deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 02:43:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' of github.com:MicrosoftDocs/windows-docs-pr into pm-20221214-whfb-hybrid

Browse Source
This commit is contained in:
Paolo Matarazzo
2023-01-03 17:19:40 -05:00
parent 228853aad7 03a001d6ab
commit 4a1451b58a
4 changed files with 123 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
windows/client-management/mdm/firewall-csp.md
View File

@ -52,6 +52,11 @@ Firewall
------------DisableStealthMode
------------Shielded
------------DisableUnicastResponsesToMulticastBroadcast
------------EnableLogDroppedPackets
------------EnableLogSuccessConnections
------------EnableLogIgnoredRules
------------LogMaxFileSize
------------LogFilePath
------------DisableInboundNotifications
------------AuthAppsAllowUserPrefMerge
------------GlobalPortsAllowUserPrefMerge
@ -65,6 +70,11 @@ Firewall
------------DisableStealthMode
------------Shielded
------------DisableUnicastResponsesToMulticastBroadcast
------------EnableLogDroppedPackets
------------EnableLogSuccessConnections
------------EnableLogIgnoredRules
------------LogMaxFileSize
------------LogFilePath
------------DisableInboundNotifications
------------AuthAppsAllowUserPrefMerge
------------GlobalPortsAllowUserPrefMerge
@ -78,6 +88,11 @@ Firewall
------------DisableStealthMode
------------Shielded
------------DisableUnicastResponsesToMulticastBroadcast
------------EnableLogDroppedPackets
------------EnableLogSuccessConnections
------------EnableLogIgnoredRules
------------LogMaxFileSize
------------LogFilePath
------------DisableInboundNotifications
------------AuthAppsAllowUserPrefMerge
------------GlobalPortsAllowUserPrefMerge
@ -223,6 +238,25 @@ Boolean value. If it's true, unicast responses to multicast broadcast traffic ar
Default value is false.
Value type is bool. Supported operations are Add, Get and Replace.
<a href="" id="enablelogdroppedpackets"></a>**/EnableLogDroppedPackets**
Boolean value. If this value is true, firewall will log all dropped packets. The merge law for this option is to let "on" values win.
Default value is false. Supported operations are Get and Replace.
<a href="" id="enablelogsuccessconnections"></a>**/EnableLogSuccessConnections**
Boolean value. If this value is true, firewall will log all successful inbound connections. The merge law for this option is to let "on" values win.
Default value is false. Supported operations are Get and Replace.
<a href="" id="enablelogignoredrules"></a>**/EnableLogIgnoredRules**
Boolean value. If this value is true, firewall will log ignored firewall rules. The merge law for this option is to let "on" values win.
Default value is false. Supported operations are Get and Replace.
<a href="" id="logmaxfilesize"></a>**/LogMaxFileSize**
Integer value that specifies the size, in kilobytes, of the log file where dropped packets, successful connections and ignored rules are logged. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used.
Default value is 1024. Supported operations are Get and Replace
<a href="" id="logfilepath"></a>**/LogFilePath**
String value that represents the file path to the log where firewall logs dropped packets, successful connections and ignored rules. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used. Default value is "%systemroot%\system32\LogFiles\Firewall\pfirewall.log". Supported operations are Get and Replace
<a href="" id="disableinboundnotifications"></a>**/DisableInboundNotifications**
Boolean value. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port. If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
Default value is false.
@ -349,7 +383,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
<a href="" id="icmptypesandcodes"></a>**FirewallRules/_FirewallRuleName_/IcmpTypesAndCodes**
ICMP types and codes applicable to the firewall rule. To specify all ICMP types and codes, use the “\*” character. For specific ICMP types and codes, use the “:” character to separate the type and code, for example, 3:4, 1:\*. The “\*” character can be used to represent any code. The “\*” character cannot be used to specify any type; examples such as “\*:4” or “\*:\*” are invalid.
Comma separated list of ICMP types and codes applicable to the firewall rule. To specify all ICMP types and codes, use the “\*” character. For specific ICMP types and codes, use the “:” character to separate the type and code, for example, 3:4, 1:\*. The “\*” character can be used to represent any code. The “\*” character cannot be used to specify any type; examples such as “\*:4” or “\*:\*” are invalid.
If not specified, the default is All.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
@ -431,6 +465,7 @@ Comma separated list of interface types. Valid values:
- RemoteAccess
- Wireless
- Lan
- MBB (i.e. Mobile Broadband)
If not specified, the default is All.
Value type is string. Supported operations are Get and Replace.

