From 845d72331e0a198abcdcf14cc23cc530e8b1a69c Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Tue, 12 Mar 2019 09:40:19 -0700 Subject: [PATCH 1/7] Update change-history-for-surface.md --- devices/surface/change-history-for-surface.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md index 9c34783c79..e798c6b6dc 100644 --- a/devices/surface/change-history-for-surface.md +++ b/devices/surface/change-history-for-surface.md @@ -13,6 +13,13 @@ ms.topic: article This topic lists new and updated topics in the Surface documentation library. +## March 2019 + +New or changed topic | Description +--- | --- +[System SKU reference](surface-system-sku-reference.md) | New + + ## February 2019 New or changed topic | Description From 0f2bcdabeff336bd39d4700337f670be56fdfffa Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Tue, 12 Mar 2019 09:41:36 -0700 Subject: [PATCH 2/7] Update change-history-for-surface.md --- devices/surface/change-history-for-surface.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md index e798c6b6dc..271b1cc5e2 100644 --- a/devices/surface/change-history-for-surface.md +++ b/devices/surface/change-history-for-surface.md @@ -17,7 +17,7 @@ This topic lists new and updated topics in the Surface documentation library. New or changed topic | Description --- | --- -[System SKU reference](surface-system-sku-reference.md) | New +[Surface System SKU reference](surface-system-sku-reference.md) | New ## February 2019 From 46116bb4c9c486f993dc6bc9722763cbfe581d6e Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Thu, 14 Mar 2019 09:36:06 -0700 Subject: [PATCH 3/7] Update TOC.md Add new page - Surface System SKU reference. --- devices/surface/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md index df57cb2c6d..c83a77a2bd 100644 --- a/devices/surface/TOC.md +++ b/devices/surface/TOC.md @@ -24,6 +24,7 @@ ## [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md) ## [Manage Surface UEFI settings](manage-surface-uefi-settings.md) ### [Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md) +### [Surface System SKU reference](surface-system-sku-reference.md) ## [Surface Enterprise Management Mode](surface-enterprise-management-mode.md) ### [Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md) ### [Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md) From 1170fbc8d4fda2c393a3d3321f183d229c9ce886 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 18 Mar 2019 21:49:52 +0500 Subject: [PATCH 4/7] Update create-global-objects.md remove paragraph not related to global objects --- .../security-policy-settings/create-global-objects.md | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/create-global-objects.md b/windows/security/threat-protection/security-policy-settings/create-global-objects.md index d6d7af1bda..5b2eef2194 100644 --- a/windows/security/threat-protection/security-policy-settings/create-global-objects.md +++ b/windows/security/threat-protection/security-policy-settings/create-global-objects.md @@ -89,16 +89,6 @@ By default, members of the **Administrators** group, the System account, and ser When non-administrators need to access a server using Remote Desktop, add the users to the **Remote Desktop Users** group rather than assining them this user right. -### Vulnerability - ->**Caution:**  A user account that is given this user right has complete control over the system, and it can lead to the system being compromised. We highly recommend that you do not assign this right to any user accounts. -  -Windows examines a user's access token to determine the level of the user's privileges. Access tokens are built when users log on to the local device or connect to a remote device over a network. When you revoke a privilege, the change is immediately recorded, but the change is not reflected in the user's access token until the next time the user logs on or connects. Users with the ability to create or modify tokens can change the level of access for any currently logged on account. They could escalate their privileges or create a denial-of-service (DoS) condition. - -### Countermeasure - -Do not assign the **Create a token object** user right to any users. Processes that require this user right should use the Local System account, which already includes it, instead of a separate user account with this user right assigned. - ### Potential impact None. Not Defined is the default domain policy configuration. From 3b07ac2ad46827aed2f25f5a59c5e30e9cdf4e54 Mon Sep 17 00:00:00 2001 From: illfated Date: Wed, 20 Mar 2019 03:16:40 +0100 Subject: [PATCH 5/7] Windows/Deployment: fix bad MarkDown keyword & its placement - remove incorrect space between code block fence ``` and keyword - replace invalid keyword "syntax" with valid keyword 'powershell' - retract last code line (parameter) back to its parent command line Resolves #2982 (formatting issue) --- .../deploy-a-windows-10-image-using-mdt.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 049d352939..c75048f117 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -42,11 +42,10 @@ These steps will show you how to configure an Active Directory account with the 5. User cannot change password: Select 6. Password never expires: Select 3. In an elevated Windows PowerShell prompt (run as Administrator), run the following commands and press **Enter** after each command: - ``` syntax + ```powershell Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force Set-Location C:\Setup\Scripts - .