fix: Replace syntax with langauge code 2

windows/client-management/mdm/windowslicensing-csp.md

@@ -196,7 +196,7 @@ Values:
 
 **CheckApplicability**
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Exec>
@@ -223,7 +223,7 @@ Values:
 
 **Edition**
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Get>
@@ -241,7 +241,7 @@ Values:
 
 **LicenseKeyType**
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Get>
@@ -259,7 +259,7 @@ Values:
 
 **Status**
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Get>
@@ -277,7 +277,7 @@ Values:
 
 **UpgradeEditionWithProductKey**
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Exec>
@@ -304,7 +304,7 @@ Values:
 
 **UpgradeEditionWithLicense**
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Exec>

windows/client-management/mdm/windowssecurityauditing-csp.md

@@ -39,7 +39,7 @@ Supported operations are Get and Replace.
 
 Enable logging of audit events.
 
-``` syntax
+```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
   <SyncBody>
     <Replace>

windows/configuration/customize-and-export-start-layout.md

@@ -176,7 +176,7 @@ If the Start layout is applied by Group Policy or MDM, and the policy is removed
 2.  [Export the Start layout](#export-the-start-layout).
 3.  Open the layout .xml file. There is a `<DefaultLayoutOverride>` element. Add `LayoutCustomizationRestrictionType="OnlySpecifiedGroups"` to the **DefaultLayoutOverride** element as follows:
 
-    ``` syntax
+    ```xml
     <DefaultLayoutOverride LayoutCustomizationRestrictionType="OnlySpecifiedGroups">
     ```
 

windows/configuration/mobile-devices/settings-that-can-be-locked-down.md

@@ -462,7 +462,7 @@ Quick action buttons are locked down in exactly the same way as Settings pages/g
 
 You can specify the quick actions as follows:
 
-``` syntax
+```xml
 <Settings>
     <System name="QuickActions_Launcher_AllSettings" />
     <System name="QuickActions_Launcher_DeviceDiscovery" />

windows/configuration/ue-v/uev-application-template-schema-reference.md

@@ -241,7 +241,7 @@ Version identifies the version of the settings location template for administrat
 
 **Hint:** You can save notes about version changes using XML comment tags `<!-- -->`, for example:
 
-``` syntax
+```xml
   <!--
      Version History
 
@@ -280,7 +280,7 @@ Author identifies the creator of the settings location template. Two optional ch
 
 Processes contains at least one `<Process>` element, which in turn contains the following child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. The Filename child element is mandatory and the others are optional. A fully populated element contains tags similar to this example:
 
-``` syntax
+```xml
     <Process>
       <Filename>MyApplication.exe</Filename>
       <Architecture>Win64</Architecture>
@@ -355,7 +355,7 @@ UE-V does not support ARM processors in this version.
 
 ProductName is an optional element used to identify a product for administrative purposes or reporting. ProductName differs from Filename in that there are no regular expression restrictions on its value. This allows for more easily understood descriptions of a process where the executable name may not be obvious. For example:
 
-``` syntax
+```xml
     <Process>
       <Filename>MyApplication.exe</Filename>
       <ProductName>My Application 6.x by Contoso.com</ProductName>
@@ -375,7 +375,7 @@ FileDescription is an optional tag that allows for an administrative description
 
 For example, in a suited application, it might be useful to provide reminders about the function of two executables (MyApplication.exe and MyApplicationHelper.exe), as shown here:
 
-``` syntax
+```xml
 <Processes>
 
    <Process>
@@ -409,7 +409,7 @@ The product and file version elements may be left unspecified. Doing so makes th
 
 Product version: 1.0 specified in the UE-V template generator produces the following XML:
 
-``` syntax
+```xml
       <ProductVersion>
         <Major Minimum="1" Maximum="1" />
         <Minor Minimum="0" Maximum="0" />
@@ -420,7 +420,7 @@ Product version: 1.0 specified in the UE-V template generator produces the follo
 
 File version: 5.0.2.1000 specified in the UE-V template generator produces the following XML:
 
-``` syntax
+```xml
       <FileVersion>
         <Major Minimum="5" Maximum="5" />
         <Minor Minimum="0" Maximum="0" />
@@ -433,7 +433,7 @@ File version: 5.0.2.1000 specified in the UE-V template generator produces the f
 
 Only the Minimum attribute is present. Maximum must be included in a range as well.
 
-``` syntax
+```xml
       <ProductVersion>
         <Major Minimum="2" />
       </ProductVersion>
@@ -443,7 +443,7 @@ Only the Minimum attribute is present. Maximum must be included in a range as we
 
 Only the Minor element is present. Major must be included as well.
 
-``` syntax
+```xml
       <ProductVersion>
         <Minor Minimum="0" Maximum="0" />
       </ProductVersion>
@@ -463,7 +463,7 @@ Including a FileVersion element for an application allows for more granular fine
 
 The child elements and syntax rules for FileVersion are identical to those of ProductVersion.
 
-``` syntax
+```xml
       <Process>
         <Filename>MSACCESS.EXE</Filename>
         <Architecture>Win32</Architecture>

windows/configuration/ue-v/uev-manage-administrative-backup-and-restore.md

@@ -26,7 +26,7 @@ As an administrator of User Experience Virtualization (UE-V), you can restore ap
 
 To restore settings when a user adopts a new device, you can put a settings location template in **backup** or **roam (default)** profile using the Set-UevTemplateProfile PowerShell cmdlet. This lets computer settings sync to the new computer, in addition to user settings. Templates assigned to the backup profile are backed up for that device and configured on a per-device basis. To backup settings for a template, use the following cmdlet in Windows PowerShell:
 
-``` syntax
+```powershell
 Set-UevTemplateProfile -ID <TemplateID> -Profile <backup>
 ```
 
@@ -38,7 +38,7 @@ When replacing a user’s device, UE-V automatically restores settings if the us
 
 You can also use the Windows PowerShell cmdlet, Restore-UevBackup, to restore settings from a different device. To clone the settings packages for the new device, use the following cmdlet in Windows PowerShell:
 
-``` syntax
+```powershell
 Restore-UevBackup -ComputerName <Computer name>
 ```
 

windows/configuration/ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md

@@ -172,7 +172,7 @@ The UE-V Windows PowerShell features enable you to manage a group of settings te
 
 4.  Unregister all the previously registered versions of the templates by typing the following command.
 
-    ``` syntax
+    ```powershell
     Unregister-UevTemplate -All
     ```
 