2
windows/security/threat-protection/auditing/event-4768.md
View File

@ -220,7 +220,7 @@ The most common values:
| 0x14 | KDC\_ERR\_TGT\_REVOKED | TGT has been revoked | Since the remote KDC may change its PKCROSS key while there are PKCROSS tickets still active, it SHOULD cache the old PKCROSS keys until the last issued PKCROSS ticket expires. Otherwise, the remote KDC will respond to a client with a KRB-ERROR message of type KDC\_ERR\_TGT\_REVOKED. See [RFC1510](https://www.ietf.org/proceedings/49/I-D/draft-ietf-cat-kerberos-pk-cross-07.txt) for more details. |
| 0x15 | KDC\_ERR\_CLIENT\_NOTYET | Client not yet valid—try again later | No information. |
| 0x16 | KDC\_ERR\_SERVICE\_NOTYET | Server not yet valid—try again later | No information. |
| 0x17 | KDC\_ERR\_KEY\_EXPIRED | Password has expired—change password to reset | The users password has expired.<br>This error code cannot occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event. |
| 0x17 | KDC\_ERR\_KEY\_EXPIRED | Password has expired—change password to reset | The users password has expired. |
| 0x18 | KDC\_ERR\_PREAUTH\_FAILED | Pre-authentication information was invalid | The wrong password was provided.<br>This error code cannot occur in event “[4768](event-4768.md). A Kerberos authentication ticket (TGT) was requested”. It occurs in “[4771](event-4771.md). Kerberos pre-authentication failed” event. |
| 0x19 | KDC\_ERR\_PREAUTH\_REQUIRED | Additional pre-authentication required | This error often occurs in UNIX interoperability scenarios. MIT-Kerberos clients do not request pre-authentication when they send a KRB\_AS\_REQ message. If pre-authentication is required (the default), Windows systems will send this error. Most MIT-Kerberos clients will respond to this error by giving the pre-authentication, in which case the error can be ignored, but some clients might not respond in this way. |
| 0x1A | KDC\_ERR\_SERVER\_NOMATCH | KDC does not know about the requested server | No information. |

41
windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
View File

@ -8,7 +8,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: vinaypamnani-msft
ms.author: vinpa
ms.date: 09/09/2021
ms.date: 11/30/2022
ms.reviewer:
manager: aaroncz
ms.custom: asr
@ -28,10 +28,12 @@ ms.topic: how-to
## Review system requirements
See [System requirements for Microsoft Defender Application Guard](./reqs-md-app-guard.md) to review the hardware and software installation requirements for Microsoft Defender Application Guard.
>[!NOTE]
>Microsoft Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host.
> [!NOTE]
> Microsoft Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host.
## Prepare for Microsoft Defender Application Guard
Before you can install and use Microsoft Defender Application Guard, you must determine which way you intend to use it in your enterprise. You can use Application Guard in either **Standalone** or **Enterprise-managed** mode.
### Standalone mode
@ -52,6 +54,7 @@ Applies to:
You and your security department can define your corporate boundaries by explicitly adding trusted domains and by customizing the Application Guard experience to meet and enforce your needs on employee devices. Enterprise-managed mode also automatically redirects any browser requests to add non-enterprise domain(s) in the container.
The following diagram shows the flow between the host PC and the isolated container.
![Flowchart for movement between Microsoft Edge and Application Guard.](images/application-guard-container-v-host.png)
## Install Application Guard
@ -60,22 +63,22 @@ Application Guard functionality is turned off by default. However, you can quick
### To install by using the Control Panel
1. Open the **Control Panel**, click **Programs,** and then click **Turn Windows features on or off**.
1. Open the **Control Panel**, click **Programs,** and then select **Turn Windows features on or off**.
![Windows Features, turning on Microsoft Defender Application Guard.](images/turn-windows-features-on-off.png)
2. Select the check box next to **Microsoft Defender Application Guard** and then click **OK**.
2. Select the check box next to **Microsoft Defender Application Guard** and then select **OK**.
Application Guard and its underlying dependencies are all installed.
### To install by using PowerShell
>[!NOTE]
>Ensure your devices have met all system requirements prior to this step. PowerShell will install the feature without checking system requirements. If your devices don't meet the system requirements, Application Guard may not work. This step is recommended for enterprise managed scenarios only.
> [!NOTE]
> Ensure your devices have met all system requirements prior to this step. PowerShell will install the feature without checking system requirements. If your devices don't meet the system requirements, Application Guard may not work. This step is recommended for enterprise managed scenarios only.
1. Click the **Search** or **Cortana** icon in the Windows 10 or Windows 11 taskbar and type **PowerShell**.
1. Select the **Search** or **Cortana** icon in the Windows 10 or Windows 11 taskbar and type **PowerShell**.
2. Right-click **Windows PowerShell**, and then click **Run as administrator**.
2. Right-click **Windows PowerShell**, and then select **Run as administrator**.
Windows PowerShell opens with administrator credentials.
@ -95,17 +98,15 @@ Application Guard functionality is turned off by default. However, you can quick
:::image type="content" source="images/MDAG-EndpointMgr-newprofile.jpg" alt-text="Enroll devices in Intune.":::
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Choose **Devices** > **Configuration profiles** > **+ Create profile**, and do the following: <br/>
1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Devices** > **Configuration profiles** > **+ Create profile**, and do the following: <br/>
1. In the **Platform** list, select **Windows 10 and later**.
1. In the **Profile** list, select **Endpoint protection**.
2. In the **Profile** type, choose **Templates** and select **Endpoint protection**.
1. Choose **Create**.
3. Choose **Create**.
1. Specify the following settings for the profile:
2. Specify the following settings for the profile:
- **Name** and **Description**
@ -115,16 +116,16 @@ Application Guard functionality is turned off by default. However, you can quick
- Choose your preferences for **Clipboard behavior**, **External content**, and the remaining settings.
1. Choose **OK**, and then choose **OK** again.
3. Choose **OK**, and then choose **OK** again.
1. Review your settings, and then choose **Create**.
4. Review your settings, and then choose **Create**.
1. Choose **Assignments**, and then do the following:
5. Choose **Assignments**, and then do the following:
1. On the **Include** tab, in the **Assign to** list, choose an option.
1. If you have any devices or users you want to exclude from this endpoint protection profile, specify those on the **Exclude** tab.
2. If you have any devices or users you want to exclude from this endpoint protection profile, specify those on the **Exclude** tab.
1. Click **Save**.
3. Select **Save**.
After the profile is created, any devices to which the policy should apply will have Microsoft Defender Application Guard enabled. Users might have to restart their devices in order for protection to be in place.