From 3333313a7002f9a1547e751e80dba16665488b4d Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Mon, 29 Nov 2021 14:20:42 +0530 Subject: [PATCH] Html to md table Update- batch 23 Converted html tables into markdown format --- .../mdm/wmi-providers-supported-in-windows.md | 189 ++-------- ...changes-to-start-policies-in-windows-10.md | 97 +---- .../customize-and-export-start-layout.md | 45 +-- .../lockdown-features-windows-10.md | 109 +----- ...v-application-template-schema-reference.md | 261 +++---------- ...anging-the-frequency-of-scheduled-tasks.md | 150 +------- ...nfiguring-uev-with-group-policy-objects.md | 158 ++------ ...ith-system-center-configuration-manager.md | 55 +-- ...anage-administrative-backup-and-restore.md | 60 +-- ...plates-using-windows-powershell-and-wmi.md | 264 +++---------- ...ackages-with-windows-powershell-and-wmi.md | 349 +++--------------- .../ue-v/uev-security-considerations.md | 143 ++----- .../ue-v/uev-sync-trigger-events.md | 98 +---- ...synchronizing-microsoft-office-with-uev.md | 89 +---- windows/deployment/mbr-to-gpt.md | 4 +- 15 files changed, 335 insertions(+), 1736 deletions(-) diff --git a/windows/client-management/mdm/wmi-providers-supported-in-windows.md b/windows/client-management/mdm/wmi-providers-supported-in-windows.md index 7dfbe89239..d03e4dadc8 100644 --- a/windows/client-management/mdm/wmi-providers-supported-in-windows.md +++ b/windows/client-management/mdm/wmi-providers-supported-in-windows.md @@ -51,163 +51,46 @@ Result ## MDM Bridge WMI classes - For links to these classes, see [**MDM Bridge WMI Provider**](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal). ## MDM WMI classes - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ClassTest completed in Windows 10 for desktop
MDM_AppInstallJob

Currently testing.

MDM_Application

Currently testing.

MDM_ApplicationFramework

Currently testing.

MDM_ApplicationSetting

Currently testing.

MDM_BrowserSecurityZonesYes
MDM_BrowserSettingsYes
MDM_CertificateYes
MDM_CertificateEnrollmentYes
MDM_Client

Currently testing.

MDM_ConfigSettingYes
MDM_DeviceRegistrationInfo
MDM_EASPolicyYes
MDM_MgMtAuthorityYes
MDM_MsiApplication
MDM_MsiInstallJob
MDM_RemoteApplication

Test not started.

MDM_RemoteAppUseCookie

Test not started.

MDM_RestrictionsYes
MDM_RestrictionsUser

Test not started.

MDM_SecurityStatusYes
MDM_SideLoader
MDM_SecurityStatusUser

Currently testing.

MDM_UpdatesYes
MDM_VpnApplicationTriggerYes
MDM_VpnConnection
MDM_WebApplication

Currently testing.

MDM_WirelessProfileYes
MDM_WirelesssProfileXMLYes
MDM_WNSChannelYes
MDM_WNSConfigurationYes
MSFT_NetFirewallProfileYes
MSFT_VpnConnectionYes
SoftwareLicensingProduct
SoftwareLicensingService
- - +|Class|Test completed in Windows 10 for desktop| +|--- |--- | +|[**MDM_AppInstallJob**](/previous-versions/windows/desktop/mdmappprov/mdm-appinstalljob)|Currently testing.| +|[**MDM_Application**](/previous-versions/windows/desktop/mdmappprov/mdm-application)|Currently testing.| +|[**MDM_ApplicationFramework**](/previous-versions/windows/desktop/mdmappprov/mdm-applicationframework)|Currently testing.| +|[**MDM_ApplicationSetting**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-applicationsetting)|Currently testing.| +|[**MDM_BrowserSecurityZones**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-browsersecurityzones)|Yes| +|[**MDM_BrowserSettings**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-browsersettings)|Yes| +|[**MDM_Certificate**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-certificate)|Yes| +|[**MDM_CertificateEnrollment**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-certificateenrollment)|Yes| +|[**MDM_Client**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-client)|Currently testing.| +|[**MDM_ConfigSetting**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-configsetting)|Yes| +|[**MDM_DeviceRegistrationInfo**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-deviceregistrationinfo)|| +|[**MDM_EASPolicy**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-easpolicy)|Yes| +|[**MDM_MgMtAuthority**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-mgmtauthority)|Yes| +|**MDM_MsiApplication**|| +|**MDM_MsiInstallJob**|| +|[**MDM_RemoteApplication**](/previous-versions/windows/desktop/mdmappprov/mdm-remoteapplication)|Test not started.| +|[**MDM_RemoteAppUseCookie**](/previous-versions/windows/desktop/mdmappprov/mdm-remoteappusercookie)|Test not started.| +|[**MDM_Restrictions**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-restrictions)|Yes| +|[**MDM_RestrictionsUser**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-restrictionsuser)|Test not started.| +|[**MDM_SecurityStatus**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-securitystatus)|Yes| +|[**MDM_SideLoader**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-sideloader)|| +|[**MDM_SecurityStatusUser**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-securitystatususer)|Currently testing.| +|[**MDM_Updates**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-updates)|Yes| +|[**MDM_VpnApplicationTrigger**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-vpnapplicationtrigger)|Yes| +|**MDM_VpnConnection**|| +|[**MDM_WebApplication**](/previous-versions/windows/desktop/mdmappprov/mdm-webapplication)|Currently testing.| +|[**MDM_WirelessProfile**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wirelessprofile)|Yes| +|[**MDM_WirelesssProfileXML**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wirelessprofilexml)|Yes| +|[**MDM_WNSChannel**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wnschannel)|Yes| +|[**MDM_WNSConfiguration**](/previous-versions/windows/desktop/mdmsettingsprov/mdm-wnsconfiguration)|Yes| +|[**MSFT_NetFirewallProfile**](/previous-versions/windows/desktop/wfascimprov/msft-netfirewallprofile)|Yes| +|[**MSFT_VpnConnection**](/previous-versions/windows/desktop/vpnclientpsprov/msft-vpnconnection)|Yes| +|[**SoftwareLicensingProduct**](/previous-versions/windows/desktop/sppwmi/softwarelicensingproduct)|| +|[**SoftwareLicensingService**](/previous-versions/windows/desktop/sppwmi/softwarelicensingservice)|| ### Parental control WMI classes diff --git a/windows/configuration/changes-to-start-policies-in-windows-10.md b/windows/configuration/changes-to-start-policies-in-windows-10.md index 2deeb1c576..6d1d2b4a1c 100644 --- a/windows/configuration/changes-to-start-policies-in-windows-10.md +++ b/windows/configuration/changes-to-start-policies-in-windows-10.md @@ -29,85 +29,24 @@ Windows 10 has a brand new Start experience. As a result, there are changes to These policy settings are available in **Administrative Templates\\Start Menu and Taskbar** under **User Configuration**. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PolicyNotes
Clear history of recently opened documents on exitDocuments that the user opens are tracked during the session. When the user signs off, the history of opened documents is deleted.
Do not allow pinning items in Jump ListsJump Lists are lists of recently opened items, such as files, folders, or websites, organized by the program that you use to open them. This policy prevents users from pinning items to any Jump List.
Do not display or track items in Jump Lists from remote locationsWhen this policy is applied, only items local on the computer are shown in Jump Lists.
Do not keep history of recently opened documentsDocuments that the user opens are not tracked during the session.
Prevent changes to Taskbar and Start Menu SettingsIn Windows 10, this disables all of the settings in Settings > Personalization > Start as well as the options in dialog available via right-click Taskbar > Properties
Prevent users from customizing their Start Screen

