Merge branch 'master' into v-smandalika-5694287-B2

2025-06-20 04:43:37 +00:00 · 2022-02-16 11:09:02 +05:30
parent 8a4cf4b0be bd80d690a9
commit 3f4f7d548b
46 changed files with 575 additions and 1629 deletions
--- a/windows/client-management/mdm/Language-pack-management-csp.md
+++ b/windows/client-management/mdm/Language-pack-management-csp.md
@ -13,41 +13,71 @@ ms.date: 06/22/2021

 # Language Pack Management CSP

+The Language Pack Management CSP allows a direct way to provision languages remotely in Windows. MDMs like Intune can use management commands remotely to devices to configure language-related settings for System and new users.

-The Language Pack Management CSP allows a direct way to provision language packs remotely in Windows 10 and Windows 10 X. A separate CSP exists to allow provisioning of "optional FODs" (Handwriting recognition, Text-to-speech, and so on) associated with a language. MDMs like Intune can use management commands remotely to devices to configure language related settings.
+1. Enumerate installed languages and features with GET command on the "InstalledLanguages" node. Below are the samples:

-1. Enumerate installed languages with GET command on the "InstalledLanguages" node
- 
    **GET./Device/Vendor/MSFT/LanguagePackManagement/InstalledLanguages**
    **GET./Device/Vendor/MSFT/LanguagePackManagement/InstalledLanguages/zh-CN/Providers**
-    **GET./Device/Vendor/MSFT/LanguagePackManagement/InstalledLanguages/ja-JP/Providers** 
+    **GET./Device/Vendor/MSFT/LanguagePackManagement/InstalledLanguages/zh-CN/LanguageFeatures**
+    **GET./Device/Vendor/MSFT/LanguagePackManagement/InstalledLanguages/ja-JP/Providers**
+    **GET./Device/Vendor/MSFT/LanguagePackManagement/InstalledLanguages/ja-JP/LanguageFeatures**

-   The nodes under **InstalledLanguages** are the language tags of the installed languages. The **providers** node under language tag is the bit map representation of either "language pack (feature)" or [LXPs](https://www.microsoft.com/store/collections/localexperiencepacks?cat0=devices&rtc=1). 
-    - Indicates the language pack installed is a System Language Pack (non-LXP)
-    - Indicates that the LXP is installed.
-    - Indicates that both are installed.
+   The nodes under **InstalledLanguages** are the language tags of the installed languages. The **providers** node under language tag is an integer representation of either [language pack](/windows-hardware/manufacture/desktop/available-language-packs-for-windows?view=windows-11&preserve-view=true) or [LXPs](https://www.microsoft.com/store/collections/localexperiencepacks?cat0=devices&rtc=1).

-2. Install language pack features with the EXECUTE command on the **StartInstall** node of the language. For example, 
+    - **1**- Indicates that only the Language Pack cab is installed.
+    - **2**- Indicates that only the LXP is installed.
+    - **3**- Indicates that both are installed.

-    **ADD./Device/Vendor/MSFT/LanguagePackManagement/Install/fr-FR/**
-    **EXECUTE./Device/Vendor/MSFT/LanguagePackManagement/Install/fr-FR/StartInstallation**
+    The **LanguageFeatures** node is a bitmap representation of what [Language Features](/windows-hardware/manufacture/desktop/features-on-demand-language-fod?view=windows-11&preserve-view=true) are installed for a language on a device:

-    The installation is an asynchronous operation. You can query the **Status** node by using the following commands: 
+    - Basic Typing = 0x1
+    - Fonts = 0x2
+    - Handwriting = 0x4
+    - Speech = 0x8
+    - TextToSpeech = 0x10
+    - OCR = 0x20
+    - LocaleData = 0x40
+    - SupplementFonts = 0x80
+
+2. Install language pack and features with the EXECUTE command on the **StartInstallation** node of the language. The language installation will try to install the best matched language packs and features for the provided language.
+
+    > [!NOTE]
+    > If not previously set, installation will set the policy to block cleanup of unused language packs and features on the device to prevent unexpected deletion.
+
+    - Admins can optionally copy the language to the device’s international settings immediately after installation by using the REPLACE command on the "CopyToDeviceInternationalSettings" node of the language. false (default)- will take no action; true- will set the following international settings to reflect the newly installed language:
+        - System Preferred UI Language
+        - System Locale
+        - Default settings for new users
+             - Input Method (keyboard)
+             - Locale
+             - Speech Recognizer
+             - User Preferred Language List
+    - Admins can optionally configure whether they want to install all available language features during installation using the REPLACE command on the "EnableLanguageFeatureInstallations" node of the language. false- will install only required features; true (default)- will install all available features.
+
+    Here are the sample commands to install French language with required features and copy to the device's international settings:
+
+    1. **ADD ./Device/Vendor/MSFT/LanguagePackManagement/Install/fr-FR/**
+    2. **REPLACE ./Device/Vendor/MSFT/LanguagePackManagement/Install/fr-FR/CopyToDeviceInternationalSettings (true)**
+    3. **REPLACE ./Device/Vendor/MSFT/LanguagePackManagement/Install/fr-FR/EnableLanguageFeatureInstallations (false)**
+    4. **EXECUTE ./Device/Vendor/MSFT/LanguagePackManagement/Install/fr-FR/StartInstallation**
+
+    The installation is an asynchronous operation. You can query the **Status** or **ErrorCode** nodes by using the following commands:

