Acrolinx enhancement effort

2025-05-12 13:27:23 +00:00 · 2022-03-21 17:34:23 +05:30 · 2022-03-21 17:34:23 +05:30 · 368182715e
commit 368182715e
parent edda579b58
5 changed files with 265 additions and 265 deletions
--- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
--- a/windows/client-management/mdm/policy-csp-admx-touchinput.md
+++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md
@ -72,10 +72,10 @@ manager: dansimp
 <!--Description-->
 Turn off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.  
- If you enable this setting, the user will not be able to produce input with touch. They will not be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.  
+- If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.  
 - If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.  
-If you do not configure this setting, touch input is on by default.  Note: Changes to this setting will not take effect until the user logs off.
+If you don't configure this setting, touch input is on by default.  Note: Changes to this setting won't take effect until the user signs out.
 <!--/Description-->
@ -116,10 +116,10 @@ ADMX Info:
 <!--Description-->
 Turn off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger.  
- If you enable this setting, the user will not be able to produce input with touch. They will not be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.  
+- If you enable this setting, the user won't be able to produce input with touch. They won't be able to use touch input or touch gestures such as tap and double tap, the touch pointer, and other touch-specific features.  
 - If you disable this setting, the user can produce input with touch, by using gestures, the touch pointer, and other-touch specific features.  
-If you do not configure this setting, touch input is on by default.  Note: Changes to this setting will not take effect until the user logs off.
+If you don't configure this setting, touch input is on by default.  Note: Changes to this setting won't take effect until the user signs out.
 <!--/Description-->
@ -163,12 +163,12 @@ ADMX Info:
 <!--Description-->
 Turn off Panning  Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.  
- If you enable this setting, the user will not be able to pan windows by touch.  
+- If you enable this setting, the user won't be able to pan windows by touch.  
- If you disable this setting, the user can pan windows by touch. If you do not configure this setting, Touch Panning is on by default.  
+- If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default.  
 > [!NOTE]
-> Changes to this setting will not take effect until the user logs off.
+> Changes to this setting won't take effect until the user logs off.
 <!--/Description-->
@ -210,12 +210,12 @@ ADMX Info:
 <!--Description-->
 Turn off Panning  Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the scrolling content.  
- If you enable this setting, the user will not be able to pan windows by touch.  
+- If you enable this setting, the user won't be able to pan windows by touch.  
- If you disable this setting, the user can pan windows by touch. If you do not configure this setting, Touch Panning is on by default.  
+- If you disable this setting, the user can pan windows by touch. If you don't configure this setting, Touch Panning is on by default.  
 > [!NOTE]
-> Changes to this setting will not take effect until the user logs off.
+> Changes to this setting won't take effect until the user logs off.
 <!--/Description-->
--- a/windows/client-management/mdm/policy-csp-admx-tpm.md
+++ b/windows/client-management/mdm/policy-csp-admx-tpm.md
@ -91,7 +91,7 @@ This policy setting allows you to manage the Policy list of Trusted Platform Mod
 If you enable this policy setting, Windows will block the specified commands from being sent to the TPM on the computer. TPM commands are referenced by a command number. For example, command number 129 is TPM_OwnerReadInternalPub, and command number 170 is TPM_FieldUpgrade. To find the command number associated with each TPM command with TPM 1.2, run "tpm.msc" and navigate to the "Command Management" section.
-If you disable or do not configure this policy setting, only those TPM commands specified through the default or local lists may be blocked by Windows. The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See related policy settings to enforce or ignore the default and local lists of blocked TPM commands.
+If you disable or don't configure this policy setting, only those TPM commands specified through the default or local lists may be blocked by Windows. The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See related policy settings to enforce or ignore the default and local lists of blocked TPM commands.
 <!--/Description-->
@ -132,7 +132,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-This policy setting configures the system to prompt the user to clear the TPM if the TPM is detected to be in any state other than Ready. This policy will take effect only if the system’s TPM is in a state other than Ready, including if the TPM is “Ready, with reduced functionality”. The prompt to clear the TPM will start occurring after the next reboot, upon user login only if the logged in user is part of the Administrators group for the system. The prompt can be dismissed, but will reappear after every reboot and login until the policy is disabled or until the TPM is in a Ready state.