Use this policy in conjunction with a customized Start layout to prevent users from changing it

Prevent users from uninstalling applications from StartIn Windows 10, this removes the uninstall button in the context menu. It does not prevent users from uninstalling the app through other entry points (e.g. PowerShell)
Remove All Programs list from the Start menuIn Windows 10, this removes the All apps button.
Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commandsThis removes the Shut Down, Restart, Sleep, and Hibernate commands from the Start Menu, Start Menu power button, CTRL+ALT+DEL screen, and Alt+F4 Shut Down Windows menu.
Remove common program groups from Start MenuAs in earlier versions of Windows, this removes apps specified in the All Users profile from Start
Remove frequent programs list from the Start MenuIn Windows 10, this removes the top left Most used group of apps.
Remove Logoff on the Start MenuLogoff has been changed to Sign Out in the user interface, however the functionality is the same.
Remove pinned programs list from the Start MenuIn Windows 10, this removes the bottom left group of apps (by default, only File Explorer and Settings are pinned).
Show "Run as different user" command on StartThis enables the Run as different user option in the right-click menu for apps.
Start Layout

This applies a specific Start layout, and it also prevents users from changing the layout. This policy can be configured in User Configuration or Computer Configuration.

-
- -
Force Start to be either full screen size or menu sizeThis applies a specific size for Start.
- +|Policy|Notes| +|--- |--- | +|Clear history of recently opened documents on exit|Documents that the user opens are tracked during the session. When the user signs off, the history of opened documents is deleted.| +|Do not allow pinning items in Jump Lists|Jump Lists are lists of recently opened items, such as files, folders, or websites, organized by the program that you use to open them. This policy prevents users from pinning items to any Jump List.| +|Do not display or track items in Jump Lists from remote locations|When this policy is applied, only items local on the computer are shown in Jump Lists.| +|Do not keep history of recently opened documents|Documents that the user opens are not tracked during the session.| +|Prevent changes to Taskbar and Start Menu Settings|In Windows 10, this disables all of the settings in **Settings** > **Personalization** > **Start** as well as the options in dialog available via right-click Taskbar > **Properties**| +|Prevent users from customizing their Start Screen|Use this policy in conjunction with a [customized Start layout](windows-10-start-layout-options-and-policies.md) to prevent users from changing it| +|Prevent users from uninstalling applications from Start|In Windows 10, this removes the uninstall button in the context menu. It does not prevent users from uninstalling the app through other entry points (e.g. PowerShell)| +|Remove All Programs list from the Start menu|In Windows 10, this removes the **All apps** button.| +|Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands|This removes the Shut Down, Restart, Sleep, and Hibernate commands from the Start Menu, Start Menu power button, CTRL+ALT+DEL screen, and Alt+F4 Shut Down Windows menu.| +|Remove common program groups from Start Menu|As in earlier versions of Windows, this removes apps specified in the All Users profile from Start| +|Remove frequent programs list from the Start Menu|In Windows 10, this removes the top left **Most used** group of apps.| +|Remove Logoff on the Start Menu|**Logoff** has been changed to **Sign Out** in the user interface, however the functionality is the same.| +|Remove pinned programs list from the Start Menu|In Windows 10, this removes the bottom left group of apps (by default, only File Explorer and Settings are pinned).| +|Show "Run as different user" command on Start|This enables the **Run as different user** option in the right-click menu for apps.| +|Start Layout|This applies a specific Start layout, and it also prevents users from changing the layout. This policy can be configured in **User Configuration** or **Computer Configuration**.| +|Force Start to be either full screen size or menu size|This applies a specific size for Start.| ## Deprecated Group Policy settings for Start diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/customize-and-export-start-layout.md index f50e213ce8..d78cf4b515 100644 --- a/windows/configuration/customize-and-export-start-layout.md +++ b/windows/configuration/customize-and-export-start-layout.md @@ -105,34 +105,23 @@ When you have the Start layout that you want your users to see, use the [Export- Example of a layout file produced by `Export-StartLayout`: - - - - - - - - - - - - - - - -
XML
<LayoutModificationTemplate Version="1" xmlns="https://schemas.microsoft.com/Start/2014/LayoutModification">
-      <DefaultLayoutOverride>
-        <StartLayoutCollection>
-          <defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout="https://schemas.microsoft.com/Start/2014/FullDefaultLayout">
-            <start:Group Name="Life at a glance" xmlns:start="https://schemas.microsoft.com/Start/2014/StartLayout">
-              <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
-              <start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI" />
-              <start:Tile Size="2x2" Column="2" Row="0" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
-            </start:Group>        
-          </defaultlayout:StartLayout>
-        </StartLayoutCollection>
-      </DefaultLayoutOverride>
-    </LayoutModificationTemplate>
+```xml + + + + + + + + + + + + + + + +``` 3. (Optional) Edit the .xml file to add [a taskbar configuration](configure-windows-10-taskbar.md) or to [modify the exported layout](start-layout-xml-desktop.md). When you make changes to the exported layout, be aware that [the order of the elements in the .xml file is critical.](start-layout-xml-desktop.md#required-order) diff --git a/windows/configuration/lockdown-features-windows-10.md b/windows/configuration/lockdown-features-windows-10.md index df13bd302b..38da2ca1ca 100644 --- a/windows/configuration/lockdown-features-windows-10.md +++ b/windows/configuration/lockdown-features-windows-10.md @@ -23,97 +23,18 @@ ms.localizationpriority: medium Many of the lockdown features available in Windows Embedded 8.1 Industry have been modified in some form for Windows 10. This table maps Windows Embedded Industry 8.1 features to Windows 10 Enterprise features, along with links to documentation. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows Embedded 8.1 Industry lockdown featureWindows 10 featureChanges

Hibernate Once/Resume Many (HORM): Quick boot to device

HORM

HORM is supported in Windows 10, version 1607 and later.

