From 3959873286956465627adeb5a66c7dab0aee6cad Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Thu, 25 Nov 2021 16:28:50 +0530 Subject: [PATCH 01/21] Added missing CSPs in Update.md Added the following policy entries: - Update/ConfigureDeadlineGracePeriodForFeatureUpdates - Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection - Update/SetPolicyDrivenUpdateSourceForDriverUpdates - Update/SetPolicyDrivenUpdateSourceForFeatureUpdates - Update/SetPolicyDrivenUpdateSourceForOtherUpdates - Update/SetPolicyDrivenUpdateSourceForQualityUpdates --- .../policy-configuration-service-provider.md | 18 + .../mdm/policy-csp-update.md | 482 ++++++++++++++++++ 2 files changed, 500 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index bbd3101f94..8edcf7dfe8 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -8564,6 +8564,9 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
Update/ConfigureDeadlineGracePeriod
+
+ Update/ConfigureDeadlineGracePeriodForFeatureUpdates +
Update/ConfigureDeadlineNoAutoReboot
@@ -8591,6 +8594,9 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
Update/DisableWUfBSafeguards
+
+ Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection +
Update/EngagedRestartDeadline
@@ -8687,6 +8693,18 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
Update/SetEDURestart
+
+ Update/SetPolicyDrivenUpdateSourceForDriverUpdates +
+
+ Update/SetPolicyDrivenUpdateSourceForFeatureUpdates +
+
+ Update/SetPolicyDrivenUpdateSourceForOtherUpdates +
+
+ Update/SetPolicyDrivenUpdateSourceForQualityUpdates +
Update/SetProxyBehaviorForUpdateDetection
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index c38caf5830..960936ef4d 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -72,6 +72,9 @@ manager: dansimp
Update/ConfigureDeadlineGracePeriod
+
+ Update/ConfigureDeadlineGracePeriodForFeatureUpdates +
Update/ConfigureDeadlineNoAutoReboot
@@ -99,6 +102,9 @@ manager: dansimp
Update/DisableWUfBSafeguards
+
+ Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection +
Update/EngagedRestartDeadline
@@ -195,6 +201,18 @@ manager: dansimp
Update/SetEDURestart
+
+ Update/SetPolicyDrivenUpdateSourceForDriverUpdates +
+
+ Update/SetPolicyDrivenUpdateSourceForFeatureUpdates +
+
+ Update/SetPolicyDrivenUpdateSourceForOtherUpdates +
+
+ Update/SetPolicyDrivenUpdateSourceForQualityUpdates +
Update/SetProxyBehaviorForUpdateDetection
@@ -1515,6 +1533,77 @@ Default value is 2.
+ +**Update/ConfigureDeadlineGracePeriodForFeatureUpdates** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Allows IT admins to set different grace periods for both Quality Updates and Feature Updates. Specifically, when used with used with [Update/ConfigureDeadlineForFeatureUpdates](#update-configuredeadlineforfeatureupdates). + +IT Admins will be able to specify a minimum number of days until restarts occur automatically for Featur Updates. Setting the grace period may extend the effective deadline set by the deadline policies specifically for Feature Updates. + + + + +Supports a numeric value from 0 - 7, which indicates the minimum number of days. + +Default value is 2. + + + + + + + + + +
+ **Update/ConfigureDeadlineNoAutoReboot** @@ -2250,6 +2339,80 @@ The following list shows the supported values:
+ +**Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +To ensure the highest levels of security, we recommended leveraging WSUS TLS certificate pinning on all devices. + +By default, certificate pinning for Windows Update client is not enforced. + + + +ADMX Info: +- GP Friendly name: *Allow user proxy to be used as a fallback if detection using system proxy fails* +- GP name: *Allow user proxy to be used as a fallback if detection using system proxy fails* +- GP path: *Windows Update\SpecifyintranetMicrosoftupdateserviceLocation* +- GP ADMX file name: *WindowsUpdate.admx* + + + +The following list shows the supported values: + +- 0 (default) -Do not enforce certificate pinning +- 1 - Do not enforce certificate pinning + + + + +
+ **Update/EngagedRestartDeadline** @@ -4557,6 +4720,325 @@ The following list shows the supported values:
+ +**Update/SetPolicyDrivenUpdateSourceForDriverUpdates** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. + +If you configure this policy, please also configure the scan source policies for other update types: +- SetPolicyDrivenUpdateSourceForFeatureUpdates +- SetPolicyDrivenUpdateSourceForQualityUpdates +- SetPolicyDrivenUpdateSourceForOtherUpdates + +>[!NOTE] +>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. + + + +ADMX Info: +- GP Friendly name: *Specify source service for specific classes of Windows Updates* +- GP name: *SetPolicyDrivenUpdateSourceForDriverUpdates* +- GP path: *Windows Components/Windows Update* +- GP ADMX file name: *WindowsUpdate.admx* + + + +The following list shows the supported values: + +- 0: (Default) Detect, download and deploy Driver Updates from Windows Update +- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) + + + + +
+ + +**Update/SetPolicyDrivenUpdateSourceForFeatureUpdates** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. + +If you configure this policy, please also configure the scan source policies for other update types: +- SetPolicyDrivenUpdateSourceForQualityUpdates +- SetPolicyDrivenUpdateSourceForDriverUpdates +- SetPolicyDrivenUpdateSourceForOtherUpdates + +>[!NOTE] +>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. + + + +ADMX Info: +- GP Friendly name: *Specify source service for specific classes of Windows Updates* +- GP name: *SetPolicyDrivenUpdateSourceForFeatureUpdates* +- GP path: *Windows Components/Windows Update* +- GP ADMX file name: *WindowsUpdate.admx* + + + +The following list shows the supported values: + +- 0: (Default) Detect, download and deploy Driver Updates from Windows Update +- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) + + + + +
+ + +**Update/SetPolicyDrivenUpdateSourceForOtherUpdates** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. + +If you configure this policy, please also configure the scan source policies for other update types: +- SetPolicyDrivenUpdateSourceForFeatureUpdates +- SetPolicyDrivenUpdateSourceForQualityUpdates +- SetPolicyDrivenUpdateSourceForDriverUpdates + +>[!NOTE] +>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. + + + +ADMX Info: +- GP Friendly name: *Specify source service for specific classes of Windows Updates* +- GP name: *SetPolicyDrivenUpdateSourceForOtherUpdates* +- GP path: *Windows Components/Windows Update* +- GP ADMX file name: *WindowsUpdate.admx* + + + +The following list shows the supported values: + +- 0: (Default) Detect, download and deploy Driver Updates from Windows Update +- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) + + + + +
+ + +**Update/SetPolicyDrivenUpdateSourceForQualityUpdates** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. + +If you configure this policy, please also configure the scan source policies for other update types: +- SetPolicyDrivenUpdateSourceForFeatureUpdates +- SetPolicyDrivenUpdateSourceForDriverUpdates +- SetPolicyDrivenUpdateSourceForOtherUpdates + +>[!NOTE] +>If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. + + + +ADMX Info: +- GP Friendly name: *Specify source service for specific classes of Windows Updates* +- GP name: *SetPolicyDrivenUpdateSourceForQualityUpdates* +- GP path: *Windows Components/Windows Update* +- GP ADMX file name: *WindowsUpdate.admx* + + + +The following list shows the supported values: + +- 0: (Default) Detect, download and deploy Driver Updates from Windows Update +- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) + + + + +