+This policy setting configures the system to prompt the user to clear the TPM if the TPM is detected to be in any state other than Ready. This policy will take effect only if the system’s TPM is in a state other than Ready, including if the TPM is “Ready, with reduced functionality”. The prompt to clear the TPM will start occurring after the next reboot, upon user sign in only if the signed in user is part of the Administrators group for the system. The prompt can be dismissed, but will reappear after every reboot and sign in until the policy is disabled or until the TPM is in a Ready state.
 <!--/Description-->
@ -179,7 +179,7 @@ If you enable this policy setting, Windows will ignore the computer's default li
 The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See the related policy setting to configure the Policy list of blocked TPM commands.
-If you disable or do not configure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Policy and local lists of blocked TPM commands. 
+If you disable or don't configure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Policy and local lists of blocked TPM commands. 
 <!--/Description-->
@ -226,7 +226,7 @@ If you enable this policy setting, Windows will ignore the computer's local list
 The local list of blocked TPM commands is configured outside of Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. The default list of blocked TPM commands is pre-configured by Windows. See the related policy setting to configure the Policy list of blocked TPM commands.
-If you disable or do not configure this policy setting, Windows will block the TPM commands found in the local list, in addition to commands in the Policy and default lists of blocked TPM commands.
+If you disable or don't configure this policy setting, Windows will block the TPM commands found in the local list, in addition to commands in the Policy and default lists of blocked TPM commands.
 <!--/Description-->
@ -267,13 +267,13 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information stored locally, the operating system and TPM-based applications can perform certain TPM actions which require TPM owner authorization without requiring the user to enter the TPM owner password.
+This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information stored locally, the operating system and TPM-based applications can perform certain TPM actions that require TPM owner authorization without requiring the user to enter the TPM owner password.
 You can choose to have the operating system store either the full TPM owner authorization value, the TPM administrative delegation blob plus the TPM user delegation blob, or none.
 If you enable this policy setting, Windows will store the TPM owner authorization in the registry of the local computer according to the operating system managed TPM authentication setting you choose.
-Choose the operating system managed TPM authentication setting of "Full" to store the full TPM owner authorization, the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting allows use of the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios which do not depend on preventing reset of the TPM anti-hammering logic or changing the TPM owner authorization value. Some TPM-based applications may require this setting be changed before features which depend on the TPM anti-hammering logic can be used.
+Choose the operating system managed TPM authentication setting of "Full" to store the full TPM owner authorization, the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting allows use of the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios that don't depend on preventing reset of the TPM anti-hammering logic or changing the TPM owner authorization value. Some TPM-based applications may require this setting to be changed before making the features that depend on the TPM anti-hammering logic usable.
 Choose the operating system managed TPM authentication setting of "Delegated" to store only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM anti-hammering logic.
@ -321,7 +321,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-This Policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and will not interfere with their workflows.
+This Policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and won't interfere with their workflows.
 <!--/Description-->
@ -370,15 +370,15 @@ An authorization failure occurs each time a standard user sends a command to the
 For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
-The Standard User Lockout Threshold Individual value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM.
+The Standard User Lockout Threshold Individual value is the maximum number of authorization failures each standard user may have before the user isn't allowed to send commands requiring authorization to the TPM.
-The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.
+The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users aren't allowed to send commands requiring authorization to the TPM.
-The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
+The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode, it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
 An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately.
-If this value is not configured, a default value of 480 minutes (8 hours) is used.
+If this value isn't configured, a default value of 480 minutes (8 hours) is used.
 <!--/Description-->
 >
@ -425,19 +425,19 @@ This setting helps administrators prevent the TPM hardware from entering a locko
 An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than the duration are ignored.
-For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
+For each standard user, two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
-This value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM.