    **GET./Device/Vendor/MSFT/LanguagePackManagement/Install/fr-FR/Status**
    **GET./Device/Vendor/MSFT/LanguagePackManagement/Install/fr-FR/ErrorCode**

-    Status: 0 – not started; 1 – in process; 2 – succeeded; 3 – failed. ErrorCode is a HRESULT that could help diagnosis if the installation failed.
+    Status: 0 – not started; 1 – in progress; 2 – succeeded; 3 – failed; 4 - partial success (A partial success indicates not all the provisioning operations succeeded, for example, there was an error installing the language pack or features).

-    > [!NOTE]
-    > If IT admin has NOT set the policy of blocking cleanup of unused language packs, this command will fail.  
+    ErrorCode: An HRESULT that could help diagnosis if the installation failed or partially failed.

-3. Delete installed Language with the DELETE command on the installed language tag. The delete command is a fire and forget operation. The deletion will run in background. IT admin can query the installed language later and resend the command if needed.
+3. Delete installed Language with the DELETE command on the installed language tag. The delete command is a fire and forget operation. The deletion will run in background. IT admin can query the installed language later and resend the command if needed. Below is a sample command to delete the zh-CN language.

+   **DELETE./Device/Vendor/MSFT/LanguagePackManagement/InstalledLanguages/zh-CN**

-   **DELETE./Device/Vendor/MSFT/LanguagePackManagement/InstalledLanguages/zh-CN(Delete command)**
+   > [!NOTE]
+   > The deletion will ignore the policy of block cleanup of unused language packs.

 4. Get/Set System Preferred UI Language with GET or REPLACE command on the "SystemPreferredUILanguages" Node

-
   **./Device/Vendor/MSFT/LanguagePackManagement/LanguageSettings/SystemPreferredUILanguages**
--- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
@ -1068,7 +1068,7 @@ If this policy setting is disabled or not configured, then the consent level def

 <!--ADMXBacked-->
 ADMX Info:  
-   GP English name: *Configure Default consent*
+-   GP Friendly name: *Configure Default consent*
 -   GP name: *WerDefaultConsent_1*
 -   GP path: *Windows Components\Windows Error Reporting\Consent*
 -   GP ADMX file name: *ErrorReporting.admx*
@ -1166,7 +1166,7 @@ If you disable or do not configure this policy setting, the Turn off Windows Err

 <!--ADMXBacked-->
 ADMX Info:  
-   GP English name: *Disable Windows Error Reporting*
+-   GP Friendly name: *Disable Windows Error Reporting*
 -   GP name: *WerDisable_1*
 -   GP path: *Windows Components\Windows Error Reporting*
 -   GP ADMX file name: *ErrorReporting.admx*
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@ -67,7 +67,7 @@ The following list shows the supported values:

 <!--ADMXMapped-->
 ADMX Info:  
- GP English name: *Configure Microsoft Defender Application Guard clipboard settings*
+- GP Friendly name: *Configure Microsoft Defender Application Guard clipboard settings*
 - GP name: *AppHVSIClipboardFileType*
 - GP path: *Windows Components/Microsoft Defender Application Guard*
 - GP ADMX file name: *AppHVSI.admx*
@ -91,7 +91,7 @@ The following list shows the supported values:

 <!--ADMXMapped-->
 ADMX Info:  
- GP English name: *Configure Microsoft Defender Application Guard clipboard settings*
+- GP Friendly name: *Configure Microsoft Defender Application Guard clipboard settings*
 - GP name: *AppHVSIClipboardSettings*
 - GP path: *Windows Components/Microsoft Defender Application Guard*
 - GP ADMX file name: *AppHVSI.admx*
@ -124,7 +124,7 @@ The following list shows the supported values:

 <!--ADMXMapped-->
 ADMX Info:  
- GP English name: *Configure Microsoft Defender Application Guard print settings*
+- GP Friendly name: *Configure Microsoft Defender Application Guard print settings*
 - GP name: *AppHVSIPrintingSettings*
 - GP path: *Windows Components/Microsoft Defender Application Guard*
 - GP ADMX file name: *AppHVSI.admx*
@ -146,7 +146,7 @@ The following list shows the supported values:

 <!--ADMXMapped-->
 ADMX Info:  
- GP English name: *Prevent enterprise websites from loading non-enterprise content in Microsoft Edge and Internet Explorer*
+- GP Friendly name: *Prevent enterprise websites from loading non-enterprise content in Microsoft Edge and Internet Explorer*
 - GP name: *BlockNonEnterpriseContent*
 - GP path: *Windows Components/Microsoft Defender Application Guard*
 - GP ADMX file name: *AppHVSI.admx*
@ -165,7 +165,7 @@ The following list shows the supported values:

 <!--ADMXMapped-->
 ADMX Info:  
- GP English name: *Allow data persistence for Microsoft Defender Application Guard*
+- GP Friendly name: *Allow data persistence for Microsoft Defender Application Guard*
 - GP name: *AllowPersistence*
 - GP path: *Windows Components/Microsoft Defender Application Guard*
 - GP ADMX file name: *AppHVSI.admx*
@ -189,7 +189,7 @@ The following list shows the supported values:

 <!--ADMXMapped-->
 ADMX Info:  
- GP English name: *Allow hardware-accelerated rendering for Microsoft Defender Application Guard*
+- GP Friendly name: *Allow hardware-accelerated rendering for Microsoft Defender Application Guard*
 - GP name: *AllowVirtualGPU*
 - GP path: *Windows Components/Microsoft Defender Application Guard*
 - GP ADMX file name: *AppHVSI.admx*
@ -208,7 +208,7 @@ The following list shows the supported values:

 <!--ADMXMapped-->
 ADMX Info:  
- GP English name: *Allow files to download and save to the host operating system from Microsoft Defender Application Guard*
+- GP Friendly name: *Allow files to download and save to the host operating system from Microsoft Defender Application Guard*
 - GP name: *SaveFilesToHost*
 - GP path: *Windows Components/Microsoft Defender Application Guard*
 - GP ADMX file name: *AppHVSI.admx*
@ -230,7 +230,7 @@ If you disable or don’t configure this setting, certificates are not shared wi

 <!--ADMXMapped-->
 ADMX Info:  
- GP English name: *Allow Microsoft Defender Application Guard to use Root Certificate Authorities from the user's device*
+- GP Friendly name: *Allow Microsoft Defender Application Guard to use Root Certificate Authorities from the user's device*
 - GP name: *CertificateThumbprints*
 - GP path: *Windows Components/Microsoft Defender Application Guard*
 - GP ADMX file name: *AppHVSI.admx*
@ -259,7 +259,7 @@ The following list shows the supported values:

 <!--ADMXMapped-->
 ADMX Info:  
- GP English name: *Allow camera and microphone access in Microsoft Defender Application Guard*
+- GP Friendly name: *Allow camera and microphone access in Microsoft Defender Application Guard*
 - GP name: *AllowCameraMicrophoneRedirection*
 - GP path: *Windows Components/Microsoft Defender Application Guard*
 - GP ADMX file name: *AppHVSI.admx*
@ -317,7 +317,7 @@ The following list shows the supported values:

 <!--ADMXMapped-->
 ADMX Info:  
- GP English name: *Allow auditing events in Microsoft Defender Application Guard*
+- GP Friendly name: *Allow auditing events in Microsoft Defender Application Guard*
 - GP name: *AuditApplicationGuard*
 - GP path: *Windows Components/Microsoft Defender Application Guard*
 - GP ADMX file name: *AppHVSI.admx*
--- a/windows/client-management/troubleshoot-tcpip-port-exhaust.md
+++ b/windows/client-management/troubleshoot-tcpip-port-exhaust.md
@ -7,7 +7,7 @@ ms.topic: troubleshooting
 author: dansimp
 ms.localizationpriority: medium
 ms.author: dansimp
-ms.date: 12/06/2018
+ms.date: 02/07/2022
 ms.reviewer: 
 manager: dansimp
 ms.collection: highpri
@ -22,9 +22,9 @@ There are two types of ports:
 - *Ephemeral ports*, which are usually dynamic ports, are the set of ports that every machine by default will have them to make an outbound connection.
 - *Well-known ports* are the defined port for a particular application or service. For example, file server service is on port 445, HTTPS is 443, HTTP is 80, and RPC is 135. Custom application will also have their defined port numbers.
 
-Clients when connecting to an application or service will make use of an ephemeral port from its machine to connect to a well-known port defined for that application or service. A browser on a client machine will use an ephemeral port to connect to https://www.microsoft.com on port 443.
+When connecting to an application or service, client devices use an ephemeral port from the device to connect to a well-known port defined for that application or service. A browser on a client machine will use an ephemeral port to connect to `https://www.microsoft.com` on port 443.
 