Unified Write Filter: protect a device's physical storage media

Unified Write Filter

The Unified Write Filter is continued in Windows 10.

Keyboard Filter: block hotkeys and other key combinations

Keyboard Filter

Keyboard filter is added in Windows 10, version 1511. As in Windows Embedded Industry 8.1, Keyboard Filter is an optional component that can be turned on via Turn Windows Features On/Off. Keyboard Filter (in addition to the WMI configuration previously available) will be configurable through Windows Imaging and Configuration Designer (ICD) in the SMISettings path.

Shell Launcher: launch a Windows desktop application on sign-on

Shell Launcher

Shell Launcher continues in Windows 10. It is now configurable in Windows ICD under the SMISettings category.

-

Learn how to use Shell Launcher to create a kiosk device that runs a Windows desktop application.

Application Launcher: launch a Universal Windows Platform (UWP) app on sign-on

Assigned Access

The Windows 8 Application Launcher has been consolidated into Assigned Access. Application Launcher enabled launching a Windows 8 app and holding focus on that app. Assigned Access offers a more robust solution for ensuring that apps retain focus.

Dialog Filter: suppress system dialogs and control which processes can run

AppLocker

Dialog Filter has been deprecated for Windows 10. Dialog Filter provided two capabilities; the ability to control which processes were able to run, and the ability to prevent dialogs (in practice, system dialogs) from appearing.

-
    -

  • Control over which processes are able to run will now be provided by AppLocker.

    • -

  • System dialogs in Windows 10 have been replaced with system toasts. To see more on blocking system toasts, see Toast Notification Filter below.

    • -

Toast Notification Filter: suppress toast notifications

Mobile device management (MDM) and Group Policy

Toast Notification Filter has been replaced by MDM and Group Policy settings for blocking the individual components of non-critical system toasts that may appear. For example, to prevent a toast from appearing when a USB drive is connected, ensure that USB connections have been blocked using the USB-related policies, and turn off notifications from apps.

-

Group Policy: User Configuration > Administrative Templates > Start Menu and Taskbar > Notifications

-

MDM policy name may vary depending on your MDM service. In Microsoft Intune, use Allow action center notifications and a custom OMA-URI setting for AboveLock/AllowActionCenterNotifications.

Embedded Lockdown Manager: configure lockdown features

Windows Imaging and Configuration Designer (ICD)

The Embedded Lockdown Manager has been deprecated for Windows 10 and replaced by the Windows ICD. Windows ICD is the consolidated tool for Windows imaging and provisioning scenarios and enables configuration of all Windows settings, including the lockdown features previously configurable through Embedded Lockdown Manager.

USB Filter: restrict USB devices and peripherals on system

MDM and Group Policy

The USB Filter driver has been replaced by MDM and Group Policy settings for blocking the connection of USB devices.

-

Group Policy: Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions

-

MDM policy name may vary depending on your MDM service. In Microsoft Intune, use Removable storage.

Assigned Access: launch a UWP app on sign-in and lock access to system

Assigned Access

Assigned Access has undergone significant improvement for Windows 10. In Windows 8.1, Assigned Access blocked system hotkeys and edge gestures, and non-critical system notifications, but it also applied some of these limitations to other accounts on the device.

-

In Windows 10, Assigned Access no longer affects accounts other than the one being locked down. Assigned Access now restricts access to other apps or system components by locking the device when the selected user account logs in and launching the designated app above the lock screen, ensuring that no unintended functionality can be accessed.

-

Learn how to use Assigned Access to create a kiosk device that runs a Universal Windows app.

Gesture Filter: block swipes from top, left, and right edges of screen

MDM and Group Policy

In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. In Windows 10, Charms have been removed. In Windows 10, version 1607, you can block swipes using the Allow edge swipe policy.

Custom Logon: suppress Windows UI elements during Windows sign-on, sign-off, and shutdown

Embedded Logon

No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.

Unbranded Boot: custom brand a device by removing or replacing Windows boot UI elements

Unbranded Boot

No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.