+This value is the maximum number of authorization failures each standard user may have before the user isn't allowed to send commands requiring authorization to the TPM.
-The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.
+The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users aren't allowed to send commands requiring authorization to the TPM.
-The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
+The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode, it's global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
 An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately.
-If this value is not configured, a default value of 4 is used.
+If this value isn't configured, a default value of 4 is used.
-A value of zero means the OS will not allow standard users to send commands to the TPM which may cause an authorization failure.
+A value of 0 means the OS won't allow standard users to send commands to the TPM, which may cause an authorization failure.
 <!--/Description-->
@ -484,19 +484,19 @@ This setting helps administrators prevent the TPM hardware from entering a locko
 An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than the duration are ignored.
-For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
+For each standard user, two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
-The Standard User Individual Lockout value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM.
+The Standard User Individual Lockout value is the maximum number of authorization failures each standard user may have before the user isn't allowed to send commands requiring authorization to the TPM.
-This value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.
+This value is the maximum total number of authorization failures all standard users may have before all standard users aren't allowed to send commands requiring authorization to the TPM.
-The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
+The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode, it's global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
 An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately.
-If this value is not configured, a default value of 9 is used.
+If this value isn't configured, a default value of 9 is used.
-A value of zero means the OS will not allow standard users to send commands to the TPM which may cause an authorization failure.
+A value of 0 means the OS won't allow standard users to send commands to the TPM, which may cause an authorization failure.
 <!--/Description-->
@ -537,7 +537,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-This policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. Setting this policy will take effect only if a) the TPM was originally prepared using a version of Windows after Windows 10 Version 1607 and b) the System has a TPM 2.0. Note that enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this Policy. The only way for the disabled setting of this policy to take effect on a system where it was once enabled is to a) disable it from Policy and b)clear the TPM on the system.
+This policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. Setting this policy will take effect only if a) the TPM was originally prepared using a version of Windows after Windows 10 Version 1607 and b) the System has a TPM 2.0. Enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this Policy. The only way for the disabled setting of this policy to take effect on a system where it was once enabled is to a) disable it from Policy and b) clear the TPM on the system.
 <!--/Description-->
--- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md
@ -81,14 +81,14 @@ manager: dansimp
 <!--/Scope-->
 <!--Description-->
-This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days.
+This policy setting allows an administrator to automatically delete user profiles on system restart that haven't been used within a specified number of days.
 > [!NOTE]
 > One day is interpreted as 24 hours after a specific user profile was accessed.
-If you enable this policy setting, the User Profile Service will automatically delete on the next system restart all user profiles on the computer that have not been used within the specified number of days. 
+If you enable this policy setting, the User Profile Service will automatically delete on the next system restart all user profiles on the computer that haven't been used within the specified number of days. 
-If you disable or do not configure this policy setting, User Profile Service will not automatically delete any profiles on the next system restart.
+If you disable or don't configure this policy setting, User Profile Service won't automatically delete any profiles on the next system restart.
 <!--/Description-->
@ -129,14 +129,14 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-This policy setting controls whether Windows forcefully unloads the user's registry at logoff, even if there are open handles to the per-user registry keys. 
+This policy setting controls whether Windows forcefully unloads the user's registry at sign out, even if there are open handles to the per-user registry keys. 
 > [!NOTE]
 > This policy setting should only be used for cases where you may be running into application compatibility issues due to this specific Windows behavior. It is not recommended to enable this policy by default as it may prevent users from getting an updated version of their roaming user profile.
-If you enable this policy setting, Windows will not forcefully unload the users registry at logoff, but will unload the registry when all open handles to the per-user registry keys are closed.
+If you enable this policy setting, Windows won't forcefully unload the user's registry at sign out, but will unload the registry when all open handles to the per-user registry keys are closed.
-If you disable or do not configure this policy setting, Windows will always unload the users registry at logoff, even if there are any open handles to the per-user registry keys at user logoff.
+If you disable or don't configure this policy setting, Windows will always unload the user's registry at sign out, even if there are any open handles to the per-user registry keys at user sign out.
