Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client

.openpublishing.publish.config.json

@@ -524,6 +524,10 @@
     "master": [
       "Publish",
       "Pdf"
+    ],
+    "atp-api-danm": [
+      "Publish",
+      "Pdf"
     ]
   },
   "need_generate_pdf_url_template": true,

.openpublishing.redirection.json

@@ -5421,6 +5421,11 @@
 "redirect_document_id": true
 },
 {
+"source_path": "devices/surface/manage-surface-dock-firmware-updates.md",
+"redirect_url": "devices/surface/update",
+"redirect_document_id": true   
+},
+{
 "source_path": "devices/surface-hub/i-am-done-finishing-your-surface-hub-meeting.md",
 "redirect_url": "/surface-hub/finishing-your-surface-hub-meeting",
 "redirect_document_id": true
@@ -13884,6 +13889,11 @@
 "source_path": "education/windows/windows-automatic-redeployment.md",
 "redirect_url": "/education/windows/autopilot-reset",
 "redirect_document_id": true
+},
+{
+"source_path": "windows/privacy/manage-windows-endpoints.md",
+"redirect_url": "/windows/privacy/manage-windows-1809-endpoints",
+"redirect_document_id": true
 }
 ]
 }

browsers/edge/docfx.json

@@ -9,7 +9,7 @@
       ],
     "resource": [
         {
-          "files": ["**/images/**", "**/*.json"],
+          "files": ["**/images/**"],
           "exclude": ["**/obj/**"]
         }
     ],

browsers/internet-explorer/docfx.json

@@ -9,7 +9,7 @@
       ],
     "resource": [
         {
-          "files": ["**/images/**", "**/*.json"],
+          "files": ["**/images/**"],
           "exclude": ["**/obj/**"]
         }
     ],

devices/hololens/TOC.md

@@ -1,8 +1,9 @@
 # [Microsoft HoloLens](index.md)
 ## [What's new in Microsoft HoloLens](hololens-whats-new.md)
-## [Insider preview for Microsoft HoloLens](hololens-insider.md)
 ## [HoloLens in the enterprise: requirements and FAQ](hololens-requirements.md)
+## [Insider preview for Microsoft HoloLens](hololens-insider.md)
 ## [Set up HoloLens](hololens-setup.md)
+## [Install localized version of HoloLens](hololens-install-localized.md)
 ## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) 
 ## [Enroll HoloLens in MDM](hololens-enroll-mdm.md)
 ## [Manage updates to HoloLens](hololens-updates.md)

devices/hololens/change-history-hololens.md

@@ -16,6 +16,10 @@ ms.date: 11/05/2018
 
 This topic lists new and updated topics in the [Microsoft HoloLens documentation](index.md).
 
+## Windows 10 Holographic for Business, version 1809
+
+The topics in this library have been updated for Windows 10 Holographic for Business, version 1809.
+
 ## November 2018
 
 New or changed topic | Description
@@ -37,7 +41,7 @@ New or changed topic | Description
 
 New or changed topic | Description
 --- | ---
-[Insider preview for Microsoft HoloLens](hololens-insider.md) | New
+Insider preview for Microsoft HoloLens | New (topic retired on release of Windows 10, version 1809)
 
 ## June 2018
 

devices/hololens/hololens-encryption.md

@@ -21,40 +21,21 @@ You can enable [Bitlocker device encryption](https://docs.microsoft.com/windows/
 
 You can use your mobile device management (MDM) provider to apply a policy that requires device encryption. The policy used is the [Security/RequireDeviceEncryption setting](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-security#security-requiredeviceencryption) in the Policy CSP.
 
-In the following steps, Microsoft Intune is used as the example. For other MDM tools, see your MDM provider's documentation for instructions.
+[See instructions for enabling device encryption using Microsoft Intune.](https://docs.microsoft.com/intune/compliance-policy-create-windows#windows-holographic-for-business)
 
-1. Sign in to the [Microsoft Azure portal](https://portal.azure.com/).
+For other MDM tools, see your MDM provider's documentation for instructions. If your MDM provider requires custom URI for device encryption, use the following configuration:
 
-2. Use **Search** or go to **More services** to open the Intune blade.
-
-3. Go to **Device configuration > Profiles**, and select **Create profile**.
-
-    ![Intune create profile option](images/encrypt-create-profile.png)
-
-4. Enter a name of your choice, select **Windows 10 and later** for the platform,  select **Custom** for the profile type, and then select **Add**.
-
-    ![Intune custom setting screen](images/encrypt-custom.png)
-
-5. In **Add Row OMA-URI Settings**, enter or select the following information:
-    - **Name**: a name of your choice
-    - **Description**: optional
-    - **OMA-URI**: `./Vendor/MSFT/Policy/Config/Security/RequireDeviceEncryption`
-    - **Data type**: integer
-    - **Value**: `1`
-
-    ![Intune OMA-URI settings for encryption](images/encrypt-oma-uri.png)
-
-6. Select **OK**, select **OK**, and then select **Create**. The blade for the profile opens automatically.
-
-7. Select **Assignments** to assign the profile to a group. After you configure the assignment, select **Save**.
-
-![Intune profile assignment screen](images/encrypt-assign.png)
+- **Name**: a name of your choice
+- **Description**: optional
+- **OMA-URI**: `./Vendor/MSFT/Policy/Config/Security/RequireDeviceEncryption`
+- **Data type**: integer
+- **Value**: `1`
 
 ## Enable device encryption using a provisioning package
 
 Provisioning packages are files created by the Windows Configuration Designer tool that apply a specified configuration to a device. 
 
-### Create a provisioning package that upgrades the Windows Holographic edition
+### Create a provisioning package that upgrades the Windows Holographic edition and enables encryption
 
 1.	[Create a provisioning package for HoloLens.](hololens-provisioning.md)
 

devices/hololens/hololens-insider.md

@@ -37,77 +37,11 @@ To opt out of Insider builds:
 - On a HoloLens running a production build, go to **Settings > Update & Security > Windows Insider Program**, and select **Stop Insider builds**.
 - Follow the instructions to opt out your device.
 
-## New features for HoloLens 
 
-The latest Insider Preview (RS5) has arrived for all HoloLens customers! This latest flight is packed with improvements that have been introduced since the [last major release of HoloLens software in May 2018](https://docs.microsoft.com/windows/mixed-reality/release-notes-october-2018). 
-
-### For everyone 
- 
-
-Feature | Details  | Instructions 
---- | --- | ---
-Stop video capture from the Start or quick actions menu | If you start video capture from the Start menu or quick actions menu, you’ll be able to stop recording from the same place. (Don’t forget, you can always do this with voice commands too.) | To start recording, select **Start > Video**. To stop recording, select **Start > Stop video**.
-Project to a Miracast-enabled device | Project your HoloLens content to a nearby Surface device or TV/Monitor if using Microsoft Display adapter | On **Start**, select **Connect**. Select the device you want to project to. 
-New notifications | View and respond to notification toasts on HoloLens, just like you do on a PC. | You’ll now see notifications from apps that provide them. Gaze to respond to or dismiss them (or if you’re in an immersive experience, use the bloom gesture).  
-HoloLens overlays (file picker, keyboard, dialogs, etc.) | You’ll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps. | When you’re using an immersive app, input text, select a file from the file picker, or interact with dialogs without leaving the app. 
-Visual feedback overlay UI for volume change | When you use the volume up/down buttons on your HoloLens you’ll see a visual display of the volume level. | Adjust the device volume using the volume up/down buttons located on the right arm of the HoloLens. Use the visual display to track the volume level. 
-New UI for device boot | A loading indicator was added during the boot process to provide visual feedback that the system is loading. | Reboot your device to see the new loading indicator—it’s between the "Hello" message and the Windows boot logo. 
-Share UX: Nearby Sharing | Addition of the Windows Nearby Sharing experience, allowing you to share a capture with a nearby Windows device. | Capture a photo or video on HoloLens (or use the share button from an app such as Microsoft Edge).  Select a nearby Windows device to share with. 
-Share from Microsoft Edge | Share button is now available on Microsoft Edge windows on HoloLens. | In Microsoft Edge, select **Share**. Use the HoloLens share picker to share web content. 
-
-### For developers 
- 
-- Support for Holographic [Camera Capture UI API](https://docs.microsoft.com/windows/uwp/audio-video-camera/capture-photos-and-video-with-cameracaptureui), which will let developers expose a way for users to seamlessly invoke camera or video capture from within their applications. For example, users can now capture and insert photo or video content directly within apps like Word.  
-- Mixed Reality Capture has been improved to exclude hidden mesh from captures, which means videos captures by apps will no longer contain black corners around the content.  
-
-### For commercial customers 
-
-
-Feature | Details | Instructions 
---- | --- | ---
-Enable post-setup provisioning | Can now apply a runtime provisioning package at any time using **Settings**. | On your PC:<br><br>1. Create a provisioning package as described at [Create a provisioning package for HoloLens using the HoloLens wizard](hololens-provisioning.md). <br>2. Connect the HoloLens device via USB to a PC. HoloLens will show up as a device in File Explorer on the PC. <br>3. Drag and drop the provisioning package to the Documents folder on the HoloLens. <br><br>On your HoloLens: <br><br>1. Go to **Settings > Accounts > Access work or school**. <br>2. In **Related Settings**, select **Add or remove a provisioning package**.<br>3. On the next page, select **Add a package** to launch the file picker and select your provisioning package. <br>**Note:** if the folder is empty, make sure you select **This Device** and select **Documents**.<br>After your package has been applied, it will show in the list of Installed packages. To view package details or to remove the package from the device, select the listed package. 
-Assigned access with Azure AD groups | Flexibility to use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration. | Prepare XML file to configure Assigned Access on PC:<br><br>1. In a text editor, open [the provided file AssignedAccessHoloLensConfiguration_AzureADGroup.xml](#xml).<br>2. Change the group ID to one available in your Azure AD tenant. You can find the group ID of an Azure Active Directory Group by either :<br>- following the steps at [Azure Active Directory version 2 cmdlets for group management](https://docs.microsoft.com/azure/active-directory/active-directory-accessmanagement-groups-settings-v2-cmdlets),<br>OR<br>- in the Azure portal, with the steps at [Manage the settings for a group in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-groups-settings-azure-portal).<br><br>**Note:** The sample configures the following apps: Skype, Learning, Feedback Hub, Flow, Camera, and Calibration. <br><br>Create provisioning package with WCD:<br><br>1. On a PC, follow the steps at [Create a provisioning package for HoloLens using the HoloLens wizard](hololens-provisioning.md) to create a provisioning package.<br>2. Ensure that you include the license file in **Set up device**.<br>3. Select **Switch to advanced editor** (bottom left), and **Yes** for warning prompt.<br>4. Expand the runtime settings selection in the **Available customizations** panel and select **AssignedAccess > MultiAppAssignedAccessSettings**.<br>5. In the middle panel, you should now see the setting displayed with documentation in the panel below. Browse to the XML you modified for Assigned Access.<br>6. On the **Export** menu, select **Provisioning package**. <br>**Warning:** If you encrypt the provisioning package, provisioning the HoloLens device will fail.<br>7. Select **Next** to specify the output location where you want the provisioning package to go once it's built.<br>8. Select **Next**, and then select **Build** to start building the package.<br>9. When the build completes, select **Finish**. <br><br>Apply the package to HoloLens: <br><br>1. Connect HoloLens via USB to a PC and start the device, but do not continue past the **Fit** page of OOBE (the first page with the blue box). HoloLens will show up as a device in File Explorer on the PC. <br>2. In File Explorer, drag and drop the provisioning package (.ppkg) onto the device storage.<br>3. Briefly press and release the **Volume Down** and **Power** buttons simultaneously again while on the fit page. <br>4. The device will ask you if you trust the package and would like to apply it. Confirm that you trust the package.<br>5. You will see whether the package was applied successfully or not. If it failed, you can fix your package and try again. If it succeeded, proceed with OOBE.<br><br>Enable assigned access on HoloLens: <br><br>1. After applying the provisioning package, during the **Account Setup** flows in OOBE, select **My work or school owns this** to set up your device with an Azure AD account. <br>**Note:** This account must not be in the group chosen for Assigned Access.<br>2. Once you reach the Shell, ensure the Skype app is installed either via your MDM environment or from the Store. <br>3. After the Skype app is installed, sign out. <br>4. On the sign-in screen, select the **Other User** option and enter an Azure AD account email address that belongs to the group chosen for Assigned Access. Then enter the password to sign in. You should now see this user with only the apps configured in the Assigned Access profile. 
-PIN sign-in on profile switch from sign-in screen  | PIN sign-in is now available for **Other User**.  | When signing in as **Other User**, the PIN option is now available under **Sign-In options**. 
-Sign in with Web Cred Provider using password | You can now select the Globe sign-in option to launch web sign-in with your password. Look for additional web sign-in methods coming in the future. | From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password. <br>**Note:** You can choose to bypass any PIN/Smartcard options when prompted during web sign-in.  
-Read device hardware info through MDM so devices can be tracked by serial # | IT administrators can see and track HoloLens by device serial number in their MDM console. | Refer to your MDM documentation for feature availability, and for how to use your MDM console to view HoloLens device serial number. 
-Set HoloLens device name through MDM (rename) |  IT administrators can see and rename HoloLens devices in their MDM console. | Refer to your MDM documentation for feature availability, and for how to use your MDM console to view and set your HoloLens device name (rename). 
-
-### For international customers 
- 
-
-Feature | Details | Instructions 
---- | --- | ---
-Localized Chinese and Japanese builds | Use HoloLens with localized user interface for Simplified Chinese or Japanese, including localized Pinyin keyboard, dictation, and voice commands. | See below.  
-
-#### Installing the Chinese or Japanese versions of the Insider builds 
- 
-In order to switch to the Chinese or Japanese version of HoloLens, you’ll need to download the build for the language on a PC and then install it on your HoloLens using the Windows Device Recovery Tool (WDRT). 
- 
->[!IMPORTANT] 
->Installing the Chinese or Japanese builds of HoloLens using WDRT will delete existing data, like personal files and settings, from your HoloLens. 
- 
-1. On a retail HoloLens device, [opt in to Insider Preview builds](#get-insider) to prepare your device for the RS5 Preview.   
-2. On your PC, download and install [the Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379). 
-3. Download the package for the language you want to your PC:  [Simplified Chinese](https://aka.ms/hololenspreviewdownload-ch) or [Japanese](https://aka.ms/hololenspreviewdownload-jp).
-4. When the download is finished, select **File Explorer > Downloads**. Right-click the zipped folder you just downloaded, and select **Extract all... > Extract** to unzip it. 
-5. Connect your HoloLens to your PC using the micro-USB cable it came with. (Even if you've been using other cables to connect your HoloLens, this one works best.)  
-6. The tool will automatically detect your HoloLens. Select the Microsoft HoloLens tile. 
-7. On the next screen, select **Manual package selection** and choose the installation file contained in the folder you unzipped in step 4. (Look for a file with the extension “.ffu”.) 
-8. Select **Install software** and follow the instructions to finish installing. 
-9. Once the build is installed, HoloLens setup will start automatically. Put on the device and follow the setup directions.
-10. After you complete setup, go to **Settings -> Update & Security -> Windows Insider Program** and select **Get started**. Link the account you used to register as a Windows Insider. Then, select **Active development of Windows**, choose whether you’d like to receive **Fast** or **Slow** builds, and review the program terms. Select **Confirm -> Restart Now** to finish up. After your device has rebooted, go to **Settings -> Update & Security -> Check for updates** to get the latest build. 
- 
-
-
-
-## Note for language support
-
-- You can’t change the system language between English, Japanese, and Chinese using the Settings app. Flashing a new build is the only supported way to change the device system language.
-- While you can enter Simplified Chinese / Japanese text using the on-screen Pinyin keyboard, typing in Simplified Chinese / Japanese using a Bluetooth hardware keyboard is not supported at this time.  However, on Chinese/Japanese HoloLens, you can continue to use a BT keyboard to type in English (the Shift key on a hardware keyboard toggles the keyboard to type in English).
 
 ## Note for developers
 
-You are welcome and encouraged to try developing your applications using this build of HoloLens.  Check out the [HoloLens Developer Documentation](https://developer.microsoft.com/windows/mixed-reality/development) to get started.  Those same instructions work with this latest build of HoloLens.  You can use the same builds of Unity and Visual Studio that you're already using for HoloLens development.
+You are welcome and encouraged to try developing your applications using Insider builds of HoloLens.  Check out the [HoloLens Developer Documentation](https://developer.microsoft.com/windows/mixed-reality/development) to get started. Those same instructions work with Insider builds of HoloLens.  You can use the same builds of Unity and Visual Studio that you're already using for HoloLens development.
 
 ## Provide feedback and report issues
 
@@ -116,75 +50,3 @@ Please use [the Feedback Hub app](https://docs.microsoft.com/windows/mixed-reali
 >[!NOTE]
 >Be sure to accept the prompt that asks whether you’d like Feedback Hub to access your Documents folder (select **Yes** when prompted).
  
-<span id="xml" />
-## AssignedAccessHoloLensConfiguration_AzureADGroup.xml
-
-Copy this sample XML to use for the [**Assigned access with Azure AD groups** feature](#for-commercial-customers).
-
-```xml
-<?xml version="1.0" encoding="utf-8" ?>
-<!-- 
-  This is a sample Assigned Access XML file. The Profile specifies which apps are allowed
-  and their app IDs. An Assigned Access Config specifies the accounts or groups to which 
-  a Profile is applicable. 
-  
-  !!! NOTE: Change the Name of the AzureActiveDirectoryGroup below to a valid object ID for a group in the tenant being tested.  !!!
-  
-  You can find the object ID of an Azure Active Directory Group by following the steps at 
-  https://docs.microsoft.com/azure/active-directory/active-directory-accessmanagement-groups-settings-v2-cmdlets
-  
-  OR in the Azure portal with the steps at
-  https://docs.microsoft.com/azure/active-directory/active-directory-groups-settings-azure-portal
-  
--->
-<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config">
-    <Profiles>
-        <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
-            <AllAppsList>
-                <AllowedApps>
-                    <!-- Learning app -->
-                    <App AppUserModelId="GGVLearning_cw5n1h2txyewy!GGVLearning" />
-                    <!-- Calibration app -->
-                    <App AppUserModelId="ViewCalibrationApp_cw5n1h2txyewy!ViewCalibrationApp" />
-                    <!-- Feedback Hub -->
-                    <App AppUserModelId="Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe!App" />
-                    <!-- HoloSkype -->
-                    <App AppUserModelId="Microsoft.SkypeApp_kzf8qxf38zg5c!App" />
-                    <!-- HoloCamera -->
-                    <App AppUserModelId="HoloCamera_cw5n1h2txyewy!App" />
-                    <!-- HoloDevicesFlow -->
-                    <App AppUserModelId="HoloDevicesFlow_cw5n1h2txyewy!App" />
-                </AllowedApps>
-            </AllAppsList>
-            <!-- This section is required for parity with Desktop Assigned Access. It is not currently used on HoloLens -->
-            <StartLayout>
-                <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
-                      <LayoutOptions StartTileGroupCellWidth="6" />
-                      <DefaultLayoutOverride>
-                        <StartLayoutCollection>
-                          <defaultlayout:StartLayout GroupCellWidth="6">
-                            <start:Group Name="Life at a glance">
-                              <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="Microsoft.SkypeApp_kzf8qxf38zg5c!App" />
-                            </start:Group>
-                          </defaultlayout:StartLayout>
-                        </StartLayoutCollection>
-                      </DefaultLayoutOverride>
-                    </LayoutModificationTemplate>
-                ]]>
-            </StartLayout>
-            <!-- This section is required for parity with Desktop Assigned Access. It is not currently used on HoloLens -->
-            <Taskbar ShowTaskbar="true"/>
-        </Profile>
-    </Profiles>
-    <Configs>
-        <!-- IMPORTANT: Replace the group ID here with a valid object ID for a group in the tenant being tested that you want to 
-        be enabled for assigned access. Refer to https://docs.microsoft.com/azure/active-directory/users-groups-roles/groups-settings-v2-cmdlets on how to determine Object-Id for a AzureActiveDirectoryGroup. -->
-        <Config>
-           <UserGroup Type="AzureActiveDirectoryGroup" Name="ade2d5d2-1c86-4303-888e-80f323c33c61" /> <!-- All Intune Licensed Users -->
-           <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
-        </Config>
-    </Configs>
-</AssignedAccessConfiguration>
-
-```
-

devices/hololens/hololens-install-localized.md

@@ -0,0 +1,35 @@
+---
+title: Install localized versions of HoloLens (HoloLens)
+description: Learn how to install the Chinese or Japanese versions of HoloLens
+ms.prod: hololens
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: jdeckerms
+ms.author: jdecker
+ms.topic: article
+ms.localizationpriority: medium
+ms.date: 11/13/2018
+---
+
+# Install localized versions of HoloLens
+
+In order to switch to the Chinese or Japanese version of HoloLens, you’ll need to download the build for the language on a PC and then install it on your HoloLens using the Windows Device Recovery Tool (WDRT). 
+ 
+>[!IMPORTANT] 
+>Installing the Chinese or Japanese builds of HoloLens using WDRT will delete existing data, like personal files and settings, from your HoloLens. 
+ 
+   
+2. On your PC, download and install [the Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379). 
+3. Download the package for the language you want to your PC:  [Simplified Chinese](https://aka.ms/hololensdownload-ch) or [Japanese](https://aka.ms/hololensdownload-jp).
+4. When the download is finished, select **File Explorer > Downloads**. Right-click the zipped folder you just downloaded, and select **Extract all... > Extract** to unzip it. 
+5. Connect your HoloLens to your PC using the micro-USB cable it came with. (Even if you've been using other cables to connect your HoloLens, this one works best.)  
+6. The tool will automatically detect your HoloLens. Select the Microsoft HoloLens tile. 
+7. On the next screen, select **Manual package selection** and choose the installation file contained in the folder you unzipped in step 4. (Look for a file with the extension “.ffu”.) 
+8. Select **Install software** and follow the instructions to finish installing. 
+9. Once the build is installed, HoloLens setup will start automatically. Put on the device and follow the setup directions. 
+ 
+
+## Note for language support
+
+- You can’t change the system language between English, Japanese, and Chinese using the Settings app. Flashing a new build is the only supported way to change the device system language.
+- While you can enter Simplified Chinese / Japanese text using the on-screen Pinyin keyboard, typing in Simplified Chinese / Japanese using a Bluetooth hardware keyboard is not supported at this time.  However, on Chinese/Japanese HoloLens, you can continue to use a BT keyboard to type in English (the ~ key on a hardware keyboard toggles the keyboard to type in English).

devices/hololens/hololens-kiosk.md

@@ -7,7 +7,7 @@ author: jdeckerms
 ms.author: jdecker
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 08/14/2018
+ms.date: 11/13/2018
 ---
 
 # Set up HoloLens in kiosk mode
@@ -20,6 +20,16 @@ When HoloLens is configured as a multi-app kiosk, only the allowed apps are avai
 
 Single-app kiosk mode starts the specified app when the user signs in, and restricts the user's ability to launch new apps or change the running app. When single-app kiosk mode is enabled for HoloLens, the bloom gesture and Cortana are disabled, and placed apps aren't shown in the user's surroundings. 
 