@@ -180,7 +180,7 @@ The UE-V Windows PowerShell features enable you to manage a group of settings te
 
 5.  Register the updated templates by typing the following command.
 
-    ``` syntax
+    ```powershell
     Register-UevTemplate <path to template folder>\*.xml
     ```
 
@@ -192,7 +192,7 @@ By listing a Windows app in the Windows app list, you specify whether that app i
 
 To display the Package Family Name of installed Windows apps, at a Windows PowerShell command prompt, enter:
 
-``` syntax
+```powershell
 Get-AppxPackage | Sort-Object PackageFamilyName | Format-Table PackageFamilyName
 ```
 

windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md

@@ -131,7 +131,7 @@ You can deploy UE-V settings location template with the following methods:
 
 -   **Registering template with PowerShell**. If you use Windows PowerShell to manage computers, run the following Windows PowerShell command as Administrator to register this settings location template:
 
-    ``` syntax
+    ```powershell
     Register-UevTemplate -Path <Path_to_Template>
     ```
 

windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md

@@ -48,7 +48,7 @@ When the database is populated, you can use the MDT simulation environment to si
 1.  On PC0001, log on as **CONTOSO\\MDT\_BA**.
 2.  Modify the C:\\MDT\\CustomSettings.ini file to look like the following:
 
-    ``` syntax
+    ```ini
     [Settings]
     Priority=CSettings, CRoles, RApplications, Default
     [Default]
@@ -113,7 +113,7 @@ When the database is populated, you can use the MDT simulation environment to si
 
 3.  Using an elevated Windows PowerShell prompt (run as Administrator), run the following commands. Press **Enter** after each command:
 
-    ``` syntax
+    ```powershell
     Set-Location C:\MDT
     .\Gather.ps1
 

windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md

@@ -87,7 +87,7 @@ Setting up DFS-R for replication is a quick and straightforward process. You pre
 When you have multiple deployment servers sharing the same content, you need to configure the Bootstrap.ini file with information about which server to connect to based on where the client is located. In MDT, that can be done by using the DefaultGateway property.
 1. On MDT01, using Notepad, navigate to the **E:\\MDTProduction\\Control** folder and modify the Boostrap.ini file to look like this:
 
-   ``` syntax
+   ```ini
    [Settings]
    Priority=DefaultGateway, Default
    [DefaultGateway]
@@ -153,7 +153,7 @@ When you have multiple deployment servers sharing the same content, you need to
     2.  In the **Advanced** tab, set the quota to **8192 MB**.
         In this scenario the size of the deployment share is known, but you might need to change the values for your environment. A good rule of thumb is to get the size of the 16 largest files and make sure they fit in the staging area. Here is a Windows PowerShell example that calculates the size of the 16 largest files in the E:\\MDTProduction deployment share:
         
-        ``` syntax
+        ```powershell
         (Get-ChildItem E:\MDTProduction -Recurse | Sort-Object Length -Descending | Select-Object -First 16 | Measure-Object -Property Length -Sum).Sum /1GB
         ```
 

windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md

@@ -36,7 +36,7 @@ Before adding the more advanced components like scripts, databases, and web serv
 
 If you have a small test environment, or simply want to assign settings to a very limited number of machines, you can edit the rules to assign settings directly for a given MAC Address. If you have many machines, it makes sense to use the database instead.
 
-``` syntax
+```ini
 [Settings]
 Priority=MacAddress, Default
 [Default]
@@ -51,7 +51,7 @@ In the preceding sample, you set the PC00075 computer name for a machine with a
 
 Another way to assign a computer name is to identify the machine via its serial number.
 
-``` syntax
+```ini
 [Settings]
 Priority=SerialNumber, Default
 [Default]
@@ -66,7 +66,7 @@ In this sample, you set the PC00075 computer name for a machine with a serial nu
 
 You also can configure the rules engine to use a known property, like a serial number, to generate a computer name on the fly.
 
-``` syntax
+```ini
 [Settings]
 Priority=Default
 [Default]
@@ -83,7 +83,7 @@ Be careful when using the serial number to assign computer names. A serial numbe
 
 To avoid assigning a computer name longer than 15 characters, you can configure the rules in more detail by adding VBScript functions, as follows:
 
-``` syntax
+```ini
 [Settings]
 Priority=Default
 [Default]
@@ -97,7 +97,7 @@ In the preceding sample, you still configure the rules to set the computer name
 
 In the rules, you find built-in properties that use a Windows Management Instrumentation (WMI) query to determine whether the machine you are deploying is a laptop, desktop, or server. In this sample, we assume you want to add laptops to different OUs in Active Directory. Note that ByLaptopType is not a reserved word; rather, it is the name of the section to read.
 
-``` syntax
+```ini
 [Settings]
 Priority=ByLaptopType, Default
 [Default]

windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md

@@ -23,7 +23,7 @@ In this topic, you will learn how to configure the MDT rules engine to use a Use
 
 You can call a UserExit by referencing the script in your rules. Then you can configure a property to be set to the result of a function of the VBScript. In this example, we have a VBScript named Setname.vbs (provided in the book sample files, in the UserExit folder).
 
-``` syntax
+```ini
 [Settings]
 Priority=Default
 [Default]
@@ -38,7 +38,7 @@ The UserExit=Setname.vbs calls the script and then assigns the computer name to
 
 The Setname.vbs script takes the MAC Address passed from the rules. The script then does some string manipulation to add a prefix (PC) and remove the semicolons from the MAC Address.
 
-``` syntax
+```vb
 Function UserExit(sType, sWhen, sDetail, bSkip) 
   UserExit = Success 
 End Function 

windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md

@@ -170,7 +170,7 @@ If you need to add many applications, you can take advantage of the PowerShell s
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Import the snap-in and create the PSDrive by running the following commands in an elevated PowerShell prompt:
 
-    ``` syntax
+    ```powershell
     Import-Module "C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1"
     New-PSDrive -Name "DS001" -PSProvider MDTProvider -Root "E:\MDTBuildLab"
     ```
@@ -182,7 +182,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1
 
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
 
-    ``` syntax
+    ```powershell
     $ApplicationName = "Install - Microsoft Visual C++ 2005 SP1 - x86"
     $CommandLine = "vcredist_x86.exe /Q"
     $ApplicationSourcePath = "E:\Downloads\VC++2005SP1x86"
@@ -196,7 +196,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
 