 <!--/Description-->
@ -179,11 +179,11 @@ ADMX Info:
 <!--Description-->
 This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software installation data on their profile deletion.
-By default Windows deletes all information related to a roaming user (which includes the user's settings, data, Windows Installer related data, and the like) when their profile is deleted. As a result, the next time a roaming user whose profile was previously deleted on that client logs on, they will need to reinstall all apps published via policy at logon increasing logon time. You can use this policy setting to change this behavior.
+By default Windows deletes all information related to a roaming user (which includes the user's settings, data, Windows Installer related data, and the like) when their profile is deleted. As a result, the next time roaming users whose profiles were previously deleted on that client sign in, they'll need to reinstall all apps published via policy at sign in, increasing sign-in time. You can use this policy setting to change this behavior.
-If you enable this policy setting, Windows will not delete Windows Installer or Group Policy software installation data for roaming users when profiles are deleted from the machine. This will improve the performance of Group Policy based Software Installation during user logon when a user profile is deleted and that user subsequently logs on to the machine.
+If you enable this policy setting, Windows won't delete Windows Installer or Group Policy software installation data for roaming users when profiles are deleted from the machine. This data retention will improve the performance of Group Policy-based Software Installation during user sign in when a user profile is deleted and that user later signs in to the machine.
-If you disable or do not configure this policy setting, Windows will delete the entire profile for roaming users, including the Windows Installer and Group Policy software installation data when those profiles are deleted.
+If you disable or don't configure this policy setting, Windows will delete the entire profile for roaming users, including the Windows Installer and Group Policy software installation data when those profiles are deleted.
 > [!NOTE]
 > If this policy setting is enabled for a machine, local administrator action is required to remove the Windows Installer or Group Policy software installation data stored in the registry and file system of roaming users' profiles on the machine.
@ -229,7 +229,7 @@ ADMX Info:
 <!--Description-->
 This policy setting sets the maximum size of each user profile and determines the system's response when a user profile reaches the maximum size. This policy setting affects both local and roaming profiles.
-If you disable this policy setting or do not configure it, the system does not limit the size of user profiles.
+If you disable this policy setting or don't configure it, the system doesn't limit the size of user profiles.
 If you enable this policy setting, you can:
@ -278,13 +278,13 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-This policy setting will automatically log off a user when Windows cannot load their profile. 
+This policy setting will automatically sign out a user when Windows can't load their profile. 
-If Windows cannot access the user profile folder or the profile contains errors that prevent it from loading, Windows logs on the user with a temporary profile. This policy setting allows the administrator to disable this behavior, preventing Windows from logging on the user with a temporary profile.
+If Windows can't access the user profile folder or the profile contains errors that prevent it from loading, Windows logs on the user with a temporary profile. This policy setting allows the administrator to disable this behavior, preventing Windows from logging on the user with a temporary profile.
-If you enable this policy setting, Windows will not log on a user with a temporary profile. Windows logs the user off if their profile cannot be loaded.
+If you enable this policy setting, Windows won't sign in users with a temporary profile. Windows signs out the users if their profiles can't be loaded.
-If you disable this policy setting or do not configure it, Windows logs on the user with a temporary profile when Windows cannot load their user profile.
+If you disable this policy setting or don't configure it, Windows logs on the user with a temporary profile when Windows can't load their user profile.
 Also, see the "Delete cached copies of roaming profiles" policy setting.
@ -335,7 +335,7 @@ This policy setting and related policy settings in this folder together define t
 If you enable this policy setting, you can change how long Windows waits for a response from the server before considering the connection to be slow.
-If you disable or do not configure this policy setting, Windows considers the network connection to be slow if the server returns less than 500 kilobits of data per second or take 120 milliseconds to respond.Consider increasing this value for clients using DHCP Service-assigned addresses or for computers accessing profiles across dial-up connections.Important: If the "Do not detect slow network connections" policy setting is enabled, this policy setting is ignored. Also, if the "Delete cached copies of roaming profiles" policy setting is enabled, there is no local copy of the roaming profile to load when the system detects a slow connection.