+The following table lists the device capabilities in the different kiosk modes.
+
+Kiosk mode | Voice and Bloom commands | Quick actions menu | Camera and video | Miracast
+--- | --- | --- | --- | ---
+Single-app kiosk | ![no](images/crossmark.png)  |  ![no](images/crossmark.png)    | ![no](images/crossmark.png)     |  ![no](images/crossmark.png)  
+Multi-app kiosk | ![yes](images/checkmark.png)  | ![yes](images/checkmark.png) with **Home** and **Volume** (default)<br><br>Photo and video buttons shown in Quick actions menu if the Camera app is enabled in the kiosk configuration.<br><br>Miracast is shown if the Camera app and device picker app are enabled in the kiosk configuration.    | ![yes](images/checkmark.png) if the Camera app is enabled in the kiosk configuration.   | ![yes](images/checkmark.png) if the Camera app and device picker app are enabled in the kiosk configuration.
+
+>[!NOTE]
+>Use the Application User Model ID (AUMID) to allow apps in your kiosk configuration. The Camera app AUMID is `HoloCamera_cw5n1h2txyewy!HoloCamera`. The device picker app AUMID is `HoloDevicesFlow_cw5n1h2txyewy!HoloDevicesFlow`.
+
 The [AssignedAccess Configuration Service Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) enables kiosk configuration. 
 
 >[!WARNING]

devices/hololens/hololens-provisioning.md

@@ -7,7 +7,7 @@ author: jdeckerms
 ms.author: jdecker
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 04/30/2018
+ms.date: 11/13/2018
 ---
 
 # Configure HoloLens using a provisioning package
@@ -49,8 +49,7 @@ Provisioning packages can include management instructions and policies, customiz
 
 > [!TIP]
 > Use the desktop wizard to create a package with the common settings, then switch to the advanced editor to add other settings, apps, policies, etc.
->
->![open advanced editor](images/icd-simple-edit.png)
+
 
 ### Create the provisioning package
 
@@ -77,8 +76,8 @@ Use the Windows Configuration Designer tool to create a provisioning package.
 <tr><td style="width:45%" valign="top"><a id="two"></a>![step two](images/two.png)  ![set up network](images/set-up-network.png)</br></br>Toggle **On** or **Off** for wireless network connectivity. If you select **On**, enter the SSID, the network type (**Open** or **WPA2-Personal**), and (if **WPA2-Personal**) the password for the wireless network.</td><td>![Enter network SSID and type](images/set-up-network-details-desktop.png)</td></tr>
 <tr><td style="width:45%" valign="top"><a id="three"></a>![step three](images/three.png)  ![account management](images/account-management.png)</br></br>You can enroll the device in Azure Active Directory, or create a local account on the device</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions. </br></br>To create a local account, select that option and enter a user name and password. </br></br>**Important:** (For Windows 10, version 1607 only) If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.  </td><td>![join  Azure AD or create a local  account](images/account-management-details.png)</td></tr>
 <tr><td style="width:45%" valign="top"><a id="four"></a>![step four](images/four.png) ![add certificates](images/add-certificates.png)</br></br>To provision the device with a certificate, click **Add a certificate**. Enter a name for the certificate, and then browse to and select the certificate to be used.</td><td>![add a certificate](images/add-certificates-details.png)</td></tr> 
-<tr><td style="width:45%" valign="top"><a id="five"></a>![Developer Setup](images/developer-setup.png)</br></br>Toggle **Yes** or **No** to enable Developer Mode on the HoloLens. [Learn more about Developer Mode.](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)</td><td>![Enable Developer Mode](images/developer-setup-details.png)</td></tr>
-<tr><td style="width:45%" valign="top"><a id="six"></a>![finish](images/finish.png)</br></br>Do not set a password to protect your provisioning package. If the provisioning package is protected by a password, provisioning the HoloLens device will fail.</td><td>![Protect your package](images/finish-details.png)</td></tr>
+<tr><td style="width:45%" valign="top"><a id="five"></a>![step five](images/five.png) ![Developer Setup](images/developer-setup.png)</br></br>Toggle **Yes** or **No** to enable Developer Mode on the HoloLens. [Learn more about Developer Mode.](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)</td><td>![Enable Developer Mode](images/developer-setup-details.png)</td></tr>
+<tr><td style="width:45%" valign="top"><a id="six"></a>![step six](images/six.png) ![finish](images/finish.png)</br></br>Do not set a password to protect your provisioning package. If the provisioning package is protected by a password, provisioning the HoloLens device will fail.</td><td>![Protect your package](images/finish-details.png)</td></tr>
 </table>
 
 After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page.
@@ -137,7 +136,7 @@ After you're done, click **Create**. It only takes a few seconds. When the packa
 10. When the build completes, click **Finish**. 
 
 <span id="apply" />
-## Apply a provisioning package to HoloLens
+## Apply a provisioning package to HoloLens during setup
 
 1. Connect the device via USB to a PC and start the device, but do not continue past the **Fit** page of OOBE (the first page with the blue box).
 
@@ -156,6 +155,23 @@ After you're done, click **Create**. It only takes a few seconds. When the packa
 >[!NOTE]
 >If the device was purchased before August 2016, you will need to sign into the device with a Microsoft account, get the latest OS update, and then reset the OS in order to apply the provisioning package.
 
+## Apply a provisioning package to HoloLens after setup
+
+>[!NOTE]
+>Windows 10, version 1809 only
+
+On your PC:
+1. Create a provisioning package as described at [Create a provisioning package for HoloLens using the HoloLens wizard](hololens-provisioning.md). 
+2. Connect the HoloLens device via USB to a PC. HoloLens will show up as a device in File Explorer on the PC. 
+3. Drag and drop the provisioning package to the Documents folder on the HoloLens. 
+
+On your HoloLens: 
+1. Go to **Settings > Accounts > Access work or school**. 
+2. In **Related Settings**, select **Add or remove a provisioning package**.
+3. On the next page, select **Add a package** to launch the file picker and select your provisioning package. If the folder is empty, make sure you select **This Device** and select **Documents**.
+
+After your package has been applied, it will show in the list of **Installed packages**. To view package details or to remove the package from the device, select the listed package.
+
 ## What you can configure
 
 Provisioning packages make use of configuration service providers (CSPs). If you're not familiar with CSPs, see [Introduction to configuration service providers (CSPs) for IT pros](https://technet.microsoft.com/itpro/windows/manage/how-it-pros-can-use-configuration-service-providers).

devices/hololens/hololens-updates.md

@@ -14,36 +14,30 @@ ms.date: 04/30/2018
 
 >**Looking for how to get the latest update? See [Update HoloLens](https://support.microsoft.com/help/12643/hololens-update-hololens).**
 
-Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. As with desktop devices, administrators can manage updates to the HoloLens operating system using [Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb).
-
 >[!NOTE]
 >HoloLens devices must be [upgraded to Windows Holographic for Business](hololens-upgrade-enterprise.md) to manage updates.
 
+For a complete list of Update policies, see [Policies supported by Windows Holographic for Business](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#a-href-idhololenspoliciesapolicies-supported-by-windows-holographic-for-business).
 
-Mobile device management (MDM) providers use the [Policy Configuration Service Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) to enable update management. 
-
-The Update policies supported for HoloLens are:
-
+To configure how and when updates are applied, use the following policies:
 -	[Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate)
-- [Update/AllowUpdateService](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowupdateservice)  
-- [Update/RequireDeferUpgrade](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-requiredeferupgrade) 
-- [Update/RequireUpdateApproval](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-requireupdateapproval)
-- [Update/UpdateServiceUrl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updateserviceurl) 
+-	[Update/ScheduledInstallDay](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday)
+-	[Update/ScheduledInstallTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalltime)
 
+To turn off the automatic check for updates, set the following policy to value **5** – Turn off Automatic Updates:
+- [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate)
 
+In Microsoft Intune, you can use **Automatic Update Behavior** to change this policy. (See [Manage software updates in Microsoft Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure))
 
-Typically, devices access Windows Update directly for updates. You can use the following update policies to configure devices to get updates from Windows Server Update Service (WSUS) instead:
+For devices on Windows 10, version 1607 only: You can use the following update policies to configure devices to get updates from Windows Server Update Service (WSUS) instead of Windows Update:
 
 - [Update/AllowUpdateService](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowupdateservice) 
 - [Update/RequireUpdateApproval](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-requireupdateapproval) 
 - [Update/UpdateServiceUrl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updateserviceurl) 
 
-In Microsoft Intune, use [a custom profile](https://docs.microsoft.com/intune/custom-settings-windows-holographic) to configure devices to get updates from WSUS. 
-
-
-
 
 
 ## Related topics
 
+- [Policies supported by Windows Holographic for Business](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#a-href-idhololenspoliciesapolicies-supported-by-windows-holographic-for-business)
 - [Manage software updates in Microsoft Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure)

devices/hololens/hololens-whats-new.md

@@ -1,18 +1,60 @@
 ---
 title: What's new in Microsoft HoloLens (HoloLens)
-description: Windows Holographic for Business gets new features in Windows 10, version 1803.
+description: Windows Holographic for Business gets new features in Windows 10, version 1809.
 ms.prod: hololens
 ms.sitesec: library
 author: jdeckerms
 ms.author: jdecker
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 04/30/2018
+ms.date: 11/13/2018
 ---
 
 # What's new in Microsoft HoloLens
 
+## Windows 10, version 1809 for Microsoft HoloLens
 
+### For everyone 
+ 
+Feature | Details   
+--- | --- 
+Quick actions menu | When you're in an app, the Bloom gesture will now open a Quick actions menu to give you quick access to commonly used system features without having to leave the app. See [Set up HoloLens in kiosk mode](hololens-kiosk.md) for information about the Quick actions menu in kiosk mode.<br><br>![sample of the Quick actions menu](images/minimenu.png)
+Stop video capture from the Start or quick actions menu | If you start video capture from the Start menu or quick actions menu, you’ll be able to stop recording from the same place. (Don’t forget, you can always do this with voice commands too.) 
+Project to a Miracast-enabled device | Project your HoloLens content to a nearby Surface device or TV/Monitor if using Microsoft Display adapter.  On **Start**, select **Connect**, and then select the device you want to project to. **Note:** You can deploy HoloLens to use Miracast projection without enabling developer mode.
+New notifications | View and respond to notification toasts on HoloLens, just like you do on a PC. Gaze to respond to or dismiss them (or if you’re in an immersive experience, use the bloom gesture).  
+HoloLens overlays (file picker, keyboard, dialogs, etc.) | You’ll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps.  
+Visual feedback overlay UI for volume change | When you use the volume up/down buttons on your HoloLens you’ll see a visual display of the volume level. 
+New UI for device boot | A loading indicator was added during the boot process to provide visual feedback that the system is loading. Reboot your device to see the new loading indicator—it’s between the "Hello" message and the Windows boot logo. 
+Share UX: Nearby Sharing | Addition of the Windows Nearby Sharing experience, allowing you to share a capture with a nearby Windows device. When you capture a photo or video on HoloLens (or use the share button from an app such as Microsoft Edge), select a nearby Windows device to share with. 
+Share from Microsoft Edge | Share button is now available on Microsoft Edge windows on HoloLens. In Microsoft Edge, select **Share**. Use the HoloLens share picker to share web content. 
+
+
+
+### For administrators 
+
+
+Feature | Details  
+--- | --- 
+[Enable post-setup provisioning](hololens-provisioning.md) | You can now apply a runtime provisioning package at any time using **Settings**.   
+Assigned access with Azure AD groups | You can now use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration.  
+PIN sign-in on profile switch from sign-in screen  | PIN sign-in is now available for **Other User**.  | When signing in as **Other User**, the PIN option is now available under **Sign-In options**. 
+Sign in with Web Credential Provider using password | You can now select the Globe sign-in option to launch web sign-in with your password. From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password. <br>**Note:** You can choose to bypass any PIN/Smartcard options when prompted during web sign-in.  
+Read device hardware info through MDM so devices can be tracked by serial # | IT administrators can see and track HoloLens by device serial number in their MDM console. Refer to your MDM documentation for feature availability and instructions. 
+Set HoloLens device name through MDM (rename) |  IT administrators can see and rename HoloLens devices in their MDM console. Refer to your MDM documentation for feature availability and instructions. 
+
+### For international customers 
+ 
+
+Feature | Details  
+--- | --- 
+Localized Chinese and Japanese builds | Use HoloLens with localized user interface for Simplified Chinese or Japanese, including localized Pinyin keyboard, dictation, and voice commands.  
+Speech Synthesis (TTS) | Speech synthesis feature now supports Chinese, Japanese, and English. 
+
+[Learn how to install the Chinese and Japanese versions of HoloLens.](hololens-install-localized.md) 
+
+    
+
+## Windows 10, version 1803 for Microsoft HoloLens
 
 Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. This update introduces the following changes:
 
@@ -49,6 +91,6 @@ Windows 10, version 1803, is the first feature update to Windows Holographic for
 ## Additional resources
 
 - [Reset or recover your HoloLens](https://developer.microsoft.com/windows/mixed-reality/reset_or_recover_your_hololens)
-- [Restart, rest, or recover HoloLens](https://support.microsoft.com/help/13452/hololens-restart-reset-or-recover-hololens)
+- [Restart, reset, or recover HoloLens](https://support.microsoft.com/help/13452/hololens-restart-reset-or-recover-hololens)
 - [Manage devices running Windows Holographic with Microsoft Intune](https://docs.microsoft.com/intune/windows-holographic-for-business)
 

devices/hololens/index.md

@@ -22,9 +22,9 @@ ms.date: 07/27/2018
 | Topic | Description |
 | --- | --- |
 | [What's new in Microsoft HoloLens](hololens-whats-new.md) | Discover the new features in the latest update. |
-[Insider preview for Microsoft HoloLens](hololens-insider.md) | Learn about new HoloLens features available in the latest Insider Preview build.
 | [HoloLens in the enterprise: requirements](hololens-requirements.md) | Lists requirements for general use, Wi-Fi, and device management |
 | [Set up HoloLens](hololens-setup.md) | How to set up HoloLens for the first time  |
+[Install localized version of HoloLens](hololens-install-localized.md) | Install the Chinese or Japanese version of HoloLens
 | [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md)  | How to upgrade your Development Edition HoloLens to Windows Holographic for Business |
 | [Enroll HoloLens in MDM](hololens-enroll-mdm.md) | Manage multiple HoloLens devices simultaneously using solutions like Microsoft Intune |
 | [Manage updates to HoloLens](hololens-updates.md) | Use mobile device management (MDM) policies to configure settings for updates. |

devices/surface-hub/docfx.json

@@ -9,7 +9,7 @@
       ],
     "resource": [
         {
-          "files": ["**/images/**", "**/*.json"],
+          "files": ["**/images/**"],
           "exclude": ["**/obj/**"]
         }
     ],

devices/surface/TOC.md

@@ -14,7 +14,6 @@
 ## [Surface firmware and driver updates](update.md)
 ### [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)
 ### [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)
-### [Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md)
 ### [Surface Dock Updater](surface-dock-updater.md)
 ### [Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md)
 ## [Considerations for Surface and System Center Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md)
@@ -26,6 +25,9 @@
 ### [Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md)
 ### [Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md)
 ### [Use System Center Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md)
+## [Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md)
+### [Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md)
+### [Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md)
 ## [Surface Data Eraser](microsoft-surface-data-eraser.md)
 ## [Top support solutions for Surface devices](support-solutions-surface.md)
 ## [Change history for Surface documentation](change-history-for-surface.md)

devices/surface/change-history-for-surface.md

@@ -7,13 +7,22 @@ ms.sitesec: library
 author: jdeckerms
 ms.author: jdecker
 ms.topic: article
-ms.date: 10/15/2018
+ms.date: 11/15/2018
 ---
 
 # Change history for Surface documentation
 
 This topic lists new and updated topics in the Surface documentation library.
 
+## November 2018
+
+New or changed topic | Description
+--- | ---
+|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface Pro 6  |
+[Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md) | New
+[Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md) | New
+[Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md) | New
+
 ## October 2018
 
 New or changed topic | Description

devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md

@@ -9,7 +9,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: surface, devices
 ms.sitesec: library
 author: brecords
-ms.date: 10/15/2018
+ms.date: 11/15/2018
 ms.author: jdecker
 ms.topic: article
 ---
@@ -38,6 +38,16 @@ Recent additions to the downloads for Surface devices provide you with options t
 >[!NOTE]
 >A battery charge of 40% or greater is required before you install firmware to a Surface device. See [Microsoft Support article KB2909710](https://go.microsoft.com/fwlink/p/?LinkId=618106) for more information.
 
+## Surface Laptop 2
+
+Download the following updates for [Surface Laptop 2 from the Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=57515).
+* SurfaceLaptop2_Win10_XXXXX_XXXXXXX_X.msi – Cumulative firmware and driver update package for Windows 10
+
+## Surface Pro 6
+
+Download the following updates for [Surface Pro 6 from the Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=57514).
+
+* SurfacePro6_Win10_XXXXX_XXXXXXX_X.msi – Cumulative firmware and driver update package for Windows 10
 
 ## Surface GO
 
@@ -46,29 +56,32 @@ Download the following updates for [Surface GO from the Microsoft Download Cente
 
 ## Surface Book 2
 
-
 Download the following updates for [Surface Book 2 from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=56261).
 * SurfaceBook2_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
 
 ## Surface Laptop
 
-
 Download the following updates for [Surface Laptop from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55489).
 * SurfaceLaptop_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
 
 ## Surface Pro
 
-
 Download the following updates for [Surface Pro (Model 1796) from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55484).
 
 * SurfacePro_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
 
 ## Surface Pro with LTE Advanced
 
-
 Download the following updates for [Surface Pro with LTE Advanced from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=56278).
+
 * SurfacePro_LTE_Win10_xxxxx_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
 
+## Surface Pro 6
+
+Download the following updates for [Surface Pro 6 from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=57514).
+
+* SurfacePro6_Win10_17134_xxxxx_xxxxxx.msi
+
 ## Surface Studio
 
 

devices/surface/docfx.json

@@ -9,7 +9,7 @@
       ],
     "resource": [
         {
-          "files": ["**/images/**", "**/*.json"],
+          "files": ["**/images/**"],
           "exclude": ["**/obj/**"]
         }
     ],

devices/surface/manage-surface-dock-firmware-updates.md

@@ -1,124 +0,0 @@
----
-title: Manage Surface Dock firmware updates (Surface)
-description: Read about the different methods you can use to manage the process of Surface Dock firmware updates.
-ms.assetid: 86DFC0C0-C842-4CD1-A2D7-4425471FFE3F
-ms.localizationpriority: medium
-keywords: firmware, update, install, drivers
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.pagetype: surface, devices
-ms.sitesec: library
-author: jobotto
-ms.author: jdecker
-ms.topic: article
-ms.date: 07/27/2017
----
-
-# Manage Surface Dock firmware updates
-
-
-Read about the different methods you can use to manage the process of Surface Dock firmware updates.
-
-The Surface Dock provides external connectivity to Surface devices through a single cable connection that includes Power, Ethernet, Audio, USB 3.0, and DisplayPort. The numerous connections provided by the Surface Dock are enabled by a smart chipset within the Surface Dock device. Like a Surface device’s chipset, the chipset that is built into the Surface Dock is controlled by firmware. For more information about the Surface Dock, see the [Surface Dock demonstration](https://technet.microsoft.com/mt697552) video.
-
-Like the firmware for Surface devices, firmware for Surface Dock is also contained within a downloaded driver that is visible in Device Manager. This driver stages the firmware update files on the Surface device. When a Surface Dock is connected and the driver is loaded, the newer version of the firmware staged by the driver is detected and firmware files are copied to the Surface Dock. The Surface Dock then begins a two-phase process to apply the firmware internally. Each phase requires the Surface Dock to be disconnected from the Surface device before the firmware is applied. The driver copies the firmware into the dock, but only applies it when the user disconnects the Surface device from the Surface Dock. This ensures that there are no disruptions because the firmware is only applied when the user leaves their desk with the device.
-
-
->[!NOTE]
->You can learn more about the firmware update process for Surface devices and how firmware is updated through driver installation at the following links:
->- [How to manage and update Surface drivers and firmware](https://technet.microsoft.com/mt697551) from Microsoft Mechanics
->- [Windows Update Makes Surface Better](https://go.microsoft.com/fwlink/p/?LinkId=785354) on the Microsoft Devices Blog
-
-
- 
-
-The Surface Dock firmware update process shown in Figure 1 follows these steps:
-
-1.  Drivers for Surface Dock are installed on Surface devices that are connected, or have been previously connected, to a Surface Dock.
-
-2.  The drivers for Surface Dock are loaded when a Surface Dock is connected to the Surface device.
-
-3.  The firmware version installed in the Surface Dock is compared with the firmware version staged by the Surface Dock driver.
-
-4.  If the firmware version on the Surface Dock is older than the firmware version contained in the Surface Dock driver, the main chipset firmware update files are copied from the driver to the Surface Dock.
-
-5.  When the Surface Dock is disconnected, the Surface Dock installs the firmware update to the main chipset.
-
-6.  When the Surface Dock is connected again, the main chipset firmware is verified against the firmware present in the Surface Dock driver.
-
-7.  If the firmware update for the main chipset is installed successfully, the Surface Dock driver copies the firmware update for the DisplayPort.
-
-8.  When the Surface Dock is disconnected for a second time, the Surface dock installs the firmware update to the DisplayPort chipset. This process takes up to 3 minutes to apply.
-
-![Surface Dock firmware update process](images/manage-surface-dock-fig1-updateprocess.png "Surface Dock firmware update process")
-
-*1- Driver installation can be performed by Windows Update, manual installation, or automatically downloaded with Microsoft Surface Dock Updater*
-
-*2 - The Surface Dock firmware installation process takes approximately 3 minutes*
-
-Figure 1. The Surface Dock firmware update process
-
-If the firmware installation process is interrupted (for example, if power is disconnected from the Surface Dock during firmware installation), the Surface Dock will automatically revert to the prior firmware without disruption to the user, and the update process will restart the next time the Surface Dock is disconnected. For most users this update process should be entirely transparent.
-
-## Methods for updating Surface Dock firmware
-
-
-There are three methods you can use to update the firmware of the Surface Dock:
-
--   [Automatic installation of drivers with Windows Update](#automatic-installation)
-
--   [Deployment of drivers downloaded from the Microsoft Download Center](#deployment-dlc)
-
--   [Manually update with Microsoft Surface Dock Updater](#manual-updater)
-
-## <a href="" id="automatic-installation"></a>Automatic installation with Windows Update
-
-
-Windows Update is the method that most users will use. The drivers for the Surface Dock are downloaded automatically from Windows Update and the dock update process is initiated without additional user interaction. The two-phase dock update process described earlier occurs in the background as the user connects and disconnects the Surface Dock during normal use.
-
->[!NOTE]
->The driver version that is displayed in Device Manager may be different from the firmware version that the Surface Dock is using.
-
- 
-
-## <a href="" id="deployment-dlc"></a>Deployment of drivers downloaded from the Microsoft Download Center
-
-
-This method is used mostly in environments where Surface device drivers and firmware are managed separately from Windows Update. See [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md) for more information about the different methods to manage Surface device driver and firmware updates. Updating the Surface Dock firmware through this method involves downloading and deploying an MSI package to the Surface device that contains the updated Surface Dock drivers and firmware. This is the same method recommended for updating all other Surface drivers and firmware. The two-phase firmware update process occurs in the background each time the Surface Dock is disconnected, just like it does with the Windows Update method.
-
-For more information about how to deploy MSI packages see [Create and deploy an application with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/get-started/create-and-deploy-an-application).
-
->[!NOTE]
->When drivers are installed through Windows Update or the MSI package, registry keys are added that indicate the version of firmware installed on the Surface Dock and contained within the Surface Dock driver. These registry keys can be found in:
-> **HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\SurfaceDockFwUpdate\\Parameters**
-
-Firmware status is displayed for both the main chipset (displayed as **Component10**) and the DisplayPort chipset (displayed as **Component20**). For each chipset there are four keys, where *xx* is **10** or **20** corresponding to each chipset:
-
--   **Component*xx*CurrentFwVersion** – This key displays the version of firmware that is installed on the currently connected or most recently connected Surface Dock.
-
--   **Component*xx*OfferFwVersion** – This key displays the version of firmware staged by the Surface Dock driver.
-
--   **Component*xx*FirmwareUpdateStatus** – This key displays the stage of the Surface Dock firmware update process.
-
--   **Component*xx*FirmwareUpdateStatusRejectReason** – This key changes as the firmware update is processed. It should result in 0 after the successful installation of Surface Dock firmware.
-
->[!NOTE]
->These registry keys are not present unless you have installed updated Surface Dock drivers through Windows Update or MSI deployment.
-
- 
-
-## <a href="" id="manual-updater"></a>Manually update with Microsoft Surface Dock Updater
-
-
-The manual method using the Microsoft Surface Dock Updater tool to update the Surface Dock is used mostly in environments where IT prepares Surface Docks prior to delivery to the end user, or for troubleshooting of a Surface Dock. Microsoft Surface Dock Updater is a tool that you can run from any Surface device that is compatible with the Surface Dock, and will walk you through the process of performing the Surface Dock firmware update in the least possible amount of time. You can also use this tool to verify the firmware status of a connected Surface Dock.
-
-For more information about how to use the Microsoft Surface Dock Updater tool, please see [Microsoft Surface Dock Updater](surface-dock-updater.md). You can download the Microsoft Surface Dock Updater tool from the [Surface Tools for IT page](https://www.microsoft.com/download/details.aspx?id=46703) on the Microsoft Download Center.
-
- 
-
- 
-
-
-
-
-