-    ``` syntax
+    ```powershell
     $ApplicationName = "Install - Microsoft Visual C++ 2005 SP1 - x64"
     $CommandLine = "vcredist_x64.exe /Q"
     $ApplicationSourcePath = "E:\Downloads\VC++2005SP1x64"
@@ -210,7 +210,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
 
-    ``` syntax
+    ```powershell
     $ApplicationName = "Install - Microsoft Visual C++ 2008 SP1 - x86"
     $CommandLine = "vcredist_x86.exe /Q"
     $ApplicationSourcePath = "E:\Downloads\VC++2008SP1x86"
@@ -224,7 +224,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
 
-    ``` syntax
+    ```powershell
     $ApplicationName = "Install - Microsoft Visual C++ 2008 SP1 - x64"
     $CommandLine = "vcredist_x64.exe /Q"
     $ApplicationSourcePath = "E:\Downloads\VC++2008SP1x64"
@@ -238,7 +238,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
 
-    ``` syntax
+    ```powershell
     $ApplicationName = "Install - Microsoft Visual C++ 2010 SP1 - x86"
     $CommandLine = "vcredist_x86.exe /Q"
     $ApplicationSourcePath = "E:\Downloads\VC++2010SP1x86"
@@ -252,7 +252,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
 
-    ``` syntax
+    ```powershell
     $ApplicationName = "Install - Microsoft Visual C++ 2010 SP1 - x64"
     $CommandLine = "vcredist_x64.exe /Q"
     $ApplicationSourcePath = "E:\Downloads\VC++2010SP1x64"
@@ -266,7 +266,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2012 Upda
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
 
-    ``` syntax
+    ```powershell
     $ApplicationName = "Install - Microsoft Visual C++ 2012 Update 4 - x86"
     $CommandLine = "vcredist_x86.exe /Q"
     $ApplicationSourcePath = "E:\Downloads\VC++2012Ux86"
@@ -280,7 +280,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2012 Upda
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
 
-    ``` syntax
+    ```powershell
     $ApplicationName = "Install - Microsoft Visual C++ 2012 Update 4 - x64"
     $CommandLine = "vcredist_x64.exe /Q"
     $ApplicationSourcePath = "E:\Downloads\VC++2012Ux64"
@@ -405,7 +405,7 @@ In MDT, there are always two rule files: the CustomSettings.ini file and the Boo
 For that reason, add only a minimal set of rules to Bootstrap.ini, such as which deployment server and share to connect to - the DEPLOYROOT value. Put the other rules in CustomSettings.ini because that file is updated immediately when you click OK. By taking the following steps, you will configure the rules for the MDT Build Lab deployment share:
 1.  Using the Deployment Workbench, right-click the **MDT Build Lab deployment share** and select **Properties**.
 2.  Select the **Rules** tab and modify using the following information:
-    ``` syntax
+    ```ini
     [Settings]
     Priority=Default
     [Default]
@@ -444,7 +444,7 @@ For that reason, add only a minimal set of rules to Bootstrap.ini, such as which
 
 3.  Click **Edit Bootstrap.ini** and modify using the following information:
 
-    ``` syntax
+    ```ini
     [Settings]
     Priority=Default
     [Default]
@@ -501,7 +501,7 @@ The CustomSettings.ini file is normally stored on the server, in the Deployment
 
 The Bootstrap.ini file is available via the deployment share's Properties dialog box, or via the E:\\MDTBuildLab\\Control folder on MDT01.
 
-``` syntax
+```ini
 [Settings]
 Priority=Default
 [Default]
@@ -529,7 +529,7 @@ So, what are these settings?
 
 The CustomSettings.ini file, whose content you see on the Rules tab of the deployment share Properties dialog box, contains most of the properties used in the configuration.
 
-``` syntax
+```ini
 [Settings]
 Priority=Default
 [Default]

windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md

@@ -175,7 +175,7 @@ When you import drivers to the MDT driver repository, MDT creates a single insta
         -   Surface Pro 3
 
 The preceding folder names are selected because they match the actual make and model values that MDT reads from the machines during deployment. You can find out the model values for your machines via the following command in Windows PowerShell:
-``` syntax
+```powershell
 Get-WmiObject -Class:Win32_ComputerSystem
 ```
 Or, you can use this command in a normal command prompt:
@@ -312,7 +312,7 @@ In this section, you will learn how to configure the MDT Build Lab deployment sh
 2. Right-click the **MDT Production** deployment share and select **Properties**.
 3. Select the **Rules** tab and modify using the following information:
 
-   ``` syntax
+   ```ini
    [Settings]
    Priority=Default
    [Default]
@@ -349,7 +349,7 @@ In this section, you will learn how to configure the MDT Build Lab deployment sh
    ```
 4. Click **Edit Bootstrap.ini** and modify using the following information:
 
-   ``` syntax
+   ```ini
    [Settings]
    Priority=Default
    [Default]
@@ -393,7 +393,7 @@ The rules for the MDT Production deployment share are somewhat different from th
 ### The Bootstrap.ini file
 
 This is the MDT Production Bootstrap.ini without the user credentials (except domain information):
-``` syntax
+```ini
 [Settings]
 Priority=Default
 [Default]
@@ -405,7 +405,7 @@ SkipBDDWelcome=YES
 ### The CustomSettings.ini file
 
 This is the CustomSettings.ini file with the new join domain information:
-``` syntax
+```ini
 [Settings]
 Priority=Default
 [Default]

windows/deployment/deploy-windows-mdt/integrate-configuration-manager-with-mdt.md

@@ -34,7 +34,7 @@ When MDT is integrated with Configuration Manager, the task sequence takes addit
 The task sequence uses instructions that allow you to reduce the number of task sequences in Configuration Manager and instead store settings outside the task sequence. Here are a few examples:
 -   The following settings instruct the task sequence to install the HP Hotkeys package, but only if the hardware is a HP EliteBook 8570w. Note that you don't have to add the package to the task sequence.
 
-    ``` syntax
+    ```ini
     [Settings] 
     Priority=Model
     [HP EliteBook 8570w] 
@@ -42,7 +42,7 @@ The task sequence uses instructions that allow you to reduce the number of task
     ```
 -   The following settings instruct the task sequence to put laptops and desktops in different organizational units (OUs) during deployment, assign different computer names, and finally have the task sequence install the Cisco VPN client, but only if the machine is a laptop.
 
-    ``` syntax
+    ```ini
     [Settings]
     Priority= ByLaptopType, ByDesktopType
     [ByLaptopType]

windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md

@@ -100,7 +100,7 @@ By default MDT stores the log files locally on the client. In order to capture a
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create and share the **E:\\Logs** folder by running the following commands in an elevated Windows PowerShell prompt:
 
-    ``` syntax
+    ```powershell
     New-Item -Path E:\Logs -ItemType directory
     New-SmbShare -Name Logs$ -Path E:\Logs -ChangeAccess EVERYONE
     icacls E:\Logs /grant '"MDT_BA":(OI)(CI)(M)'

windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md

@@ -42,7 +42,7 @@ When preparing for the computer replace, you need to create a folder in which to
 1. On MDT01, log on as **CONTOSO\\Administrator**.
 