**Update/SetProxyBehaviorForUpdateDetection** From 96fd9a3ac70bcfa45adc0d7e4c4a082da8a99f69 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Thu, 25 Nov 2021 17:58:58 +0530 Subject: [PATCH 02/21] Created new CSP WindowsAutoplot.md Created new CSP WindowsAutoplot.md and added : - WindowsAutoPilot/EnableAgilityPostEnrollment --- .../policy-configuration-service-provider.md | 8 ++ .../mdm/policy-csp-windowsautopilot.md | 99 +++++++++++++++++++ windows/client-management/mdm/toc.yml | 2 + 3 files changed, 109 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-windowsautopilot.md diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index bbd3101f94..64af85d07a 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -8823,6 +8823,14 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC +### WindowsAutoPilot policies + +
+
+ WindowsAutoPilot/EnableAgilityPostEnrollment +
+
+ ### WindowsConnectionManager policies
diff --git a/windows/client-management/mdm/policy-csp-windowsautopilot.md b/windows/client-management/mdm/policy-csp-windowsautopilot.md new file mode 100644 index 0000000000..4553c96016 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-windowsautopilot.md @@ -0,0 +1,99 @@ +--- +title: Policy CSP - WindowsAutoPilot +description: Learn to use the Policy CSP - WindowsAutoPilot setting to enable or disable Autopilot Agility feature. +ms.author: dansimp +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: aljupudi +ms.localizationpriority: medium +ms.date: 11/25/2021 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - WindowsAutoPilot + + + +
+ + +## WindowsAutoPilot policies + +
+
+ WindowsAutoPilot/EnableAgilityPostEnrollment +
+
+ + +
+ + +**WindowsAutoPilot/EnableAgilityPostEnrollment** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy enables Windows Autopilot to be kept up-to-date during the out-of-box experience after MDM enrollment. + + + + + + + + + + + + +
+ + + diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index 7a1fa1b52f..f14db2442b 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -833,6 +833,8 @@ items: href: policy-csp-userrights.md - name: Wifi href: policy-csp-wifi.md + - name: WindowsAutoPilot + href: policy-csp-windowsautopilot.md - name: WindowsConnectionManager href: policy-csp-windowsconnectionmanager.md - name: WindowsDefenderSecurityCenter From 8266c6d0e65501fbd692a85342e2a4608cdcd4ee Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Fri, 26 Nov 2021 11:32:24 +0530 Subject: [PATCH 03/21] check! --- windows/client-management/mdm/policy-csp-windowsautopilot.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-windowsautopilot.md b/windows/client-management/mdm/policy-csp-windowsautopilot.md index 4553c96016..b03d3cddfe 100644 --- a/windows/client-management/mdm/policy-csp-windowsautopilot.md +++ b/windows/client-management/mdm/policy-csp-windowsautopilot.md @@ -96,4 +96,3 @@ This policy enables Windows Autopilot to be kept up-to-date during the out-of-bo
- From 957b6ad6b4557ada7dc32653a03921bf1a6d4025 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Fri, 26 Nov 2021 11:40:21 +0530 Subject: [PATCH 04/21] author name fix --- windows/client-management/mdm/policy-csp-windowsautopilot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-windowsautopilot.md b/windows/client-management/mdm/policy-csp-windowsautopilot.md index b03d3cddfe..fedfc265ec 100644 --- a/windows/client-management/mdm/policy-csp-windowsautopilot.md +++ b/windows/client-management/mdm/policy-csp-windowsautopilot.md @@ -5,7 +5,7 @@ ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: aljupudi +author: alekyaj ms.localizationpriority: medium ms.date: 11/25/2021 ms.reviewer: From 946f7fc563c65c4e178161b042ba8a468ed42657 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Tue, 30 Nov 2021 13:05:44 +0530 Subject: [PATCH 05/21] 5560668-part6 --- windows/security/threat-protection/auditing/event-4801.md | 2 +- windows/security/threat-protection/auditing/event-4802.md | 2 +- windows/security/threat-protection/auditing/event-4803.md | 2 +- windows/security/threat-protection/auditing/event-4817.md | 2 +- windows/security/threat-protection/auditing/event-4818.md | 2 +- windows/security/threat-protection/auditing/event-4819.md | 2 +- windows/security/threat-protection/auditing/event-4865.md | 2 +- windows/security/threat-protection/auditing/event-4866.md | 2 +- windows/security/threat-protection/auditing/event-4867.md | 2 +- windows/security/threat-protection/auditing/event-4904.md | 2 +- windows/security/threat-protection/auditing/event-4907.md | 2 +- windows/security/threat-protection/auditing/event-4911.md | 2 +- windows/security/threat-protection/auditing/event-4912.md | 2 +- windows/security/threat-protection/auditing/event-4913.md | 2 +- windows/security/threat-protection/auditing/event-4937.md | 2 +- windows/security/threat-protection/auditing/event-4964.md | 4 ++-- windows/security/threat-protection/auditing/event-4985.md | 2 +- windows/security/threat-protection/auditing/event-5058.md | 2 +- windows/security/threat-protection/auditing/event-5059.md | 2 +- windows/security/threat-protection/auditing/event-5061.md | 2 +- windows/security/threat-protection/auditing/event-5136.md | 2 +- windows/security/threat-protection/auditing/event-5137.md | 2 +- windows/security/threat-protection/auditing/event-5138.md | 2 +- windows/security/threat-protection/auditing/event-5139.md | 2 +- windows/security/threat-protection/auditing/event-5140.md | 2 +- windows/security/threat-protection/auditing/event-5141.md | 2 +- windows/security/threat-protection/auditing/event-5143.md | 2 +- windows/security/threat-protection/auditing/event-5144.md | 2 +- windows/security/threat-protection/auditing/event-5145.md | 2 +- windows/security/threat-protection/auditing/event-5168.md | 2 +- 30 files changed, 31 insertions(+), 31 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4801.md b/windows/security/threat-protection/auditing/event-4801.md index 0bfcfb1278..35ef598149 100644 --- a/windows/security/threat-protection/auditing/event-4801.md +++ b/windows/security/threat-protection/auditing/event-4801.md @@ -83,7 +83,7 @@ This event is generated when workstation was unlocked. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4802.md b/windows/security/threat-protection/auditing/event-4802.md index 78cf0e5d14..e372d5b282 100644 --- a/windows/security/threat-protection/auditing/event-4802.md +++ b/windows/security/threat-protection/auditing/event-4802.md @@ -83,7 +83,7 @@ This event is generated when screen saver was invoked. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4803.md b/windows/security/threat-protection/auditing/event-4803.md index 94aed424ab..3c3e80c86e 100644 --- a/windows/security/threat-protection/auditing/event-4803.md +++ b/windows/security/threat-protection/auditing/event-4803.md @@ -83,7 +83,7 @@ This event is generated when screen saver was dismissed. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4817.md b/windows/security/threat-protection/auditing/event-4817.md index dc9c07fb24..68708166d7 100644 --- a/windows/security/threat-protection/auditing/event-4817.md +++ b/windows/security/threat-protection/auditing/event-4817.md @@ -88,7 +88,7 @@ Separate events will be generated for “Registry” and “File system” polic - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4818.md b/windows/security/threat-protection/auditing/event-4818.md index 5ced098023..c1bd31d8f9 100644 --- a/windows/security/threat-protection/auditing/event-4818.md +++ b/windows/security/threat-protection/auditing/event-4818.md @@ -90,7 +90,7 @@ This event generates when Dynamic Access Control Proposed [Central Access Policy - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4819.md b/windows/security/threat-protection/auditing/event-4819.md index 882622efa4..af81133616 100644 --- a/windows/security/threat-protection/auditing/event-4819.md +++ b/windows/security/threat-protection/auditing/event-4819.md @@ -90,7 +90,7 @@ For example, it generates when a new [Central Access Policy](/windows-server/ide - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4865.md b/windows/security/threat-protection/auditing/event-4865.md index a7e2a7189e..5bb092d7a4 100644 --- a/windows/security/threat-protection/auditing/event-4865.md +++ b/windows/security/threat-protection/auditing/event-4865.md @@ -93,7 +93,7 @@ This event is generated only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4866.md b/windows/security/threat-protection/auditing/event-4866.md index bd5bfba999..b588e61bbc 100644 --- a/windows/security/threat-protection/auditing/event-4866.md +++ b/windows/security/threat-protection/auditing/event-4866.md @@ -93,7 +93,7 @@ This event is generated only on domain controllers. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4867.md b/windows/security/threat-protection/auditing/event-4867.md index 170868681f..c080741dd9 100644 --- a/windows/security/threat-protection/auditing/event-4867.md +++ b/windows/security/threat-protection/auditing/event-4867.md @@ -95,7 +95,7 @@ This event contains new values only, it doesn’t contains old values and it doe - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4904.md b/windows/security/threat-protection/auditing/event-4904.md index 02109612fd..658f0b2f7e 100644 --- a/windows/security/threat-protection/auditing/event-4904.md +++ b/windows/security/threat-protection/auditing/event-4904.md @@ -88,7 +88,7 @@ You can typically see this event during system startup, if specific roles (Inter - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4907.md b/windows/security/threat-protection/auditing/event-4907.md index 3ae2c8793f..f6c5ebea92 100644 --- a/windows/security/threat-protection/auditing/event-4907.md +++ b/windows/security/threat-protection/auditing/event-4907.md @@ -91,7 +91,7 @@ This event doesn't generate for Active Directory objects. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4911.md b/windows/security/threat-protection/auditing/event-4911.md index aeeaa0fdc0..dae7e74958 100644 --- a/windows/security/threat-protection/auditing/event-4911.md +++ b/windows/security/threat-protection/auditing/event-4911.md @@ -91,7 +91,7 @@ Resource attributes for file or folder can be changed, for example, using Window - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4912.md b/windows/security/threat-protection/auditing/event-4912.md index 614b73a93f..a9a2a1d9b0 100644 --- a/windows/security/threat-protection/auditing/event-4912.md +++ b/windows/security/threat-protection/auditing/event-4912.md @@ -89,7 +89,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4913.md b/windows/security/threat-protection/auditing/event-4913.md index bcc4c7eeee..9c173860f4 100644 --- a/windows/security/threat-protection/auditing/event-4913.md +++ b/windows/security/threat-protection/auditing/event-4913.md @@ -91,7 +91,7 @@ This event always generates, regardless of the object’s [SACL](/windows/win32/ - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4937.md b/windows/security/threat-protection/auditing/event-4937.md index f80f44586e..9bdef69aa8 100644 --- a/windows/security/threat-protection/auditing/event-4937.md +++ b/windows/security/threat-protection/auditing/event-4937.md @@ -17,7 +17,7 @@ ms.technology: windows-sec # 4937(S): A lingering object was removed from a replica. -This event generates when a [lingering object](https://support.microsoft.com/kb/910205) was removed from a replica. +This event generates when a [lingering object](/troubleshoot/windows-server/identity/information-lingering-objects) was removed from a replica. There is no example of this event in this document. diff --git a/windows/security/threat-protection/auditing/event-4964.md b/windows/security/threat-protection/auditing/event-4964.md index 969c9e219b..b153e56a00 100644 --- a/windows/security/threat-protection/auditing/event-4964.md +++ b/windows/security/threat-protection/auditing/event-4964.md @@ -111,7 +111,7 @@ This event occurs when an account that is a member of any defined [Special Group - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. @@ -139,7 +139,7 @@ This event occurs when an account that is a member of any defined [Special Group - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-4985.md b/windows/security/threat-protection/auditing/event-4985.md index 6af088c0bd..2f0e374a30 100644 --- a/windows/security/threat-protection/auditing/event-4985.md +++ b/windows/security/threat-protection/auditing/event-4985.md @@ -87,7 +87,7 @@ This is an informational event from file system [Transaction Manager](/windows/w - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5058.md b/windows/security/threat-protection/auditing/event-5058.md index 7d3c14f3cc..eaa7c1b441 100644 --- a/windows/security/threat-protection/auditing/event-5058.md +++ b/windows/security/threat-protection/auditing/event-5058.md @@ -95,7 +95,7 @@ You can see these events, for example, during certificate renewal or export oper - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5059.md b/windows/security/threat-protection/auditing/event-5059.md index 3c79abb5d0..5beef1d24c 100644 --- a/windows/security/threat-protection/auditing/event-5059.md +++ b/windows/security/threat-protection/auditing/event-5059.md @@ -92,7 +92,7 @@ This event generates when a cryptographic key is exported or imported using a [K - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5061.md b/windows/security/threat-protection/auditing/event-5061.md index f90e6fd02e..af59c9ccb8 100644 --- a/windows/security/threat-protection/auditing/event-5061.md +++ b/windows/security/threat-protection/auditing/event-5061.md @@ -92,7 +92,7 @@ This event generates when a cryptographic operation (open key, create key, creat - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5136.md b/windows/security/threat-protection/auditing/event-5136.md index 5e7db9c0ed..2d8d45b93a 100644 --- a/windows/security/threat-protection/auditing/event-5136.md +++ b/windows/security/threat-protection/auditing/event-5136.md @@ -96,7 +96,7 @@ For a change operation you will typically see two 5136 events for one action, wi - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5137.md b/windows/security/threat-protection/auditing/event-5137.md index eea8bf1a17..f5b8f335af 100644 --- a/windows/security/threat-protection/auditing/event-5137.md +++ b/windows/security/threat-protection/auditing/event-5137.md @@ -90,7 +90,7 @@ This event only generates if the parent object has a particular entry in its [SA - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5138.md b/windows/security/threat-protection/auditing/event-5138.md index d9f97a7475..93dac293aa 100644 --- a/windows/security/threat-protection/auditing/event-5138.md +++ b/windows/security/threat-protection/auditing/event-5138.md @@ -91,7 +91,7 @@ This event only generates if the container to which the Active Directory object - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5139.md b/windows/security/threat-protection/auditing/event-5139.md index 3333139144..00145f3a61 100644 --- a/windows/security/threat-protection/auditing/event-5139.md +++ b/windows/security/threat-protection/auditing/event-5139.md @@ -91,7 +91,7 @@ This event only generates if the destination object has a particular entry in it - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md index 29641fcca5..067637aa9b 100644 --- a/windows/security/threat-protection/auditing/event-5140.md +++ b/windows/security/threat-protection/auditing/event-5140.md @@ -92,7 +92,7 @@ This event generates once per session, when first access attempt was made. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5141.md b/windows/security/threat-protection/auditing/event-5141.md index 11cada8ab0..f69e095286 100644 --- a/windows/security/threat-protection/auditing/event-5141.md +++ b/windows/security/threat-protection/auditing/event-5141.md @@ -91,7 +91,7 @@ This event only generates if the deleted object has a particular entry in its [S - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md index bf370fffc3..636a19a1bd 100644 --- a/windows/security/threat-protection/auditing/event-5143.md +++ b/windows/security/threat-protection/auditing/event-5143.md @@ -92,7 +92,7 @@ This event generates every time network share object was modified. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5144.md b/windows/security/threat-protection/auditing/event-5144.md index 6d117910a1..c440efc29d 100644 --- a/windows/security/threat-protection/auditing/event-5144.md +++ b/windows/security/threat-protection/auditing/event-5144.md @@ -83,7 +83,7 @@ This event generates every time a network share object is deleted. - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md index 8584f3f782..9c980ce0f3 100644 --- a/windows/security/threat-protection/auditing/event-5145.md +++ b/windows/security/threat-protection/auditing/event-5145.md @@ -92,7 +92,7 @@ This event generates every time network share object (file or folder) was access - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. diff --git a/windows/security/threat-protection/auditing/event-5168.md b/windows/security/threat-protection/auditing/event-5168.md index 2fcad0a7f5..570974bec3 100644 --- a/windows/security/threat-protection/auditing/event-5168.md +++ b/windows/security/threat-protection/auditing/event-5168.md @@ -89,7 +89,7 @@ It often happens because of NTLMv1 or LM protocols usage from client side when - Uppercase full domain name: CONTOSO.LOCAL - - For some [well-known security principals](https://support.microsoft.com/kb/243330), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. + - For some [well-known security principals](/windows/security/identity-protection/access-control/security-identifiers), such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is “NT AUTHORITY”. - For local user accounts, this field will contain the name of the computer or device that this account belongs to, for example: “Win81”. From 5f957811dea460ce13d9381b1c8e045e75552381 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Fri, 3 Dec 2021 16:27:03 +0530 Subject: [PATCH 06/21] 5560668-part8-remaining files updated with URLs --- browsers/internet-explorer/internet-explorer.yml | 4 ++-- windows/configuration/ue-v/uev-release-notes-1607.md | 2 +- .../update/olympia/olympia-enrollment-guidelines.md | 4 ++-- windows/deployment/upgrade/quick-fixes.md | 2 +- windows/security/threat-protection/auditing/event-4908.md | 2 +- .../overview-of-threat-mitigations-in-windows-10.md | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/browsers/internet-explorer/internet-explorer.yml b/browsers/internet-explorer/internet-explorer.yml index 6aa0242523..68b6be4505 100644 --- a/browsers/internet-explorer/internet-explorer.yml +++ b/browsers/internet-explorer/internet-explorer.yml @@ -31,7 +31,7 @@ landingContent: - text: Use Enterprise Mode to improve compatibility url: /microsoft-edge/deploy/emie-to-improve-compatibility - text: Lifecycle FAQ - Internet Explorer - url: https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer + url: /lifecycle/faq/internet-explorer-microsoft-edge - linkListType: download links: - text: Download IE11 with Windows 10 @@ -123,7 +123,7 @@ landingContent: - text: Group Policy preferences for IE11 url: ./ie11-deploy-guide/group-policy-preferences-and-ie11.md - text: Configure Group Policy preferences - url: https://support.microsoft.com/help/2898604/how-to-configure-group-policy-preference-settings-for-internet-explorer-11-in-windows-8.1-or-windows-server-2012-r2 + url: /troubleshoot/browsers/how-to-configure-group-policy-preference-settings - text: Blocked out-of-date ActiveX controls url: ./ie11-deploy-guide/blocked-out-of-date-activex-controls.md - text: Out-of-date ActiveX control blocking diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md index 91fb17d0de..2e2e1408c0 100644 --- a/windows/configuration/ue-v/uev-release-notes-1607.md +++ b/windows/configuration/ue-v/uev-release-notes-1607.md @@ -112,7 +112,7 @@ This section contains hotfixes and KB articles for UE-V. | 2769631 | How to repair a corrupted UE-V install | [support.microsoft.com/kb/2769631](https://support.microsoft.com/kb/2769631) | | 2850989 | Migrating MAPI profiles with Microsoft UE-V is not supported | [support.microsoft.com/kb/2850989](https://support.microsoft.com/kb/2850989) | | 2769586 | UE-V roams empty folders and registry keys | [support.microsoft.com/kb/2769586](https://support.microsoft.com/kb/2769586) | -| 2782997 | How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V) | [support.microsoft.com/kb/2782997](https://support.microsoft.com/kb/2782997) | +| 2782997 | How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V) | [support.microsoft.com/kb/2782997](/troubleshoot/windows-client/ue-v/enable-debug-logging) | | 2769570 | UE-V does not update the theme on RDS or VDI sessions | [support.microsoft.com/kb/2769570](https://support.microsoft.com/kb/2769570) | | 2850582 | How To Use Microsoft User Experience Virtualization With App-V Applications | [support.microsoft.com/kb/2850582](https://support.microsoft.com/kb/2850582) | | 3041879 | Current file versions for Microsoft User Experience Virtualization | [support.microsoft.com/kb/3041879](https://support.microsoft.com/kb/3041879) | diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md index 1c557d6128..eb22188154 100644 --- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md +++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md @@ -53,7 +53,7 @@ Choose one of the following two enrollment options: This is the Bring Your Own Device (BYOD) method--your device will receive Olympia policies and features, but a new account will not be created. See [Set up Azure Active Directory registered Windows 10 devices](/azure/active-directory/device-management-azuread-registered-devices-windows10-setup) for additional information. -1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)). +1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/windows/create-a-local-user-or-administrator-account-in-windows-20de74e0-ac7f-3502-a866-32915af2a34d)). ![Settings -> Accounts.](images/1-1.png) @@ -92,7 +92,7 @@ This is the Bring Your Own Device (BYOD) method--your device will receive Olympi > [!NOTE] > Make sure that you save your Pro license key before upgrading to the Enterprise edition. If the device gets disconnected from Olympia, you can use the Pro key to reactivate the license manually in the unlikely event that the license fails to downgrade back to Pro automatically. To reactivate manually, see [Upgrade by manually entering a product key](../../upgrade/windows-10-edition-upgrades.md#upgrade-by-manually-entering-a-product-key). -1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)). +1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/windows/create-a-local-user-or-administrator-account-in-windows-20de74e0-ac7f-3502-a866-32915af2a34d)). ![Settings -> Accounts.](images/1-1.png) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index d9c4e34fd7..ed61e6c2c4 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -240,4 +240,4 @@ If you downloaded the SetupDiag.exe program to your computer, then copied it to
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) -
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) \ No newline at end of file +