devices/surface/surface-diagnostic-toolkit-business.md

@@ -0,0 +1,165 @@
+---
+title: Surface Diagnostic Toolkit for Business
+description: This topic explains how to use the Surface Diagnostic Toolkit for Business.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: jdeckerms
+ms.author: jdecker
+ms.topic: article
+ms.date: 11/15/2018
+---
+
+# Surface Diagnostic Toolkit for Business
+
+The Microsoft Surface Diagnostic Toolkit for Business (SDT) enables IT administrators to quickly investigate, troubleshoot, and resolve hardware, software, and firmware issues with Surface devices. You can run a range of diagnostic tests and software repairs in addition to obtaining device health insights and guidance for resolving issues. 
+
+Specifically, SDT for Business enables you to:
+
+- [Customize the package.](#create-custom-sdt)
+- [Run the app using commands.](surface-diagnostic-toolkit-command-line.md)
+- [Run multiple hardware tests to troubleshoot issues.](surface-diagnostic-toolkit-desktop-mode.md#multiple)
+- [Generate logs for analyzing issues.](surface-diagnostic-toolkit-desktop-mode.md#logs)
+- [Obtain detailed report comparing device vs optimal configuration.](surface-diagnostic-toolkit-desktop-mode.md#detailed-report)
+
+
+## Primary scenarios and download resources 
+
+To run SDT for Business, download the components listed in the following table.
+
+>[!NOTE]
+>In contrast to the way you typically install MSI packages, the SDT distributable MSI package can only be created by running Windows Installer (MSI.exe) at a command prompt and setting the custom flag `ADMINMODE = 1`. For details, see [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md).  
+
+Mode |	Primary scenarios | Download | Learn more
+--- | --- | --- | ---
+Desktop mode |	Assist users in running SDT on their Surface devices to troubleshoot issues.<br>Create a custom package to deploy on one or more Surface devices allowing users to select specific logs to collect and analyze. | SDT distributable MSI package:<br>Microsoft Surface Diagnostic Toolkit for Business Installer<br>[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Use Surface Diagnostic Toolkit in desktop mode](surface-diagnostic-toolkit-desktop-mode.md)
+Command line |	Directly troubleshoot Surface devices remotely without user interaction, using standard tools such as Configuration Manager. It includes the following commands:<br>`-DataCollector` collects all log files<br>`-bpa` runs health diagnostics using Best Practice Analyzer.<br>`-windowsupdate` checks Windows update for missing firmware or driver updates.<br><br>**Note:** Support for the ability to confirm warranty information will be available via the  command `-warranty`	| SDT console app:<br>Microsoft Surface Diagnostics App Console<br>[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md)
+
+## Supported devices 
+
+SDT for Business is supported on Surface 3 and later devices, including:
+
+- Surface Pro 6
+- Surface Laptop 2
+- Surface Go
+- Surface Go with LTE
+- Surface Book 2
+- Surface Pro with LTE Advanced (Model 1807)
+- Surface Pro (Model 1796)
+- Surface Laptop
+- Surface Studio
+- Surface Studio 2
+- Surface Book
+- Surface Pro 4
+- Surface 3 LTE
+- Surface 3
+- Surface Pro 3
+
+## Installing Surface Diagnostic Toolkit for Business
+
+To create an SDT package that you can distribute to users in your organization, you first need to install SDT at a command prompt and set a custom flag to install the tool in admin mode. SDT contains the following install option flags:
+
+- `SENDTELEMETRY` sends telemetry data to Microsoft. The flag accepts `0` for disabled or `1` for enabled. The default value is `1` to send telemetry.
+- `ADMINMODE` configures the tool to be installed in admin mode. The flag accepts `0` for Business client mode or `1` for Business Administrator mode. The default value is `0`.
+
+**To install SDT in ADMINMODE:**
+
+1.	Sign in to your Surface device using the Administrator account.
+2.	Download SDT Windows Installer Package (.msi) from the [Surface Tools for IT download page](https://www.microsoft.com/download/details.aspx?id=46703) and copy it to a preferred location on your Surface device, such as Desktop.
+3.	Open a command prompt and enter:
+
+    ```
+    msiexec.exe /i <the path of installer> ADMINMODE=1. 
+    ```
+    **Example:**
+
+    ```
+    C:\Users\Administrator> msiexec.exe/I"C:\Users\Administrator\Desktop\Microsoft_Surface_Diagnostic_Toolkit_for_Business_Installer.msi" ADMINMODE=1
+    ```
+
+4.	The SDT setup wizard appears, as shown in figure 1. Click **Next**. 
+
+    >[!NOTE]
+    >If the setup wizard does not appear, ensure that you are signed into the Administrator account on your computer. 
+
+    ![welcome to the Surface Diagnostic Toolkit setup wizard](images/sdt-1.png)
+
+    *Figure 1. Surface Diagnostic Toolkit setup wizard*
+
+5. When the SDT setup wizard appears, click **Next**, accept the End User License Agreement (EULA), and select a location to install the package. 
+
+6.	Click **Next** and then click **Install**. 
+
+## Locating SDT on your Surface device
+
+Both SDT and the SDT app console are installed at `C:\Program Files\Microsoft\Surface\Microsoft Surface Diagnostic Toolkit for Business`.
+
+In addition to the .exe file, SDT installs a JSON file and an admin.dll file (modules\admin.dll), as shown in figure 2.
+
+![list of SDT installed files in File Explorer](images/sdt-2.png)
+
+*Figure 2. Files installed by SDT*
+
+<span id="create-custom-sdt" />
+## Preparing the SDT package for distribution
+
+Creating a custom package allows you to target the tool to specific known issues.
+
+1.	Click **Start > Run**, enter **Surface** and then click **Surface Diagnostic Toolkit for Business**. 
+2.	When the tool opens, click **Create Custom Package**, as shown in figure 3.
+
+    ![Create custom package option](images/sdt-3.png)
+
+    *Figure 3. Create custom package*
+
+### Language and telemetry page
+
+  
+When you start creating the custom package, you’re asked whether you agree to send data to Microsoft to help improve the application. For more information,see the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). Sharing is on by default, so uncheck the box if you wish to decline.
+
+>[!NOTE]
+>This setting is limited to only sharing data generated while running packages. 
+
+![Select language and telemetry settings](images/sdt-4.png)
+
+*Figure 4. Select language and telemetry settings*
+
+### Windows Update page
+
+Select the option appropriate for your organization. Most organizations with multiple users will typically select to receive updates via Windows Server Update Services (WSUS), as shown in figure 5. If using local Windows update packages or WSUS, enter the path as appropriate. 
+
+![Select Windows Update option](images/sdt-5.png)
+
+*Figure 5. Windows Update option*
+
+### Software repair page
+
+This allows you to select or remove the option to run software repair updates. 
+
+![Select software repair option](images/sdt-6.png)
+
+*Figure 6. Software repair option*
+
+### Collecting logs and saving package page
+
+You can select to run a wide range of logs across applications, drivers, hardware, and the operating system. Click the appropriate area and select from the menu of available logs. You can then save the package to a software distribution point or equivalent location that users can access. 
+
+![Select log options](images/sdt-7.png)
+
+*Figure 7. Log option and save package*
+
+## Next steps
+
+- [Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md)
+- [Use Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md)
+
+
+
+
+
+
+
+
+
+
+

devices/surface/surface-diagnostic-toolkit-command-line.md

@@ -0,0 +1,148 @@
+---
+title: Run Surface Diagnostic Toolkit for Business using commands
+description: How to run Surface Diagnostic Toolkit in a command console
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: jdeckerms
+ms.author: jdecker
+ms.topic: article
+ms.date: 11/15/2018
+---
+
+# Run Surface Diagnostic Toolkit for Business using commands
+
+Running the Surface Diagnostic Toolkit (SDT) at a command prompt requires downloading the STD app console. After it's installed, you can run SDT at a command prompt via the Windows command console (cmd.exe) or using Windows PowerShell, including PowerShell Integrated Scripting Environment (ISE), which provides support for autocompletion of commands, copy/paste, and other features. 
+
+>[!NOTE]
+>To run SDT using commands, you must be signed in to the Administrator account or signed in to an account that is a member of the Administrator group on your Surface device. 
+
+## Running SDT app console
+
+Download and install SDT app console from the [Surface Tools for IT download page](https://www.microsoft.com/download/details.aspx?id=46703). You can use the Windows command prompt (cmd.exe) or Windows PowerShell to: 
+
+- Collect all log files.
+- Run health diagnostics using Best Practice Analyzer.
+- Check update for missing firmware or driver updates.
+
+>[!NOTE]
+>In this release, the SDT app console supports single commands only. Running multiple command line options requires running the console exe separately for each command. 
+
+By default, output files are saved in the same location as the console app. Refer to the following table for a complete list of commands.
+
+Command | Notes
+--- | ---
+-DataCollector "output file" | Collects system details into a zip file. "output file" is the file path to create system details zip file.<br><br>**Example**:<br>`Microsoft.Surface.Diagnostics.App.Console.exe -DataCollector SDT_DataCollection.zip`
+-bpa "output file" | Checks several settings and health indicators in the device. “output file" is the file path to create the HTML report.<br><br>**Example**:<br>`Microsoft.Surface.Diagnostics.App.Console.exe -bpa BPA.html`
+-windowsupdate | Checks Windows Update online servers for missing firmware and/or driver updates.<br><br>**Example**:<br>Microsoft.Surface.Diagnostics.App.Console.exe -windowsupdate
+-warranty "output file" | Checks warranty information on the device (valid or invalid). The optional “output file” is the file path to create the xml file. <br><br>**Example**: <br>Microsoft.Surface.Diagnostics.App.Console.exe –warranty “warranty.xml”
+
+
+>[!NOTE]
+>To run the SDT app console remotely on target devices, you can use a configuration management tool such as System Center Configuration Manager. Alternatively, you can create a .zip file containing the console app and appropriate console commands and deploy per your organization’s software distribution processes. 
+
+## Running Best Practice Analyzer 
+
+You can run BPA tests across key components such as BitLocker, Secure Boot, and Trusted Platform Module (TPM) and then output the results to a shareable file. The tool generates a series of tables with color-coded headings and condition descriptors along with guidance about how to approach resolving the issue. 
+
+- Green indicates the component is running in an optimal condition (optimal).
+- Orange indicates the component is not running in an optimal condition (not optimal).
+- Red indicates the component is in an abnormal state. 
+
+### Sample BPA results output
+
+<table>
+<tr><th colspan="2"><font color="00ff00">BitLocker</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Checks if BitLocker is enabled on the system drive.</td></tr>
+<tr><td><strong>Value:</strong></td><td>Protection On</td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>It is highly recommended to enable BitLocker to protect your data.</td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="00ff00">Secure Boot</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Checks if Secure Boot is enabled.</td></tr>
+<tr><td><strong>Value:</strong></td><td>True</td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>It is highly recommended to enable Secure Boot to protect your PC.</td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="00ff00">Trusted Platform Module</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Ensures that the TPM is functional.</td></tr>
+<tr><td><strong>Value:</strong></td><td>True</td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>Without a functional TPM, security-based functions such as BitLocker may not work properly.</td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="00ff00">Connected Standby</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Checks if Connected Standby is enabled.</td></tr>
+<tr><td><strong>Value:</strong></td><td>True</td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>Connected Standby allows a Surface device to receive updates and notifications while not being used. For best experience, Connected Standby should be enabled.</td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="00ff00">Bluetooth</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Checks if Bluetooth is enabled.</td></tr>
+<tr><td><strong>Value:</strong></td><td>Enabled</td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td></td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="00ff00">Debug Mode</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Checks if the operating system is in Debug mode.</td></tr>
+<tr><td><strong>Value:</strong></td><td>Normal</td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>The debug boot option enables or disables kernel debugging of the Windows operating system. Enabling this option can cause system instability and can prevent DRM (digital rights managemend) protected media from playing.</td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="00ff00">Test Signing</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Checks if Test Signing is enabled.</td></tr>
+<tr><td><strong>Value:</strong></td><td>Normal</td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>Test Signing is a Windows startup setting that should only be used to test pre-release drivers.</td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="00ff00">Active Power Plan</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Checks that the correct power plan is active.</td></tr>
+<tr><td><strong>Value:</strong></td><td>Balanced</td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>It is highly recommended to use the "Balanced" power plan to maximize productivity and battery life.</td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="ff9500">Windows Update</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Checks if the device is up to date with Windows updates.</td></tr>
+<tr><td><strong>Value:</strong></td><td>Microsoft Silverlight (KB4023307), Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.279.1433.0)</td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="ff9500">Not Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>Updating to the latest windows makes sure you are on the latest firmware and drivers. It is recommended to always keep your device up to date</td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="00ff00">Free Hard Drive Space</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Checks for low free hard drive space.</td></tr>
+<tr><td><strong>Value:</strong></td><td>66%</td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>For best performance, your hard drive should have at least 10% of its capacity as free space.</td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="00ff00">Non-Functioning Devices</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>List of non-functioning devices in Device Manager.</td></tr>
+<tr><td><strong>Value:</strong></td><td></td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>Non-functioning devices in Device Manager may cause unpredictable problems with Surface devices such as, but not limited to, no power savings for the respective hardware component.</td></tr>
+</table>
+
+<table>
+<tr><th colspan="2"><font color="00ff00">External Monitor</font></th></tr>
+<tr><td><strong>Description:</strong></td><td>Checks for an external monitor that may have compatibility issues.</td></tr>
+<tr><td><strong>Value:</strong></td><td></td></tr>
+<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
+<tr><td><strong>Guidance:</strong></td><td>Check with the original equipment manufacturer for compatibility with your Surface device.</td></tr>
+</table>

devices/surface/surface-diagnostic-toolkit-desktop-mode.md

@@ -0,0 +1,99 @@
+---
+title: Use Surface Diagnostic Toolkit for Business in desktop mode
+description: How to use SDT to help users in your organization run the tool to identify and diagnose issues with the Surface device. 
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: jdeckerms
+ms.author: jdecker
+ms.topic: article
+ms.date: 11/15/2018
+---
+
+# Use Surface Diagnostic Toolkit for Business in desktop mode
+
+This topic explains how to use the Surface Diagnostic Toolkit (SDT) to help users in your organization run the tool to identify and diagnose issues with the Surface device. Successfully running SDT can quickly determine if a reported issue is caused by failed hardware or user error.
+
+1.	Direct the user to install [the SDT package](surface-diagnostic-toolkit-business.md#create-custom-sdt) from a software distribution point or network share. After it is installed, you’re ready to guide the user through a series of tests. 
+
+2.	Begin at the home page, which allows users to enter a description of the issue, and click **Continue**, as shown in figure 1.
+
+    ![Start SDT in desktop mode](images/sdt-desk-1.png)
+
+    *Figure 1. SDT in desktop mode*
+
+3. When SDT indicates the device has the latest updates, click **Continue** to advance to the catalog of available tests, as shown in figure 2.
+
+    ![Select from SDT options](images/sdt-desk-2.png)
+
+    *Figure 2. Select from SDT options*
+
+4. You can choose to run all the diagnostic tests. Or, if you already suspect a particular issue such as a faulty display or a power supply problem, click **Select** to choose from the available tests and click **Run Selected**, as shown in figure 3. See the following table for details of each test. 
+
+    ![Select hardware tests](images/sdt-desk-3.png)
+
+    *Figure 3. Select hardware tests*
+
+    Hardware test | Description
+    --- | ---
+    Power Supply and Battery |	Checks Power supply is functioning optimally
+    Display and Sound	| Checks brightness, stuck or dead pixels, speaker and microphone functioning
+    Ports and Accessories	| Checks accessories, screen attach and USB functioning
+    Connectivity |	Checks Bluetooth, wireless and LTE connectivity
+    Security	| Checks security related issues
+    Touch	| Checks touch related issues
+    Keyboard and touch |	Checks integrated keyboard connection and type cover
+    Sensors	| Checks functioning of different sensors in the device
+    Hardware |	Checks issues with different hardware components such as graphics card and camera
+
+
+
+
+
+<span id="multiple" />
+## Running multiple hardware tests to troubleshoot issues
+
+SDT is designed as an interactive tool that runs a series of tests. For each test, SDT provides instructions summarizing  the nature of the test and what users should expect or look for in order for the test to be successful. For example, to diagnose if the display brightness is working properly, SDT starts at zero and increases the brightness to 100 percent, asking users to confirm – by answering **Yes** or **No** -- that brightness is functioning as expected, as shown in figure 4. 
+
+For each test, if functionality does not work as expected and the user clicks **No**, SDT generates a report of the possible causes and ways to troubleshoot it. 
+
+![Running hardware diagnostics](images/sdt-desk-4.png)
+
+*Figure 4. Running hardware diagnostics*
+
+1.	If the brightness successfully adjusts from 0-100 percent as expected, direct the user to click **Yes** and then click **Continue**. 
+2.	If the brightness fails to adjust from 0-100 percent as expected, direct the user to click **No** and then click **Continue**. 
+3.	Guide users through remaining tests as appropriate. When finished, SDT automatically provides a high-level summary of the report, including the possible causes of any hardware issues along with guidance for resolution.
+
+
+### Repairing applications
+
+SDT enables you to diagnose and repair applications that may be causing issues, as shown in figure 5.
+
+![Running repairs](images/sdt-desk-5.png)
+
+*Figure 5. Running repairs*
+
+
+
+
+<span id="logs" />
+### Generating logs for analyzing issues 
+
+SDT provides extensive log-enabled diagnosis support across applications, drivers, hardware, and operating system issues, as shown in figure 6.
+
+![Generating logs](images/sdt-desk-6.png)
+
+*Figure 6. Generating logs*
+
+
+
+<span id="detailed-report" />
+### Generating detailed report comparing device vs. optimal configuration
+
+Based on the logs, SDT generates a report for software- and firmware-based issues that you can save to a preferred location.
+
+## Related topics
+
+- [Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md)
+

devices/surface/surface-dock-updater.md

@@ -112,7 +112,7 @@ Microsoft Surface Dock Updater logs its progress into the Event Log, as shown in
 
 ## Changes and updates
 
-Microsoft periodically updates Surface Dock Updater. To learn more about the application of firmware by Surface Dock Updater, see [Manage Surface Dock firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-dock-firmware-updates).
+Microsoft periodically updates Surface Dock Updater. <!-- To learn more about the application of firmware by Surface Dock Updater, see [Manage Surface Dock firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-dock-firmware-updates). -->
 
 >[!Note]
 >Each update to Surface Dock firmware is included in a new version of Surface Dock Updater. To update a Surface Dock to the latest firmware, you must use the latest version of Surface Dock Updater.
@@ -191,7 +191,7 @@ This version of Surface Dock Updater adds support for the following:
 * Update for Surface Dock DisplayPort firmware
 
 
-## Related topics
+<!-- ## Related topics -->
 
 
-[Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md)
+<!-- [Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md) -->

devices/surface/update.md

@@ -8,7 +8,7 @@ ms.sitesec: library
 author: heatherpoulsen
 ms.author: jdecker
 ms.topic: article
-ms.date: 12/01/2016
+ms.date: 11/13/2018
 ---
 
 # Surface firmware and driver updates
@@ -22,7 +22,6 @@ Find out how to download and manage the latest firmware and driver updates for y
 |[Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md) | See how you can use Wake On LAN to remotely wake up devices to perform management or maintenance tasks, or to enable management solutions automatically. |
 | [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)| Get a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.| 
 | [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)| Explore the available options to manage firmware and driver updates for Surface devices.|
-| [Manage Surface Dock firmware updates](manage-surface-dock-firmware-updates.md)| Read about the different methods you can use to manage the process of Surface Dock firmware updates.|
 | [Surface Dock Updater](surface-dock-updater.md)| Get a detailed walkthrough of Microsoft Surface Dock Updater.|
  
 

education/docfx.json

@@ -9,7 +9,7 @@
       ],
     "resource": [
         {
-          "files": ["**/images/**", "**/*.json"],
+          "files": ["**/images/**"],
           "exclude": ["**/obj/**"]
         }
     ],

education/windows/change-to-pro-education.md

@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: edu
 ms.localizationpriority: medium
 author: MikeBlodge
-ms.author: MikeBlodge
+ms.author: jaimeo
 ms.date: 04/30/2018
 ---
 

education/windows/s-mode-switch-to-edu.md

@@ -8,8 +8,8 @@ ms.prod: w10
 ms.technology: Windows
 ms.sitesec: library
 ms.pagetype: edu
-ms.date: 04/30/2018
-author: Mikeblodge
+ms.date: 12/03/2018
+author: jaimeo
 ---
 
 # Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode
@@ -54,7 +54,7 @@ Tenant-wide Windows 10 Pro in S mode > Pro Education in S mode <BR>
 Tenant-wide Windows 10 Pro > Pro Education
 
 > [!IMPORTANT]
-> While it’s free to switch to Windows 10 Pro, it’s not reversible. The only way to rollback this kind of switch is through a [bare metal recover (BMR)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/create-media-to-run-push-button-reset-features-s14) reset. This restores a Windows device to the factory state, even if the user needs to replace the hard drive or completely wipe the drive clean. If a device is switched out of S mode via the Microsoft Store, it will remain out of S mode even after the device is reset.
+> While it’s free to switch to Windows 10 Pro, it’s not reversible. The only way to roll back this kind of switch is through a [bare metal recovery (BMR)](https://docs.microsoft.com/windows-hardware/manufacture/desktop/create-media-to-run-push-button-reset-features-s14) reset. This restores a Windows device to the factory state, even if the user needs to replace the hard drive or completely wipe the drive clean. If a device is switched out of S mode via the Microsoft Store, it will remain out of S mode even after the device is reset.
 