 2. Create and share the **E:\\MigData** folder by running the following three commands in an elevated Windows PowerShell prompt:
-   ``` syntax
+   ```powershell
    New-Item -Path E:\MigData -ItemType directory
    New-SmbShare ?Name MigData$ ?Path E:\MigData 
    -ChangeAccess EVERYONE

windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md

@@ -39,7 +39,7 @@ For the purposes of this topic, you already will have either downloaded and inst
    Figure 6. The C:\\MDT folder with the files added for the simulation environment.
 
 10. Using an elevated Windows PowerShell prompt (run as Administrator), run the following commands. Press Enter after each command:
-    ``` syntax
+    ```powershell
     Set-Location C:\MDT
     .\Gather.ps1
     ```

windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md

@@ -92,7 +92,7 @@ Figure 20. The result from the MDT Sample web service.
 After verifying the web service using Internet Explorer, you are ready to do the same test in the MDT simulation environment.
 
 1. On PC0001, edit the CustomSettings.ini file in the **C:\\MDT** folder to look like the following:
-   ``` syntax
+   ```ini
    [Settings]
    Priority=Default, GetComputerName
    [Default]
@@ -108,7 +108,7 @@ After verifying the web service using Internet Explorer, you are ready to do the
 
 2. Save the CustomSettings.ini file.
 3. Using an elevated Windows PowerShell prompt (run as Administrator), run the following commands. Press **Enter** after each command:
-   ``` syntax
+   ```powershell
    Set-Location C:\MDT
    .\Gather.ps1
    ```

windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md

@@ -59,7 +59,7 @@ To support additional server-side logging in Configuration Manager, you create a
 
 2.  Type the following commands, pressing **Enter** after each one:
 
-    ``` syntax
+    ```powershell
     New-Item -Path E:\Logs -ItemType directory
     New-SmbShare -Name Logs$ -Path E:\Logs -ChangeAccess EVERYONE
     icacls E:\Logs /grant '"CM_NAA":(OI)(CI)(M)'
@@ -74,7 +74,7 @@ This section will show you how to configure the rules (the Windows 10 x64 Settin
 
 2. Using Notepad, edit the CustomSetting.ini file with the following settings:
 
-   ``` syntax
+   ```ini
    [Settings]
    Priority=Default
    Properties=OSDMigrateConfigFiles,OSDMigrateMode

windows/deployment/deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md

@@ -90,7 +90,7 @@ In order for the Configuration Manager Join Domain Account (CM\_JD) to join mach
 
 2. In an elevated Windows PowerShell prompt (run as Administrator), run the following commands, pressing **Enter** after each command:
 
-   ``` syntax
+   ```powershell
    Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
 
    Set-Location C:\Setup\Scripts

windows/deployment/deploy-windows-to-go.md

@@ -106,7 +106,7 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as
 
 2. In the Windows PowerShell session type the following commands to partition a master boot record (MBR) disk for use with a FAT32 system partition and an NTFS-formatted operating system partition. This disk layout can support computers that use either UEFI or BIOS firmware:
 
-    ``` syntax
+    ```powershell
    # The following command will set $Disk to all USB drives with >20 GB of storage
 
     $Disk = Get-Disk | Where-Object {$_.Path -match "USBSTOR" -and $_.Size -gt 20Gb -and -not $_.IsBoot }
@@ -161,7 +161,7 @@ W:\Windows\System32\bcdboot W:\Windows /f ALL /s S:
 
 5. Apply SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. This is done by creating and saving a **san\_policy.xml** file on the disk. The following example illustrates this step:
 
-    ``` syntax
+    ```xml
     <?xml version='1.0' encoding='utf-8' standalone='yes'?>
     <unattend xmlns="urn:schemas-microsoft-com:unattend">
       <settings pass="offlineServicing">
@@ -199,7 +199,7 @@ W:\Windows\System32\bcdboot W:\Windows /f ALL /s S:
 
 7. Create an answer file (unattend.xml) that disables the use of Windows Recovery Environment with Windows To Go. You can use the following code sample to create a new answer file or you can paste it into an existing answer file:
 
-    ``` syntax
+    ```xml
     <?xml version="1.0" encoding="utf-8"?>
     <unattend xmlns="urn:schemas-microsoft-com:unattend">
         <settings pass="oobeSystem">
@@ -312,7 +312,7 @@ Making sure that Windows To Go workspaces are effective when used off premises i
 
 4. From the Windows PowerShell command prompt run:
 
-    ``` syntax
+    ```powershell
    # The following command will set $Disk to all USB drives with >20 GB of storage
 
     $Disk = Get-Disk | Where-Object {$_.Path -match "USBSTOR" -and $_.Size -gt 20Gb -and -not $_.IsBoot }
@@ -367,7 +367,7 @@ dism /apply-image /imagefile:n:\imagefolder\deploymentimages\mywtgimage.wim /ind
 
 7. Next, we will need to edit the unattend.xml file to configure the first run (OOBE) settings. In this example we are hiding the Microsoft Software License Terms (EULA) page, configuring automatic updates to install important and recommended updates automatically, and identifying this workspace as part of a private office network. You can use other OOBE settings that you have configured for your organization if desired. For more information about the OOBE settings, see [OOBE](https://go.microsoft.com/fwlink/p/?LinkId=619172):
 
-   ``` syntax
+   ```xml
    <?xml version="1.0" encoding="utf-8"?>
    <unattend xmlns="urn:schemas-microsoft-com:unattend">
        <settings pass="oobeSystem">
@@ -460,7 +460,7 @@ BitLocker recovery keys are the keys that can be used to unlock a BitLocker prot
     >[!NOTE]
     >If you used the [manual method for creating a workspace](https://go.microsoft.com/fwlink/p/?LinkId=619174) you should have already provisioned the Windows To Go drive. If so, you can continue on to the next step.
 
-   ``` syntax
+   ```powershell
    # The following command will set $Disk to all USB drives with >20 GB of storage
 