[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors) \ No newline at end of file diff --git a/windows/security/threat-protection/auditing/event-4908.md b/windows/security/threat-protection/auditing/event-4908.md index e59ae0559b..6abe5282a4 100644 --- a/windows/security/threat-protection/auditing/event-4908.md +++ b/windows/security/threat-protection/auditing/event-4908.md @@ -33,7 +33,7 @@ More information about Special Groups auditing can be found here: - + > **Note**  For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event. diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index fdd4c1c7d4..6bb026c848 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -300,7 +300,7 @@ Some of the protections available in Windows 10 are provided through functions t ## Understanding Windows 10 in relation to the Enhanced Mitigation Experience Toolkit -You might already be familiar with the [Enhanced Mitigation Experience Toolkit (EMET)](https://support.microsoft.com/kb/2458544), which has since 2009 offered various exploit mitigations, and an interface for configuring those mitigations. You can use this section to understand how EMET mitigations relate to those mitigations in Windows 10. Many of EMET's mitigations have been built into Windows 10, some with extra improvements. However, some EMET mitigations carry high-performance cost, or appear to be relatively ineffective against modern threats, and therefore have not been brought into Windows 10. +You might already be familiar with the [Enhanced Mitigation Experience Toolkit (EMET)](https://support.microsoft.com/topic/emet-mitigations-guidelines-b529d543-2a81-7b5a-d529-84b30e1ecee0), which has since 2009 offered various exploit mitigations, and an interface for configuring those mitigations. You can use this section to understand how EMET mitigations relate to those mitigations in Windows 10. Many of EMET's mitigations have been built into Windows 10, some with extra improvements. However, some EMET mitigations carry high-performance cost, or appear to be relatively ineffective against modern threats, and therefore have not been brought into Windows 10. Because many of EMET's mitigations and security mechanisms already exist in Windows 10 and have been improved, particularly the ones assessed to have high effectiveness at mitigating known bypasses, version 5.5*x* has been announced as the final major version release for EMET (see [Enhanced Mitigation Experience Toolkit](https://web.archive.org/web/20170928073955/https://technet.microsoft.com/en-US/security/jj653751)). From 63ed1a032d732c6012a7b40017f27b74fbdf5bf5 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Fri, 3 Dec 2021 16:42:04 +0530 Subject: [PATCH 07/21] fixed suggestion --- windows/security/threat-protection/auditing/event-4908.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4908.md b/windows/security/threat-protection/auditing/event-4908.md index 6abe5282a4..22e010e5b9 100644 --- a/windows/security/threat-protection/auditing/event-4908.md +++ b/windows/security/threat-protection/auditing/event-4908.md @@ -33,7 +33,7 @@ More information about Special Groups auditing can be found here: - + > **Note**  For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event. From ec1fb5a62838323edd5e99addd5a58f81544c5f2 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 8 Dec 2021 14:06:22 +0530 Subject: [PATCH 08/21] Update as per feedback --- .../policy-configuration-service-provider.md | 8 +- .../mdm/policy-csp-update.md | 344 +++++------------- 2 files changed, 92 insertions(+), 260 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 30b2527203..7e9298a46a 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -8695,16 +8695,16 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC Update/SetEDURestart
- Update/SetPolicyDrivenUpdateSourceForDriverUpdates + Update/SetPolicyDrivenUpdateSourceForDriver
- Update/SetPolicyDrivenUpdateSourceForFeatureUpdates + Update/SetPolicyDrivenUpdateSourceForFeature
- Update/SetPolicyDrivenUpdateSourceForOtherUpdates + Update/SetPolicyDrivenUpdateSourceForOther
- Update/SetPolicyDrivenUpdateSourceForQualityUpdates + Update/SetPolicyDrivenUpdateSourceForQuality
Update/SetProxyBehaviorForUpdateDetection diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 771148ce3c..f0b2bc62e2 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -203,16 +203,16 @@ ms.collection: highpri Update/SetEDURestart
- Update/SetPolicyDrivenUpdateSourceForDriverUpdates + Update/SetPolicyDrivenUpdateSourceForDriver
- Update/SetPolicyDrivenUpdateSourceForFeatureUpdates + Update/SetPolicyDrivenUpdateSourceForFeature
- Update/SetPolicyDrivenUpdateSourceForOtherUpdates + Update/SetPolicyDrivenUpdateSourceForOther
- Update/SetPolicyDrivenUpdateSourceForQualityUpdates + Update/SetPolicyDrivenUpdateSourceForQuality
Update/SetProxyBehaviorForUpdateDetection @@ -1130,38 +1130,14 @@ Default value is 2. **Update/ConfigureDeadlineGracePeriodForFeatureUpdates** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1669,38 +1645,14 @@ The following list shows the supported values: **Update/DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2585,38 +2537,14 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd **Update/ProductVersion** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3385,41 +3313,17 @@ The following list shows the supported values:
-**Update/SetPolicyDrivenUpdateSourceForDriverUpdates** +**Update/SetPolicyDrivenUpdateSourceForDriver** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3437,9 +3341,9 @@ The following list shows the supported values: Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. If you configure this policy, please also configure the scan source policies for other update types: -- SetPolicyDrivenUpdateSourceForFeatureUpdates -- SetPolicyDrivenUpdateSourceForQualityUpdates -- SetPolicyDrivenUpdateSourceForOtherUpdates +- SetPolicyDrivenUpdateSourceForFeature +- SetPolicyDrivenUpdateSourceForQuality +- SetPolicyDrivenUpdateSourceForOther >[!NOTE] >If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. @@ -3448,7 +3352,7 @@ If you configure this policy, please also configure the scan source policies for ADMX Info: - GP Friendly name: *Specify source service for specific classes of Windows Updates* -- GP name: *SetPolicyDrivenUpdateSourceForDriverUpdates* +- GP name: *SetPolicyDrivenUpdateSourceForDriver* - GP path: *Windows Components/Windows Update* - GP ADMX file name: *WindowsUpdate.admx* @@ -3456,8 +3360,8 @@ ADMX Info: The following list shows the supported values: -- 0: (Default) Detect, download and deploy Driver Updates from Windows Update -- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) +- 0: (Default) Detect, download and deploy Driver from Windows Update +- 1: Enabled, Detect, download and deploy Driver from Windows Server Update Server (WSUS) @@ -3465,41 +3369,17 @@ The following list shows the supported values:
-**Update/SetPolicyDrivenUpdateSourceForFeatureUpdates** +**Update/SetPolicyDrivenUpdateSourceForFeature** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3517,9 +3397,9 @@ The following list shows the supported values: Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. If you configure this policy, please also configure the scan source policies for other update types: -- SetPolicyDrivenUpdateSourceForQualityUpdates -- SetPolicyDrivenUpdateSourceForDriverUpdates -- SetPolicyDrivenUpdateSourceForOtherUpdates +- SetPolicyDrivenUpdateSourceForQuality +- SetPolicyDrivenUpdateSourceForDriver +- SetPolicyDrivenUpdateSourceForOther >[!NOTE] >If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. @@ -3528,7 +3408,7 @@ If you configure this policy, please also configure the scan source policies for ADMX Info: - GP Friendly name: *Specify source service for specific classes of Windows Updates* -- GP name: *SetPolicyDrivenUpdateSourceForFeatureUpdates* +- GP name: *SetPolicyDrivenUpdateSourceForFeature* - GP path: *Windows Components/Windows Update* - GP ADMX file name: *WindowsUpdate.admx* @@ -3536,8 +3416,8 @@ ADMX Info: The following list shows the supported values: -- 0: (Default) Detect, download and deploy Driver Updates from Windows Update -- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) +- 0: (Default) Detect, download and deploy Feature from Windows Update +- 1: Enabled, Detect, download and deploy Feature from Windows Server Update Server (WSUS) @@ -3545,41 +3425,17 @@ The following list shows the supported values:
-**Update/SetPolicyDrivenUpdateSourceForOtherUpdates** +**Update/SetPolicyDrivenUpdateSourceForOther** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3597,9 +3453,9 @@ The following list shows the supported values: Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. If you configure this policy, please also configure the scan source policies for other update types: -- SetPolicyDrivenUpdateSourceForFeatureUpdates -- SetPolicyDrivenUpdateSourceForQualityUpdates -- SetPolicyDrivenUpdateSourceForDriverUpdates +- SetPolicyDrivenUpdateSourceForFeature +- SetPolicyDrivenUpdateSourceForQuality +- SetPolicyDrivenUpdateSourceForDriver >[!NOTE] >If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. @@ -3608,7 +3464,7 @@ If you configure this policy, please also configure the scan source policies for ADMX Info: - GP Friendly name: *Specify source service for specific classes of Windows Updates* -- GP name: *SetPolicyDrivenUpdateSourceForOtherUpdates* +- GP name: *SetPolicyDrivenUpdateSourceForOther* - GP path: *Windows Components/Windows Update* - GP ADMX file name: *WindowsUpdate.admx* @@ -3616,8 +3472,8 @@ ADMX Info: The following list shows the supported values: -- 0: (Default) Detect, download and deploy Driver Updates from Windows Update -- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) +- 0: (Default) Detect, download and deploy Other from Windows Update +- 1: Enabled, Detect, download and deploy Other from Windows Server Update Server (WSUS) @@ -3625,41 +3481,17 @@ The following list shows the supported values:
-**Update/SetPolicyDrivenUpdateSourceForQualityUpdates** +**Update/SetPolicyDrivenUpdateSourceForQuality** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3677,9 +3509,9 @@ The following list shows the supported values: Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. If you configure this policy, please also configure the scan source policies for other update types: -- SetPolicyDrivenUpdateSourceForFeatureUpdates -- SetPolicyDrivenUpdateSourceForDriverUpdates -- SetPolicyDrivenUpdateSourceForOtherUpdates +- SetPolicyDrivenUpdateSourceForFeature +- SetPolicyDrivenUpdateSourceForDriver +- SetPolicyDrivenUpdateSourceForOther >[!NOTE] >If you have not properly configured Update/UpdateServiceUrl correctly to point to your WSUS server, this policy will have no effect. @@ -3688,7 +3520,7 @@ If you configure this policy, please also configure the scan source policies for ADMX Info: - GP Friendly name: *Specify source service for specific classes of Windows Updates* -- GP name: *SetPolicyDrivenUpdateSourceForQualityUpdates* +- GP name: *SetPolicyDrivenUpdateSourceForQuality* - GP path: *Windows Components/Windows Update* - GP ADMX file name: *WindowsUpdate.admx* @@ -3696,8 +3528,8 @@ ADMX Info: The following list shows the supported values: -- 0: (Default) Detect, download and deploy Driver Updates from Windows Update -- 1: Enabled, Detect, download and deploy Driver Updates from Windows Server Update Server (WSUS) +- 0: (Default) Detect, download and deploy Quality from Windows Update +- 1: Enabled, Detect, download and deploy Quality from Windows Server Update Server (WSUS) From 14565439fcf6f08947feb4882fa3e5d5f1c32314 Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Thu, 9 Dec 2021 14:41:41 +0530 Subject: [PATCH 09/21] Updated as per task 5634470 --- ...system-components-to-microsoft-services.md | 79 +++---------------- 1 file changed, 11 insertions(+), 68 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index ee509f813a..0e25563a1f 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1723,91 +1723,34 @@ In Group Policy, configure: - Create a SZ registry setting named **ConfigureAppInstallControl** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\SmartScreen** with a value of **Anywhere**. -### 25. Windows Spotlight +### 25. Personalized Experiences -Windows Spotlight provides features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. You can control it by using the user interface or Group Policy. +Personalized experiences provide features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. Example features include Windows Spotlight and Start Suggestions. You can control them by using the Group Policy. + +> [!NOTE] +> This excludes how individual experiences (e.g., Windows Spotlight) can be controlled by users in Windows Settings. If you're running Windows 10, version 1607 or later, or Windows 11, you need to: - **Enable** the following Group Policy **User Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Turn off all Windows spotlight features** - > [!NOTE] - > This must be done within 15 minutes after Windows 10 or Windows 11 is installed. Alternatively, you can create an image with this setting. + -or- - -or- - -- Create a new REG_DWORD registry setting named **DisableWindowsSpotlightFeatures** in **HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a value of 1 (one). +- Create a new REG_DWORD registry setting named **DisableWindowsSpotlightFeatures** in **HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a **value of 1 (one)**. -AND- -- Enable the following Group Policy **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Personalization** > **Do not display the Lock Screen** +- Enable the following Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Turn off cloud optimized content** -or- -- Create a new REG_DWORD registry setting named **NoLockScreen** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** with a **value of 1 (one)** +- Create a new REG_DWORD registry setting named **DisableCloudOptimizedContent** in **HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CloudContent** with a **value of 1 (one)** + > [!NOTE] + > This must be done within 15 minutes after Windows 10 or Windows 11 is installed. Alternatively, you can create an image with this setting --AND- - - -- Configure the following in **Settings** UI: - - - **Personalization** > **Lock screen** > **Background** > **Windows spotlight**, select a different background, and turn off **Get fun facts, tips, tricks and more on your lock screen** - - - **Personalization** > **Start** > **Occasionally show suggestions in Start** - - - **System** > **Notifications & actions** > **Show me tips about Windows** - - -or- - -- Apply the Group Policies: - - - **Enable** the **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Personalization** > **Force a specific default lock screen image and logon image** Group Policy. - - Add **C:\\windows\\web\\screen\\lockscreen.jpg** as the location in the **Path to local lock screen image** box. - - - Check the **Turn off fun facts, tips, tricks, and more on lock screen** check box. - - > [!NOTE] - > This will only take effect if the policy is applied before the first logon. - > If you cannot apply the **Force a specific default lock screen image** policy before the first logon to the device, - > you can **Enable** the **Do not display the lock screen** policy under **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Personalization** - > - > Alternatively, you can create a new REG_SZ registry setting named **LockScreenImage** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** - > with a value of **C:\\windows\\web\\screen\\lockscreen.jpg** and create a new REG_DWORD registry setting named **LockScreenOverlaysDisabled** in - > **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** with a value of **1 (one)**. - > - > The Group Policy for the **LockScreenOverlaysDisabled** registry key is **Force a specific default lock screen and logon image** that is under **Control Panel** **Personalization**. - - - \-AND- - - - - Set the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Do not show Windows tips** to **Enabled** - - -or- - - - Create a new REG_DWORD registry setting named **DisableSoftLanding** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a **value of 1 (one)** - - - \-AND- - - - - Set the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Turn off Microsoft consumer experiences** to **Enabled** - - -or- - - - Create a new REG_DWORD registry setting named **DisableWindowsConsumerFeatures** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a **value of 1 (one)** - -This policy setting controls whether the lock screen appears for users. The Do not display the lock screen Group Policy should be set to Enable to prevent the lock screen from being displayed. The Group Computer Configuration\Administrative templates\Control Panel\Personalization!Do