- - +|Windows Embedded 8.1 Industry lockdown feature|Windows 10 feature|Changes| +|--- |--- |--- | +|[Hibernate Once/Resume Many (HORM)](/previous-versions/windows/embedded/dn449302(v=winembedded.82)): Quick boot to device|[HORM](/windows-hardware/customize/enterprise/hibernate-once-resume-many-horm-)|HORM is supported in Windows 10, version 1607 and later.| +|[Unified Write Filter](/previous-versions/windows/embedded/dn449332(v=winembedded.82)): protect a device's physical storage media|[Unified Write Filter](/windows-hardware/customize/enterprise/unified-write-filter)|The Unified Write Filter is continued in Windows 10.| +|[Keyboard Filter](/previous-versions/windows/embedded/dn449298(v=winembedded.82)): block hotkeys and other key combinations|[Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter)|Keyboard filter is added in Windows 10, version 1511. As in Windows Embedded Industry 8.1, Keyboard Filter is an optional component that can be turned on via **Turn Windows Features On/Off**. Keyboard Filter (in addition to the WMI configuration previously available) will be configurable through Windows Imaging and Configuration Designer (ICD) in the SMISettings path.| +|[Shell Launcher](/previous-versions/windows/embedded/dn449423(v=winembedded.82)): launch a Windows desktop application on sign-on|[Shell Launcher](/windows-hardware/customize/enterprise/shell-launcher)|Shell Launcher continues in Windows 10. It is now configurable in Windows ICD under the **SMISettings** category.
Learn [how to use Shell Launcher to create a kiosk device](/windows/configuration/kiosk-single-app) that runs a Windows desktop application.| +|[Application Launcher](/previous-versions/windows/embedded/dn449251(v=winembedded.82)): launch a Universal Windows Platform (UWP) app on sign-on|[Assigned Access](/windows/client-management/mdm/assignedaccess-csp)|The Windows 8 Application Launcher has been consolidated into Assigned Access. Application Launcher enabled launching a Windows 8 app and holding focus on that app. Assigned Access offers a more robust solution for ensuring that apps retain focus.| +|[Dialog Filter](/previous-versions/windows/embedded/dn449395(v=winembedded.82)): suppress system dialogs and control which processes can run|[AppLocker](/windows/device-security/applocker/applocker-overview)|Dialog Filter has been deprecated for Windows 10. Dialog Filter provided two capabilities; the ability to control which processes were able to run, and the ability to prevent dialogs (in practice, system dialogs) from appearing.
  • Control over which processes are able to run will now be provided by AppLocker.
  • System dialogs in Windows 10 have been replaced with system toasts. To see more on blocking system toasts, see Toast Notification Filter below.| +|[Toast Notification Filter](/previous-versions/windows/embedded/dn449360(v=winembedded.82)): suppress toast notifications|Mobile device management (MDM) and Group Policy|Toast Notification Filter has been replaced by MDM and Group Policy settings for blocking the individual components of non-critical system toasts that may appear. For example, to prevent a toast from appearing when a USB drive is connected, ensure that USB connections have been blocked using the USB-related policies, and turn off notifications from apps.
    Group Policy: **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications**
    MDM policy name may vary depending on your MDM service. In Microsoft Intune, use **Allow action center notifications** and a [custom OMA-URI setting](https://go.microsoft.com/fwlink/p/?LinkID=616317) for **AboveLock/AllowActionCenterNotifications**.| +|[Embedded Lockdown Manager](/previous-versions/windows/embedded/dn449279(v=winembedded.82)): configure lockdown features|[Windows Imaging and Configuration Designer (ICD)](/windows/configuration/provisioning-packages/provisioning-install-icd)|The Embedded Lockdown Manager has been deprecated for Windows 10 and replaced by the Windows ICD. Windows ICD is the consolidated tool for Windows imaging and provisioning scenarios and enables configuration of all Windows settings, including the lockdown features previously configurable through Embedded Lockdown Manager.| +|[USB Filter](/previous-versions/windows/embedded/dn449350(v=winembedded.82)): restrict USB devices and peripherals on system|MDM and Group Policy|The USB Filter driver has been replaced by MDM and Group Policy settings for blocking the connection of USB devices.

    Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Device Installation** > **Device Installation Restrictions**
    MDM policy name may vary depending on your MDM service. In Microsoft Intune, use **Removable storage**.| +|[Assigned Access](/previous-versions/windows/embedded/dn449303(v=winembedded.82)): launch a UWP app on sign-in and lock access to system|[Assigned Access](/windows/client-management/mdm/assignedaccess-csp)|Assigned Access has undergone significant improvement for Windows 10. In Windows 8.1, Assigned Access blocked system hotkeys and edge gestures, and non-critical system notifications, but it also applied some of these limitations to other accounts on the device.
    In Windows 10, Assigned Access no longer affects accounts other than the one being locked down. Assigned Access now restricts access to other apps or system components by locking the device when the selected user account logs in and launching the designated app above the lock screen, ensuring that no unintended functionality can be accessed.

    Learn [how to use Assigned Access to create a kiosk device](/windows/configuration/kiosk-single-app) that runs a Universal Windows app.| +|[Gesture Filter](/previous-versions/windows/embedded/dn449374(v=winembedded.82)): block swipes from top, left, and right edges of screen|MDM and Group Policy|In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. In Windows 10, Charms have been removed. In Windows 10, version 1607, you can block swipes using the [Allow edge swipe](/windows/client-management/mdm/policy-configuration-service-provider#LockDown_AllowEdgeSwipe) policy.| +|[Custom Logon](/previous-versions/windows/embedded/dn449309(v=winembedded.82)): suppress Windows UI elements during Windows sign-on, sign-off, and shutdown|[Embedded Logon](/windows-hardware/customize/desktop/unattend/microsoft-windows-embedded-embeddedlogon)|No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.| +|[Unbranded Boot](/previous-versions/windows/embedded/dn449249(v=winembedded.82)): custom brand a device by removing or replacing Windows boot UI elements|[Unbranded Boot](/windows-hardware/customize/enterprise/unbranded-boot)|No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.| diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md index 1ac2f752ac..263c3d6b51 100644 --- a/windows/configuration/ue-v/uev-application-template-schema-reference.md +++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md @@ -108,52 +108,14 @@ Architecture enumerates two possible values: **Win32** and **Win64**. These valu **Process** The Process data type is a container used to describe processes to be monitored by UE-V. It contains six child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. This table details each element’s respective data type: - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Element

    Data Type

    Mandatory

    Filename

    FilenameString

    True

    Architecture

    Architecture

    False

    ProductName

    String

    False

    FileDescription

    String

    False

    ProductVersion

    ProcessVersion

    False

    FileVersion

    ProcessVersion

    False

    - - +|Element|Data Type|Mandatory| +|--- |--- |--- | +|Filename|FilenameString|True| +|Architecture|Architecture|False| +|ProductName|String|False| +|FileDescription|String|False| +|ProductVersion|ProcessVersion|False| +|FileVersion|ProcessVersion|False| **Processes** The Processes data type represents a container for a collection of one or more Process elements. Two child elements are supported in the Processes sequence type: **Process** and **ShellProcess**. Process is an element of type Process and ShellProcess is of data type Empty. At least one item must be identified in the sequence. @@ -177,32 +139,11 @@ FileSetting contains parameters associated with files and files paths. Four chil **Settings** Settings is a container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings described earlier. In addition, it can also contain the following child elements with behaviors described: - ---- - - - - - - - - - - - - - - - - - - -

    Element

    Description

    Asynchronous

    Asynchronous settings packages are applied without blocking the application startup so that the application start proceeds while the settings are still being applied. This is useful for settings that can be applied asynchronously, such as those get/set through an API, like SystemParameterSetting.

    PreventOverlappingSynchronization

    By default, UE-V only saves settings for an application when the last instance of an application using the template is closed. When this element is set to ‘false’, UE-V exports the settings even if other instances of an application are running. Suited templates – those that include a Common element section– that are shipped with UE-V use this flag to enable shared settings to always export on application close, while preventing application-specific settings from exporting until the last instance is closed.