 ### Devices running Windows 10, version 1709
 

mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md

@@ -56,7 +56,7 @@ Use the following table to get information about supported versions of Office an
 </ul></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[Planning for Using App-V with coexsiting versions of Office](planning-for-using-app-v-with-office.md#bkmk-plan-coexisting)</p></td>
+<td align="left"><p>[Planning for Using App-V with coexisting versions of Office](planning-for-using-app-v-with-office.md#bkmk-plan-coexisting)</p></td>
 <td align="left"><p>Considerations for installing different versions of Office on the same computer</p></td>
 </tr>
 </tbody>

mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v51.md

@@ -56,7 +56,7 @@ Use the following table to get information about supported versions of Office an
 </ul></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[Planning for Using App-V with coexsiting versions of Office](planning-for-using-app-v-with-office.md#bkmk-plan-coexisting)</p></td>
+<td align="left"><p>[Planning for Using App-V with coexisting versions of Office](planning-for-using-app-v-with-office.md#bkmk-plan-coexisting)</p></td>
 <td align="left"><p>Considerations for installing different versions of Office on the same computer</p></td>
 </tr>
 </tbody>

mdop/dart-v10/getting-started-with-dart-10.md

@@ -14,13 +14,12 @@ ms.date: 08/30/2016
 # Getting Started with DaRT 10
 
 
-Microsoft Diagnostics and Recovery Toolset (DaRT) 10 requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at [https://go.microsoft.com/fwlink/p/?LinkId=80347](https://go.microsoft.com/fwlink/?LinkId=80347).
-
-**Note**  
-A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <https://go.microsoft.com/fwlink/?LinkId=272493> (https://go.microsoft.com/fwlink/?LinkId=272493).
-
-Additional downloadable information about this product can also be found at <https://go.microsoft.com/fwlink/?LinkId=267420>.
+Microsoft Diagnostics and Recovery Toolset (DaRT) 10 requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. 
 
+>[!NOTE]  
+>A downloadable version of this administrator’s guide is not available. However, you can click **Download PDF** at the bottom of the Table of Contents pane to get a PDF version of this guide.
+>
+>Additional information about this product can also be found on the [Diagnostics and Recovery Toolset documentation download page.](https://www.microsoft.com/download/details.aspx?id=27754)
  
 
 ## Getting started with DaRT 10

mdop/docfx.json

@@ -9,7 +9,7 @@
       ],
     "resource": [
         {
-          "files": ["**/images/**", "**/*.json"],
+          "files": ["**/images/**"],
           "exclude": ["**/obj/**"]
         }
     ],

mdop/index.md

@@ -167,7 +167,7 @@ MDOP is a suite of products that can help streamline desktop deployment, managem
 MDOP subscribers can download the software at the [Microsoft Volume Licensing website (MVLS)](https://go.microsoft.com/fwlink/p/?LinkId=166331).
 
 <a href="" id="purchase-mdop"></a>**Purchase MDOP**
-Visit the enterprise [Purchase Windows Enterprise Licensing](https://www.microsoft.com/windows/enterprise/how-to-buy.aspx) website to find out how to purchase MDOP for your business.
+Visit the enterprise [Purchase Windows Enterprise Licensing](https://www.microsoft.com/licensing/how-to-buy/how-to-buy) website to find out how to purchase MDOP for your business.
 
  
 

mdop/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates.md

@@ -22,7 +22,7 @@ You can manage the feature settings of certain Microsoft Desktop Optimization Pa
 
 1.  Download the latest [MDOP Group Policy templates](https://www.microsoft.com/en-us/download/details.aspx?id=55531) 
 
-2.  Run the downloaded file to extract the template folders.
+2.  Expand the downloaded .cab file by running `expand <download_folder>\MDOP_ADMX_Templates.cab -F:* <destination_folder>`
 
     **Warning**  
     Do not extract the templates directly to the Group Policy deployment directory. Multiple technologies and versions are bundled in this file.

mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md

@@ -43,7 +43,7 @@ Because settings packages might contain personal information, you should take ca
 
         | User account | Recommended permissions | Folder |
         | - | - | - |
-        | Creator/Owner | No permissions | No permissions |
+        | Creator/Owner | Full control | Subfolders and files only|
         | Domain Admins | Full control | This folder, subfolders, and files |
         | Security group of UE-V users | List folder/read data, create folders/append data | This folder only |
         | Everyone | Remove all permissions | No permissions |

smb/cloud-mode-business-setup.md

@@ -297,7 +297,7 @@ In this part of the walkthrough, we'll be working on the <a href="https://manage
 **To associate your Store account with Intune and configure synchronization**
 
 1. From the <a href="https://manage.microsoft.com/" target="_blank">Microsoft Intune management portal</a>, select **Admin**.
-2. In the **Administration** workspace, click **Mobile Device Management**. If this is the first tiem you're using the portal, click **manage mobile devices** in the **Mobile Device Management** window. The page will refresh and you'll have new options under **Mobile Device Management**.
+2. In the **Administration** workspace, click **Mobile Device Management**. If this is the first item you're using the portal, click **manage mobile devices** in the **Mobile Device Management** window. The page will refresh and you'll have new options under **Mobile Device Management**.
 
   **Figure 24** - Mobile device management
 
@@ -433,7 +433,7 @@ In the <a href="https://manage.microsoft.com/" target="_blank">Intune management
 2. Log in to the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>.
 3. Select **Groups** and then go to **Devices**.
 4. In the **All Devices** page, look at the list of devices and select the entry that matches the name of your PC. 
-  - Check that the device name appears in the list. Select the device and it will also show the user that's currently logged in in the **General Information** section.
+  - Check that the device name appears in the list. Select the device and it will also show the current logged-in user in the **General Information** section.
   - Check the **Management Channel** column and confirm that it says **Managed by Microsoft Intune**.
   - Check the **AAD Registered** column and confirm that it says **Yes**.
 

store-for-business/prerequisites-microsoft-store-for-business.md

@@ -56,6 +56,7 @@ If your organization restricts computers on your network from connecting to the
 -   windowsphone.com
 -   \*.wns.windows.com
 -   \*.microsoft.com
+-   \*.s-microsoft.com
 -   www.msftncsi.com (prior to Windows 10, version 1607)
 -   www.msftconnecttest.com/connecttest.txt (replaces www.msftncsi.com
 starting with Windows 10, version 1607)

store-for-business/release-history-microsoft-store-business-education.md

@@ -13,7 +13,7 @@ ms.date: 10/31/2018
 
 # Microsoft Store for Business and Education release history
 
-Microsoft Store for Business and Education regularly releases new and improved feaures. Here's a summary of new or updated features in previous releases. 
+Microsoft Store for Business and Education regularly releases new and improved features. Here's a summary of new or updated features in previous releases. 
 
 Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) 
 
@@ -24,7 +24,7 @@ Looking for info on the latest release? Check out [What's new in Microsoft Store
 - **App requests** - People in your organization can make requests for apps that they need. hey can also request them on behalf of other people. Admins review requests and can decide on purchases. [Get more info](https://docs.microsoft.com/microsoft-store/acquire-apps-microsoft-store-for-business#allow-app-requests)
 
 ## July 2018
-- Bug fixes and permformance improvements.
+- Bug fixes and performance improvements.
 
 ## June 2018
 - **Change order within private store collection** - Continuing our focus on improvements for private store, now you can customize the order of products in each private store collection. 
@@ -39,7 +39,7 @@ Looking for info on the latest release? Check out [What's new in Microsoft Store
 - **Office 365 subscription management** -  We know that sometimes customers need to cancel a subscription. While we don't want to lose a customer, we want the process for managing subscriptions to be easy. Now, you can delete your Office 365 subscription without calling Support. From Microsoft Store for Business and Education, you can request to delete an Office 365 subscription. We'll wait three days before permanently deleting the subscription. In case of a mistake, customers are welcome to reactivate subscriptions during the three-day period.
 
 ## March 2018
-- **Performance improvements in private store** - We've made it significantly faster for you to udpate the private store. Many changes to the private store are available immediately after you make them. [Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance)
+- **Performance improvements in private store** - We've made it significantly faster for you to update the private store. Many changes to the private store are available immediately after you make them. [Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance)
 - **Private store collection updates** - We’ve made it easier to find apps when creating private store collections – now you can search and filter results. 
  [Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-collections) 
 - **Manage Skype Communication credits** - Office 365 customers that own Skype Communication Credits can now see and manage them in Microsoft Store for Business. You can view your account, add funds to your account, and manage auto-recharge settings.
@@ -53,20 +53,20 @@ Looking for info on the latest release? Check out [What's new in Microsoft Store
 - **Microsoft Product and Services Agreement customers can invite people to take roles** - MPSA admins can invite people to take Microsoft Store for Business roles even if the person is not in their tenant. You provide an email address when you assign the role, and we'll add the account to your tenant and assign the role. 
 
 ## December 2017
-- Bug fixes and permformance improvements.
+- Bug fixes and performance improvements.
 
 ## November 2017
 - **Export list of Minecraft: Education Edition users** - Admins and teachers can now export a list of users who have Minecraft: Education Edition licenses assigned to them. Click **Export users**, and Store for Education creates an Excel spreadsheet for you, and saves it as a .csv file.
 
 ## October 2017
-- Bug fixes and permformance improvements.  
+- Bug fixes and performance improvements.  
 
 ## September 2017
 
 - **Manage Windows device deployment with Windows Autopilot Deployment** - In Microsoft Store for Business, you can manage devices for your organization and apply an Autopilot deployment profile to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows, based on the Autopilot deployment profile you applied to the device. [Get more info](add-profile-to-devices.md)
-- **Request an app** - People in your organization can reqest additional licenses for apps in your private store, and then Admins or Purchasers can make the purchases. [Get more info](https://docs.microsoft.com/microsoft-store/acquire-apps-microsoft-store-for-business#request-apps)
+- **Request an app** - People in your organization can request additional licenses for apps in your private store, and then Admins or Purchasers can make the purchases. [Get more info](https://docs.microsoft.com/microsoft-store/acquire-apps-microsoft-store-for-business#request-apps)
 - **My organization** - **My organization** shows you all Agreements that apply to your organization. You can also update profile info for you org, such as mailing address and email associated with your account.
-- **Manage prepaid Office 365 subscriptions** - Office 365 prepaid subscriptions can be redeemed using a prepaid token. Tokens are available through 3rd-party businesses, outside of Microsoft Store for Business or the Office 365 Admin portal. After redemming prepaid subscriptions, Admins can add more licenses or extend the subscription's expiration date.
+- **Manage prepaid Office 365 subscriptions** - Office 365 prepaid subscriptions can be redeemed using a prepaid token. Tokens are available through 3rd-party businesses, outside of Microsoft Store for Business or the Office 365 Admin portal. After redeeming prepaid subscriptions, Admins can add more licenses or extend the subscription's expiration date.
 - **Manage Office 365 subscriptions acquired by partners** - Office 365 subscriptions purchased for your organization by a partner or reseller can be managed in Microsoft Store for Business. Admins can assign and manage licenses for these subscriptions.
 - **Edge extensions in Microsoft Store** - Edge Extensions are now available from Microsoft Store! You can acquire and distribute them from Microsoft Store for Business just like any other app.
 - **Search results in Microsoft Store for Business** - Search results now have sub categories to help you refine search results.

store-for-business/whats-new-microsoft-store-business-education.md

@@ -28,7 +28,7 @@ We’ve been working on bug fixes and performance improvements to provide you a
 |-----------------------|---------------------------------|
 | ![Private store performance icon](images/perf-improvement-icon.png) |**Performance improvements in private store**<br /><br /> We've made it significantly faster for you to update the private store. Many changes to the private store are available immediately after you make them. <br /><br />[Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
 | <iframe width="288" height="232" src="https://www.youtube-nocookie.com/embed/IpLIZU_j7Z0" frameborder="0" allowfullscreen></iframe>| **Manage Windows device deployment with Windows Autopilot Deployment** <br /><br /> In Microsoft Store for Business, you can manage devices for your organization and apply an Autopilot deployment profile to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows, based on the Autopilot deployment profile you applied to the device.<br /><br />[Get more info](add-profile-to-devices.md)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education  |
-| ![Microsoft Store for Business Settings page, Distribute tab showing app requests setting.](images/msfb-wn-1709-app-request.png) |**Request an app**<br /><br />People in your organization can reqest additional licenses for apps in your private store, and then Admins or Purchasers can make the purchases. <br /><br />[Get more info](https://docs.microsoft.com/microsoft-store/acquire-apps-microsoft-store-for-business#request-apps)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
+| ![Microsoft Store for Business Settings page, Distribute tab showing app requests setting.](images/msfb-wn-1709-app-request.png) |**Request an app**<br /><br />People in your organization can request additional licenses for apps in your private store, and then Admins or Purchasers can make the purchases. <br /><br />[Get more info](https://docs.microsoft.com/microsoft-store/acquire-apps-microsoft-store-for-business#request-apps)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
 ||  ![Image showing Add a Collection.](images/msfb-add-collection.png) |**Private store collections**<br /><br> You can groups of apps in your private store with **Collections**. This can help you organize apps and help people find apps for their job or classroom. <br /><br />[Get more info](https://review.docs.microsoft.com/microsoft-store/manage-private-store-settings?branch=msfb-14856406#add-a-collection)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
 -->
 
@@ -69,7 +69,7 @@ We’ve been working on bug fixes and performance improvements to provide you a
 - Microsoft Product and Services Agreement customers can invite people to take roles
 
 [December 2017](release-history-microsoft-store-business-education.md#december-2017)
-- Bug fixes and permformance improvements
+- Bug fixes and performance improvements
 
 [November 2017](release-history-microsoft-store-business-education.md#november-2017)
 - Export list of Minecraft: Education Edition users

store-for-business/work-with-partner-microsoft-store-business.md

@@ -20,7 +20,7 @@ The process goes like this:
 - Admins find and contact a solution provider using **Find a solution provider** in Microsoft Store for Business. 
 - Solution providers send a request from Partner center to customers to become their solution provider.
 - Customers accept the invitation in Microsoft Store for Business and start working with the solution provider.
-- Customers can manage setting for the relationship with Partner in Microsoft Store for Business. 
+- Customers can manage settings for the relationship with Partner in Microsoft Store for Business. 
 
 ## What can a solution provider do for my organization or school?
 
@@ -59,9 +59,11 @@ The solution provider will get in touch with you. You'll have a chance to learn
 Once you've found a solution provider and decided to work with them, they'll send you an invitation to work together from Partner Center. In Microsoft Store for Business or Education, you'll need to accept the invitation. After that, you can manage their permissions.
 
 **To accept a solution provider invitation**
-1. **Follow email link** - You'll receive an email with a link accept the solution provider invitation. The link will take you to Microsoft Store for Business or Education.
+1. **Follow email link** - You'll receive an email with a link to accept the solution provider invitation from your solution provider. The link will take you to Microsoft Store for Business or Education.
 2. **Accept invitation** - On **Accept Partner Invitation**, select **Authorize** to accept the invitation, accept terms of the Microsoft Cloud Agreement, and start working with the solution provider. 
 
+![Image shows accepting an invitation from a solution provider in Microsoft Store for Business.](images/msft-accept-partner.png)
+ 
 ## Delegate admin privileges
 
 Depending on the request made by the solution provider, part of accepting the invitation will include agreeing to give delegated admin privileges to the solution provider. This will happen when the solution provider request includes acting as a delegated administrator. For more information, see [Delegated admin privileges in Azure AD](https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges#delegated-admin-privileges-in-azure-ad). 

windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md

@@ -16,7 +16,7 @@ To install the management server on a standalone computer and connect it to the
 
 1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation, run **appv\_server\_setup.exe** as an administrator, then select **Install**.
 2. On the **Getting Started** page, review and accept the license terms, then select **Next**.
-3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft Udpate, select **Use Microsoft Update when I check for updates (recommended)**. To disable Microsoft Update, select **I don’t want to use Microsoft Update**, then select **Next**.
+3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft Update, select **Use Microsoft Update when I check for updates (recommended)**. To disable Microsoft Update, select **I don’t want to use Microsoft Update**, then select **Next**.
 4. On the **Feature Selection** page, select the **Management Server** checkbox, then select **Next**.
 5. On the **Installation Location** page, accept the default location, then select **Next**.
 6. On the **Configure Existing Management Database** page, select **Use a remote SQL Server**, then enter the computer running Microsoft SQL's machine name, such as ```SqlServerMachine```.

windows/application-management/apps-in-windows-10.md

@@ -18,124 +18,25 @@ The following types of apps run on Windows 10:
 - "Win32" apps - traditional Windows applications.
 
 Digging into the Windows apps, there are two categories:
-- System apps - Apps that are installed in the c:\Windows\* directory. These apps are integral to the OS.
-- Apps - All other apps, installed in c:\Program Files\WindowsApps. There are two classes of apps:
+- Apps - All other apps, installed in C:\Program Files\WindowsApps. There are two classes of apps:
    - Provisioned: Installed in user account the first time you sign in with a new user account.
    - Installed: Installed as part of the OS.
+- System apps - Apps that are installed in the C:\Windows\* directory. These apps are integral to the OS.
 
 The following tables list the system apps, installed Windows apps, and provisioned Windows apps in a standard Windows 10 Enterprise installation. (If you have a custom image, your specific apps might differ.) The tables list the app, the full name, show the app's status in Windows 10 version 1607, 1703, and 1709, and indicate whether an app can be uninstalled through the UI.
 
 Some of the apps show up in multiple tables - that's because their status changed between versions. Make sure to check the version column for the version you are currently running.
 