+If you disable or don't configure this policy setting, Windows considers the network connection to be slow if the server returns less than 500 kilobits of data per second or take 120 milliseconds to respond.Consider increasing this value for clients using DHCP Service-assigned addresses or for computers accessing profiles across dial-up connections.Important: If the "Do not detect slow network connections" policy setting is enabled, this policy setting is ignored. Also, if the "Delete cached copies of roaming profiles" policy setting is enabled, there's no local copy of the roaming profile to load when the system detects a slow connection.
 <!--/Description-->
@ -376,18 +376,18 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-This policy setting allows you to specify the location and root (file share or local path) of a user's home folder for a logon session.
+This policy setting allows you to specify the location and root (file share or local path) of a user's home folder for a sign-in session.
 If you enable this policy setting, the user's home folder is configured to the specified local or network location, creating a new folder for each user name.
 To use this policy setting, in the Location list, choose the location for the home folder. If you choose “On the network,” enter the path to a file share in the Path box (for example, \\\\ComputerName\ShareName), and then choose the drive letter to assign to the file share. If you choose “On the local computer,” enter a local path (for example, C:\HomeFolder) in the Path box.
-Do not specify environment variables or ellipses in the path. Also, do not specify a placeholder for the user name because the user name will be appended at logon.
+Don't specify environment variables or ellipses in the path. Also, don't specify a placeholder for the user name because the user name will be appended at sign in.
 > [!NOTE]
 > The Drive letter box is ignored if you choose “On the local computer” from the Location list. If you choose “On the local computer” and enter a file share, the user's home folder will be placed in the network location without mapping the file share to a drive letter.
-If you disable or do not configure this policy setting, the user's home folder is configured as specified in the user's Active Directory Domain Services account.
+If you disable or don't configure this policy setting, the user's home folder is configured as specified in the user's Active Directory Domain Services account.
 If the "Set Remote Desktop Services User Home Directory" policy setting is enabled, the “Set user home folder” policy setting has no effect.
@ -434,11 +434,11 @@ This setting prevents users from managing the ability to allow apps to access th
 If you enable this policy setting, sharing of user name, picture and domain information may be controlled by setting one of the following options:
- "Always on" - users will not be able to change this setting and the user's name and account picture will be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will also be able to retrieve the user's UPN, SIP/URI, and DNS.
+- "Always on" - users won't be able to change this setting and the user's name and account picture will be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will also be able to retrieve the user's UPN, SIP/URI, and DNS.
- "Always off" - users will not be able to change this setting and the user's name and account picture will not be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will not be able to retrieve the user's UPN, SIP/URI, and DNS. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources.
+- "Always off" - users won't be able to change this setting and the user's name and account picture won't be shared with apps (not desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability won't be able to retrieve the user's UPN, SIP/URI, and DNS. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources.
-If you do not configure or disable this policy the user will have full control over this setting and can turn it off and on. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources if users choose to turn the setting off.
+If you don't configure or disable this policy the user will have full control over this setting and can turn it off and on. Selecting this option may have a negative impact on certain enterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network resources if users choose to turn off the setting.
 <!--/Description-->
--- a/windows/client-management/mdm/policy-csp-admx-w32time.md
+++ b/windows/client-management/mdm/policy-csp-admx-w32time.md
@ -71,9 +71,9 @@ manager: dansimp
 <!--Description-->
 This policy setting allows you to specify Clock discipline and General values for the Windows Time service (W32time) for domain controllers including RODCs.
-If this policy setting is enabled, W32time Service on target machines use the settings provided here. Otherwise, the service on target machines use locally configured settings values.
+If this policy setting is enabled, W32time Service on target machines use the settings provided here. Otherwise, the Service on target machines use locally configured settings values.
-For more details on individual parameters, combinations of parameter values as well as definitions of flags, see https://go.microsoft.com/fwlink/?linkid=847809.