not display the lock screen. - -If you enable this policy setting, users that are not required to press CTRL + ALT + DEL before signing in will see their selected tile after locking their PC. - -If you disable or do not configure this policy setting, users that are not required to press CTRL + ALT + DEL before signing in will see a lock screen after locking their PC. They must dismiss the lock screen using touch, the keyboard, or by dragging it with the mouse. - - -For more info, see [Windows Spotlight on the lock screen](/windows/configuration/windows-spotlight). ### 26. Microsoft Store From ae6790ce5bdff88e9d7717a55e3adf5a2c6d4637 Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Thu, 9 Dec 2021 14:53:34 +0530 Subject: [PATCH 10/21] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 0e25563a1f..fafd1e03fd 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1746,7 +1746,7 @@ If you're running Windows 10, version 1607 or later, or Windows 11, you need to: -or- -- Create a new REG_DWORD registry setting named **DisableCloudOptimizedContent** in **HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CloudContent** with a **value of 1 (one)** +- Create a new REG_DWORD registry setting named **DisableCloudOptimizedContent** in **HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CloudContent** with a **value of 1 (one)**. > [!NOTE] > This must be done within 15 minutes after Windows 10 or Windows 11 is installed. Alternatively, you can create an image with this setting From 79ba66249b500dfd8c573acb74beaf96db0d3afa Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Thu, 9 Dec 2021 14:58:16 +0530 Subject: [PATCH 11/21] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index fafd1e03fd..f1e0b1895c 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1749,7 +1749,7 @@ If you're running Windows 10, version 1607 or later, or Windows 11, you need to: - Create a new REG_DWORD registry setting named **DisableCloudOptimizedContent** in **HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CloudContent** with a **value of 1 (one)**. > [!NOTE] - > This must be done within 15 minutes after Windows 10 or Windows 11 is installed. Alternatively, you can create an image with this setting + > This must be done within 15 minutes after Windows 10 or Windows 11 is installed. Alternatively, you can create an image with this setting. ### 26. Microsoft Store From e85598d6f8c9d756c1748a2bb9a3dfc16453b60d Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Fri, 10 Dec 2021 14:41:51 +0530 Subject: [PATCH 12/21] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index f1e0b1895c..e17985f888 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -16,7 +16,7 @@ ms.collection: - M365-security-compliance - highpri ms.topic: article -ms.date: 11/29/2021 +ms.date: 12/10/2021 ms.technology: privacy --- From 37b45d760a8c224c3057f1928142baf3d3ce5ec3 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Fri, 10 Dec 2021 16:25:02 +0530 Subject: [PATCH 13/21] converted table into markdown --- .../mdm/policy-csp-windowsautopilot.md | 40 ++++--------------- 1 file changed, 8 insertions(+), 32 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-windowsautopilot.md b/windows/client-management/mdm/policy-csp-windowsautopilot.md index fedfc265ec..1dc3fde74d 100644 --- a/windows/client-management/mdm/policy-csp-windowsautopilot.md +++ b/windows/client-management/mdm/policy-csp-windowsautopilot.md @@ -34,38 +34,14 @@ manager: dansimp **WindowsAutoPilot/EnableAgilityPostEnrollment** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
From 829eeb881b1ab7f977f3a4451904c4c686a184bb Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Mon, 13 Dec 2021 15:17:31 +0530 Subject: [PATCH 14/21] Updated the topic as per task 5628377 --- windows/security/threat-protection/intelligence/criteria.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/criteria.md b/windows/security/threat-protection/intelligence/criteria.md index 1f07f8975c..12e405077b 100644 --- a/windows/security/threat-protection/intelligence/criteria.md +++ b/windows/security/threat-protection/intelligence/criteria.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 10/04/2021 +ms.date: 12/13/2021 search.appverid: met150 ms.technology: windows-sec --- @@ -49,6 +49,8 @@ Microsoft classifies most malicious software into one of the following categorie * **Backdoor:** A type of malware that gives malicious hackers remote access to and control of your device. +* **Command and Control:** A type of malware that infects your device and establishes communication with the hackers’ command-and-control server to receive instructions. Once communication is established, hackers can send commands that can steal data, shut down and reboot the device, and disrupt web services. + * **Downloader:** A type of malware that downloads other malware onto your device. It must connect to the internet to download files. * **Dropper:** A type of malware that installs other malware files onto your device. Unlike a downloader, a dropper doesn't have to connect to the internet to drop malicious files. The dropped files are typically embedded in the dropper itself. From d1b1484e6b740cf6251a00312b6b0e7b0805cb79 Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Tue, 14 Dec 2021 10:02:29 +0530 Subject: [PATCH 15/21] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...ndows-operating-system-components-to-microsoft-services.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index e17985f888..51e1e17495 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -16,7 +16,7 @@ ms.collection: - M365-security-compliance - highpri ms.topic: article -ms.date: 12/10/2021 +ms.date: 12/14/2021 ms.technology: privacy --- @@ -1725,7 +1725,7 @@ In Group Policy, configure: ### 25. Personalized Experiences -Personalized experiences provide features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. Example features include Windows Spotlight and Start Suggestions. You can control them by using the Group Policy. +Personalized experiences provides features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. Example features include Windows Spotlight and Start Suggestions. You can control them by using the Group Policy. > [!NOTE] > This excludes how individual experiences (e.g., Windows Spotlight) can be controlled by users in Windows Settings. From c5a01f4f8cb0011962f6eb573f884d6644c7fd38 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 14 Dec 2021 16:48:55 -0500 Subject: [PATCH 16/21] Removed broken KB links: Couldn't find replacements --- .../ue-v/uev-release-notes-1607.md | 38 +++++-------------- 1 file changed, 9 insertions(+), 29 deletions(-) diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md index 2e2e1408c0..875c435895 100644 --- a/windows/configuration/ue-v/uev-release-notes-1607.md +++ b/windows/configuration/ue-v/uev-release-notes-1607.md @@ -28,12 +28,12 @@ With the release of Windows 10, version 1607, the Company Settings Center was re Administrators can still define which user-customized application settings can synchronize (roam) with Group Policy or Windows PowerShell. -**Note** With the removal of the Company Settings Center, the following group policies are no longer applicable: - -- Contact IT Link Text -- Contact IT URL -- Tray Icon - +> [!NOTE] +> With the removal of the Company Settings Center, the following group policies are no longer applicable: +> +> - Contact IT Link Text +> - Contact IT URL +> - Tray Icon ### Upgrading from UE-V 1.0 to the in-box version of UE-V is blocked @@ -99,31 +99,11 @@ Operating system settings for Narrator and currency characters specific to the l WORKAROUND: None -## Hotfixes and Knowledge Base articles for UE-V - -This section contains hotfixes and KB articles for UE-V. - -| KB Article | Title | Link | -|------------|---------|--------| -| 3018608 | UE-V - TemplateConsole.exe crashes when UE-V WMI classes are missing | [support.microsoft.com/kb/3018608](https://support.microsoft.com/kb/3018608) | -| 