-> [!TIP]
-> Want to see a list of the apps installed on your specific image? You can run the following PowerShell cmdlet:
-> ```powershell
-> Get-AppxPackage | select Name,PackageFamilyName
-> Get-AppxProvisionedPackage -Online | select DisplayName,PackageName
-> ```
-
-## System apps
-
-System apps are integral to the operating system. Here are the typical system apps in Windows 10 versions 1703, 1709, and 1803.
-
-| Name             | Full name                                 |1703  | 1709 | 1803 |Uninstall through UI?                                  |
-|------------------|-------------------------------------------|:------:|:------:|:------:|-------------------------------------------------------|
-| Cortana UI       | CortanaListenUIApp                        | x    |      |      |No                                                     |
-|                  | Desktop Learning                          | x    |      |      |No                                                     |
-|                  | DesktopView                               | x    |      |      |No                                                     |
-|                  | EnvironmentsApp                           | x    |      |      |No                                                     |
-| Mixed Reality +  | HoloCamera                                | x    |      |      |No                                                     |
-| Mixed Reality +  | HoloItemPlayerApp                         | x    |      |      |No                                                     |
-| Mixed Reality +  | HoloShell                                 | x    |      |      |No                                                     |
-|                  | InputApp                                  |      |  x   | x    |No                                                     |
-|                  | Microsoft.AAD.Broker.Plugin               | x    |  x   | x    |No                                                     |
-|                  | Microsoft.AccountsControl                 | x    |  x   | x    |No                                                     |
-| Hello setup UI   | Microsoft.BioEnrollment                   | x    |  x   | x    |No                                                     |
-|                  | Microsoft.CredDialogHost                  | x    |  x   | x    |No                                                     |
-|                  | Microsoft.ECApp                           |      |  x   | x    |No                                                     |
-|                  | Microsoft.LockApp                         | x    |  x   | x    |No                                                     |
-| Microsoft Edge   | Microsoft.Microsoft.Edge                  | x    |  x   | x    |No                                                     |
-|                  | Microsoft.PPIProjection                   | x    |  x   | x    |No                                                     |
-|                  | Microsoft.Windows. Apprep.ChxApp           | x    |  x  | x    |No                                                     |
-|                  | Microsoft.Windows. AssignedAccessLockApp   | x    |  x  | x    |No                                                     |
-|                  | Microsoft.Windows. CloudExperienceHost     | x    |  x  | x    |No                                                     |
-|                  | Microsoft.Windows. ContentDeliveryManager  | x    |  x  | x    |No                                                     |
-| Cortana          | Microsoft.Windows.Cortana                  | x    |  x  | x    |No                                                     |
-|                  | Microsoft.Windows. Holographic.FirstRun    | x    |  x  | x    |No                                                     |
-|                  | Microsoft.Windows. ModalSharePickerHost    | x    |     |      |No                                                     |
-|                  | Microsoft.Windows. OOBENetworkCaptivePort  | x    |  x  | x    |No                                                     |
-|                  | Microsoft.Windows. OOBENetworkConnectionFlow  | x |  x  | x    |No                                                     |
-|                  | Microsoft.Windows. ParentalControls        | x    |  x  | x    |No                                                     |
-| People Hub       | Microsoft.Windows. PeopleExperienceHost    |      |  x  | x    |No                                                     |
-|                  | Microsoft.Windows. PinningConfirmationDialog  |   |  x  | x    |No                                                     |
-|                  | Microsoft.Windows. SecHealthUI             | x    |  x  | x    |No                                                     |
-|                  | Microsoft.Windows. SecondaryTileExperience | x    |  x  |      |No                                                     |
-|                  | Microsoft.Windows. SecureAssessmentBrowser | x    |  x  | x    |No                                                     |
-| Start            | Microsoft.Windows. ShellExperienceHost     | x    |  x  | x    |No                                                     |
-| Windows Feedback | Microsoft.WindowsFeedback                  | *    |  *  |      |No                                                     |
-|                  | Microsoft.XboxGameCallableUI               | x    |  x  |  x   |No                                                     |
-| Contact Support* | Windows.ContactSupport                     | x    |  *  |      |Via Optional Features app                      |
-| Settings         | Windows.ImmersiveControlPanel              | x    |  x  |      |No                                                     |
-| Connect          | Windows.MiracastView                       | x    |     |      |No                                                     |
-| Print 3D         | Windows.Print3D                            |      |  x  |      |Yes                                                    |
-| Print UI         | Windows.PrintDialog                        | x    |  x  |  x   |No                                                     |
-| Purchase UI      | Windows.PurchaseDialog                     |      |     | x    |No                                                     |
-|                  | Microsoft.AsyncTextService                 |      |     | x    |No                                                     |
-|                  | Microsoft.MicrosoftEdgeDevToolsClient      |      |     | x    |No                                                     |
-|                  | Microsoft.Win32WebViewHost                 |      |     | x    |No                                                     |
-|                  | Microsoft.Windows.CapturePicker            |      |     | x    |No                                                     |
-|                  | Windows.CBSPreview                         |      |     | x    |No                                                     |
-|File Picker       | 1527c705-839a-4832-9118-54d4Bd6a0c89       |      |     | x    |No                                                     |
-|File Explorer     | c5e2524a-ea46-4f67-841f-6a9465d9d515       |      |     | x    |No                                                     |
-|App Resolver      | E2A4F912-2574-4A75-9BB0-0D023378592B       |      |     | x    |No                                                     |
-|Add Suggested folder Dialog box| F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE||     | x    |No                                                     |
-
-> [!NOTE]
-> - The Contact Support app changed to Get Help in version 1709. Get Help is a provisioned app (instead of system app like Contact Support).
-
-## Installed Windows apps
-
-Here are the typical installed Windows apps in Windows 10 versions 1703, 1709, and 1803.
-
-| Name               | Full name                                | 1703 | 1709 | 1803 |Uninstall through UI? |
-|--------------------|------------------------------------------|:----:|:----:|:----:|:----------------------:|
-| Remote Desktop     | Microsoft.RemoteDesktop                  | x    | x    |      | Yes                  |
-| PowerBI            | Microsoft.Microsoft PowerBIforWindows    | x    |      |      | Yes                  |
-| Code Writer        | ActiproSoftwareLLC.562882FEEB491         | x    | x    | x    | Yes                  |
-| Eclipse Manager    | 46928bounde.EclipseManager               | x    | x    | x    | Yes                  |
-| Pandora            | PandoraMediaInc.29680B314EFC2            | x    | x    | x    | Yes                  |
-| Photoshop Express  | AdobeSystemIncorporated. AdobePhotoshop  | x    | x    | x    | Yes                  |
-| Duolingo           | D5EA27B7.Duolingo- LearnLanguagesforFree | x    | x    | x    | Yes                  |
-| Network Speed Test | Microsoft.NetworkSpeedTest               | x    | x    | x    | Yes                  |
-| News               | Microsoft.BingNews                       | x    | x    | x    | Yes                  |
-| Flipboard          |                                          |      |      |      | Yes                  |
-|                    | Microsoft.Advertising.Xaml               | x    | x    | x    | Yes                  |
-|                    | Microsoft.NET.Native.Framework.1.2       | x    | x    | x    | Yes                  |
-|                    | Microsoft.NET.Native.Framework.1.3       | x    | x    | x    | Yes                  |
-|                    | Microsoft.NET.Native.Framework.1.6       |      | x    | x    | Yes                  |
-|                    | Microsoft.NET.Native.Framework.1.7       |      |      | x    | Yes                  |
-|                    | Microsoft.NET.Native.Framework.2.0       |      | x    | x    | Yes                  |
-|                    | Microsoft.NET.Native.Runtime.1.1         |      | x    | x    | Yes                  |
-|                    | Microsoft.NET.Native.Runtime.1.3         | x    | x    |      | Yes                  |
-|                    | Microsoft.NET.Native.Runtime.1.4         | x    | x    | x    | Yes                  |
-|                    | Microsoft.NET.Native.Runtime.1.6         |      | x    | x    | Yes                  |
-|                    | Microsoft.NET.Native.Runtime.1.7         |      |      | x    | Yes                  |
-|                    | Microsoft.NET.Native.Runtime.2.0         |      | x    | x    | Yes                  |
-|                    | Microsoft.Services.Store.Engagement      |      | x    | x    | Yes                  |
-|                    | Microsoft.VCLibs.120.00                  | x    | x    | x    | Yes                  |
-|                    | Microsoft.VCLibs.140.00                  | x    | x    | x    | Yes                  |
-|                    | Microsoft.VCLibs.120.00.Universal        |      | x    |      | Yes                  |
-|                    | Microsoft.VCLibs.140.00.UWPDesktop       |      |      | x    | Yes                  |
-|                    | Microsoft.WinJS.2.0                      | x    |      |      | Yes                  |
----
 
 ## Provisioned Windows apps
 
 Here are the provisioned Windows apps in Windows 10 versions 1703, 1709, 1803 and 1809.
 
-```
-> Get-AppxProvisionedPackage -Online | Select-Object DisplayName, PackageName
-```
+> [!TIP]
+> You can list all provisioned Windows apps with this PowerShell command:
+> ```
+> Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName
+> ```
 
 | Package name                           | App name                                                                                                           | 1703 | 1709 | 1803 | 1809 | Uninstall through UI? |
 |----------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:|
@@ -186,3 +87,105 @@ Here are the provisioned Windows apps in Windows 10 versions 1703, 1709, 1803 an
 >[!NOTE]
 >The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it.
 ---
+
+## System apps
+
+System apps are integral to the operating system. Here are the typical system apps in Windows 10 versions 1703, 1709, and 1803.
+
+> [!TIP]
+> You can list all system apps with this PowerShell command:
+> ```
+> Get-AppxPackage -PackageTypeFilter Main | ? { $_.SignatureKind -eq "System" } | Sort Name | Format-Table Name, InstallLocation
+> ```
+
+| Name                             | Package Name                                | 1703  | 1709 | 1803 | Uninstall through UI? |
+|----------------------------------|---------------------------------------------|:-----:|:----:|:----:|-----------------------|
+| File Picker                      | 1527c705-839a-4832-9118-54d4Bd6a0c89        |       |      | x    | No                    |
+| File Explorer                    | c5e2524a-ea46-4f67-841f-6a9465d9d515        |       |      | x    | No                    |
+| App Resolver UX                  | E2A4F912-2574-4A75-9BB0-0D023378592B        |       |      | x    | No                    |
+| Add Suggested Folders To Library | F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE        |       |      | x    | No                    |
+|                                  | InputApp                                    |       | x    | x    | No                    |
+| Cortana UI                       | CortanaListenUIApp                          | x     |      |      | No                    |
+|                                  | Desktop Learning                            | x     |      |      | No                    |
+|                                  | DesktopView                                 | x     |      |      | No                    |
+|                                  | EnvironmentsApp                             | x     |      |      | No                    |
+| Mixed Reality +                  | HoloCamera                                  | x     |      |      | No                    |
+| Mixed Reality +                  | HoloItemPlayerApp                           | x     |      |      | No                    |
+| Mixed Reality +                  | HoloShell                                   | x     |      |      | No                    |
+|                                  | Microsoft.AAD.Broker.Plugin                 | x     | x    | x    | No                    |
+|                                  | Microsoft.AccountsControl                   | x     | x    | x    | No                    |
+|                                  | Microsoft.AsyncTextService                  |       |      | x    | No                    |
+| Hello setup UI                   | Microsoft.BioEnrollment                     | x     | x    | x    | No                    |
+|                                  | Microsoft.CredDialogHost                    | x     | x    | x    | No                    |
+|                                  | Microsoft.ECApp                             |       | x    | x    | No                    |
+|                                  | Microsoft.LockApp                           | x     | x    | x    | No                    |
+| Microsoft Edge                   | Microsoft.MicrosoftEdge                     | x     | x    | x    | No                    |
+|                                  | Microsoft.MicrosoftEdgeDevToolsClient       |       |      | x    | No                    |
+|                                  | Microsoft.PPIProjection                     | x     | x    |      | No                    |
+|                                  | Microsoft.Win32WebViewHost                  |       |      | x    | No                    |
+|                                  | Microsoft.Windows.Apprep.ChxApp             | x     | x    | x    | No                    |
+|                                  | Microsoft.Windows.AssignedAccessLockApp     | x     | x    | x    | No                    |
+|                                  | Microsoft.Windows.CapturePicker             |       |      | x    | No                    |
+|                                  | Microsoft.Windows.CloudExperienceHost       | x     | x    | x    | No                    |
+|                                  | Microsoft.Windows.ContentDeliveryManager    | x     | x    | x    | No                    |
+| Cortana                          | Microsoft.Windows.Cortana                   | x     | x    | x    | No                    |
+|                                  | Microsoft.Windows.Holographic.FirstRun      | x     | x    |      | No                    |
+|                                  | Microsoft.Windows.ModalSharePickerHost      | x     |      |      | No                    |
+|                                  | Microsoft.Windows.OOBENetworkCaptivePort    | x     | x    | x    | No                    |
+|                                  | Microsoft.Windows.OOBENetworkConnectionFlow | x     | x    | x    | No                    |
+|                                  | Microsoft.Windows.ParentalControls          | x     | x    | x    | No                    |
+| People Hub                       | Microsoft.Windows.PeopleExperienceHost      |       | x    | x    | No                    |
+|                                  | Microsoft.Windows.PinningConfirmationDialog |       | x    | x    | No                    |
+|                                  | Microsoft.Windows.SecHealthUI               | x     | x    | x    | No                    |
+|                                  | Microsoft.Windows.SecondaryTileExperience   | x     | x    |      | No                    |
+|                                  | Microsoft.Windows.SecureAssessmentBrowser   | x     | x    | x    | No                    |
+| Start                            | Microsoft.Windows.ShellExperienceHost       | x     | x    | x    | No                    |
+| Windows Feedback                 | Microsoft.WindowsFeedback                   | *     | *    |      | No                    |
+|                                  | Microsoft.XboxGameCallableUI                | x     | x    | x    | No                    |
+|                                  | Windows.CBSPreview                          |       |      | x    | No                    |
+| Contact Support*                 | Windows.ContactSupport                      | x     | *    |      | Via Settings App      |
+| Settings                         | Windows.immersivecontrolpanel               | x     | x    | x    | No                    |
+| Connect                          | Windows.MiracastView                        | x     |      |      | No                    |
+| Print 3D                         | Windows.Print3D                             |       | x    |      | Yes                   |
+| Print UI                         | Windows.PrintDialog                         | x     | x    | x    | No                    |
+| Purchase UI                      | Windows.PurchaseDialog                      |       |      |      | No                    |
+
+
+> [!NOTE]
+> - The Contact Support app changed to Get Help in version 1709. Get Help is a provisioned app (instead of system app like Contact Support).
+
+## Installed Windows apps
+
+Here are the typical installed Windows apps in Windows 10 versions 1703, 1709, and 1803.
+
+| Name               | Full name                                | 1703 | 1709 | 1803 |Uninstall through UI? |
+|--------------------|------------------------------------------|:----:|:----:|:----:|:---------------------:|
+| Remote Desktop     | Microsoft.RemoteDesktop                  | x    | x    |      | Yes                  |
+| PowerBI            | Microsoft.Microsoft PowerBIforWindows    | x    |      |      | Yes                  |
+| Code Writer        | ActiproSoftwareLLC.562882FEEB491         | x    | x    | x    | Yes                  |
+| Eclipse Manager    | 46928bounde.EclipseManager               | x    | x    | x    | Yes                  |
+| Pandora            | PandoraMediaInc.29680B314EFC2            | x    | x    | x    | Yes                  |
+| Photoshop Express  | AdobeSystemIncorporated. AdobePhotoshop  | x    | x    | x    | Yes                  |
+| Duolingo           | D5EA27B7.Duolingo- LearnLanguagesforFree | x    | x    | x    | Yes                  |
+| Network Speed Test | Microsoft.NetworkSpeedTest               | x    | x    | x    | Yes                  |
+| News               | Microsoft.BingNews                       | x    | x    | x    | Yes                  |
+| Flipboard          |                                          |      |      |      | Yes                  |
+|                    | Microsoft.Advertising.Xaml               | x    | x    | x    | Yes                  |
+|                    | Microsoft.NET.Native.Framework.1.2       | x    | x    | x    | Yes                  |
+|                    | Microsoft.NET.Native.Framework.1.3       | x    | x    | x    | Yes                  |
+|                    | Microsoft.NET.Native.Framework.1.6       |      | x    | x    | Yes                  |
+|                    | Microsoft.NET.Native.Framework.1.7       |      |      | x    | Yes                  |
+|                    | Microsoft.NET.Native.Framework.2.0       |      | x    | x    | Yes                  |
+|                    | Microsoft.NET.Native.Runtime.1.1         |      | x    | x    | Yes                  |
+|                    | Microsoft.NET.Native.Runtime.1.3         | x    | x    |      | Yes                  |
+|                    | Microsoft.NET.Native.Runtime.1.4         | x    | x    | x    | Yes                  |
+|                    | Microsoft.NET.Native.Runtime.1.6         |      | x    | x    | Yes                  |
+|                    | Microsoft.NET.Native.Runtime.1.7         |      |      | x    | Yes                  |
+|                    | Microsoft.NET.Native.Runtime.2.0         |      | x    | x    | Yes                  |
+|                    | Microsoft.Services.Store.Engagement      |      | x    | x    | Yes                  |
+|                    | Microsoft.VCLibs.120.00                  | x    | x    | x    | Yes                  |
+|                    | Microsoft.VCLibs.140.00                  | x    | x    | x    | Yes                  |
+|                    | Microsoft.VCLibs.120.00.Universal        |      | x    |      | Yes                  |
+|                    | Microsoft.VCLibs.140.00.UWPDesktop       |      |      | x    | Yes                  |
+|                    | Microsoft.WinJS.2.0                      | x    |      |      | Yes                  |
+---

windows/application-management/msix-app-packaging-tool.md

@@ -8,228 +8,30 @@ ms.sitesec: library
 ms.localizationpriority: medium
 ms.author: mikeblodge
 ms.topic: article
-ms.date: 10/18/2018
+ms.date: 12/03/2018
 ---
 
 # Repackage existing win32 applications to the MSIX format
 
-The MSIX Packaging Tool 1.2018.1005.0 is now available to install from the Microsoft Store. The MSIX Packaging Tool enables you to repackage your existing win32 applications to the MSIX format. You can run your desktop installers through this tool interactively and obtain an MSIX package that you can install on your machine and upload to the Microsoft Store. 
+MSIX is a packaging format built to be safe, secure and reliable, based on a combination of .msi, .appx, App-V and ClickOnce installation technologies. You can [use the MSIX packaging tool](https://docs.microsoft.com/windows/msix/packaging-tool/create-app-package-msi-vm) to repackage your existing Win32 applications to the MSIX format. 
 
-> Prerequisites:
+You can either run your installer interactivly (through the UI) or create a package from the command line. Either way, you can convert an application without having the source code. Then, you can make your app available through the Microsoft Store.
+
+- [Package your favorite application installer](https://docs.microsoft.com/windows/msix/packaging-tool/create-app-package-msi-vm) interactively (msi, exe, App-V 5.x and ClickOnce) in MSIX format. 
+- Create a [modification package](https://docs.microsoft.com/windows/msix/packaging-tool/package-editor) to update an existing MSIX package.
+- [Bundle multiple MSIX packages](https://docs.microsoft.com/windows/msix/packaging-tool/bundle-msix-packages) for distribution. 
+
+## Installing the MSIX Packaging Tool
+
+### Prerequisites
 
 - Windows 10, version 1809 (or later)
 - Participation in the Windows Insider Program (if you're using an Insider build)
 - A valid Microsoft account (MSA) alias to access the app from the Microsoft Store 
 - Admin privileges on your PC account 
 