    AlwaysApplySettings

    This parameter forces an imported settings package to be applied even if there are no differences between the package and the current state of the application. This parameter should be used only in special cases since it can slow down settings import.

    - - +|Element|Description| +|--- |--- | +|Asynchronous|Asynchronous settings packages are applied without blocking the application startup so that the application start proceeds while the settings are still being applied. This is useful for settings that can be applied asynchronously, such as those get/set through an API, like SystemParameterSetting.| +|PreventOverlappingSynchronization|By default, UE-V only saves settings for an application when the last instance of an application using the template is closed. When this element is set to ‘false’, UE-V exports the settings even if other instances of an application are running. Suited templates – those that include a Common element section– that are shipped with UE-V use this flag to enable shared settings to always export on application close, while preventing application-specific settings from exporting until the last instance is closed.| +|AlwaysApplySettings|This parameter forces an imported settings package to be applied even if there are no differences between the package and the current state of the application. This parameter should be used only in special cases since it can slow down settings import.| ### Name Element @@ -482,162 +423,50 @@ The child elements and syntax rules for FileVersion are identical to those of Pr Application is a container for settings that apply to a particular application. It is a collection of the following fields/types. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Field/Type

    Description

    Name

    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.

    ID

    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see ID.

    Description

    An optional description of the template.

    LocalizedNames

    An optional name displayed in the UI, localized by a language locale.

    LocalizedDescriptions

    An optional template description localized by a language locale.

    Version

    Identifies the version of the settings location template for administrative tracking of changes. For more information, see Version.

    DeferToMSAccount

    Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.

    DeferToOffice365

    Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.

    FixedProfile

    Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.

    Processes

    A container for a collection of one or more Process elements. For more information, see Processes.

    Settings

    A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in Data types.

    +|Field/Type|Description| +|--- |--- | +|Name|Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).| +|ID|Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).| +|Description|An optional description of the template.| +|LocalizedNames|An optional name displayed in the UI, localized by a language locale.| +|LocalizedDescriptions|An optional template description localized by a language locale.| +|Version|Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).| +|DeferToMSAccount|Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.| +|DeferToOffice365|Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.| +|FixedProfile|Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.| +|Processes|A container for a collection of one or more Process elements. For more information, see [Processes](#processes21).| +|Settings|A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see **Settings** in [Data types](#data21)".| - ### Common Element Common is similar to an Application element, but it is always associated with two or more Application elements. The Common section represents the set of settings that are shared between those Application instances. It is a collection of the following fields/types. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Field/Type

    Description

    Name

    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.

    ID

    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see ID.

    Description

    An optional description of the template.

    LocalizedNames

    An optional name displayed in the UI, localized by a language locale.

    LocalizedDescriptions

    An optional template description localized by a language locale.

    Version

    Identifies the version of the settings location template for administrative tracking of changes. For more information, see Version.

    DeferToMSAccount

    Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.

    DeferToOffice365

    Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.

    FixedProfile

    Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.

    Settings

    A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in Data types.

    - - +|Field/Type|Description| +|--- |--- | +|Name|Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).| +|ID|Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).| +|Description|An optional description of the template.| +|LocalizedNames|An optional name displayed in the UI, localized by a language locale.| +|LocalizedDescriptions|An optional template description localized by a language locale.| +|Version|Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).| +|DeferToMSAccount|Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.| +|DeferToOffice365|Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.| +|FixedProfile|Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.| +|Settings|A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see **Settings** in [Data types](#data21).| ### SettingsLocationTemplate Element This element defines the settings for a single application or a suite of applications. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Field/Type

    Description

    Name

    Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.

    ID

    Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see ID.

    Description

    An optional description of the template.

    LocalizedNames

    An optional name displayed in the UI, localized by a language locale.

    LocalizedDescriptions

    An optional template description localized by a language locale.

    +|Field/Type|Description| +|--- |--- | +|Name|Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).| +|ID|Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).| +|Description|An optional description of the template.| +|LocalizedNames|An optional name displayed in the UI, localized by a language locale.| +|LocalizedDescriptions|An optional template description localized by a language locale.| - ### Appendix: SettingsLocationTemplate.xsd diff --git a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md index 43910cf8eb..06047a3a6f 100644 --- a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md +++ b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md @@ -44,51 +44,17 @@ The following scheduled tasks are included in UE-V with sample scheduled task co The **Monitor Application Settings** task is used to synchronize settings for Windows apps. It is runs at logon but is delayed by 30 seconds to not affect the logon detrimentally. The Monitor Application Status task runs the UevAppMonitor.exe file, which is located in the UE-V Agent installation directory. - ---- - - - - - - - - - - - - -
    Task nameDefault event

    \Microsoft\UE-V\Monitor Application Status

    Logon

    - -  +|Task name|Default event| +|--- |--- | +|\Microsoft\UE-V\Monitor Application Status|Logon| ### Sync Controller Application The **Sync Controller Application** task is used to start the Sync Controller to synchronize settings from the computer to the settings storage location. By default, the task runs every 30 minutes. At that time, local settings are synchronized to the settings storage location, and updated settings on the settings storage location are synchronized to the computer. The Sync Controller application runs the Microsoft.Uev.SyncController.exe, which is located in the UE-V Agent installation directory. - ---- - - - - - - - - - - - - -
    Task nameDefault event

    \Microsoft\UE-V\Sync Controller Application

    Logon, and every 30 minutes thereafter

    - -  +|Task name|Default event| +|--- |--- | +|\Microsoft\UE-V\Sync Controller Application|Logon, and every 30 minutes thereafter| For example, the following command configures the agent to synchronize settings every 15 minutes instead of the default 30 minutes. @@ -100,51 +66,18 @@ Schtasks /change /tn “Microsoft\UE-V\Sync Controller Application” /ri 15 The **Synchronize Settings at Logoff** task is used to start an application at logon that controls the synchronization of applications at logoff for UE-V. The Synchronize Settings at Logoff task runs the Microsoft.Uev.SyncController.exe file, which is located in the UE-V Agent installation directory. - ---- - - - - - - - - - - - - -
    Task nameDefault event

    \Microsoft\UE-V\Synchronize Settings at Logoff

    Logon

    - -  +|Task name|Default event| +|--- |--- | +|\Microsoft\UE-V\Synchronize Settings at Logoff|Logon| ### Template Auto Update The **Template Auto Update** task checks the settings template catalog for new, updated, or removed templates. This task only runs if the SettingsTemplateCatalog is configured. The **Template Auto Update** task runs the ApplySettingsCatalog.exe file, which is located in the UE-V Agent installation directory. - ---- - - - - - - - - - - - - -
    Task nameDefault event

    \Microsoft\UE-V\Template Auto Update

    System startup and at 3:30 AM every day, at a random time within a 1-hour window

    +|Task name|Default event| +|--- |--- | +|\Microsoft\UE-V\Template Auto Update|System startup and at 3:30 AM every day, at a random time within a 1-hour window| -  **Example:** The following command configures the UE-V service to check the settings template catalog store every hour. @@ -158,59 +91,12 @@ schtasks /change /tn "Microsoft\UE-V\Template Auto Update" /ri 60 The following chart provides additional information about scheduled tasks for UE-V 2: - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Task Name (file name)

    Default Frequency

    Power Toggle

    Idle Only

    Network Connection

    Description

    Monitor Application Settings (UevAppMonitor.exe)

    Starts 30 seconds after logon and continues until logoff.