\Set-OUPermissions.ps1 -Account MDT_JD - -TargetOU "OU=Workstations,OU=Computers,OU=Contoso" + .\Set-OUPermissions.ps1 -Account MDT_JD -TargetOU "OU=Workstations,OU=Computers,OU=Contoso" ``` 4. The Set-OUPermissions.ps1 script allows the MDT\_JD user account permissions to manage computer accounts in the Contoso / Computers OU. Below you find a list of the permissions being granted: 1. Scope: This object and all descendant objects From a0c73b5247b19985bc982f30324feb9598516b2e Mon Sep 17 00:00:00 2001 From: Lindsay <45809756+lindspea@users.noreply.github.com> Date: Wed, 20 Mar 2019 12:45:34 +0200 Subject: [PATCH 6/7] Update get-minecraft-for-education.md Removed Microsoft classroom. --- education/windows/get-minecraft-for-education.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/get-minecraft-for-education.md b/education/windows/get-minecraft-for-education.md index b4d1febe79..2f77a266c0 100644 --- a/education/windows/get-minecraft-for-education.md +++ b/education/windows/get-minecraft-for-education.md @@ -34,7 +34,7 @@ Teachers and IT administrators can now get early access to **Minecraft: Educatio - **Minecraft: Education Edition** requires Windows 10. - Trials or subscriptions of **Minecraft: Education Edition** are offered to education tenants that are managed by Azure Active Directory (Azure AD). - If your school doesn't have an Azure AD tenant, the [IT administrator can set one up](school-get-minecraft.md) as part of the process of getting **Minecraft: Education Edition**. - * Office 365 Education, which includes online versions of Office apps plus 1 TB online storage and [Microsoft Classroom](https://classroom.microsoft.com/), is free for teachers and students. [Sign up your school for Office 365 Education.](https://products.office.com/academic/office-365-education-plan) + * Office 365 Education, which includes online versions of Office apps plus 1 TB online storage. [Sign up your school for Office 365 Education.](https://products.office.com/academic/office-365-education-plan) * If your school has an Office 365 Education subscription, it includes a free Azure AD subscription. [Register your free Azure AD subscription.](https://msdn.microsoft.com/library/windows/hardware/mt703369%28v=vs.85%29.aspx) From 39ee82ff76765b8182b67318d67d97db84b2e0f0 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 20 Mar 2019 05:36:23 -0700 Subject: [PATCH 7/7] add missing surface topic --- .../surface/surface-system-sku-reference.md | 59 +++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 devices/surface/surface-system-sku-reference.md diff --git a/devices/surface/surface-system-sku-reference.md b/devices/surface/surface-system-sku-reference.md new file mode 100644 index 0000000000..ca870c7065 --- /dev/null +++ b/devices/surface/surface-system-sku-reference.md @@ -0,0 +1,59 @@ +--- +title: System SKU reference (Surface) +description: See a reference of System Model and System SKU names. +keywords: uefi, configure, firmware, secure, semm +ms.prod: w10 +ms.mktglfcycl: manage +ms.pagetype: surface, devices, security +ms.sitesec: library +author: coveminer +ms.author: v-jokai +ms.topic: article +ms.date: 03/20/2019 +--- + +# System SKU reference + +This document provides a reference of System Model and System SKU names that you can use to quickly determine the machine state of a specific device using PowerShell, WMI, + +System Model and System SKU are variables stored in System Management BIOS (SMBIOS) tables in the UEFI layer of Surface devices. The System SKU name is required to differentiate between devices with the same System Model name, such as Surface Pro and Surface Pro with LTE Advanced. + +| Device | System Model | System SKU | +| ---------- | ----------- | -------------- | +| Surface 3 WiFI | Surface 3 | Surface_3 | +| Surface 3 LTE AT&T | Surface 3 | Surface_3_US1 | +| Surface 3 LTE Verizon | Surface 3 | Surface_3_US2 | +| Surface 3 LTE North America | Surface 3 | Surface_3_NAG | +| Surface 3 LTE Outside of North America and T-Mobile In Japan | Surface 3 | Surface_3_ROW | +| Surface Pro | Surface Pro | Surface_Pro_1796 | +| Surface Pro with LTE Advanced | Surface Pro | Surface_Pro_1807 | +| Surface Book 2 13inch | Surface Book 2 | Surface_Book_1832 | +| Surface Book 2 15inch | Surface Book 2 | Surface_Book_1793 | +| Surface Go Consumer | Surface Go | Surface_Go_1824_Consumer | +| Surface Go Commercial | Surface Go | Surface_Go_1824_Commercial | +| Surface Pro 6 Consumer | Surface Pro 6 | Surface_Pro_6_1796_Consumer | +| Surface Pro 6 Commercial | Surface Pro 6 | Surface_Pro_6_1796_Commercial | +| Surface Laptop 2 Consumer | Surface Laptop 2 | Surface_Laptop_2_1769_Consumer | +| Surface Laptop 2 Commercial | Surface Laptop 2 | Surface_Laptop_2_1769_Commercial | + +## Examples + +**PowerShell** + Use the following PowerShell command to pull System SKU: + + ``` +gwmi -namespace root\wmi -class MS_SystemInformation | select SystemSKU +``` + +**System Information** +You can also find the System SKU and System Model for a device in System Information. + +- Go to **Start** > **MSInfo32**. + +One example of how you could use this in Microsoft Deployment Toolkit (MDT) or System Center Configuration Manager is as part of a Task Sequence WMI Condition. For example: + +**Task Sequence WMI Condition** + + + - WMI Namespace – Root\WMI + - WQL Query – SELECT * FROM MS_SystemInformation WHERE SystemSKU = "Surface_Pro_1796" \ No newline at end of file