-## Installing the MSIX Packaging Tool
+### Get the app from the Microsoft Store
 
 1. Use the MSA login associated with your Windows Insider Program credentials in the [Microsoft Store](https://www.microsoft.com/store/r/9N5LW3JBCXKF). 
 2. Open the product description page.
 3. Click the install icon to begin installation.
-
-Here is what you can expect to be able to do with this tool:
-
-- Package your favorite application installer interactively (msi, exe, App-V 5.x and ClickOnce) to MSIX format by launching the tool and selecting **Application package** icon. 
-- Create a modification package for a newly created Application MSIX Package by launching the tool and selecting the **Modification package** icon.
-- Open your MSIX package to view and edit its content/properties by navigating to the **Open package editor** tab. Browse to the MSIX package and select **Open package**. 
-
-## Creating an application package using the Command line interface
-To create a new MSIX package for your application, run the MsixPackagingTool.exe create-package command in a Command prompt window. 
-
-Here are the parameters that can be passed as command line arguments:
-
-
-|Parameter   |Description  |
-|---------|---------|
-|-? <br> --help     |   Show help information      |
-|--template     | [required] path to the conversion template XML file containing package information and settings for this conversion    |
-|--virtualMachinePassword     |    [optional] The password for the Virtual Machine to be used for the conversion environment. Notes: The template file must contain a VirtualMachine element and the Settings::AllowPromptForPassword attribute must not be set to true.     |
-
-Examples:
-
-- MsixPackagingTool.exe create-package --template c:\users\documents\ConversionTemplate.xml
-- MSIXPackagingTool.exe create-package --template c:\users\documents\ConversionTemplate.xml  --virtualMachinePassword pswd112893
-
-## Creating an application package using virtual machines
-
-You can select to perform the packaging steps on a virtual machine. To do this: 
-- Click on Application package and select “Create package on an existing virtual machine” in the select environment page. 
-- The tool will then query for existing Virtual machines and allows you to select one form a drop down menu. 
-- Once a VM is selected the tool will ask for user and password. The username field accepts domain\user entries as well.
-
-When using local virtual machines as conversion environment, the tool leverages an authenticated remote PowerShell connection to configure the virtual machine. A lightweight WCF server then provides bidirectional communication between the host and target environment.
-
-Requirements:
-- Virtual Machine need to have PSRemoting enabled. (Enable-PSRemoting command should be run on the VM)
-- Virtual Machine needs to be configured for Windows Insider Program similar to the host machine. Minimum Windows 10 build 17701
-
-
-## Conversion template file
-
-
-```xml
-<MsixPackagingToolTemplate
-    xmlns="http://schemas.microsoft.com/appx/msixpackagingtool/template/2018">
-
-    <Settings
-        AllowTelemetry="true"
-        ApplyAllPrepareComputerFixes="true"
-        GenerateCommandLineFile="true"
-        AllowPromptForPassword="false" 
-        EnforceMicrosoftStoreVersioningRequirements="false">
-
-        <ExclusionItems>
-            <FileExclusion ExcludePath="[{CryptoKeys}]" />
-            <FileExclusion ExcludePath="[{Common AppData}]\Microsoft\Crypto" />
-            <FileExclusion ExcludePath="[{Common AppData}]\Microsoft\Search\Data" />
-            <FileExclusion ExcludePath="[{Cookies}]" />
-            <FileExclusion ExcludePath="[{History}]" />
-            <FileExclusion ExcludePath="[{Cache}]" />
-            <FileExclusion ExcludePath="[{Personal}]" />
-            <FileExclusion ExcludePath="[{Profile}]\Local Settings" />
-            <FileExclusion ExcludePath="[{Profile}]\NTUSER.DAT.LOG1" />
-            <FileExclusion ExcludePath="[{Profile}]\ NTUSER.DAT.LOG2" />
-            <FileExclusion ExcludePath="[{Recent}]" />
-            <FileExclusion ExcludePath="[{Windows}]\debug" />
-            <FileExclusion ExcludePath="[{Windows}]\Logs\CBS" />
-            <FileExclusion ExcludePath="[{Windows}]\Temp" />
-            <FileExclusion ExcludePath="[{Windows}]\WinSxS\ManifestCache" />
-            <FileExclusion ExcludePath="[{Windows}]\WindowsUpdate.log" />
-            <FileExclusion ExcludePath="[{AppVPackageDrive}]\$Recycle.Bin " />
-            <FileExclusion ExcludePath="[{AppVPackageDrive}]\System Volume Information" />
-            <FileExclusion ExcludePath="[{AppData}]\Microsoft\AppV" />
-            <FileExclusion ExcludePath="[{Common AppData}]\Microsoft\Microsoft Security Client" />
-            <FileExclusion ExcludePath="[{Common AppData}]\Microsoft\Microsoft Antimalware" />
-            <FileExclusion ExcludePath="[{Common AppData}]\Microsoft\Windows Defender" />
-            <FileExclusion ExcludePath="[{ProgramFiles}]\Microsoft Security Client" />
-            <FileExclusion ExcludePath="[{ProgramFiles}]\Windows Defender" />
-            <FileExclusion ExcludePath="[{Local AppData}]\Temp" />
-
-            <RegistryExclusion ExcludePath= "REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography" />
-            <RegistryExclusion ExcludePath= "REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography" />
-            <RegistryExclusion ExcludePath= "REGISTRY\MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware" />
-            <RegistryExclusion ExcludePath= "REGISTRY\MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware Setup" />
-            <RegistryExclusion ExcludePath= "REGISTRY\MACHINE\SOFTWARE\Microsoft\Microsoft Security Client" />
-            <RegistryExclusion ExcludePath= "REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware" />
-            <RegistryExclusion ExcludePath= "REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" />
-            <RegistryExclusion ExcludePath= "REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU" />
-            <RegistryExclusion ExcludePath= "REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU" />
-            <RegistryExclusion ExcludePath= "REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams" />
-            <RegistryExclusion ExcludePath= "REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Streams" />
-            <RegistryExclusion ExcludePath= "REGISTRY\MACHINE\SOFTWARE\Microsoft\AppV" />
-            <RegistryExclusion ExcludePath= "REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AppV" />
-            <RegistryExclusion ExcludePath= "REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Microsoft\AppV" />
-            <RegistryExclusion ExcludePath= "REGISTRY\USER\[{AppVCurrentUserSID}]\Software\Wow6432Node\Microsoft\AppV" />
-        </ExclusionItems>
-    </Settings>
-
-
-    <PrepareComputer
-        DisableDefragService="true"
-        DisableWindowsSearchService="true"
-        DisableSmsHostService="true"
-        DisableWindowsUpdateService ="true"/>
-    <!--Note: this section takes precedence over the Settings::ApplyAllPrepareComputerFixes attribute -->
-
-    <SaveLocation
-    PackagePath="C:\users\user\Desktop\MyPackage.msix" 
-    TemplatePath="C:\users\user\Desktop\MyTemplate.xml" />
-
-    <Installer
-        Path="C:\MyAppInstaller.msi"
-        Arguments="/quiet"
-        InstallLocation="C:\Program Files\MyAppInstallLocation" />
-
-    <VirtualMachine Name="vmname" Username="vmusername" />
-
-    <PackageInformation
-        PackageName="MyAppPackageName"
-        PackageDisplayName="MyApp Display Name"
-        PublisherName="CN=MyPublisher"
-        PublisherDisplayName="MyPublisher Display Name"
-        Version="1.1.0.0"
-        MainPackageNameForModificationPackage="MainPackageIdentityName">
-
-        <Applications>
-            <Application
-                Id="MyApp1"
-                Description="MyApp"
-                DisplayName="My App"
-                ExecutableName="MyApp.exe"/>
-        </Applications>
-
-        <Capabilities>
-            <Capability Name="runFullTrust" />
-        </Capabilities>
-
-    </PackageInformation>
-</MsixPackagingToolTemplate>
-
-```
-
-## Conversion template parameter reference
-Here is the complete list of parameters that you can use in the Conversion template file. When a virtual machine is conversion environment, all file paths(installer, savelocation, etc) should be declared relative to the host, where the tool is running)
-
-
-|ConversionSettings entries  |Description  |
-|---------|---------|
-|Settings:: AllowTelemetry     |[optional] Enables telemetry logging for this invocation of the tool.       |
-|Settings:: ApplyAllPrepareComputerFixes     |[optional] Applies all recommended prepare computer fixes. Cannot be set when other attributes are used.         |
-|Settings:: GenerateCommandLineFile     |[optional] Copies the template file input to the SaveLocation directory for future use.         |
-|Settings:: AllowPromptForPassword     |[optional] Instructs the tool to prompt the user to enter passwords for the Virtual Machine and for the signing certificate if it is required and not specified.         |
-|Settings:: EnforceMicrosoftStoreVersioningRequirements|[optional] Instructs the tool to enforce the package versioning scheme required for deployment from Microsoft Store and Microsoft Store for Business.|
-|ExclusionItems     |[optional] 0 or more FileExclusion or RegistryExclusion elements. All FileExclusion elements must appear before any RegistryExclusion elements.         |
-|ExclusionItems::FileExclusion     |[optional] A file to exclude for packaging.         |
-|ExclusionItems::FileExclusion::ExcludePath     |Path to file to exclude for packaging.         |
-|ExclusionItems::RegistryExclusion     |[optional] A registry key to exclude for packaging.          |
-|ExclusionItems::RegistryExclusion:: ExcludePath     |Path to registry to exclude for packaging.         |
-|PrepareComputer::DisableDefragService     |[optional] Disables Windows Defragmenter while the app is being converted. If set to false, overrides ApplyAllPrepareComputerFixes.         |
-|PrepareComputer:: DisableWindowsSearchService     |[optional] Disables Windows Search while the app is being converted. If set to false, overrides ApplyAllPrepareComputerFixes.         |
-|PrepareComputer:: DisableSmsHostService     |[optional] Disables SMS Host while the app is being converted. If set to false, overrides ApplyAllPrepareComputerFixes.         |
-|PrepareComputer:: DisableWindowsUpdateService     |[optional] Disables Windows Update while the app is being converted. If set to false, overrides ApplyAllPrepareComputerFixes.         |
-|SaveLocation     |[optional] An element to specify the save location of the tool. If not specified, the package will be saved under the Desktop folder.         |
-|SaveLocation::PackagePath     |[optional] The path to the file or folder where the resulting MSIX package is saved.         |
-|SaveLocation::TemplatePath    |[optional] The path to the file or folder where the resulting CLI template is saved.    |
-|Installer::Path     |The path to the application installer.         |
-|Installer::Arguments     |The arguments to pass to the installer. You must pass the arguments to force your installer to run unattended/silently. If the installer is an msi or appv, pass an empty argument ie Installer=””.        |
-|Installer::InstallLocation     |[optional] The full path to your application's root folder for the installed files if it were installed (e.g. "C:\Program Files (x86)\MyAppInstalllocation").         |
-|VirtualMachine     |[optional] An element to specify that the conversion will be run on a local Virtual Machine.         |
-|VrtualMachine::Name     |The name of the Virtual Machine to be used for the conversion environment.         |
-|VirtualMachine::Username     |[optional] The user name for the Virtual Machine to be used for the conversion environment.         |
-|PackageInformation::PackageName     |The Package Name for your MSIX package.         |
-|PackageInformation::PackageDisplayName     |The Package Display Name for your MSIX package.         |
-|PackageInformation::PublisherName     |The Publisher for your MSIX package.         |
-|PackageInformation::PublisherDisplayName     |The Publisher Display Name for your MSIX package.         |
-|PackageInformation::Version     |The version number for your MSIX package.         |
-|PackageInformation:: MainPackageNameForModificationPackage     |[optional] The Package identity name of the main package name. This is used when creating a modification package that takes a dependency on a main (parent) application.         |
-|Applications     |[optional] 0 or more Application elements to configure the Application entries in your MSIX package.         |
-|Application::Id     |The App ID for your MSIX application. This ID will be used for the Application entry detected that matches the specified ExecutableName. You can have multiple Application ID for executables in the package         |
-|Application::ExecutableName     |The executable name for the MSIX application that will be added to the package manifest. The corresponding application entry will be ignored if no application with this name is detected.         |
-|Application::Description     |[optional] The App Description for your MSIX application. If not used, the Application DisplayName will be used. This description will be used for the application entry detected that matches the specified ExecutableName         |
-|Application::DisplayName     |The App Display Name for your MSIX package. This Display Name will be used for the application entry detected that matches the specified ExecutableName         |
-|Capabilities     |[optional] 0 or more Capability elements to add custom capabilities to your MSIX package. “runFullTrust” capability is added by default during conversion.         |
-|Capability::Name     |The capability to add to your MSIX package.          |
-
-## Delete temporary conversion files using Command line interface
-To delete all the temporary package files, logs, and artifacts created by the tool, run the MsixPackagingTool.exe cleanup command in the Command line window.
-
-Example:
-- MsixPackagingTool.exe cleanup 
-
-## How to file feedback
-
-Open Feedback Hub. Alternatively, launch the tool and select the **Settings** gear icon in the top right corner to open the Feedback tab. Here you can file feedback for suggestions, problems, and see other feedback items. 
-
-## Best practices 
-
-- When Packaging ClickOnce installers, it is necessary to send a shortcut to the desktop if the installer is not doing so already. In general, it's a good practice to always send a shortcut to your desktop for the main app executable. 
-- When creating modification packages, you need to declare the **Package Name** (Identity Name) of the parent application in the tool UI so that the tool sets the correct package dependency in the manifest of the modification package. 
-- Declaring an installation location field on the Package information page is optional but *recommended*. Make sure that this path matches the installation location of application Installer. 
-- Performing the preparation steps on the **Prepare Computer** page is optional but *highly recommended*.  
-
-## Known issues
-- MSIX Packaging Tool Driver will fail to install if Windows Insider flight ring settings do no match the OS build of the conversion environment. Navigate to Settings, Updates & Security, Windows Insider Program to make sure your Insider preview build settings do not need attention. If you see this message click on the Fix me button to log in again. You might have to go to Windows Update page and check for update before settings change takes effect. Then try to run the tool again to download the MSIX Packaging Tool driver. If you are still hitting issues, try changing your flight ring to Canary or Insider Fast, install the latest Windows updates and try again. 
-- Restarting the machine during application installation is not supported. Please ignore the restart request if possible or pass an argument to the installer to not require a restart.
-- Setting **EnforceMicrosoftStoreVersioningRequirements=true**, when using the command line interface, will throw an error, even if the vesrion is set correctly. To work around this issue, use **EnforceMicrosoftStoreVersioningRequirements=false** in the conversion template file.
-- Adding files to MSIX packages in package editor does not add the file to the folder that the user right-clicks. To work around this issue, ensure that the file being added is in the correct classic app location. For example if you want to add a file in the VFS\ProgramFilesx86\MyApp folder, copy the file locally to your C:\Program Files (86)\MyApp location first, then in the package editor right-click **Package files**, and then click **Add file**. Browse to the newly copied file, then click **Save**.

windows/client-management/TOC.md

@@ -14,6 +14,14 @@
 ## [Troubleshoot Windows 10 clients](windows-10-support-solutions.md)
 ### [Data collection for troubleshooting 802.1x Authentication](data-collection-for-802-authentication.md)
 ### [Advanced troubleshooting 802.1x authentication](advanced-troubleshooting-802-authentication.md)
+### [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)
 ### [Advanced troubleshooting Wireless Network Connectivity](advanced-troubleshooting-wireless-network-connectivity.md)
+### [Advanced troubleshooting for Windows-based computer freeze issues](troubleshoot-windows-freeze.md)
+### [Advanced troubleshooting for Stop error or blue screen error issue](troubleshoot-stop-errors.md)
+### [Advanced troubleshooting for TCP/IP](troubleshoot-tcpip.md)
+#### [Collect data using Network Monitor](troubleshoot-tcpip-netmon.md)
+#### [Troubleshoot TCP/IP connectivity](troubleshoot-tcpip-connectivity.md)
+#### [Troubleshoot port exhaustion issues](troubleshoot-tcpip-port-exhaust.md)
+#### [Troubleshoot Remote Procedure Call (RPC) errors](troubleshoot-tcpip-rpc-errors.md)
 ## [Mobile device management for solution providers](mdm/index.md)
 ## [Change history for Client management](change-history-for-client-management.md)

windows/client-management/advanced-troubleshooting-boot-problems.md

@@ -0,0 +1,389 @@
+---
+title: Advanced troubleshooting for Windows boot problems
+description: Learn how to troubleshoot when Windows is unable to boot 
+ms.prod: w10
+ms.sitesec: library
+author: kaushika-msft
+ms.localizationpriority: medium
+ms.author: elizapo
+ms.date: 11/16/2018
+---
+
+# Advanced troubleshooting for Windows boot problems
+
+>[!NOTE]
+>This article is intended for use by support agents and IT professionals. If you're looking for more general information about recovery options, see [Recovery options in Windows 10](https://support.microsoft.com/help/12415).
+
+## Summary
+
+There are several reasons why a Windows-based computer may have problems during startup. To troubleshoot boot problems, first determine in which of the following phases the computer gets stuck:
+
+| **Phase** | **Boot Process**     | **BIOS**       | **UEFI**              |
+|--------|----------------------|------------------------------|  |
+| 1      | PreBoot              | MBR/PBR (Bootstrap Code)             | UEFI Firmware                        |
+| 2      | Windows Boot Manager | %SystemDrive%\bootmgr                | \EFI\Microsoft\Boot\bootmgfw.efi     |
+| 3      | Windows OS Loader    | %SystemRoot%\system32\winload.exe    | %SystemRoot%\system32\winload.efi    |
+| 4      | Windows NT OS Kernel | %SystemRoot%\system32\ntoskrnl.exe     |                                     |
+
+
+**1. PreBoot**
+
+The PC’s firmware initiates a Power-On Self Test (POST) and loads firmware settings. This pre-boot process ends when a valid system disk is detected. Firmware reads the master boot record (MBR), and then starts Windows Boot
+Manager.
+
+**2. Windows Boot Manager**
+
+Windows Boot Manager finds and starts the Windows loader (Winload.exe) on the Windows boot partition.
+
+**3. Windows operating system loader**
+
+Essential drivers required to start the Windows kernel are loaded and the kernel starts to run.
+
+**4. Windows NT OS Kernel**
+
+The kernel loads into memory the system registry hive and additional drivers that are marked as BOOT_START.
+
+The kernel passes control to the session manager process (Smss.exe) which initializes the system session, and loads and starts the devices and drivers that are not marked BOOT_START.
+
+Here is a summary of the boot sequence, what will be seen on the display, and typical boot problems at that point in the sequence. Before starting troubleshooting, you have to understand the outline of the boot process and display status to ensure that the issue is properly identified at the beginning of the engagement.
+
+![thumbnail of boot sequence flowchart](images/boot-sequence-thumb.png)<br>
+[Click to enlarge](img-boot-sequence.md)<br>
+
+
+
+
+Each phase has a different approach to troubleshooting. This article provides troubleshooting techniques for problems that occur during the first three phases.
+
+>[!NOTE]
+>If the computer repeatedly boots to the recovery options, run the following command at a command prompt to break the cycle:
+>
+>`Bcdedit /set {default} recoveryenabled no`
+>
+>If the F8 options don't work, run the following command:
+>
+>`Bcdedit /set {default} bootmenupolicy legacy`
+
+
+## BIOS phase
+
+To determine whether the system has passed the BIOS phase, follow these steps:
+
+1. If there are any external peripherals connected to the computer, disconnect them.
+2. Check whether the hard disk drive light on the physical computer is working. If it is not working, this indicates that the startup process is stuck at the BIOS phase.
+3. Press the NumLock key to see whether the indicator light toggles on and off. If it does not, this indicates that the startup process is stuck at BIOS.
+
+If the system is stuck at the BIOS phase, there may be a hardware problem.
+
+## Boot loader phase
+
+If the screen is completely black except for a blinking cursor, or if you receive one of the following error codes, this indicates that the boot process is stuck in the Boot Loader phase:
+
+-   Boot Configuration Data (BCD) missing or corrupted
+-   Boot file or MBR corrupted
+-   Operating system Missing
+-   Boot sector missing or corrupted
+-   Bootmgr missing or corrupted
+-   Unable to boot due to system hive missing or corrupted
+
+To troubleshoot this problem, use Windows installation media to start the computer, press Shift+F10 for a command prompt, and then use any of the following methods.
+
+
+### Method 1: Startup Repair tool
+
+The Startup Repair tool automatically fixes many common problems. The tool also lets you quickly diagnose and repair more complex startup problems. When the computer detects a startup problem, the computer starts the Startup Repair tool. When the tool starts, it performs diagnostics. These diagnostics include analyzing startup log files to determine the cause of the problem. When the Startup Repair tool determines the cause, the tool tries to fix the problem automatically.
+
+To do this, follow these steps.
+
+>[!NOTE]
+>For additional methods to start WinRE, see [Entry points into WinRE](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#span-identrypointsintowinrespanspan-identrypointsintowinrespanspan-identrypointsintowinrespanentry-points-into-winre).
+
+1. Start the system to the installation media for the installed version of Windows.  
+    **Note** For more information, see [Create installation media for Windows](https://support.microsoft.com/help/15088).
+
+2. On the **Install Windows** screen, select **Next** > **Repair your computer**.
+
+3. On the **System Recovery Options** screen, select **Next** > **Command Prompt**.
+
+4. After Startup Repair, select **Shutdown**, then turn on your PC to see if Windows can boot properly.
+
+The Startup Repair tool generates a log file to help you understand the startup problems and the repairs that were made. You can find the log file in the following location:
+
+**%windir%\System32\LogFiles\Srt\Srttrail.txt**
+
+
+For more information see, [A Stop error occurs, or the computer stops responding when you try to start Windows Vista or Windows 7](https://support.microsoft.com/help/925810/a-stop-error-occurs-or-the-computer-stops-responding-when-you-try-to-s)
+
+
+### Method 2: Repair Boot Codes
+
+To repair boot codes, run the following command:
+
+```dos
+BOOTREC /FIXMBR
+```
+
+To repair the boot sector, run the following command:
+
+```dos
+BOOTREC /FIXBOOT
+```
+
+>[!NOTE]
+>Running **BOOTREC** together with **Fixmbr** overwrites only the master boot code. If the corruption in the MBR affects the partition table, running **Fixmbr** may not fix the problem.
+
+### Method 3: Fix BCD errors
+
+If you receive BCD-related errors, follow these steps:
+
+1. Scan for all the systems that are installed. To do this, run the following command:
+   ```dos
+   Bootrec /ScanOS
+   ```
+
+2. Restart the computer to check whether the problem is fixed.
+
+3. If the problem is not fixed, run the following command:
+    ```dos
+    Bootrec /rebuildbcd
+    ```
+
+4. You might receive one of the following outputs:
+
+    - Scanning all disks for Windows installations. Please wait, since this may take a while...Successfully scanned Windows installations. Total identified Windows installations: 0
+    The operation completed successfully.
+
+    - Scanning all disks for Windows installations. Please wait, since this may take a while... Successfully scanned Windows installations. Total identified Windows installations: 1
+    D:\Windows  
+    Add installation to boot list? Yes/No/All:
+
+If the output shows **windows installation: 0**, run the following commands:
+
+```dos
+bcdedit /export c:\bcdbackup
+
+attrib c:\\boot\\bcd -h -r –s
+
+ren c:\\boot\\bcd bcd.old
+
+bootrec /rebuildbcd
+```
+
+After you run the command, you receive the following output:
+
+    Scanning all disks for Windows installations. Please wait, since this may take a while...Successfully scanned Windows installations. Total identified Windows installations: 1{D}:\Windows  
+Add installation to boot list? Yes/No/All: Y
+
+5.  Try again to start the system.
+
+### Method 4: Replace Bootmgr
+
+If methods 1 and 2 do not fix the problem, replace the Bootmgr file from drive C to the System Reserved partition. To do this, follow these steps:
+
+1. At a command prompt, change the directory to the System Reserved partition.
+
+2. Run the **attrib** command to unhide the file:
+    ```dos
+    attrib-s -h -r
+    ```
+
+3. Run the same **attrib** command on the Windows (system drive):
+    ```dos
+    attrib-s -h –r
+    ```
+
+4. Rename the Bootmgr file as Bootmgr.old:
+    ```dos
+    ren c:\\bootmgr bootmgr.old
+    ```
+
+5. Start a text editor, such as Notepad.
+
+6. Navigate to the system drive.
+
+7.  Copy the Bootmgr file, and then paste it to the System Reserved partition.
+
+8.  Restart the computer.
+
+### Method 5: Restore System Hive
+
+If Windows cannot load the system registry hive into memory, you must restore the system hive. To do this, use the Windows Recovery Environment or use Emergency Repair Disk (ERD) to copy the files from the C:\Windows\System32\config\RegBack to C:\Windows\System32\config.
+
+If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced.
+
+
+## Kernel Phase
+
+If the system gets stuck during the kernel phase, you experience multiple symptoms or receive multiple error messages. These include, but are not limited to, the following:
+
+-   A Stop error appears after the splash screen (Windows Logo screen).
+
+-   Specific error code is displayed.
+    For example, "0x00000C2" , "0x0000007B" , "inaccessible boot device" and so on.
+    (To troubleshoot the 0x0000007B error, see [Error code INACCESSIBLE_BOOT_DEVICE (STOP    0x7B)](https://internal.support.services.microsoft.com/help/4343769/troubleshooting-guide-for-windows-boot-problems#0x7bstoperror))
+
+-   The screen is stuck at the "spinning wheel" (rolling dots) "system busy" icon.
+
+-   A black screen appears after the splash screen.
+
+To troubleshoot these problems, try the following recovery boot options one at a time.
+
+**Scenario 1: Try to start the computer in Safe mode or Last Known Good Configuration**
+
+On the **Advanced Boot Options** screen, try to start the computer in **Safe Mode** or **Safe Mode with Networking**. If either of these options works, use Event Viewer to help identify and diagnose the cause of the boot problem. To view events that are recorded in the event logs, follow these steps:
+
+1.  Use one of the following methods to open Event Viewer:
+
+    -   Click **Start**, point to **Administrative Tools**, and then click
+        **Event Viewer**.
+
+    -   Start the Event Viewer snap-in in Microsoft Management Console (MMC).
+
+2.  In the console tree, expand Event Viewer, and then click the log that you
+    want to view. For example, click **System log** or **Application log**.
+
+3.  In the details pane, double-click the event that you want to view.
+
+4.  On the **Edit** menu, click **Copy**, open a new document in the program in
+    which you want to paste the event (for example, Microsoft Word), and then
+    click **Paste**.
+
+5.  Use the Up Arrow or Down Arrow key to view the description of the previous
+    or next event.
+
+
+### Clean boot
+
+To troubleshoot problems that affect services, do a clean boot by using System Configuration (msconfig).
+Select **Selective startup** to test the services one at a time to determine which one is causing the problem. If you cannot find the cause, try including system services. However, in most cases, the problematic service is third-party.
+
+Disable any service that you find to be faulty, and try to start the computer again by selecting **Normal startup**.
+
+For detailed instructions, see [How to perform a clean boot in Windows](https://support.microsoft.com/help/929135/how-to-perform-a-clean-boot-in-windows).
+
+If the computer starts in Disable Driver Signature mode, start the computer in Disable Driver Signature Enforcement mode, and then follow the steps that are documented in the following article to determine which drivers or files require driver signature enforcement:
+[Troubleshooting boot problem caused by missing driver signature (x64)](https://blogs.technet.microsoft.com/askcore/2012/04/15/troubleshooting-boot-issues-due-to-missing-driver-signature-x64/)
+
+>[!NOTE]
+>If the computer is a domain controller, try Directory Services Restore mode (DSRM).
+>
+>This method is an important step if you encounter Stop error "0xC00002E1" or "0xC00002E2"
+
+
+**Examples**
+
+>[!WARNING]
+>Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these
+problems can be solved. Modify the registry at your own risk.
+
+*Error code INACCESSIBLE_BOOT_DEVICE (STOP 0x7B)*
+
+To troubleshoot this Stop error, follow these steps to filter the drivers:
+
+1.  Go to Window Recovery Environment (WinRE) by putting an ISO disk of the system in the disk drive. The ISO should be of same version of Windows or a later version.
+
+2.  Open the registry.
+
+3.  Load the system hive, and name it as "test."
+
+4.  Under the following registry subkey, check for lower filter and upper filter items for Non-Microsoft Drivers:  
+      
+    **HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class**  
+    
+5.  For each third-party driver that you locate, click the upper or lower filter, and then delete the value data.
+
+6.  Search through the whole registry for similar items. Process as an appropriate, and then unload the registry hive.
+
+7.  Restart the server in Normal mode.
+
+For additional troubleshooting steps, see the following articles:
+
+- [Troubleshooting a Stop 0x7B in Windows](https://blogs.technet.microsoft.com/askcore/2013/08/05/troubleshooting-a-stop-0x7b-in-windows/)  
+  
+- [Advanced troubleshooting for "Stop error code 0x0000007B (INACCESSIBLE_BOOT_DEVICE)" errors in Windows XP](https://internal.support.services.microsoft.com/help/324103).
+
+To fix problems that occur after you install Windows updates, check for pending updates by using these steps:
+
+1. Open a Command Prompt winodw in WinRE.
+
+2. Run the command:
+    ```dos
+    dism /image:C:\ /get-packages
+    ```
+
+3. If there are any pending updates, uninstall them by running the following commands:
+    ```dos
+    DISM /image:C:\ /remove-package /packagename: name of the package
+    ```
+    ```dos
+    Dism /Image:C:\ /Cleanup-Image /RevertPendingActions
+    ```
+
+Try to start the computer.
+
+If the computer does not start, follow these steps:
+
+1.  Open A Command Prompt window in WinRE, and start a text editor, such as Notepad.
+
+2.  Navigate to the system drive, and search for windows\winsxs\pending.xml.
+
+3.  If the Pending.xml file is found, rename the file as Pending.xml.old.
+
+4.  Open the registry, and then load the component hive in HKEY_LOCAL_MACHINE as a test.
+
+5.  Highlight the loaded test hive, and then search for the **pendingxmlidentifier** value.
+
+6.  If the **pendingxmlidentifier** value exists, delete the value.
+
+7.  Unload the test hive.
+
+8.  Load the system hive, name it as "test".
+
+9.  Navigate to the following subkey:  
+      
+    **HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\TrustedInstaller**  
+    
+10. Change the **Start** value from **1** to **4**
+
+11. Unload the hive.
+
+12. Try to start the computer.
+
+If the Stop error occurs late in the startup process, or if the Stop error is still being generated, you can capture a memory dump. A good memory dump can help determine the root cause of the Stop error. For details, see the following Knowledge Base article:
+
+- [969028](https://support.microsoft.com/help/969028) How to generate a kernel or a complete memory dump file in Windows Server 2008 and Windows Server 2008 R2
+
+For more information about page file problems in Windows 10 or Windows Server 2016, see the following Knowledge Base article:
+
+- [4133658](https://support.microsoft.com/help/4133658) Introduction of page file in Long-Term Servicing Channel and Semi-Annual Channel of Windows
+
+For more information about Stop errors, see the following Knowledge Base article:
+
+- [3106831](https://support.microsoft.com/help/3106831) Troubleshooting Stop error problems for IT Pros
+
+
+If the dump file shows an error that is related to a driver (for example, windows\system32\drivers\stcvsm.sys is missing or corrupted), follow these guidelines:
+
+- Check the functionality that is provided by the driver. If the driver is a third-party boot driver, make sure that you understand what it does.
+
+- If the driver is not important and has no dependencies, load the system hive, and then disable the driver.
+
+- If the stop error indicates system file corruption, run the system file checker in offline mode.
+    - To do this, open WinRE, open a command prompt, and then run the following command:
+        ```dos
+        SFC /Scannow /OffBootDir=C:\ /OffWinDir=E:\Windows
+        ```
+        For more information, see [Using System File Checker (SFC) To Fix  Issues](https://blogs.technet.microsoft.com/askcore/2007/12/18/using-system-file-checker-sfc-to-fix-issues/)
+
+    - If there is disk corruption, run the check disk command:
+        ```dos
+        chkdsk /f /r
+        ```
+
+    - If the Stop error indicates general registry corruption, or if you believe that new drivers or services were installed, follow these steps:
+
+        1. Start WinRE, and open a Command Prompt window.
+        2. Start a text editor, such as Notepad.
+        3. Navigate to C\Windows\System32\Config\.
+        4. Rename the all five hives by appending ".old" to the name.
+        5. Copy all the hives from the Regback folder, paste them in the Config folder, and then try to start the computer in Normal mode.

