From 2e6b030b43f8c02a642503b4ef11d8f97c93bd71 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 11 Apr 2023 22:58:15 +0530 Subject: [PATCH 1/3] ExcludeWUDriversInQualityUpdate changed as per user report #11386 and i checked on Windows 11 enterprise 64bit build no 22622.1485, this was **AllowTemporaryEnterpriseFeatureControl** was seen in nregistry --- windows/deployment/update/waas-configure-wufb.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md index abf55e970a..2b2f4074ec 100644 --- a/windows/deployment/update/waas-configure-wufb.md +++ b/windows/deployment/update/waas-configure-wufb.md @@ -221,7 +221,7 @@ The features that are turned off by default from servicing updates will be enabl | Policy | Sets registry key under HKLM\Software | | --- | --- | -| GPO for Windows 11, version 22H2 with [kb5022845](https://support.microsoft.com/en-us/topic/february-14-2023-kb5022845-os-build-22621-1265-90a807f4-d2e8-486e-8a43-d09e66319f38) and later:
Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage end user experience > **Enable features introduced via servicing that are off by default**| \Policies\Microsoft\Windows\WindowsUpdate\ExcludeWUDriversInQualityUpdate | +| GPO for Windows 11, version 22H2 with [kb5022845](https://support.microsoft.com/en-us/topic/february-14-2023-kb5022845-os-build-22621-1265-90a807f4-d2e8-486e-8a43-d09e66319f38) and later:
Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage end user experience > **Enable features introduced via servicing that are off by default**| \Policies\Microsoft\Windows\WindowsUpdate\AllowTemporaryEnterpriseFeatureControl | | MDM for Windows 11, version 22H2 with [kb5022845](https://support.microsoft.com/en-us/topic/february-14-2023-kb5022845-os-build-22621-1265-90a807f4-d2e8-486e-8a43-d09e66319f38) and later:
../Vendor/MSFT/Policy/Config/Update/
**[AllowTemporaryEnterpriseFeatureControl](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowtemporaryenterprisefeaturecontrol)** | \Microsoft\PolicyManager\default\Update\AllowTemporaryEnterpriseFeatureControl | From dc13afe1fdc585ff06a6d1c0f8597d2cf7f1406c Mon Sep 17 00:00:00 2001 From: Herbert Mauerer <41573578+HerbertMauerer@users.noreply.github.com> Date: Thu, 13 Apr 2023 15:08:39 +0200 Subject: [PATCH 2/3] Update mandatory-user-profile.md add steps to set the correct owner for the mandatory profile folders --- windows/client-management/mandatory-user-profile.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index 0771fcc433..425ea46700 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -118,6 +118,13 @@ First, you create a default user profile with the customizations that you want, 1. Rename `Ntuser.dat` to `Ntuser.man`. +### Check and set the correct owner for the mandatory profile folders + +1. Open the properties of the "profile.v6" folder. +2. Go to the "security" tab and click "Advanced". +3. Check the "owner" of the folder. It has to be the builtin Administrators group. To change it here if it does not match, you need to be in the Administrators group of the file server to take ownership, or have "set owner" privilege on the server. +4. When you have set the owner, check the box "Replace owner on subcontainers and objects" before you click OK. + ## Apply a mandatory user profile to users In a domain, you modify properties for the user account to point to the mandatory profile in a shared folder residing on the server. From 5d94ca3538aaea019f4349be856d4fc9f599ea74 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Thu, 13 Apr 2023 10:35:59 -0400 Subject: [PATCH 3/3] Update mandatory-user-profile.md --- windows/client-management/mandatory-user-profile.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index 425ea46700..6f1798eb0e 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -118,12 +118,12 @@ First, you create a default user profile with the customizations that you want, 1. Rename `Ntuser.dat` to `Ntuser.man`. -### Check and set the correct owner for the mandatory profile folders +### Verify the correct owner for the mandatory profile folders 1. Open the properties of the "profile.v6" folder. -2. Go to the "security" tab and click "Advanced". -3. Check the "owner" of the folder. It has to be the builtin Administrators group. To change it here if it does not match, you need to be in the Administrators group of the file server to take ownership, or have "set owner" privilege on the server. -4. When you have set the owner, check the box "Replace owner on subcontainers and objects" before you click OK. +1. Select the **Security** tab and then select **Advanced**. +1. Verify the **Owner** of the folder. It must be the builtin **Administrators** group. To change the owner, you must be a member of the Administrators group on the file server, or have "Set owner" privilege on the server. +1. When you set the owner, select **Replace owner on subcontainers and objects** before you click OK. ## Apply a mandatory user profile to users