     $Disk = Get-Disk | Where-Object {$_.Path -match "USBSTOR" -and $_.Size -gt 20Gb -and -not $_.IsBoot }
@@ -506,13 +506,13 @@ BitLocker recovery keys are the keys that can be used to unlock a BitLocker prot
 
 5. In the same PowerShell session use the following cmdlet to add a recovery key to the drive:
 
-   ``` syntax
+   ```powershell
    $BitlockerRecoveryProtector = Add-BitLockerKeyProtector W: -RecoveryPasswordProtector
    ```
 
 6. Next, use the following cmdlets to save the recovery key to a file:
 
-   ``` syntax
+   ```powershell
    #The BitLocker Recovery key is essential if for some reason you forget the BitLocker password
    #This recovery key can also be backed up into Active Directory using manage-bde.exe or the
    #PowerShell cmdlet Backup-BitLockerKeyProtector.
@@ -522,7 +522,7 @@ BitLocker recovery keys are the keys that can be used to unlock a BitLocker prot
 
 7. Then, use the following cmdlets to add the password as a secure string. If you omit the password the cmdlet will prompt you for the password before continuing the operation:
 
-   ``` syntax
+   ```powershell
    # Create a variable to store the password
    $spwd = ConvertTo-SecureString -String <password> -AsplainText –Force
    Enable-BitLocker W: -PasswordProtector $spwd
@@ -586,7 +586,7 @@ The sample script creates an unattend file that streamlines the deployment proce
 
 3. Configure the PowerShell execution policy. By default PowerShell’s execution policy is set to Restricted; that means that scripts won’t run until you have explicitly given them permission to. To configure PowerShell’s execution policy to allow the script to run, use the following command from an elevated PowerShell prompt:
 
-    ``` syntax
+    ```powershell
     Set-ExecutionPolicy RemoteSigned
     ```
 
@@ -601,7 +601,7 @@ The sample script creates an unattend file that streamlines the deployment proce
 
 #### Windows To Go multiple drive provisioning sample script
 
-``` syntax
+```powershell
 <#
 .SYNOPSIS
 Windows To Go multiple drive provisioning sample script.

windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md

@@ -146,7 +146,7 @@ You must ensure that you call the script at a time when it will receive elevated
 
 The following examples show an installation of a custom compatibility-fix database based on an .msi file.
 
-``` syntax
+```vb
 'InstallSDB.vbs
 Function Install
 Dim WshShell

windows/deployment/usmt/offline-migration-reference.md

@@ -104,7 +104,7 @@ It is possible to run the ScanState tool while the drive remains encrypted by su
 
 User-group membership is not preserved during offline migrations. You must configure a **<ProfileControl>** section in the Config.xml file to specify the groups that the migrated users should be made members of. The following example places all migrated users into the Users group:
 
-``` syntax
+```xml
 <Configuration>
 <ProfileControl>
     <localGroups>
@@ -242,7 +242,7 @@ Syntax: &lt;failOnMultipleWinDir&gt;1&lt;/failOnMultipleWinDir&gt; or Syntax: &l
 
 The following XML example illustrates some of the elements discussed earlier in this topic.
 
-``` syntax
+```xml
 <offline>
      <winDir>
           <path>C:\Windows</path> 

windows/deployment/usmt/understanding-migration-xml-files.md

@@ -319,7 +319,7 @@ MigXmlHelper.GenerateDocPatterns ("<ScanProgramFiles>", "<IncludePatterns>", "<S
 
 To create include data patterns for only the system drive:
 
-``` syntax
+```xml
 <include filter='MigXmlHelper.IgnoreIrrelevantLinks()'>
      <objectSet>
         <script>MigXmlHelper.GenerateDocPatterns ("FALSE","TRUE","TRUE")</script>
@@ -329,7 +329,7 @@ To create include data patterns for only the system drive:
 
 To create an include rule to gather files for registered extensions from the %PROGRAMFILES% directory:
 
-``` syntax
+```xml
 <include filter='MigXmlHelper.IgnoreIrrelevantLinks()'>
      <objectSet>
         <script>MigXmlHelper.GenerateDocPatterns ("TRUE","TRUE","FALSE")</script>
@@ -339,7 +339,7 @@ To create an include rule to gather files for registered extensions from the %PR
 
 To create exclude data patterns:
 
-``` syntax
+```xml
 <exclude filter='MigXmlHelper.IgnoreIrrelevantLinks()'>
      <objectSet>
         <script>MigXmlHelper.GenerateDocPatterns ("FALSE","FALSE","FALSE")</script>
@@ -440,7 +440,7 @@ To exclude the new text document.txt file as well as any .txt files in “new fo
 
 To exclude Rule 1, there needs to be an exact match of the file name. However, for Rule 2, you can create a pattern to exclude files by using the file name extension.
 
-``` syntax
+```xml
 <exclude>
      <objectSet>
         <pattern type="File">D:\Newfolder\[new text document.txt]</pattern>
@@ -453,7 +453,7 @@ To exclude Rule 1, there needs to be an exact match of the file name. However, f
 
 If you do not know the file name or location of the file, but you do know the file name extension, you can use the **GenerateDrivePatterns** function. However, the rule will be less specific than the default include rule generated by the MigDocs.xml file, so it will not have precedence. You must use the &lt;UnconditionalExclude&gt; element to give this rule precedence over the default include rule. For more information about the order of precedence for XML migration rules, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
 
-``` syntax
+```xml
 <unconditionalExclude>
      <objectSet>
         <script>MigXmlHelper.GenerateDrivePatterns ("*[*.txt]", "Fixed")</script>
@@ -465,7 +465,7 @@ If you do not know the file name or location of the file, but you do know the fi
 
 If you want the &lt;UnconditionalExclude&gt; element to apply to both the system and user context, you can create a third component using the **UserandSystem** context. Rules in this component will be run in both contexts.
 
-``` syntax
+```xml
 <component type="Documents" context="UserandSystem">
    <displayName>MigDocExcludes</displayName>
    <role role="Data">
@@ -490,7 +490,7 @@ The application data directory is the most common location that you would need t
 
 This rule will include .pst files that are located in the default location, but are not linked to Microsoft Outlook. Use the user context to run this rule for each user on the computer.
 