windows/client-management/change-history-for-client-management.md

@@ -9,13 +9,30 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: jdeckerMS
 ms.author: jdecker
-ms.date: 09/12/2017
+ms.date: 12/06/2018
 ---
 
 # Change history for Client management
 
 This topic lists new and updated topics in the [Client management](index.md) documentation for Windows 10 and Windows 10 Mobile.
 
+## December 2018
+
+New or changed topic | Description
+--- | ---
+[Advanced troubleshooting for TCP/IP](troubleshoot-tcpip.md) | New
+[Collect data using Network Monitor](troubleshoot-tcpip-netmon.md) | New
+[Troubleshoot TCP/IP connectivity](troubleshoot-tcpip-connectivity.md) | New
+[Troubleshoot port exhaustion issues](troubleshoot-tcpip-port-exhaust.md) | New
+[Troubleshoot Remote Procedure Call (RPC) errors](troubleshoot-tcpip-rpc-errors.md) | New
+
+## November 2018
+
+New or changed topic | Description
+--- | ---
+ [Advanced troubleshooting for Windows-based computer freeze issues](troubleshoot-windows-freeze.md) | New
+ [Advanced troubleshooting for Stop error or blue screen error issue](troubleshoot-stop-errors.md) | New
+
 ## RELEASE: Windows 10, version 1709
 
 The topics in this library have been updated for Windows 10, version 1709 (also known as the Fall Creators Update).

windows/client-management/data-collection-for-802-authentication.md

@@ -14,538 +14,373 @@ ms.date: 10/29/2018
 # Data Collection for Troubleshooting 802.1x Authentication
  
  
-## Steps to capture Wireless/Wired functionality logs
+## Capture wireless/wired functionality logs
+
+Use the following steps to collect wireless and wired logs on Windows and Windows Server:
 
 1. Create C:\MSLOG on the client machine to store captured logs.
-2. Launch a command prompt as an administrator on the client machine, and run the following commands to start RAS trace log and Wireless/Wired scenario log:
+2. Launch a command prompt as an administrator on the client machine, and run the following commands to start RAS trace log and Wireless/Wired scenario log.
 
-**On Windows 8.1, Windows 10 Wireless Client**
+   **Wireless Windows 8.1 and Windows 10:**
 
-```dos
-netsh ras set tracing * enabled
-```
-```dos
-netsh trace start scenario=wlan,wlan\_wpp,wlan\_dbg,wireless\_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%\_wireless\_cli.etl
-```
+   ```
+   netsh ras set tracing * enabled
+   netsh trace start scenario=wlan,wlan_wpp,wlan_dbg,wireless_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_cli.etl
+   ```
 
-**On Windows 7, Winodws 8 Wireless Client**
-```dos
-netsh ras set tracing * enabled
-```
-```dos
-netsh trace start scenario=wlan,wlan\_wpp,wlan\_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%\_wireless\_cli.etl
-```
+   **Wireless Windows 7 and Windows 8:**
+   ```
+   netsh ras set tracing * enabled
+   netsh trace start scenario=wlan,wlan_wpp,wlan_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_cli.etl
+   ```
 
-**On Wired network client**
+   **Wired client, regardless of version**
+   ```
+   netsh ras set tracing * enabled
+   netsh trace start scenario=lan globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wired_cli.etl
+   ```
  
-```dos
-netsh ras set tracing * enabled
-```
-```dos
-netsh trace start scenario=lan globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%\_wired\_cli.etl
-```
+3. Run the following command to enable CAPI2 logging:
   
-3. Run the followind command to enable CAPI2 logging:
- 
-```dos
-wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:true
-```
+   ```
+   wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:true
+   ```
  
 4. Create C:\MSLOG on the NPS to store captured logs.
  
 5. Launch a command prompt as an administrator on the NPS and run the following commands to start RAS trace log and Wireless/Wired scenario log:
  
-**On Windows Server 2012 R2, Windows Server 2016 Wireless network**
+   **Windows Server 2012 R2, Windows Server 2016 wireless network:**
 
-   ```dos
+   ```
    netsh ras set tracing * enabled
-   ```
-   ```dos
-    netsh trace start scenario=wlan,wlan\_wpp,wlan\_dbg,wireless\_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%\_wireless\_nps.etl
+   netsh trace start scenario=wlan,wlan_wpp,wlan_dbg,wireless_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_nps.etl
    ```
 
-**On Windows Server 2008 R2, Winodws Server 2012 Wireless network**
+   **Windows Server 2008 R2, Windows Server 2012 wireless network**
 
-   ```dos
+   ```
    netsh ras set tracing * enabled
-   ```
-   ```dos
-    netsh trace start scenario=wlan,wlan\_wpp,wlan\_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%\_wireless\_nps.etl
+   netsh trace start scenario=wlan,wlan_wpp,wlan_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_nps.etl
    ```
 
-**On wired network**
+   **Wired network**
 
-   ```dos
+   ```
    netsh ras set tracing * enabled
-   ```
-   ```dos
-    netsh trace start scenario=lan globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%\_wired\_nps.etl
+   netsh trace start scenario=lan globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wired_nps.etl
    ```
  
-6. Run the followind command to enable CAPI2 logging:
+6. Run the following command to enable CAPI2 logging:
 
-  ```dos
+   ```
     wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:true
   ```
- 
 7. Run the following command from the command prompt on the client machine and start PSR to capture screen images:
  
+   > [!NOTE]
+   > When the mouse button is clicked, the cursor will blink in red while capturing a screen image.
 
-> [!NOTE]
-> When the mouse button is clicked, the cursor will blink in red while capturing a screen image.
-
-   ```dos
-    psr /start /output c:\MSLOG\%computername%\_psr.zip /maxsc 100
    ```
- 
+    psr /start /output c:\MSLOG\%computername%_psr.zip /maxsc 100
+   ```
 8. Repro the issue.
+9. Run the following command on the client PC to stop the PSR capturing:
 
-9. Run the following command on the client machine to stop the PSR capturing:
-
-  ```dos
+   ```
       psr /stop
    ```
  
 10. Run the following commands from the command prompt on the NPS.
  
-**Stopping RAS trace log and Wireless scenario log**
+   - To stop RAS trace log and wireless scenario log:
 
-   ```dos
-    netsh trace stop
       ```
-   ```dos
+      netsh trace stop
+      netsh ras set tracing * disabled
+      ```
+   - To disable and copy CAPI2 log:
+    
+      ```
+      wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:false
+      wevtutil.exe epl Microsoft-Windows-CAPI2/Operational C:\MSLOG\%COMPUTERNAME%_CAPI2.evtx
+      ```
+ 
+11. Run the following commands on the client PC.
+   - To stop RAS trace log and wireless scenario log:
+      ```
+      netsh trace stop
       netsh ras set tracing * disabled
       ```
  
-**Disabling and copying CAPI2 log**
-    
-   ```dos
+   - To disable and copy the CAPI2 log:
+      ```
       wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:false
-   ```
-   ```dos
-    wevtutil.exe epl Microsoft-Windows-CAPI2/Operational C:\MSLOG\CAPI2\_%COMPUTERNAME%.evtx
+      wevtutil.exe epl Microsoft-Windows-CAPI2/Operational C:\MSLOG\%COMPUTERNAME%_CAPI2.evtx
       ```
  
-11. Run the following commands from the prompt on the client machine.
+12. Save the following logs on the client and the NPS:
  
-**Stopping RAS trace log and Wireless scenario log**
-
-  ```dos
-    netsh trace stop
-   ```
-   ```dos
-    netsh ras set tracing * disabled
-   ```
- 
-**Disabling and copying CAPI2 log**
-
-   ```dos
-    wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:false
-   ```
-   ```dos
-    wevtutil.exe epl Microsoft-Windows-CAPI2/Operational C:\MSLOG\CAPI2\_%COMPUTERNAME%.evtx
-   ```
- 
-12. Save the following logs on the client and the NPS.
- 
-**Client**
+   **Client**
       - C:\MSLOG\%computername%_psr.zip
- - C:\MSLOG\CAPI2_%COMPUTERNAME%.evtx
+      - C:\MSLOG\%COMPUTERNAME%_CAPI2.evtx
       - C:\MSLOG\%COMPUTERNAME%_wireless_cli.etl
       - C:\MSLOG\%COMPUTERNAME%_wireless_cli.cab
       - All log files and folders in %Systemroot%\Tracing
  
-**NPS**
+   **NPS**
       - C:\MSLOG\%COMPUTERNAME%_CAPI2.evtx
       - C:\MSLOG\%COMPUTERNAME%_wireless_nps.etl (%COMPUTERNAME%_wired_nps.etl for wired scenario)
       - C:\MSLOG\%COMPUTERNAME%_wireless_nps.cab (%COMPUTERNAME%_wired_nps.cab for wired scenario)
       - All log files and folders in %Systemroot%\Tracing
 
+## Save environmental and configuration information
 
-### Steps to save environmental / configuration information
+### On Windows client
 
-**Client**
 1. Create C:\MSLOG to store captured logs.
 2. Launch a command prompt as an administrator.
 3. Run the following commands.
    - Environmental information and Group Policies application status
-         ```dos                
-            gpresult /H C:\MSLOG\%COMPUTERNAME%\_gpresult.htm
    