+For more information on individual parameters, combinations of parameter values, and definitions of flags, see https://go.microsoft.com/fwlink/?linkid=847809.
 **FrequencyCorrectRate**
 This parameter controls the rate at which the W32time corrects the local clock's frequency. Lower values cause slower corrections; larger values cause more frequent corrections. Default: 4 (scalar).
@ -117,7 +117,7 @@ This parameter controls special events that may be logged to the Event Viewer Sy
 This parameter indicates the maximum error in seconds that is reported by the NTP server to clients that are requesting a time sample. (Applies only when the NTP server is using the time of the local CMOS clock.) Default: 10 seconds.
 **MaxPollInterval**
-This parameter controls the maximum polling interval, which defines the maximum amount of time between polls of a peer. Default: 10 in log base-2, or 1024 seconds. (Should not be set higher than 15.)
+This parameter controls the maximum polling interval, which defines the maximum amount of time between polls of a peer. Default: 10 in log base-2, or 1024 seconds. (Shouldn't be set higher than 15.)
 **MinPollInterval**
 This parameter controls the minimum polling interval that defines the minimum amount of time between polls of a peer. Default: 6 in log base-2, or 64 seconds.
@ -126,10 +126,10 @@ This parameter controls the minimum polling interval that defines the minimum am
 This parameter indicates the maximum number of seconds a system clock can nominally hold its accuracy without synchronizing with a time source. If this period of time passes without W32time obtaining new samples from any of its input providers, W32time initiates a rediscovery of time sources. Default: 7800 seconds.
 **RequireSecureTimeSyncRequests**
-This parameter controls whether or not the DC will respond to time sync requests that use older authentication protocols. If enabled (set to 1), the DC will not respond to requests using such protocols. Default: 0 Boolean.
+This parameter controls whether or not the DC will respond to time sync requests that use older authentication protocols. If enabled (set to 1), the DC won't respond to requests using such protocols. Default: 0 Boolean.
 **UtilizeSslTimeData**
-This parameter controls whether W32time will use time data computed from SSL traffic on the machine as an additional input for correcting the local clock.  Default: 1 (enabled) Boolean
+This parameter controls whether W32time will use time data computed from SSL traffic on the machine as an extra input for correcting the local clock.  Default: 1 (enabled) Boolean
 **ClockAdjustmentAuditLimit**
 This parameter specifies the smallest local clock adjustments that may be logged to the W32time service event log on the target machine. Default: 800 Parts per million (PPM).
@ -143,10 +143,10 @@ This parameter specifies the maximum amount of time that an entry can remain in
 This parameter controls the maximum number of entries that are allowed in the chaining table. If the chaining table is full and no expired entries can be removed, any incoming requests are discarded. Default: 128 entries.
 **ChainMaxHostEntries**
-This parameter controls the maximum number of entries that are allowed in the chaining table for a particular host. Default: 4 entries.
+This parameter controls the maximum number of entries that are allowed in the chaining table for a particular host. Default: Four entries.
 **ChainDisable**
-This parameter controls whether or not the chaining mechanism is disabled. If chaining is disabled (set to 0), the RODC can synchronize with any domain controller, but hosts that do not have their passwords cached on the RODC will not be able to synchronize with the RODC. Default: 0 Boolean.
+This parameter controls whether or not the chaining mechanism is disabled. If chaining is disabled (set to 0), the RODC can synchronize with any domain controller, but hosts that don't have their passwords cached on the RODC won't be able to synchronize with the RODC. Default: 0 Boolean.
 **ChainLoggingRate**
 This parameter controls the frequency at which an event that indicates the number of successful and unsuccessful chaining attempts is logged to the System log in Event Viewer. Default: 30 minutes.
@ -195,7 +195,7 @@ This policy setting specifies a set of parameters for controlling the Windows NT
 If you enable this policy setting, you can specify the following parameters for the Windows NTP Client.
-If you disable or do not configure this policy setting, the Windows NTP Client uses the defaults of each of the following parameters.