-``` syntax
+```xml
 <include filter='MigXmlHelper.IgnoreIrrelevantLinks()'>
      <objectSet>
         <pattern type="File">%CSIDL_LOCAL_APPDATA%\Microsoft\Outlook\*[*.pst]</pattern>
@@ -502,7 +502,7 @@ This rule will include .pst files that are located in the default location, but
 
 For locations outside the user profile, such as the Program Files folder, you can add the rule to the system context component.
 
-``` syntax
+```xml
 <include filter='MigXmlHelper.IgnoreIrrelevantLinks()'>
      <objectSet>
         <pattern type="File">%CSIDL_PROGRAM_FILES%\*[*.pst]</pattern>

windows/deployment/usmt/usmt-best-practices.md

@@ -98,7 +98,7 @@ As the authorized administrator, it is your responsibility to protect the privac
 
     Although it is not a requirement, it is good practice for <CustomFileName> to match the name of the file. For example, the following is from the MigApp.xml file:
 
-    ``` syntax
+    ```xml
     <?xml version="1.0" encoding="UTF-8"?>
     <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/migapp">
     ```

windows/deployment/usmt/usmt-configxml-file.md

@@ -95,7 +95,7 @@ The following example specifies that all locked files, regardless of their locat
 
 Additionally, the order in the **<ErrorControl>** section implies priority. In this example, the first **<nonFatal>** tag takes precedence over the second **<fatal>** tag. This precedence is applied, regardless of how many tags are listed.
 
-``` syntax
+```xml
 <ErrorControl>
   <fileError>
     <nonFatal errorCode="33">* [*]</nonFatal>
@@ -265,7 +265,7 @@ The **&lt;ErrorControl&gt;** section can be configured to conditionally ignore f
 
  
 
-``` syntax
+```xml
 <Policy>
    <HardLinkStoreControl>
       <fileLocked>

windows/deployment/usmt/usmt-conflicts-and-precedence.md

@@ -68,7 +68,7 @@ If you have an <include> rule in one component and a <locationModify&gt
 
 The following .xml file migrates all files from C:\\Userdocs, including .mp3 files, because the <exclude> rule is specified in a separate component.
 
-``` syntax
+```xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/UserDocs">
 <component type="Documents" context="System">
 <displayName>User Documents</displayName>
@@ -102,7 +102,7 @@ The following .xml file migrates all files from C:\\Userdocs, including .mp3 fil
 
 Specifying `migrate="no"` in the Config.xml file is the same as deleting the corresponding component from the migration .xml file. However, if you set `migrate="no"` for My Documents, but you have a rule similar to the one shown below in a migration .xml file (which includes all of the .doc files from My Documents), then only the .doc files will be migrated, and all other files will be excluded.
 
-``` syntax
+```xml
 <include>
    <objectSet>
       <pattern type="File">%CSIDL_PERSONAL%\* [*.doc] </pattern>
@@ -135,7 +135,7 @@ If there are conflicting rules within a component, the most specific rule is app
 
 In the following example, mp3 files will not be excluded from the migration. This is because directory names take precedence over the file extensions.
 
-``` syntax
+```xml
 <include>
      <objectSet>
           <pattern type="File">C:\Data\* [*]</pattern>
@@ -390,7 +390,7 @@ The destination computer contains the following files:
 
 You have a custom .xml file that contains the following code:
 
-``` syntax
+```xml
 <include> 
    <objectSet> 
       <pattern type="File">c:\data\* [*]</pattern> 

windows/deployment/usmt/usmt-custom-xml-examples.md

@@ -36,7 +36,7 @@ Because the tables in this topic are wide, you may need to adjust the width of i
 
 The following is a template for the sections that you need to migrate your application. The template is not functional on its own, but you can use it to write your own .xml file.
 
-``` syntax
+```xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/migtestapp">
   <component type="Application">
     <!-- Name of the application -->
@@ -195,7 +195,7 @@ This table describes the behavior in the following example .xml file.
 
  
 
-``` syntax
+```xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/testfilemig">
   <component type="Application" context="System">
    <displayName>File Migration Test</displayName>
@@ -231,7 +231,7 @@ This table describes the behavior in the following example .xml file.
 
 The behavior for this custom .xml file is described within the &lt;`displayName`&gt; tags in the code.
 
-``` syntax
+```xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
 
 <component type="Documents" context="System">

windows/deployment/usmt/usmt-hard-link-migration-store.md

@@ -209,7 +209,7 @@ You must use the **/nocompress** option with the **/HardLink** option.
 
 The following XML sample specifies that files locked by an application under the \\Users directory can remain in place during the migration. It also specifies that locked files that are not located in the \\Users directory should result in the **File in Use** error. It is important to exercise caution when specifying the paths using the **File in Use<createhardlink>** tag in order to minimize scenarios that make the hard-link migration store more difficult to delete.
 
-``` syntax
+```xml
 <Policies>
     <HardLinkStoreControl>
           <fileLocked>

windows/deployment/usmt/usmt-include-files-and-settings.md

@@ -37,7 +37,7 @@ In this topic:
 
 The following .xml file migrates a single registry key.
 
-``` syntax
+```xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
      <component type="Application" context="System">
           <displayName>Component to migrate only registry value string</displayName> 
@@ -63,7 +63,7 @@ The following examples show how to migrate a folder from a specific drive, and f
 
 -   **Including subfolders.** The following .xml file migrates all files and subfolders from C:\\EngineeringDrafts to the destination computer.
 
-    ``` syntax
+    ```xml
     <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
     <component type="Documents" context="System">
       <displayName>Component to migrate all Engineering Drafts Documents including subfolders</displayName>
@@ -82,7 +82,7 @@ The following examples show how to migrate a folder from a specific drive, and f
 
 -   **Excluding subfolders.** The following .xml file migrates all files from C:\\EngineeringDrafts, but it does not migrate any subfolders within C:\\EngineeringDrafts.
 
-    ``` syntax
+    ```xml
     <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
     <component type="Documents" context="System">
       <displayName>Component to migrate all Engineering Drafts Documents without subfolders</displayName>
@@ -103,7 +103,7 @@ The following examples show how to migrate a folder from a specific drive, and f
 
 The following .xml file migrates all files and subfolders of the EngineeringDrafts folder from any drive on the computer. If multiple folders exist with the same name, then all files with this name are migrated.
 