-            msinfo32 /report c:\MSLOG\%COMPUTERNAME%\_msinfo32.txt
-            
-            ipconfig /all > c:\MSLOG\%COMPUTERNAME%\_ipconfig.txt
-              
-            route print > c:\MSLOG\%COMPUTERNAME%\_route\_print.txt
    ```               
+   gpresult /H C:\MSLOG\%COMPUTERNAME%_gpresult.htm
+   msinfo32 /report c:\MSLOG\%COMPUTERNAME%_msinfo32.txt
+   ipconfig /all > c:\MSLOG\%COMPUTERNAME%_ipconfig.txt
+   route print > c:\MSLOG\%COMPUTERNAME%_route_print.txt
+   ``` 
+   - Event logs
    
-**Event logs**
+   ```
+   wevtutil epl Application c:\MSLOG\%COMPUTERNAME%_Application.evtx
+   wevtutil epl System c:\MSLOG\%COMPUTERNAME%_System.evtx
+   wevtutil epl Security c:\MSLOG\%COMPUTERNAME%_Security.evtx
+   wevtutil epl Microsoft-Windows-GroupPolicy/Operational C:\MSLOG\%COMPUTERNAME%_GroupPolicy_Operational.evtx
+   wevtutil epl "Microsoft-Windows-WLAN-AutoConfig/Operational" c:\MSLOG\%COMPUTERNAME%_Microsoft-Windows-WLAN-AutoConfig-Operational.evtx
+   wevtutil epl "Microsoft-Windows-Wired-AutoConfig/Operational" c:\MSLOG\%COMPUTERNAME%_Microsoft-Windows-Wired-AutoConfig-Operational.evtx
+   wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-CredentialRoaming_Operational.evtx
+   wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%_CertPoleEng_Operational.evtx
+   ```
+   - For Windows 8 and later, also run these commands for event logs: 
    
-**Run the following command on Windows 8 and above **
-```dos
-wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServicesClient-Lifecycle-System\_Operational.evtx
+   ```
+   wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-System_Operational.evtx
+   wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-User_Operational.evtx
+   wevtutil epl Microsoft-Windows-CertificateServices-Deployment/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServices-Deployment_Operational.evtx
+   ```
+   - Certificates Store information:
    
-wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServicesClient-Lifecycle-User\_Operational.evtx
+   ```
+   certutil -v -silent -store MY > c:\MSLOG\%COMPUTERNAME%_cert-Personal-Registry.txt
+   certutil -v -silent -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-Registry.txt
+   certutil -v -silent -store -grouppolicy ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-GroupPolicy.txt
+   certutil -v -silent -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_TrustedRootCA-Enterprise.txt
+   certutil -v -silent -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Reg.txt
+   certutil -v -silent -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-GroupPolicy.txt
+   certutil -v -silent -store -enterprise TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Enterprise.txt
+   certutil -v -silent -store CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-Registry.txt
+   certutil -v -silent -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-GroupPolicy.txt
+   certutil -v -silent -store -enterprise CA > c:\MSLOG\%COMPUTERNAME%_cert-Intermediate-Enterprise.txt
+   certutil -v -silent -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Registry.txt
+   certutil -v -silent -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-GroupPolicy.txt
+   certutil -v -silent -store -enterprise AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Enterprise.txt
+   certutil -v -silent -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Registry.txt
+   certutil -v -silent -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-GroupPolicy.txt
+   certutil -v -silent -store -enterprise SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Enterprise.txt
+   certutil -v -silent -store -enterprise NTAUTH > c:\MSLOG\%COMPUTERNAME%_cert-NtAuth-Enterprise.txt
+   certutil -v -silent -user -store MY > c:\MSLOG\%COMPUTERNAME%_cert-User-Personal-Registry.txt
+   certutil -v -silent -user -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Registry.txt
+   certutil -v -silent -user -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Enterprise.txt
+   certutil -v -silent -user -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-Registry.txt
+   certutil -v -silent -user -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-GroupPolicy.txt
+   certutil -v -silent -user -store CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-Registry.txt
+   certutil -v -silent -user -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-GroupPolicy.txt
+   certutil -v -silent -user -store Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-Registry.txt
+   certutil -v -silent -user -store -grouppolicy Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-GroupPolicy.txt
+   certutil -v -silent -user -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-Registry.txt
+   certutil -v -silent -user -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-GroupPolicy.txt
+   certutil -v -silent -user -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-Registry.txt
+   certutil -v -silent -user -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-GroupPolicy.txt
+   certutil -v -silent -user -store UserDS > c:\MSLOG\%COMPUTERNAME%_cert-User-UserDS.txt
+   ```
+   - Wireless LAN client information:
    
-wevtutil epl Microsoft-Windows-CertificateServices-Deployment/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServices-Deployment\_Operational.evtx
-```
+   ```
+   netsh wlan show all > c:\MSLOG\%COMPUTERNAME%_wlan_show_all.txt
+   netsh wlan export profile folder=c:\MSLOG\
+   ```
+   - Wired LAN Client information
    
-```dos
-wevtutil epl Application c:\MSLOG\%COMPUTERNAME%\_Application.evtx
+   ```
+   netsh lan show interfaces > c:\MSLOG\%computername%_lan_interfaces.txt
+   netsh lan show profiles > c:\MSLOG\%computername%_lan_profiles.txt
+   netsh lan show settings > c:\MSLOG\%computername%_lan_settings.txt
+   netsh lan export profile folder=c:\MSLOG\
+   ```
+4.  Save the logs stored in C:\MSLOG.
 
-wevtutil epl System c:\MSLOG\%COMPUTERNAME%\_System.evtx
+### On NPS
 
-wevtutil epl Security c:\MSLOG\%COMPUTERNAME%\_Security.evtx
+1. Create C:\MSLOG to store captured logs.
+2. Launch a command prompt as an administrator.
+3. Run the following commands.
+   - Environmental information and Group Policies application status:
 
-wevtutil epl Microsoft-Windows-GroupPolicy/Operational C:\MSLOG\%COMPUTERNAME%\_GroupPolicy\_Operational.evtx
+   ```
+   gpresult /H C:\MSLOG\%COMPUTERNAME%_gpresult.txt
+   msinfo32 /report c:\MSLOG\%COMPUTERNAME%_msinfo32.txt
+   ipconfig /all > c:\MSLOG\%COMPUTERNAME%_ipconfig.txt
+   route print > c:\MSLOG\%COMPUTERNAME%_route_print.txt
+   ```
+   - Event logs:
    
-wevtutil epl "Microsoft-Windows-WLAN-AutoConfig/Operational" c:\MSLOG\%COMPUTERNAME%\_Microsoft-Windows-WLAN-AutoConfig-Operational.evtx
+   ```
+   wevtutil epl Application c:\MSLOG\%COMPUTERNAME%_Application.evtx
+   wevtutil epl System c:\MSLOG\%COMPUTERNAME%_System.evtx
+   wevtutil epl Security c:\MSLOG\%COMPUTERNAME%_Security.evtx
+   wevtutil epl Microsoft-Windows-GroupPolicy/Operational c:\MSLOG\%COMPUTERNAME%_GroupPolicy_Operational.evtx
+   wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-CredentialRoaming_Operational.evtx
+   wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%_CertPoleEng_Operational.evtx
+   ```
+   - Run the following 3 commands on Windows Server 2012 and later:
    
-wevtutil epl "Microsoft-Windows-Wired-AutoConfig/Operational" c:\MSLOG\%COMPUTERNAME%\_Microsoft-Windows-Wired-AutoConfig-Operational.evtx
+   ```
+   wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-System_Operational.evtx
+   wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-User_Operational.evtx
+   wevtutil epl Microsoft-Windows-CertificateServices-Deployment/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServices-Deployment_Operational.evtx
+   ```
+   - Certificates store information
    
-wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServicesClient-CredentialRoaming\_Operational.evtx
+   ```
+   certutil -v -silent -store MY > c:\MSLOG\%COMPUTERNAME%_cert-Personal-Registry.txt
+   certutil -v -silent -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-Registry.txt
+   certutil -v -silent -store -grouppolicy ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-GroupPolicy.txt
+   certutil -v -silent -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_TrustedRootCA-Enterprise.txt
+   certutil -v -silent -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Reg.txt
+   certutil -v -silent -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-GroupPolicy.txt
+   certutil -v -silent -store -enterprise TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Enterprise.txt
+   certutil -v -silent -store CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-Registry.txt
+   certutil -v -silent -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-GroupPolicy.txt
+   certutil -v -silent -store -enterprise CA > c:\MSLOG\%COMPUTERNAME%_cert-Intermediate-Enterprise.txt
+   certutil -v -silent -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Registry.txt
+   certutil -v -silent -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-GroupPolicy.txt
+   certutil -v -silent -store -enterprise AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Enterprise.txt
+   certutil -v -silent -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Registry.txt
+   certutil -v -silent -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-GroupPolicy.txt
+   certutil -v -silent -store -enterprise SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Enterprise.txt
+   certutil -v -silent -store -enterprise NTAUTH > c:\MSLOG\%COMPUTERNAME%_cert-NtAuth-Enterprise.txt
+   certutil -v -silent -user -store MY > c:\MSLOG\%COMPUTERNAME%_cert-User-Personal-Registry.txt
+   certutil -v -silent -user -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Registry.txt
+   certutil -v -silent -user -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Enterprise.txt
+   certutil -v -silent -user -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-Registry.txt
+   certutil -v -silent -user -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-GroupPolicy.txt
+   certutil -v -silent -user -store CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-Registry.txt
+   certutil -v -silent -user -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-GroupPolicy.txt
+   certutil -v -silent -user -store Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-Registry.txt
+   certutil -v -silent -user -store -grouppolicy Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-GroupPolicy.txt
+   certutil -v -silent -user -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-Registry.txt
+   certutil -v -silent -user -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-GroupPolicy.txt
+   certutil -v -silent -user -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-Registry.txt
+   certutil -v -silent -user -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-GroupPolicy.txt
+   certutil -v -silent -user -store UserDS > c:\MSLOG\%COMPUTERNAME%_cert-User-UserDS.txt
+   ```
+   - NPS configuration information:
    
-wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%\_CertPoleEng\_Operational.evtx
-```
-
-**Certificates Store information**
-        
-```dos
-certutil.exe -v -silent -store MY > c:\MSLOG\%COMPUTERNAME%\_cert-Personal-Registry.txt
-            
-certutil.exe -v -silent -store ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-TrustedRootCA-Registry.txt
-            
-certutil.exe -v -silent -store -grouppolicy ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-TrustedRootCA-GroupPolicy.txt
-    
-certutil.exe -v -silent -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%\_TrustedRootCA-Enterprise.txt
-            
-certutil.exe -v -silent -store TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-EnterpriseTrust-Reg.txt
-            
-certutil.exe -v -silent -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-EnterpriseTrust-GroupPolicy.txt
-            
-certutil.exe -v -silent -store -enterprise TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-EnterpriseTrust-Enterprise.txt
-            
-certutil.exe -v -silent -store CA > c:\MSLOG\%COMPUTERNAME%\_cert-IntermediateCA-Registry.txt
-            
-certutil.exe -v -silent -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%\_cert-IntermediateCA-GroupPolicy.txt
-            
-certutil.exe -v -silent -store -enterprise CA > c:\MSLOG\%COMPUTERNAME%\_cert-Intermediate-Enterprise.txt
-            
-certutil.exe -v -silent -store AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-3rdPartyRootCA-Registry.txt
-            
-certutil.exe -v -silent -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-3rdPartyRootCA-GroupPolicy.txt
-            
-certutil.exe -v -silent -store -enterprise AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-3rdPartyRootCA-Enterprise.txt
-            
-certutil.exe -v -silent -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-SmartCardRoot-Registry.txt
-            
-certutil.exe -v -silent -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-SmartCardRoot-GroupPolicy.txt
-            
-certutil.exe -v -silent -store -enterprise SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-SmartCardRoot-Enterprise.txt
-            
-certutil.exe -v -silent -store -enterprise NTAUTH > c:\MSLOG\%COMPUTERNAME%\_cert-NtAuth-Enterprise.txt
-            
-certutil.exe -v -silent -user -store MY > c:\MSLOG\%COMPUTERNAME%\_cert-User-Personal-Registry.txt
-            
-certutil.exe -v -silent -user -store ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-User-TrustedRootCA-Registry.txt
-            
-certutil.exe -v -silent -user -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-User-TrustedRootCA-Enterprise.txt
-            
-certutil.exe -v -silent -user -store TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-User-EnterpriseTrust-Registry.txt
-            
-certutil.exe -v -silent -user -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-User-EnterpriseTrust-GroupPolicy.txt
-            
-certutil.exe -v -silent -user -store CA > c:\MSLOG\%COMPUTERNAME%\_cert-User-IntermediateCA-Registry.txt
-            
-certutil.exe -v -silent -user -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%\_cert-User-IntermediateCA-GroupPolicy.txt
-            
-certutil.exe -v -silent -user -store Disallowed > c:\MSLOG\%COMPUTERNAME%\_cert-User-UntrustedCertificates-Registry.txt
-            
-certutil.exe -v -silent -user -store -grouppolicy Disallowed > c:\MSLOG\%COMPUTERNAME%\_cert-User-UntrustedCertificates-GroupPolicy.txt
-            
-certutil.exe -v -silent -user -store AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-3rdPartyRootCA-Registry.txt
-            
-certutil.exe -v -silent -user -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-3rdPartyRootCA-GroupPolicy.txt
-            
-certutil.exe -v -silent -user -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-SmartCardRoot-Registry.txt
-            
-certutil.exe -v -silent -user -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-SmartCardRoot-GroupPolicy.txt
-            
-certutil.exe -v -silent -user -store UserDS > c:\MSLOG\%COMPUTERNAME%\_cert-User-UserDS.txt
-```
- 
-**Wireless LAN Client information**
-```dos
-netsh wlan show all > c:\MSLOG\%COMPUTERNAME%\_wlan\_show\_all.txt
-            
-netsh wlan export profile folder=c:\MSLOG\
-```
- 
-**Wired LAN Client information**
-```dos
-netsh lan show all > c:\MSLOG\%COMPUTERNAME%\_lan\_show\_all.txt
-            
-netsh lan export profile folder=c:\MSLOG\
-```
+   ```
+   netsh nps show config > C:\MSLOG\%COMPUTERNAME%_nps_show_config.txt
+   netsh nps export filename=C:\MSLOG\%COMPUTERNAME%_nps_export.xml exportPSK=YES
+   ```
+3. Take the following steps to save an NPS accounting log.
+   1. Open **Administrative tools > Network Policy Server**.
+   2. On the Network Policy Server administration tool, select **Accounting** in the left pane.
+   3. Click **Change Log File Properties**.
+   4. On the **Log File** tab, note the log file naming convention shown as **Name** and the log file location shown in **Directory** box.
+   5. Copy the log file to C:\MSLOG.
  
 4. Save the logs stored in C:\MSLOG.
 
+### Certificate Authority (CA) (OPTIONAL)
 
-**NPS**
-    1. Create C:\MSLOG to store captured logs.
-    2. Launch a command prompt as an administrator.
-    3. Run the following commands:
+1. On a CA, launch a command prompt as an administrator. Create C:\MSLOG to store captured logs.
+2. Run the following commands.
+   - Environmental information and Group Policies application status
    
-   **Environmental information and Group Policies application status**
-
-   ```dos
-   gpresult /H C:\MSLOG\%COMPUTERNAME%\_gpresult.txt
-            
-   msinfo32 /report c:\MSLOG\%COMPUTERNAME%\_msinfo32.txt
-            
-   ipconfig /all > c:\MSLOG\%COMPUTERNAME%\_ipconfig.txt
-            
-   route print > c:\MSLOG\%COMPUTERNAME%\_route\_print.txt
    ```
- 
-**Event logs**
-**Run the following 3 commands on Windows Server 2012 and above:**
-```dos
-wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServicesClient-Lifecycle-System\_Operational.evtx
-            
-wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServicesClient-Lifecycle-User\_Operational.evtx
-            
-wevtutil epl Microsoft-Windows-CertificateServices-Deployment/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServices-Deployment\_Operational.evtx
-```
-
-```dos
-wevtutil epl Application c:\MSLOG\%COMPUTERNAME%\_Application.evtx
-            
-wevtutil epl System c:\MSLOG\%COMPUTERNAME%\_System.evtx
-            
-wevtutil epl Security c:\MSLOG\%COMPUTERNAME%\_Security.evtx
-            
-wevtutil epl Microsoft-Windows-GroupPolicy/Operational c:\MSLOG\%COMPUTERNAME%\_GroupPolicy\_Operational.evtx
-            
-wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServicesClient-CredentialRoaming\_Operational.evtx
-            
-wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%\_CertPoleEng\_Operational.evtx
-```
-
-**Certificates store information**
-```dos
-certutil.exe -v -silent -store MY > c:\MSLOG\%COMPUTERNAME%\_cert-Personal-Registry.txt
-            
-certutil.exe -v -silent -store ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-TrustedRootCA-Registry.txt
-            
-certutil.exe -v -silent -store -grouppolicy ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-TrustedRootCA-GroupPolicy.txt
-            
-certutil.exe -v -silent -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%\_TrustedRootCA-Enterprise.txt
-            
-certutil.exe -v -silent -store TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-EnterpriseTrust-Reg.txt
-            
-certutil.exe -v -silent -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-EnterpriseTrust-GroupPolicy.txt
-            
-certutil.exe -v -silent -store -enterprise TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-EnterpriseTrust-Enterprise.txt
-            
-certutil.exe -v -silent -store CA > c:\MSLOG\%COMPUTERNAME%\_cert-IntermediateCA-Registry.txt
-            
-certutil.exe -v -silent -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%\_cert-IntermediateCA-GroupPolicy.txt
-            
-certutil.exe -v -silent -store -enterprise CA > c:\MSLOG\%COMPUTERNAME%\_cert-Intermediate-Enterprise.txt
-            
-certutil.exe -v -silent -store AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-3rdPartyRootCA-Registry.txt
-            
-certutil.exe -v -silent -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-3rdPartyRootCA-GroupPolicy.txt
-            
-certutil.exe -v -silent -store -enterprise AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-3rdPartyRootCA-Enterprise.txt
-            
-certutil.exe -v -silent -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-SmartCardRoot-Registry.txt
-            
-certutil.exe -v -silent -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-SmartCardRoot-GroupPolicy.txt
-            
-certutil.exe -v -silent -store -enterprise SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-SmartCardRoot-Enterprise.txt
-            
-certutil.exe -v -silent -store -enterprise NTAUTH > c:\MSLOG\%COMPUTERNAME%\_cert-NtAuth-Enterprise.txt
-            
-certutil.exe -v -silent -user -store MY > c:\MSLOG\%COMPUTERNAME%\_cert-User-Personal-Registry.txt
-            
-certutil.exe -v -silent -user -store ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-User-TrustedRootCA-Registry.txt
-            
-certutil.exe -v -silent -user -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-User-TrustedRootCA-Enterprise.txt
-            
-certutil.exe -v -silent -user -store TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-User-EnterpriseTrust-Registry.txt
-            
-certutil.exe -v -silent -user -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-User-EnterpriseTrust-GroupPolicy.txt
-            
-certutil.exe -v -silent -user -store CA > c:\MSLOG\%COMPUTERNAME%\_cert-User-IntermediateCA-Registry.txt
-            
-certutil.exe -v -silent -user -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%\_cert-User-IntermediateCA-GroupPolicy.txt
-            
-certutil.exe -v -silent -user -store Disallowed > c:\MSLOG\%COMPUTERNAME%\_cert-User-UntrustedCertificates-Registry.txt
-            
-certutil.exe -v -silent -user -store -grouppolicy Disallowed > c:\MSLOG\%COMPUTERNAME%\_cert-User-UntrustedCertificates-GroupPolicy.txt
-            
-certutil.exe -v -silent -user -store AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-3rdPartyRootCA-Registry.txt
-            
-certutil.exe -v -silent -user -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-3rdPartyRootCA-GroupPolicy.txt
-            
-certutil.exe -v -silent -user -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-SmartCardRoot-Registry.txt
-            
-certutil.exe -v -silent -user -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-SmartCardRoot-GroupPolicy.txt
-            
-certutil.exe -v -silent -user -store UserDS > c:\MSLOG\%COMPUTERNAME%\_cert-User-UserDS.txt
-```
- 
-**NPS configuration information**
-```dos
-netsh nps show config > C:\MSLOG\%COMPUTERNAME%\_nps\_show\_config.txt
-            
-netsh nps export filename=C:\MSLOG\%COMPUTERNAME%\_nps\_export.xml exportPSK=YES
-```
- 
-3. Take the following steps to save an NPS accounting log:
-4. Launch **Administrative tools** - **Network Policy Server**.
-    - On the Network Policy Server administration tool, select **Accounting** in the left pane.
-    - Click **Change Log File Properties** in the right pane.
-    - Click the **Log File** tab, note the log file naming convention shown as *Name* and the log file location shown in the **Directory** box.
-    - Copy the log file to C:\MSLOG.
-    - Save the logs stored in C:\MSLOG.
- 
- 
-**Certificate Authority (CA)** *Optional*
-
-1. On a CA, launch a command prompt as an administrator.
-2. Create C:\MSLOG to store captured logs.
-3. Run the following commands:
-
-Environmental information and Group Policies application status
-
-```dos
-gpresult /H C:\MSLOG\%COMPUTERNAME%\_gpresult.txt
-            
-msinfo32 /report c:\MSLOG\%COMPUTERNAME%\_msinfo32.txt
-            
-ipconfig /all > c:\MSLOG\%COMPUTERNAME%\_ipconfig.txt
-            
-route print > c:\MSLOG\%COMPUTERNAME%\_route\_print.txt
-```
- 
-**Event logs**
-
-**Run the following 3 lines on Windows 2012 and up:**
-
-```dos
-wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServicesClient-Lifecycle-System\_Operational.evtx
- 
-wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServicesClient-Lifecycle-User\_Operational.evtx
- 
-wevtutil epl Microsoft-Windows-CertificateServices-Deployment/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServices-Deployment\_Operational.evtx
-```
-
-```dos
-wevtutil epl Application c:\MSLOG\%COMPUTERNAME%\_Application.evtx
-            
-wevtutil epl System c:\MSLOG\%COMPUTERNAME%\_System.evtx
-            
-wevtutil epl Security c:\MSLOG\%COMPUTERNAME%\_Security.evtx
-            
-wevtutil epl Microsoft-Windows-GroupPolicy/Operational c:\MSLOG\%COMPUTERNAME%\_GroupPolicy\_Operational.evtx
-            
-wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServicesClient-CredentialRoaming\_Operational.evtx
-            
-wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%\_CertPoleEng\_Operational.evtx
-```
-
-**Certificates store information**
-
-```dos
-certutil.exe -v -silent -store MY > c:\MSLOG\%COMPUTERNAME%\_cert-Personal-Registry.txt
-            
-certutil.exe -v -silent -store ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-TrustedRootCA-Registry.txt
-            
-certutil.exe -v -silent -store -grouppolicy ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-TrustedRootCA-GroupPolicy.txt
-            
-certutil.exe -v -silent -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%\_TrustedRootCA-Enterprise.txt
-            
-certutil.exe -v -silent -store TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-EnterpriseTrust-Reg.txt
-            
-certutil.exe -v -silent -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-EnterpriseTrust-GroupPolicy.txt
-            
-certutil.exe -v -silent -store -enterprise TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-EnterpriseTrust-Enterprise.txt
-            
-certutil.exe -v -silent -store CA > c:\MSLOG\%COMPUTERNAME%\_cert-IntermediateCA-Registry.txt
-            
-certutil.exe -v -silent -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%\_cert-IntermediateCA-GroupPolicy.txt
-            
-certutil.exe -v -silent -store -enterprise CA > c:\MSLOG\%COMPUTERNAME%\_cert-Intermediate-Enterprise.txt
-            
-certutil.exe -v -silent -store AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-3rdPartyRootCA-Registry.txt
-            
-certutil.exe -v -silent -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-3rdPartyRootCA-GroupPolicy.txt
-            
-certutil.exe -v -silent -store -enterprise AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-3rdPartyRootCA-Enterprise.txt
-            
-certutil.exe -v -silent -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-SmartCardRoot-Registry.txt
-            
-certutil.exe -v -silent -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-SmartCardRoot-GroupPolicy.txt
-            
-certutil.exe -v -silent -store -enterprise SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-SmartCardRoot-Enterprise.txt
-            
-certutil.exe -v -silent -store -enterprise NTAUTH > c:\MSLOG\%COMPUTERNAME%\_cert-NtAuth-Enterprise.txt
-            
-certutil.exe -v -silent -user -store MY > c:\MSLOG\%COMPUTERNAME%\_cert-User-Personal-Registry.txt
-            
-certutil.exe -v -silent -user -store ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-User-TrustedRootCA-Registry.txt
-            
-certutil.exe -v -silent -user -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-User-TrustedRootCA-Enterprise.txt
-            
-certutil.exe -v -silent -user -store TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-User-EnterpriseTrust-Registry.txt
-            
-certutil.exe -v -silent -user -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-User-EnterpriseTrust-GroupPolicy.txt
-            
-certutil.exe -v -silent -user -store CA > c:\MSLOG\%COMPUTERNAME%\_cert-User-IntermediateCA-Registry.txt
-            
-certutil.exe -v -silent -user -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%\_cert-User-IntermediateCA-GroupPolicy.txt
-            
-certutil.exe -v -silent -user -store Disallowed > c:\MSLOG\%COMPUTERNAME%\_cert-User-UntrustedCertificates-Registry.txt
-            
-certutil.exe -v -silent -user -store -grouppolicy Disallowed > c:\MSLOG\%COMPUTERNAME%\_cert-User-UntrustedCertificates-GroupPolicy.txt
-            
-certutil.exe -v -silent -user -store AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-3rdPartyRootCA-Registry.txt
-            
-certutil.exe -v -silent -user -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-3rdPartyRootCA-GroupPolicy.txt
-            
-certutil.exe -v -silent -user -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-SmartCardRoot-Registry.txt
-            
-certutil.exe -v -silent -user -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-SmartCardRoot-GroupPolicy.txt
-            
-certutil.exe -v -silent -user -store UserDS > c:\MSLOG\%COMPUTERNAME%\_cert-User-UserDS.txt
-```
-            
-**CA configuration information**
-```dos
-reg save HKLM\System\CurrentControlSet\Services\CertSvc c:\MSLOG\%COMPUTERNAME%\_CertSvc.hiv
-            
-reg export HKLM\System\CurrentControlSet\Services\CertSvc c:\MSLOG\%COMPUTERNAME%\_CertSvc.txt
-            
-reg save HKLM\SOFTWARE\Microsoft\Cryptography c:\MSLOG\%COMPUTERNAME%\_Cryptography.hiv
-            
-reg export HKLM\SOFTWARE\Microsoft\Cryptography c:\MSLOG\%COMPUTERNAME%\_Cryptography.tx
-```
-            
-4. Copy the following files, if exist, to C:\MSLOG. %windir%\CAPolicy.inf
-5. Log on to a domain controller and create C:\MSLOG to store captured logs.
-6. Launch Windows PowerShell as an administrator.
-7. Run the following PowerShell commandlets
-
-        \* Replace the domain name in ";.. ,DC=test,DC=local"; with appropriate domain name. The example shows commands for ";test.local"; domain.
-```powershell
-Import-Module ActiveDirectory
-        
-Get-ADObject -SearchBase ";CN=Public Key Services,CN=Services,CN=Configuration,DC=test,DC=local"; -Filter \* -Properties \* | fl \* > C:\MSLOG\Get-ADObject\_$Env:COMPUTERNAME.txt
-```
-8. Save the following logs:
-- All files in C:\MSLOG on the CA
-- All files in C:\MSLOG on the domain controller
+   gpresult /H C:\MSLOG\%COMPUTERNAME%_gpresult.txt
+   msinfo32 /report c:\MSLOG\%COMPUTERNAME%_msinfo32.txt
+   ipconfig /all > c:\MSLOG\%COMPUTERNAME%_ipconfig.txt
+   route print > c:\MSLOG\%COMPUTERNAME%_route_print.txt
+   ```
+   - Event logs
+   
+   ```
+   wevtutil epl Application c:\MSLOG\%COMPUTERNAME%_Application.evtx
+   wevtutil epl System c:\MSLOG\%COMPUTERNAME%_System.evtx
+   wevtutil epl Security c:\MSLOG\%COMPUTERNAME%_Security.evtx
+   wevtutil epl Microsoft-Windows-GroupPolicy/Operational c:\MSLOG\%COMPUTERNAME%_GroupPolicy_Operational.evtx
+   wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-CredentialRoaming_Operational.evtx
+   wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%_CertPoleEng_Operational.evtx
+   ```
+   - Run the following 3 lines on Windows 2012 and up
+   
+   ```
+   wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-System_Operational.evtx
+   wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-User_Operational.evtx
+   wevtutil epl Microsoft-Windows-CertificateServices-Deployment/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServices-Deployment_Operational.evtx
+   ```
+   - Certificates store information
+   
+   ```
+   certutil -v -silent -store MY > c:\MSLOG\%COMPUTERNAME%_cert-Personal-Registry.txt
+   certutil -v -silent -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-Registry.txt
+   certutil -v -silent -store -grouppolicy ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-GroupPolicy.txt
+   certutil -v -silent -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_TrustedRootCA-Enterprise.txt
+   certutil -v -silent -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Reg.txt
+   certutil -v -silent -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-GroupPolicy.txt
+   certutil -v -silent -store -enterprise TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Enterprise.txt
+   certutil -v -silent -store CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-Registry.txt
+   certutil -v -silent -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-GroupPolicy.txt
+   certutil -v -silent -store -enterprise CA > c:\MSLOG\%COMPUTERNAME%_cert-Intermediate-Enterprise.txt
+   certutil -v -silent -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Registry.txt
+   certutil -v -silent -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-GroupPolicy.txt
+   certutil -v -silent -store -enterprise AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Enterprise.txt
+   certutil -v -silent -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Registry.txt
+   certutil -v -silent -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-GroupPolicy.txt
+   certutil -v -silent -store -enterprise SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Enterprise.txt
+   certutil -v -silent -store -enterprise NTAUTH > c:\MSLOG\%COMPUTERNAME%_cert-NtAuth-Enterprise.txt
+   certutil -v -silent -user -store MY > c:\MSLOG\%COMPUTERNAME%_cert-User-Personal-Registry.txt
+   certutil -v -silent -user -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Registry.txt
+   certutil -v -silent -user -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Enterprise.txt
+   certutil -v -silent -user -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-Registry.txt
+   certutil -v -silent -user -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-GroupPolicy.txt
+   certutil -v -silent -user -store CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-Registry.txt
+   certutil -v -silent -user -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-GroupPolicy.txt
+   certutil -v -silent -user -store Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-Registry.txt
+   certutil -v -silent -user -store -grouppolicy Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-GroupPolicy.txt
+   certutil -v -silent -user -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-Registry.txt
+   certutil -v -silent -user -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-GroupPolicy.txt
+   certutil -v -silent -user -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-Registry.txt
+   certutil -v -silent -user -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-GroupPolicy.txt
+   certutil -v -silent -user -store UserDS > c:\MSLOG\%COMPUTERNAME%_cert-User-UserDS.txt
+   ```
+   - CA configuration information
+   
+   ```
+   reg save HKLM\System\CurrentControlSet\Services\CertSvc c:\MSLOG\%COMPUTERNAME%_CertSvc.hiv
+   reg export HKLM\System\CurrentControlSet\Services\CertSvc c:\MSLOG\%COMPUTERNAME%_CertSvc.txt
+   reg save HKLM\SOFTWARE\Microsoft\Cryptography c:\MSLOG\%COMPUTERNAME%_Cryptography.hiv
+   reg export HKLM\SOFTWARE\Microsoft\Cryptography c:\MSLOG\%COMPUTERNAME%_Cryptography.tx
+   ```
+3. Copy the following files, if exist, to C:\MSLOG: %windir%\CAPolicy.inf
+4. Log on to a domain controller and create C:\MSLOG to store captured logs.
+5. Launch Windows PowerShell as an administrator.
+6. Run the following PowerShell cmdlets. Replace the domain name in ";.. ,DC=test,DC=local"; with appropriate domain name. The example shows commands for ";test.local"; domain.
+   
+   ```powershell
+   Import-Module ActiveDirectory
+   Get-ADObject -SearchBase ";CN=Public Key Services,CN=Services,CN=Configuration,DC=test,DC=local"; -Filter \* -Properties \* | fl \* > C:\MSLOG\Get-ADObject_$Env:COMPUTERNAME.txt
+   ```
+7. Save the following logs.
+   - All files in C:\MSLOG on the CA
+   - All files in C:\MSLOG on the domain controller
 

windows/client-management/img-boot-sequence.md

@@ -0,0 +1,11 @@
+---
+description: A full-sized view of the boot sequence flowchart.
+title: Boot sequence flowchart
+ms.date: 11/16/2018
+---
+
+Return to: [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)<br>
+
+
+![Full-sized boot sequence flowchart](images/boot-sequence.png)
+