2903501 | UE-V: User Experience Virtualization (UE-V) compatibility with user profiles | [support.microsoft.com/kb/2903501](https://support.microsoft.com/kb/2903501) | -| 2770042 | UE-V Registry Settings | [support.microsoft.com/kb/2770042](https://support.microsoft.com/kb/2770042) | -| 2847017 | Internet Explorer settings replicated by UE-V | [support.microsoft.com/kb/2847017](https://support.microsoft.com/kb/2847017) | -| 2769631 | How to repair a corrupted UE-V install | [support.microsoft.com/kb/2769631](https://support.microsoft.com/kb/2769631) | -| 2850989 | Migrating MAPI profiles with Microsoft UE-V is not supported | [support.microsoft.com/kb/2850989](https://support.microsoft.com/kb/2850989) | -| 2769586 | UE-V roams empty folders and registry keys | [support.microsoft.com/kb/2769586](https://support.microsoft.com/kb/2769586) | -| 2782997 | How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V) | [support.microsoft.com/kb/2782997](/troubleshoot/windows-client/ue-v/enable-debug-logging) | -| 2769570 | UE-V does not update the theme on RDS or VDI sessions | [support.microsoft.com/kb/2769570](https://support.microsoft.com/kb/2769570) | -| 2850582 | How To Use Microsoft User Experience Virtualization With App-V Applications | [support.microsoft.com/kb/2850582](https://support.microsoft.com/kb/2850582) | -| 3041879 | Current file versions for Microsoft User Experience Virtualization | [support.microsoft.com/kb/3041879](https://support.microsoft.com/kb/3041879) | -| 2843592 | Information on User Experience Virtualization and High Availability | [support.microsoft.com/kb/2843592](https://support.microsoft.com/kb/2843592) | - - - - - **Additional resources for this feature** +- [UE-V Registry Settings](troubleshoot/windows-client/ue-v/ue-v-registry-settings) + +- [How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V)(/troubleshoot/windows-client/ue-v/enable-debug-logging) - [User Experience Virtualization](uev-for-windows.md) From d37032badc344f162202d02f5252b80311f270d4 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 14 Dec 2021 16:53:01 -0500 Subject: [PATCH 17/21] Links --- .../threat-protection/auditing/event-4908.md | 22 +++++++++---------- 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4908.md b/windows/security/threat-protection/auditing/event-4908.md index 22e010e5b9..5173543a28 100644 --- a/windows/security/threat-protection/auditing/event-4908.md +++ b/windows/security/threat-protection/auditing/event-4908.md @@ -16,10 +16,9 @@ ms.technology: windows-sec # 4908(S): Special Groups Logon table modified. +:::image type="content" source="images/event-4908.png" alt-text="Event 4908 illustration"::: -Event 4908 illustration - -***Subcategory:*** [Audit Policy Change](audit-audit-policy-change.md) +***Subcategory:*** [Audit Policy Change](audit-audit-policy-change.md) ***Event Description:*** @@ -29,18 +28,16 @@ This event also generates during system startup. This event is always logged regardless of the "Audit Policy Change" sub-category setting. -More information about Special Groups auditing can be found here: +For more information about Special Groups auditing, see [4908(S): Special Groups Logon table modified](/windows/security/threat-protection/auditing/event-4908). - - - - -> **Note**  For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event. +> [!NOTE] +> For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
***Event XML:*** -``` + +```xml - - @@ -75,11 +72,12 @@ More information about Special Groups auditing can be found here: **Special Groups** \[Type = UnicodeString\]**:** contains current list of SIDs (groups or accounts) which are members of Special Groups. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event. -> **Note**  A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). +> [!NOTE] +> A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers). “HKEY\_LOCAL\_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\Audit\\SpecialGroups” registry value contains current list of SIDs which are included in Special Groups: -Registry Editor Audit key illustration +:::image type="content" source="images/registry-editor-audit.png" alt-text="Registry Editor Audit key illustration"::: ## Security Monitoring Recommendations From 2c72890160114ccf970bf887caac4d19602ee2f2 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Tue, 14 Dec 2021 17:04:49 -0500 Subject: [PATCH 18/21] Fixed validation warnings --- windows/configuration/ue-v/uev-release-notes-1607.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md index 875c435895..ad7afab8b0 100644 --- a/windows/configuration/ue-v/uev-release-notes-1607.md +++ b/windows/configuration/ue-v/uev-release-notes-1607.md @@ -101,7 +101,7 @@ WORKAROUND: None **Additional resources for this feature** -- [UE-V Registry Settings](troubleshoot/windows-client/ue-v/ue-v-registry-settings) +- [UE-V Registry Settings](/troubleshoot/windows-client/ue-v/ue-v-registry-settings) - [How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V)(/troubleshoot/windows-client/ue-v/enable-debug-logging) From 9a22f72cb7f65d35a2ac673e2402fb4309f0ee0e Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 14 Dec 2021 18:57:43 -0800 Subject: [PATCH 19/21] Fix broken link in new content --- windows/configuration/ue-v/uev-release-notes-1607.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md index ad7afab8b0..e648b9ed6b 100644 --- a/windows/configuration/ue-v/uev-release-notes-1607.md +++ b/windows/configuration/ue-v/uev-release-notes-1607.md @@ -103,7 +103,7 @@ WORKAROUND: None - [UE-V Registry Settings](/troubleshoot/windows-client/ue-v/ue-v-registry-settings) -- [How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V)(/troubleshoot/windows-client/ue-v/enable-debug-logging) +- [How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V)](/troubleshoot/windows-client/ue-v/enable-debug-logging) - [User Experience Virtualization](uev-for-windows.md) From 2d43e91baf31f1508ae7f92321762b0b82d8b480 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 14 Dec 2021 19:01:23 -0800 Subject: [PATCH 20/21] Fix broken link from PR 2687 This commit fixes a broken link that was added in PR https://github.com/MicrosoftDocs/windows-docs-pr/pull/2687 --- .../deployment/update/olympia/olympia-enrollment-guidelines.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md index eb22188154..91fc25dcd6 100644 --- a/windows/deployment/update/olympia/olympia-enrollment-guidelines.md +++ b/windows/deployment/update/olympia/olympia-enrollment-guidelines.md @@ -100,7 +100,7 @@ This is the Bring Your Own Device (BYOD) method--your device will receive Olympi 3. Click **Connect**, then click **Join this device to Azure Active Directory**. - ![Joining device to Azure AD.]](images/2-3.png) + ![Joining device to Azure AD.](images/2-3.png) 4. Enter your **Olympia corporate account** (e.g., username@olympia.windows.com). Click **Next**. From e7c2ca7e7718e15d5bd0e629f7b5e3a4cfc3f393 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 14 Dec 2021 19:04:50 -0800 Subject: [PATCH 21/21] Add lightbox to aid readability --- .../overview-of-threat-mitigations-in-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index 1771f72297..123a9eef64 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -168,7 +168,7 @@ One of the most common techniques used to gain access to a system is to find a v Address Space Layout Randomization (ASLR) makes that type of attack much more difficult because it randomizes how and where important data is stored in memory. With ASLR, it is more difficult for malware to find the specific location it needs to attack. Figure 3 illustrates how ASLR works by showing how the locations of different critical Windows components can change in memory between restarts. -![ASLR at work.](images/security-fig4-aslr.png) +:::image type="content" alt-text="ASLR at work." source="images/security-fig4-aslr.png" lightbox="images/security-fig4-aslr.png"::: **Figure 3.  ASLR at work**