    No

    Yes

    N/A

    Synchronizes settings for Windows (AppX) apps.

    Sync Controller Application (Microsoft.Uev.SyncController.exe)

    At logon and every 30 min thereafter.

    Yes

    Yes

    Only if Network is connected

    Starts the Sync Controller which synchronizes local settings with the settings storage location.

    Synchronize Settings at Logoff (Microsoft.Uev.SyncController.exe)

    Runs at logon and then waits for Logoff to Synchronize settings.

    No

    Yes

    N/A

    Start an application at logon that controls the synchronization of applications at logoff.

    Template Auto Update (ApplySettingsCatalog.exe)

    Runs at initial logon and at 3:30 AM every day thereafter.

    Yes

    No

    N/A

    Checks the settings template catalog for new, updated, or removed templates. This task only runs if SettingsTemplateCatalog is configured.

    - +|Task Name (file name)|Default Frequency|Power Toggle|Idle Only|Network Connection|Description| +|--- |--- |--- |--- |--- |--- | +|**Monitor Application Settings** (UevAppMonitor.exe)|Starts 30 seconds after logon and continues until logoff.|No|Yes|N/A|Synchronizes settings for Windows (AppX) apps.| +|**Sync Controller Application** (Microsoft.Uev.SyncController.exe)|At logon and every 30 min thereafter.|Yes|Yes|Only if Network is connected|Starts the Sync Controller which synchronizes local settings with the settings storage location.| +|**Synchronize Settings at Logoff** (Microsoft.Uev.SyncController.exe)|Runs at logon and then waits for Logoff to Synchronize settings.|No|Yes|N/A|Start an application at logon that controls the synchronization of applications at logoff.| +|**Template Auto Update** (ApplySettingsCatalog.exe)|Runs at initial logon and at 3:30 AM every day thereafter.|Yes|No|N/A|Checks the settings template catalog for new, updated, or removed templates. This task only runs if SettingsTemplateCatalog is configured.|   **Legend** diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md index 852fd636c1..3e8f520a9f 100644 --- a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md +++ b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md @@ -26,147 +26,31 @@ The following policy settings can be configured for UE-V. **Group Policy settings** - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Group Policy setting nameTargetGroup Policy setting descriptionConfiguration options

    Do not use the sync provider

    Computers and Users

    By using this Group Policy setting, you can configure whether UE-V uses the sync provider feature. This policy setting also lets you enable notification to appear when the import of user settings is delayed.

    Enable this setting to configure the UE-V service not to use the sync provider.

    First Use Notification

    Computers Only

    This Group Policy setting enables a notification in the notification area that appears when the UE-V service runs for the first time.

    The default is enabled.

    Synchronize Windows settings

    Computers and Users

    This Group Policy setting configures the synchronization of Windows settings.

    Select which Windows settings synchronize between computers.

    -

    By default, Windows themes, desktop settings, and Ease of Access settings synchronize settings between computers of the same operating system version.

    Settings package size warning threshold

    Computers and Users

    This Group Policy setting lets you configure the UE-V service to report when a settings package file size reaches a defined threshold.

    Specify the preferred threshold for settings package sizes in kilobytes (KB).

    -

    By default, the UE-V service does not have a package file size threshold.

    Settings storage path

    Computers and Users

    This Group Policy setting configures where the user settings are to be stored.

    Enter a Universal Naming Convention (UNC) path and variables such as \Server\SettingsShare%username%.

    Settings template catalog path

    Computers Only

    This Group Policy setting configures where custom settings location templates are stored. This policy setting also configures whether the catalog is to be used to replace the default Microsoft templates that are installed with the UE-V service.

    Enter a Universal Naming Convention (UNC) path such as \Server\TemplateShare or a folder location on the computer.

    -

    Select the check box to replace the default Microsoft templates.

    Sync settings over metered connections

    Computers and Users

    This Group Policy setting defines whether UE-V synchronizes settings over metered connections.

    By default, the UE-V service does not synchronize settings over a metered connection.

    Sync settings over metered connections even when roaming

    Computers and Users

    This Group Policy setting defines whether UE-V synchronizes settings over metered connections outside of the home provider network, for example, when the data connection is in roaming mode.

    By default, UE-V does not synchronize settings over a metered connection when it is in roaming mode.

    Synchronization timeout

    Computers and Users

    This Group Policy setting configures the number of milliseconds that the computer waits before a time-out when it retrieves user settings from the remote settings location. If the remote storage location is unavailable, and the user does not use the sync provider, the application start is delayed by this many milliseconds.

    Specify the preferred synchronization time-out in milliseconds. The default value is 2000 milliseconds.

    Tray Icon

    Computers Only

    This Group Policy setting enables the User Experience Virtualization (UE-V) tray icon.

    This setting only has an effect for UE-V 2.x and earlier. It has no effect for UE-V in Windows 10, version 1607.

    Use User Experience Virtualization (UE-V)

    Computers and Users

    This Group Policy setting lets you enable or disable User Experience Virtualization (UE-V).

    This setting only has an effect for UE-V 2.x and earlier. For UE-V in Windows 10, version 1607, use the Enable UE-V setting.

    Enable UE-V

    Computers and Users

    This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. Reboot is needed for enable to take effect.

    This setting only has an effect for UE-V in Windows 10, version 1607. For UE-V 2.x and earlier, choose the Use User Experience Virtualization (UE-V) setting.

