scenarios<ul><li>[Device conflict in deployment rings within an Autopatch group](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-in-deployment-rings-within-an-autopatch-group)</li><li>[Device conflict across different Autopatch groups](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#device-conflict-across-different-autopatch-groups)</li></ul> | :heavy_check_mark: | :x: |
@ -87,7 +87,7 @@ For more information and assistance with preparing for your Windows Autopatch de
| [Pause updates (initiated by you)](../operate/windows-autopatch-groups-windows-quality-update-overview.md#pause-and-resume-a-release) | :heavy_check_mark: | :x: |
| Run [on-going post-registration device readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md) | :x: | :heavy_check_mark: |
| Maintain existing configurations<ul><li>Remove your devices from existing and unsupported [Windows update](../references/windows-autopatch-windows-update-unsupported-policies.md) and [Microsoft 365](../references/windows-autopatch-microsoft-365-policies.md) policies</li><li>Consult [General considerations](../overview/windows-autopatch-deployment-guide.md#general-considerations)</ul> | :heavy_check_mark: | :x: |
| Understand the health of [Up to date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) devices and investigate devices that are<ul><li>[Not up to date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-up-to-date-devices)</li><li>[Not ready](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-ready-devices)</li><li>have [Device alerts](../operate/windows-autopatch-device-alerts.md)</li></ul>
| Understand the health of [Up to date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#up-to-date-devices) devices and investigate devices that are<ul><li>[Not up to date](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-up-to-date-devices)</li><li>[Not ready](../operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md#not-ready-devices)</li><li>have [Device alerts](../operate/windows-autopatch-device-alerts.md)</li><li>have [conflicting configurations](../references/windows-autopatch-conflicting-configurations.md)</li></ul>
| [Raise, manage and resolve a service incident if an update management area isn't meeting the service level objective](windows-autopatch-overview.md#update-management) | :x: | :heavy_check_mark: |
| [Exclude a device](../operate/windows-autopatch-exclude-device.md) | :heavy_check_mark: | :x: |
| [Register a device that was previously excluded](../operate/windows-autopatch-exclude-device.md#restore-a-device-or-multiple-devices-previously-excluded) | :heavy_check_mark: | :x: |

2
windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md
View File

@ -1,7 +1,7 @@
---
title: Configure your network
description: This article details the network configurations needed for Windows Autopatch
ms.date: 05/30/2022
ms.date: 09/15/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: how-to

2
windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
View File

@ -1,7 +1,7 @@
---
title: Enroll your tenant
description: This article details how to enroll your tenant
ms.date: 07/11/2022
ms.date: 09/15/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: how-to

153
windows/deployment/windows-autopatch/references/windows-autopatch-conflicting-configurations.md Normal file
View File