-In a scenario where the same browser is creating a lot of connections to multiple website, for any new connection that the browser is attempting, an ephemeral port is used. After some time, you will notice that the connections will start to fail and one high possibility for this would be because the browser has used all the available ports to make connections outside and any new attempt to establish a connection will fail as there are no more ports available. When all the ports are on a machine are used, we term it as *port exhaustion*. 
+In a scenario where the same browser is creating a lot of connections to multiple websites, for any new connection that the browser is attempting, an ephemeral port is used. After some time, you will notice that the connections will start to fail and one high possibility for this would be because the browser has used all the available ports to make connections outside and any new attempt to establish a connection will fail as there are no more ports available. When all the ports on a machine are used, we term it as *port exhaustion*. 
 
 ## Default dynamic port range for TCP/IP
 
@ -95,16 +95,16 @@ If you suspect that the machine is in a state of port exhaustion:

    ![Screenshot of netstate command output.](images/tcp-ts-20.png)

-    After a graceful closure or an abrupt closure of a session, after a period of 4 minutes (default), the port used the process or application would be released back to the available pool. During this 4 minutes, the TCP connection state will be TIME_WAIT state. In a situation where you suspect port exhaustion, an application or process will not be able to release all the ports that it has consumed and will remain in the TIME_WAIT state.
+    After a graceful closure or an abrupt closure of a session, after a period of 4 minutes (default), the port used by the process or application would be released back to the available pool. During this 4 minutes, the TCP connection state will be TIME_WAIT state. In a situation where you suspect port exhaustion, an application or process will not be able to release all the ports that it has consumed and will remain in the TIME_WAIT state.
     
-    You may also see CLOSE_WAIT state connections in the same output, however CLOSE_WAIT state is a state when one side of the TCP peer has no more data to send (FIN sent) but is able to receive data from the other end. This state does not necessarily indicate port exhaustion.
+    You might also see CLOSE_WAIT state connections in the same output; however, CLOSE_WAIT state is a state when one side of the TCP peer has no more data to send (FIN sent) but is able to receive data from the other end. This state does not necessarily indicate port exhaustion.
     
-    >[!Note]
-    >Having huge connections in TIME_WAIT state does not always indicate that the server is currently out of ports unless the first two points are verified. Having lot of TIME_WAIT connections does indicate that the process is creating lot of TCP connections and may eventually lead to port exhaustion.
+    > [!Note]
+    > Having huge connections in TIME_WAIT state does not always indicate that the server is currently out of ports unless the first two points are verified. Having lot of TIME_WAIT connections does indicate that the process is creating lot of TCP connections and may eventually lead to port exhaustion.
    >
-    >Netstat has been updated in Windows 10 with the addition of the **-Q** switch to show ports that have transitioned out of time wait as in the BOUND state.  An update for Windows 8.1 and Windows Server 2012 R2 has been released that contains this functionality. The PowerShell cmdlet `Get-NetTCPConnection` in Windows 10 also shows these BOUND ports.
+    > Netstat has been updated in Windows 10 with the addition of the **-Q** switch to show ports that have transitioned out of time wait as in the BOUND state.  An update for Windows 8.1 and Windows Server 2012 R2 has been released that contains this functionality. The PowerShell cmdlet `Get-NetTCPConnection` in Windows 10 also shows these BOUND ports.
    >
-    >Until 10/2016, netstat was inaccurate. Fixes for netstat, back-ported to 2012 R2, allowed Netstat.exe and Get-NetTcpConnection to correctly report TCP or UDP port usage in Windows Server 2012 R2. See [Windows Server 2012 R2: Ephemeral ports hotfixes](https://support.microsoft.com/help/3123245/update-improves-port-exhaustion-identification-in-windows-server-2012) to learn more.
+    > Until 10/2016, netstat was inaccurate. Fixes for netstat, back-ported to 2012 R2, allowed Netstat.exe and Get-NetTcpConnection to correctly report TCP or UDP port usage in Windows Server 2012 R2. See [Windows Server 2012 R2: Ephemeral ports hotfixes](https://support.microsoft.com/help/3123245/update-improves-port-exhaustion-identification-in-windows-server-2012) to learn more.
 
 4. Open a command prompt in admin mode and run the below command

@ -164,7 +164,7 @@ Steps to use Process explorer:
 
 Finally, if the above methods did not help you isolate the process, we suggest you collect a complete memory dump of the machine in the issue state. The dump will tell you which process has the maximum handles.
 
-As a workaround, rebooting the computer will get the it back in normal state and would help you resolve the issue for the time being. However, when a reboot is impractical, you can also consider increasing the number of ports on the machine using the below commands:
+As a workaround, rebooting the computer will get it back in normal state and would help you resolve the issue for the time being. However, when a reboot is impractical, you can also consider increasing the number of ports on the machine using the below commands:

 ```console
 netsh int ipv4 set dynamicport tcp start=10000 num=1000