    +|Group Policy setting name|Target|Group Policy setting description|Configuration options| +|--- |--- |--- |--- | +|Do not use the sync provider|Computers and Users|By using this Group Policy setting, you can configure whether UE-V uses the sync provider feature. This policy setting also lets you enable notification to appear when the import of user settings is delayed.|Enable this setting to configure the UE-V service not to use the sync provider.| +|First Use Notification|Computers Only|This Group Policy setting enables a notification in the notification area that appears when the UE-V service runs for the first time.|The default is enabled.| +|Synchronize Windows settings|Computers and Users|This Group Policy setting configures the synchronization of Windows settings.|Select which Windows settings synchronize between computers.
    By default, Windows themes, desktop settings, and Ease of Access settings synchronize settings between computers of the same operating system version.| +|Settings package size warning threshold|Computers and Users|This Group Policy setting lets you configure the UE-V service to report when a settings package file size reaches a defined threshold.|Specify the preferred threshold for settings package sizes in kilobytes (KB).
    By default, the UE-V service does not have a package file size threshold.| +|Settings storage path|Computers and Users|This Group Policy setting configures where the user settings are to be stored.|Enter a Universal Naming Convention (UNC) path and variables such as \Server\SettingsShare%username%.| +|Settings template catalog path|Computers Only|This Group Policy setting configures where custom settings location templates are stored. This policy setting also configures whether the catalog is to be used to replace the default Microsoft templates that are installed with the UE-V service.|Enter a Universal Naming Convention (UNC) path such as \Server\TemplateShare or a folder location on the computer.
    Select the check box to replace the default Microsoft templates.| +|Sync settings over metered connections|Computers and Users|This Group Policy setting defines whether UE-V synchronizes settings over metered connections.|By default, the UE-V service does not synchronize settings over a metered connection.| +|Sync settings over metered connections even when roaming|Computers and Users|This Group Policy setting defines whether UE-V synchronizes settings over metered connections outside of the home provider network, for example, when the data connection is in roaming mode.|By default, UE-V does not synchronize settings over a metered connection when it is in roaming mode.| +|Synchronization timeout|Computers and Users|This Group Policy setting configures the number of milliseconds that the computer waits before a time-out when it retrieves user settings from the remote settings location. If the remote storage location is unavailable, and the user does not use the sync provider, the application start is delayed by this many milliseconds.|Specify the preferred synchronization time-out in milliseconds. The default value is 2000 milliseconds.| +|Tray Icon|Computers Only|This Group Policy setting enables the User Experience Virtualization (UE-V) tray icon.|This setting only has an effect for UE-V 2.x and earlier. It has no effect for UE-V in Windows 10, version 1607.| +|Use User Experience Virtualization (UE-V)|Computers and Users|This Group Policy setting lets you enable or disable User Experience Virtualization (UE-V).|This setting only has an effect for UE-V 2.x and earlier. For UE-V in Windows 10, version 1607, use the **Enable UE-V** setting.| +|Enable UE-V|Computers and Users|This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. Reboot is needed for enable to take effect.|This setting only has an effect for UE-V in Windows 10, version 1607. For UE-V 2.x and earlier, choose the **Use User Experience Virtualization (UE-V)** setting.| - - -**Note**   -In addition, Group Policy settings are available for many desktop applications and Windows apps. You can use these settings to enable or disable settings synchronization for specific applications. - - +>[!NOTE] +>In addition, Group Policy settings are available for many desktop applications and Windows apps. You can use these settings to enable or disable settings synchronization for specific applications. **Windows App Group Policy settings** - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Group Policy setting nameTargetGroup Policy setting descriptionConfiguration options

    Do not synchronize Windows Apps

    Computers and Users

    This Group Policy setting defines whether the UE-V service synchronizes settings for Windows apps.

    The default is to synchronize Windows apps.

    Windows App List

    Computer and User

    This setting lists the family package names of the Windows apps and states expressly whether UE-V synchronizes that app’s settings.

    You can use this setting to specify that settings of an app are never synchronized by UE-V, even if the settings of all other Windows apps are synchronized.

    Sync Unlisted Windows Apps

    Computer and User

    This Group Policy setting defines the default settings sync behavior of the UE-V service for Windows apps that are not explicitly listed in the Windows app list.

    By default, the UE-V service only synchronizes settings of those Windows apps that are included in the Windows app list.

    - - +|Group Policy setting name|Target|Group Policy setting description|Configuration options| +|--- |--- |--- |--- | +|Do not synchronize Windows Apps|Computers and Users|This Group Policy setting defines whether the UE-V service synchronizes settings for Windows apps.|The default is to synchronize Windows apps.| +|Windows App List|Computer and User|This setting lists the family package names of the Windows apps and states expressly whether UE-V synchronizes that app’s settings.|You can use this setting to specify that settings of an app are never synchronized by UE-V, even if the settings of all other Windows apps are synchronized.| +|Sync Unlisted Windows Apps|Computer and User|This Group Policy setting defines the default settings sync behavior of the UE-V service for Windows apps that are not explicitly listed in the Windows app list.|By default, the UE-V service only synchronizes settings of those Windows apps that are included in the Windows app list.| For more information about synchronizing Windows apps, see [Windows App List](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md#win8applist). diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md index 742b25f00e..5946176341 100644 --- a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md +++ b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md @@ -35,52 +35,15 @@ The UE-V Configuration Pack includes tools to: - Create or update a UE-V Agent policy configuration item to set or clear these settings - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Max package size

    Enable/disable Windows app sync

    Wait for sync on application start

    Setting import delay

    Sync unlisted Windows apps

    Wait for sync on logon

    Settings import notification

    IT contact URL

    Wait for sync timeout

    Settings storage path

    IT contact descriptive text

    Settings template catalog path

    Sync enablement

    Tray icon enabled

    Start/Stop UE-V agent service

    Sync method

    First use notification

    Define which Windows apps will roam settings

    Sync timeout

    - - + |Configuration|Setting|Description| + |--- |--- |--- | + |Max package size|Enable/disable Windows app sync|Wait for sync on application start| + |Setting import delay|Sync unlisted Windows apps|Wait for sync on logon| + |Settings import notification|IT contact URL|Wait for sync timeout| + |Settings storage path|IT contact descriptive text|Settings template catalog path| + |Sync enablement|Tray icon enabled|Start/Stop UE-V agent service| + |Sync method|First use notification|Define which Windows apps will roam settings| + |Sync timeout||| - Verify compliance by confirming that UE-V is running. diff --git a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md index d992db0cca..e5c08816cb 100644 --- a/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md +++ b/windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md @@ -112,64 +112,22 @@ WMI and Windows PowerShell commands let you restore application and Windows sett 2. Enter the following Windows PowerShell cmdlet to restore the application settings and Windows settings. - - - - - - - - - - - - - - - - - -
    Windows PowerShell cmdletDescription

    Restore-UevUserSetting -<TemplateID>

    Restores the user settings for an application or restores a group of Windows settings.