@ -0,0 +1,153 @@
---
title: Conflicting configurations
description: This article explains how to remediate conflicting configurations affecting the Windows Autopatch service.
ms.date: 09/05/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: conceptual
ms.localizationpriority: medium
author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: adnich
ms.collection:
- highpri
- tier1
---
# Conflicting configurations (public preview)
> [!IMPORTANT]
> This feature is in **public preview**. The feature is being actively developed and might not be complete.
During Readiness checks, if there are devices with conflicting registry configurations, notifications are listed in the **Not ready** tab. The notifications include a list of alerts that explain why the device isn't ready for updates. Instructions are provided on how to resolve the issue(s). You can review any device marked as **Not ready** and remediate them to a **Ready** state.
Windows Autopatch monitors conflicting configurations. Youre notified of the specific registry values that prevent Windows from updating properly. These registry keys should be removed to resolve the conflict. However, its possible that other services write back the registry keys. Its recommended that you review common sources for conflicting configurations to ensure your devices continue to receive Windows Updates.
The most common sources of conflicting configurations include:
- Active Directory Group Policy (GPO)
- Configuration Manager Device client settings
- Windows Update for Business (WUfB) policies
- Manual registry updates
- Local Group Policy settings applied during imaging (LGPO)
## Registry keys inspected by Autopatch
```cmd
Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations Value=Any
Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DisableWindowsUpdateAccess Value=Any
Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServer String=Any
Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\UseWUServer Value=Any
Location= HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate Value=Any
```
## Resolving conflicts
Windows Autopatch recommends removing the conflicting configurations. The following remediation examples can be used to remove conflicting settings and registry keys when targeted at Autopatch-managed clients.
> [!IMPORTANT]
> **Its recommended to only target devices with conflicting configuration alerts**. The following remediation examples can affect devices that arent managed by Windows Autopatch, be sure to target accordingly.
### Intune Remediation
Navigate to Intune Remediations and create a remediation using the following examples. Its recommended to create a single remediation per value to understand if the value persists after removal.
If you use either [**Detect**](#detect) and/or [**Remediate**](#remediate) actions, ensure to update the appropriate **Path** and **Value** called out in the Alert. For more information, see [Remediations](/mem/intune/fundamentals/remediations).
#### Detect
```powershell
if((Get-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate).PSObject.Properties.Name -contains 'DoNotConnectToWindowsUpdateInternetLocations') {
Exit 1
} else {
exit 0
}
```
| Alert details | Description |
| ----- | ----- |
| Path | `HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate` |
| Value | `DoNotConnectToWindowsUpdateInternetLocations` |
#### Remediate
```powershell
if((Get-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate).PSObject.Properties.Name -contains 'DoNotConnectToWindowsUpdateInternetLocations') {
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "DoNotConnectToWindowsUpdateInternetLocations"
}
```
| Alert details | Description |
| ----- | ----- |
| Path | `HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate` |
| Value | `DoNotConnectToWindowsUpdateInternetLocations` |
### PowerShell
Copy and paste the following PowerShell script into PowerShell or a PowerShell editor, and save it with a `.ps1` extension. For more information, see [Remove-ItemProperty (Microsoft.PowerShell.Management)](/powershell/module/microsoft.powershell.management/remove-itemproperty).
```powershell
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "DoNotConnectToWindowsUpdateInternetLocations"
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "DisableWindowsUpdateAccess"
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "WUServer"
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "UseWUServer"
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "NoAutoUpdate"
```
### Batch file
Copy and paste the following code into a text editor, and save it with a `.cmd` extension, and execute against affected devices. This command removes registry keys that affect the Windows Autopatch service. For more information, see [Using batch files: Scripting; Management Services](/previous-versions/windows/it-pro/windows-server-2003/cc758944(v=ws.10)?redirectedfrom=MSDN).
```cmd
@echo off
echo Deleting registry keys...
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "DoNotConnectToWindowsUpdateInternetLocations" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "DisableWindowsUpdateAccess" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "WUServer" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "UseWUServer" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /f
echo Registry keys deleted.
Pause
```
### Registry file
Copy the following code to a Notepad file, save as a `.reg` extension, and execute against affected devices. This removes registry keys that affect the Windows Autopatch service. For more information, see [How to add, modify, or delete registry subkeys and values by using a .reg file](https://support.microsoft.com/topic/how-to-add-modify-or-delete-registry-subkeys-and-values-by-using-a-reg-file-9c7f37cf-a5e9-e1cd-c4fa-2a26218a1a23).
```cmd
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"DoNotConnectToWindowsUpdateInternetLocations"=-
"DisableWindowsUpdateAccess"=-
"WUServer"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"UseWUServer"=-
"NoAutoUpdate"=-
```
## Common sources of conflicting configurations
The following examples can be used to validate if the configuration is persistent from one of the following services. The list isnt an exhaustive, and Admins should be aware that changes can affect devices not managed by Windows Autopatch and should plan accordingly.
### Group Policy management
Group Policy management is the most popular client configuration tool in most organizations. For this reason, its most often the source of conflicting configurations. Use Result Set of Policy (RSOP) on an affected client can quickly identify if configured policies conflict with Windows Autopatch. For more information, see Use Resultant Set of Policy to Manage Group Policy.
1. Launch an Elevated Command Prompt and enter `RSOP`.
1. Navigate to **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **Windows Update**
1. If a Policy **doesnt exist** in Windows Update, then it appears to not be Group Policy.
1. If a Policy **exists** in Windows Update is present, modify or limit the target of the conflicting policy to resolve the Alert.
1. If the **Policy name** is labeled **Local Group Policy**, these settings could have been applied during imaging or by Configuration Manager.
### Configuration Manager
Configuration Manager is a common enterprise management tool that, among many things, can help manage Windows Updates. For this reason, we see many environments misconfigured when moving to either a 100% cloud or co-managed workloads even when the workloads are configured correctly. The client settings are often missed. For more information, see [About client settings and software updates](/mem/configmgr/core/clients/deploy/about-client-settings#software-updates).
1. Go the **Microsoft Endpoint Configuration Manager Console**.
1. Navigate to **Administration** > **Overview** > **Client Settings**.
1. Ensure **Software Updates** isnt configured. If configured, its recommended to remove these settings to prevent conflicts with Windows Autopatch.
## Third-party solutions
Third-party solutions can include any other product that may write configurations for the devices in question, such as MDMs (Mobile Device Managers) or Policy Managers.

19
windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
View File

@ -1,7 +1,7 @@
---
title: What's new 2023
description: This article lists the 2023 feature releases and any corresponding Message center post numbers.
ms.date: 08/31/2023
ms.date: 09/11/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: whats-new
@ -21,6 +21,21 @@ This article lists new and updated feature releases, and service releases, with
Minor corrections such as typos, style, or formatting issues aren't listed.
## September 2023
### September feature releases or updates
| Article | Description |
| ----- | ----- |
| [Conflicting configurations](../references/windows-autopatch-conflicting-configurations.md) | New feature. This article explains how to remediate conflicting configurations<ul><li>[MC671811](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
### September service releases
| Message center post number | Description |
| ----- | ----- |
| [MC674422](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Public Preview: Windows Autopatch Reliability Report |
| [MC672750](https://admin.microsoft.com/adminportal/home#/MessageCenter) | August 2023 Windows Autopatch baseline configuration update |
## August 2023
### August feature releases or updates
@ -34,7 +49,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
| [Exclude a device](../operate/windows-autopatch-exclude-device.md) | Renamed Deregister a device to [Exclude a device](../operate/windows-autopatch-exclude-device.md). Added the [Restore device](../operate/windows-autopatch-exclude-device.md#restore-a-device-or-multiple-devices-previously-excluded) feature <ul><li>[MC667662](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
| [Device alerts](../operate/windows-autopatch-device-alerts.md) | Added `'InstallSetupBlock'` to the [Alert resolutions section](../operate/windows-autopatch-device-alerts.md#alert-resolutions) |
## August service releases
### August service releases
| Message center post number | Description |
| ----- | ----- |