-``` syntax
+```xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
 <component type="Documents" context="System">
   <displayName>Component to migrate all Engineering Drafts Documents folder on any drive on the computer </displayName>
@@ -123,7 +123,7 @@ The following .xml file migrates all files and subfolders of the EngineeringDraf
 
 The following .xml file migrates all files and subfolders of the EngineeringDrafts folder from any location on the C:\\ drive. If multiple folders exist with the same name, they are all migrated.
 
-``` syntax
+```xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
 <component type="Documents" context="System">
   <displayName>Component to migrate all Engineering Drafts Documents EngineeringDrafts folder from where ever it exists on the C: drive </displayName>
@@ -146,7 +146,7 @@ The following .xml file migrates all files and subfolders of the EngineeringDraf
 
 The following .xml file migrates .mp3 files located in the specified drives on the source computer into the C:\\Music folder on the destination computer.
 
-``` syntax
+```xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
 <component type="Documents" context="System">
   <displayName>All .mp3 files to My Documents</displayName>
@@ -176,7 +176,7 @@ The following examples show how to migrate a file from a specific folder, and ho
 
 -   **To migrate a file from a folder.** The following .xml file migrates only the Sample.doc file from C:\\EngineeringDrafts on the source computer to the destination computer.
 
-    ``` syntax
+    ```xml
     <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
     <component type="Documents" context="System">
       <displayName>Component to migrate all Engineering Drafts Documents</displayName>
@@ -195,13 +195,13 @@ The following examples show how to migrate a file from a specific folder, and ho
 
 -   **To migrate a file from any location.** To migrate the Sample.doc file from any location on the C:\\ drive, use the &lt;pattern&gt; element, as the following example shows. If multiple files exist with the same name on the C:\\ drive, all of files with this name are migrated.
 
-    ``` syntax
+    ```xml
     <pattern type="File"> C:\* [Sample.doc] </pattern>
     ```
 
     To migrate the Sample.doc file from any drive on the computer, use &lt;script&gt; as the following example shows. If multiple files exist with the same name, all files with this name are migrated.
 
-    ``` syntax
+    ```xml
     <script>MigXmlHelper.GenerateDrivePatterns("* [sample.doc]", "Fixed")</script>
     ```
 

windows/deployment/usmt/usmt-log-files.md

@@ -294,7 +294,7 @@ To migrate these files you author the following migration XML:
 
 However, upon testing the migration you notice that the “New Text Document.txt” file isn’t included in the migration. To troubleshoot this failure, the migration can be repeated with the environment variable MIG\_ENABLE\_DIAG set such that the diagnostic log is generated. Upon searching the diagnostic log for the component “DATA1”, the following XML section is discovered:
 
-``` syntax
+```xml
 <MigUnitList>
 <MigUnit Name="&lt;System&gt;\DATA1 (CMXEAgent)" Context="System" ConfidenceLevel="100" Group="Applications" Role="UserData" Agent="CMXEAgent" Selected="true" Supported="true">
 <Patterns Type="Include">
@@ -315,13 +315,13 @@ Analysis of this XML section reveals the migunit that was created when the migra
 
 An analysis of the XML elements reference topic reveals that the &lt;pattern&gt; tag needs to be modified as follows:
 
-``` syntax
+```xml
 <pattern type="File">c:\data\* [*]</pattern>
 ```
 
 When the migration is preformed again with the modified tag, the diagnostic log reveals the following:
 
-``` syntax
+```xml
 <MigUnitList>
 <MigUnit Name="&lt;System&gt;\DATA1 (CMXEAgent)" Context="System" ConfidenceLevel="100" Group="Applications" Role="UserData" Agent="CMXEAgent" Selected="true" Supported="true">
 <Patterns Type="Include">
@@ -396,7 +396,7 @@ You author the following migration XML:
 
 However, upon testing the migration you notice that all the text files are still included in the migration. In order to troubleshoot this issue, the migration can be performed with the environment variable MIG\_ENABLE\_DIAG set so that the diagnostic log is generated. Upon searching the diagnostic log for the component “DATA1”, the following XML section is discovered:
 
-``` syntax
+```xml
 <MigUnitList>
 <MigUnit Name="&lt;System&gt;\DATA1 (CMXEAgent)" Context="System" ConfidenceLevel="100" Group="Applications" Role="UserData" Agent="CMXEAgent" Selected="true" Supported="true">
 <Patterns Type="Include">
@@ -453,7 +453,7 @@ Upon reviewing the diagnostic log, you confirm that the files are still migratin
 
 Your revised migration XML script excludes the files from migrating, as confirmed in the diagnostic log:
 
-``` syntax
+```xml
 <MigUnitList>
 <MigUnit Name="&lt;System&gt;\DATA1 (CMXEAgent)" Context="System" ConfidenceLevel="100" Group="Applications" Role="UserData" Agent="CMXEAgent" Selected="true" Supported="true">
 <Patterns Type="Include">

windows/deployment/usmt/usmt-reroute-files-and-settings.md

@@ -31,7 +31,7 @@ In this topic:
 
 The following custom .xml file migrates the directories and files from C:\\EngineeringDrafts into the My Documents folder of every user. %CSIDL\_PERSONAL% is the virtual folder representing the My Documents desktop item, which is equivalent to CSIDL\_MYDOCUMENTS.
 
-``` syntax
+```xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
 <component type="Documents" context="User">
   <displayName>Engineering Drafts Documents to Personal Folder</displayName>
@@ -60,7 +60,7 @@ The following custom .xml file migrates the directories and files from C:\\Engin
 
 The following custom .xml file reroutes .mp3 files located in the fixed drives on the source computer into the C:\\Music folder on the destination computer.
 
-``` syntax
+```xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
 <component type="Documents" context="System">
   <displayName>All .mp3 files to My Documents</displayName>
@@ -88,7 +88,7 @@ The following custom .xml file reroutes .mp3 files located in the fixed drives o
 
 The following custom .xml file migrates the Sample.doc file from C:\\EngineeringDrafts into the My Documents folder of every user. %CSIDL\_PERSONAL% is the virtual folder representing the My Documents desktop item, which is equivalent to CSIDL\_MYDOCUMENTS.
 
-``` syntax
+```xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
 <component type="Documents" context="User">
 <displayName>Sample.doc into My Documents</displayName>

windows/deployment/usmt/usmt-xml-elements-library.md

@@ -138,7 +138,7 @@ Syntax:
 
 The following example is from the MigApp.xml file:
 
-``` syntax
+```xml
 <addObjects>
    <object>
       <location type="Registry">%HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [UpgradeVersion]</location>
@@ -212,7 +212,7 @@ Syntax:
 
 The following example is from the MigApp.xml file:
 
-``` syntax
+```xml
 <object>
    <location type="Registry">%HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [Lang]</location>
    <attributes>DWORD</attributes>
@@ -275,7 +275,7 @@ Syntax:
 
 The following example is from the MigApp.xml file:
 
-``` syntax
+```xml
 <object>
    <location type="Registry">%HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [Lang]</location>
    <attributes>DWORD</attributes>
@@ -455,7 +455,7 @@ For example,
 
 In the code sample below, the &lt;condition&gt; elements, A and B, are joined together by the AND operator because they are in separate &lt;conditions&gt; sections. For example:
 
-``` syntax
+```xml
 <detection>
    <conditions>
       <condition>A</condition>
@@ -468,7 +468,7 @@ In the code sample below, the &lt;condition&gt; elements, A and B, are joined to
 
 However, in the code sample below, the &lt;condition&gt; elements, A and B, are joined together by the OR operator because they are in the same &lt;conditions&gt; section.
 
-``` syntax
+```xml
 <detection>
    <conditions>
       <condition>A</condition>
@@ -826,7 +826,7 @@ For example:
 ~~~
 For example:
 