+If you disable or don't configure this policy setting, the Windows NTP Client uses the defaults of each of the following parameters.
 **NtpServer**
 The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of ""dnsName,flags"" where ""flags"" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings.  The default value is ""time.windows.com,0x09"". 
@ -204,7 +204,7 @@ The Domain Name System (DNS) name or IP address of an NTP time source. This valu
 This value controls the authentication that W32time uses. The default value is NT5DS.
 **CrossSiteSyncFlags**
-This value, expressed as a bitmask, controls how W32time chooses time sources outside its own site. The possible values are 0, 1, and 2. Setting this value to 0 (None) indicates that the time client should not attempt to synchronize time outside its site. Setting this value to 1 (PdcOnly) indicates that only the computers that function as primary domain controller (PDC) emulator operations masters in other domains can be used as synchronization partners when the client has to synchronize time with a partner outside its own site. Setting a value of 2 (All) indicates that any synchronization partner can be used. This value is ignored if the NT5DS value is not set. The default value is 2 decimal (0x02 hexadecimal).
+This value, expressed as a bitmask, controls how W32time chooses time sources outside its own site. The possible values are 0, 1, and 2. Setting this value to 0 (None) indicates that the time client shouldn't attempt to synchronize time outside its site. Setting this value to 1 (PdcOnly) indicates that only the computers that function as primary domain controller (PDC) emulator operations masters in other domains can be used as synchronization partners when the client has to synchronize time with a partner outside its own site. Setting a value of 2 (All) indicates that any synchronization partner can be used. This value is ignored if the NT5DS value isn't set. The default value is 2 decimal (0x02 hexadecimal).
 **ResolvePeerBackoffMinutes**
 This value, expressed in minutes, controls how long W32time waits before it attempts to resolve a DNS name when a previous attempt failed. The default value is 15 minutes.
@ -216,7 +216,7 @@ This value controls how many times W32time attempts to resolve a DNS name before
 This NTP client value, expressed in seconds, controls how often a manually configured time source is polled when the time source is configured to use a special polling interval. If the SpecialInterval flag is enabled on the NTPServer setting, the client uses the value that is set as the SpecialPollInterval, instead of a variable interval between MinPollInterval and MaxPollInterval values, to determine how frequently to poll the time source. SpecialPollInterval must be in the range of [MinPollInterval, MaxPollInterval], else the nearest value of the range is picked. Default: 1024 seconds.
 **EventLogFlags**
-This value is a bitmask that controls events that may be logged to the System log in Event Viewer. Setting this value to 0x1 indicates that W32time will create an event whenever a time jump is detected. Setting this value to 0x2 indicates that W32time will create an event whenever a time source change is made. Because it is a bitmask value, setting 0x3 (the addition of 0x1 and 0x2) indicates that both time jumps and time source changes will be logged.
+This value is a bitmask that controls events that may be logged to the System log in Event Viewer. Setting this value to 0x1 indicates that W32time will create an event whenever a time jump is detected. Setting this value to 0x2 indicates that W32time will create an event whenever a time source change is made. Because it's a bitmask value, setting 0x3 (the addition of 0x1 and 0x2) indicates that both time jumps and time source changes will be logged.
 <!--/Description-->
@ -264,7 +264,7 @@ Enabling the Windows NTP Client allows your computer to synchronize its computer
 If you enable this policy setting, you can set the local computer clock to synchronize time with NTP servers.
-If you disable or do not configure this policy setting, the local computer clock does not synchronize time with NTP servers.
+If you disable or don't configure this policy setting, the local computer clock doesn't synchronize time with NTP servers.
 <!--/Description-->
@ -310,7 +310,7 @@ This policy setting allows you to specify whether the Windows NTP Server is enab
 If you enable this policy setting for the Windows NTP Server, your computer can service NTP requests from other computers.
-If you disable or do not configure this policy setting, your computer cannot service NTP requests from other computers.
+If you disable or don't configure this policy setting, your computer can't service NTP requests from other computers.
 <!--/Description-->