    - - - + |**Windows PowerShell cmdlet**|**Description**| + |--- |--- | + |`Restore-UevUserSetting` -|Restores the user settings for an application or restores a group of Windows settings.| + **To restore application settings and Windows settings with WMI** 1. Open a Windows PowerShell window. 2. Enter the following WMI command to restore application settings and Windows settings. - - - - - - - - - - - - - - - - - -
    WMI commandDescription

    Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserSettings -Name RestoreByTemplateId -ArgumentList <template_ID>

    Restores the user settings for an application or restores a group of Windows settings.

    - - - -~~~ -**Note** -UE-V does not provide a settings rollback for Windows apps. -~~~ - - - - - + |**WMI command**|**Description**| + |--- |--- | + |`Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserSettings -Name RestoreByTemplateId -ArgumentList `|Restores the user settings for an application or restores a group of Windows settings.| +>[!NOTE] +>UE-V does not provide a settings rollback for Windows apps. ## Related topics diff --git a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md index 778370f194..328d19c5f6 100644 --- a/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md +++ b/windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md @@ -34,134 +34,39 @@ You must have administrator permissions to update, register, or unregister a set 1. Use an account with administrator rights to open a Windows PowerShell command prompt. 2. Use the following Windows PowerShell cmdlets to register and manage the UE-V settings location templates. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Windows PowerShell commandDescription

    Get-UevTemplate

    Lists all the settings location templates that are registered on the computer.

    Get-UevTemplate -Application <string>

    Lists all the settings location templates that are registered on the computer where the application name or template name contains <string>.

    Get-UevTemplate -TemplateID <string>

    Lists all the settings location templates that are registered on the computer where the template ID contains <string>.

    Get-UevTemplate [-ApplicationOrTemplateID] <string>

    Lists all the settings location templates that are registered on the computer where the application or template name, or template ID contains <string>.

    Get-UevTemplateProgram [-ID] <template ID>

    Gets the name of the program and version information, which depend on the template ID.

    Get-UevAppXPackage

    Gets the effective list of Windows apps.

    Get-UevAppXPackage -Computer

    Gets the list of Windows apps that are configured for the computer.

    Get-UevAppXPackage -CurrentComputerUser

    Gets the list of Windows apps that are configured for the current user.

    Register-UevTemplate [-Path] <template file path>[,<template file path>]

    Registers one or more settings location template with UE-V by using relative paths and/or wildcard characters in file paths. After a template is registered, UE-V synchronizes the settings that are defined in the template between computers that have the template registered.

    Register-UevTemplate -LiteralPath <template file path>[,<template file path>]

    Registers one or more settings location template with UE-V by using literal paths, where no characters can be interpreted as wildcard characters. After a template is registered, UE-V synchronizes the settings that are defined in the template between computers that have the template registered.

    Unregister-UevTemplate [-ID] <template ID>

    Unregisters a settings location template with UE-V. When a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers.

    Unregister-UevTemplate -All

    Unregisters all settings location templates with UE-V. When a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers.

    Update-UevTemplate [-Path] <template file path>[,<template file path>]

    Updates one or more settings location templates with a more recent version of the template. Use relative paths and/or wildcard characters in the file paths. The new template should be a newer version than the existing template.

    Update-UevTemplate -LiteralPath <template file path>[,<template file path>]

    Updates one or more settings location templates with a more recent version of the template. Use full paths to template files, where no characters can be interpreted as wildcard characters. The new template should be a newer version than the existing template.

    Clear-UevAppXPackage -Computer [-PackageFamilyName] <package family name>[,<package family name>]

    Removes one or more Windows apps from the computer Windows app list.

    Clear-UevAppXPackage -CurrentComputerUser

    Removes Windows app from the current user Windows app list.

    Clear-UevAppXPackage -Computer -All

    Removes all Windows apps from the computer Windows app list.

    Clear-UevAppXPackage [-CurrentComputerUser] [-PackageFamilyName] <package family name>[,<package family name>]

    Removes one or more Windows apps from the current user Windows app list.

    Clear-UevAppXPackage [-CurrentComputerUser] -All

    Removes all Windows apps from the current user Windows app list.

    Disable-UevTemplate [-ID] <template ID>

    Disables a settings location template for the current user of the computer.

    Disable-UevAppXPackage -Computer [-PackageFamilyName] <package family name>[,<package family name>]

    Disables one or more Windows apps in the computer Windows app list.

    Disable-UevAppXPackage [-CurrentComputerUser] [-PackageFamilyName] <package family name>[,<package family name>]

    Disables one or more Windows apps in the current user Windows app list.

    Enable-UevTemplate [-ID] <template ID>

    Enables a settings location template for the current user of the computer.

    Enable-UevAppXPackage -Computer [-PackageFamilyName] <package family name>[,<package family name>]

    Enables one or more Windows apps in the computer Windows app list.

    Enable-UevAppXPackage [-CurrentComputerUser] [-PackageFamilyName] <package family name>[,<package family name>]

    Enables one or more Windows apps in the current user Windows app list.

    Test-UevTemplate [-Path] <template file path>[,<template file path>]

    Determines whether one or more settings location templates comply with its XML schema. Can use relative paths and wildcard characters.

    Test-UevTemplate -LiteralPath <template file path>[,<template file path>]

    Determines whether one or more settings location templates comply with its XML schema. The path must be a full path to the template file, but does not include wildcard characters.

    - - - + + |Windows PowerShell command|Description| + |--- |--- | + |`Get-UevTemplate`|Lists all the settings location templates that are registered on the computer.| + |`Get-UevTemplate -Application `|Lists all the settings location templates that are registered on the computer where the application name or template name contains .| + |`Get-UevTemplate -TemplateID `|Lists all the settings location templates that are registered on the computer where the template ID contains .| + |`Get-UevTemplate [-ApplicationOrTemplateID] `|Lists all the settings location templates that are registered on the computer where the application or template name, or template ID contains .| + |`Get-UevTemplateProgram [-ID]