-``` syntax
+```xml
 <condition negation="Yes">MigXmlHelper.DoesStringContentEqual("File","%USERNAME%","")</condition>
 ```
 ~~~
@@ -914,7 +914,7 @@ For example:
 ~~~
 For example:
 
-``` syntax
+```xml
 <objectSet>
      <condition negation="Yes">MigXmlHelper.IsSameObject("File","%CSIDL_FAVORITES%","%CSIDL_COMMON_FAVORITES%")</condition>
      <pattern type="File">%CSIDL_FAVORITES%\* [*]</pattern>
@@ -1055,7 +1055,7 @@ Syntax:
 
 The following example is from the MigApp.xml file:
 
-``` syntax
+```xml
 <environment name="GlobalEnv">
    <conditions>
       <condition negation="Yes">MigXmlHelper.IsNative64Bit()</condition>
@@ -1152,13 +1152,13 @@ The following functions generate patterns out of the content of an object. These
 ~~~
 For example:
 
-``` syntax
+```xml
 <content filter="MigXmlHelper.ExtractSingleFile(',','%system%')">
 ```
 
 and
 
-``` syntax
+```xml
 <content filter="MigXmlHelper.ExtractSingleFile(NULL,'%CSIDL_COMMON_FONTS%')">
 ```
 ~~~
@@ -1243,7 +1243,7 @@ and
 ~~~
 For example:
 
-``` syntax
+```xml
 <objectSet>
      <content filter='MigXmlHelper.ExtractDirectory (NULL, "1")'>
           <objectSet>
@@ -1365,7 +1365,7 @@ The following functions change the content of objects as they are migrated. Thes
 ~~~
 For example:
 
-``` syntax
+```xml
 <contentModify script="MigXmlHelper.ConvertToString('1')">
      <objectSet>
           <pattern type="Registry">HKCU\Control Panel\Desktop [ScreenSaveUsePassword]</pattern>
@@ -1622,7 +1622,7 @@ Syntax:
 
 The following code sample shows how the &lt;description&gt; element defines the "My custom component" description.:
 
-``` syntax
+```xml
 <description>My custom component<description>
 ```
 
@@ -1677,7 +1677,7 @@ Syntax:
 
 For example:
 
-``` syntax
+```xml
 <destinationCleanup>
    <objectSet>
       <pattern type="Registry">HKCU\Software\Lotus\123\99.0\DDE Preferences\* [*]</pattern>
@@ -1807,7 +1807,7 @@ Syntax:
 
 The following example is from the MigApp.xml file.
 
-``` syntax
+```xml
 <detects>
    <detect>
       <condition>MigXmlHelper.DoesFileVersionMatch("%Lotus123InstPath%\123w.exe","ProductVersion","9.*")</condition>
@@ -1878,7 +1878,7 @@ Syntax:
 
 For example:
 
-``` syntax
+```xml
 <detection name="AdobePhotoshopCS">
    <conditions>
       <condition>MigXmlHelper.DoesObjectExist("Registry","HKCU\Software\Adobe\Photoshop\8.0")</condition>
@@ -1889,7 +1889,7 @@ For example:
 
 and
 
-``` syntax
+```xml
 <role role="Settings">
    <detection>
       <conditions>
@@ -1945,7 +1945,7 @@ Syntax:
 
 For example:
 
-``` syntax
+```xml
 <displayName>Command Prompt settings</displayName>
 ```
 
@@ -2012,7 +2012,7 @@ Syntax:
 
 In this scenario, you want to generate the location of objects at run time depending on the configuration of the destination computer. For example, you must do this if an application writes data in the directory where it is installed, and users can install the application anywhere on the computer. If the application writes a registry value hklm\\software\\companyname\\install \[path\] and then updates this value with the location where the application is installed, then the only way for you to migrate the required data correctly is to define an environment variable. For example:
 
-``` syntax
+```xml
 <environment>
    <variable name="INSTALLPATH">
       <script>MigXmlHelper.GetStringContent("Registry","\software\companyname\install [path]")</script>
@@ -2022,7 +2022,7 @@ In this scenario, you want to generate the location of objects at run time depen
 
 Then you can use an include rule as follows. You can use any of the [&lt;script&gt; functions](#scriptfunctions) to perform similar tasks.
 
-``` syntax
+```xml
 <include>
    <objectSet>
       <pattern type="File">%INSTALLPATH%\ [*.xyz]</pattern>
@@ -2032,7 +2032,7 @@ Then you can use an include rule as follows. You can use any of the [&lt;script&
 
 Second, you can also filter registry values that contain data that you need. The following example extracts the first string (before the separator ",") in the value of the registry Hklm\\software\\companyname\\application\\ \[Path\].
 
-``` syntax
+```xml
 <environment>
    <variable name="APPPATH">
         <objectSet>
@@ -2050,7 +2050,7 @@ Second, you can also filter registry values that contain data that you need. The
 
 In this scenario, you want to migrate five files named File1.txt, File2.txt, and so on, from %SYSTEMDRIVE%\\data\\userdata\\dir1\\dir2\\. To do this you must have the following &lt;include&gt; rule in an .xml file:
 
-``` syntax
+```xml
 <include>
    <objectSet>
       <pattern type="File">%SYSTEMDRIVE%\data\userdata\dir1\dir2 [File1.txt]</pattern>
@@ -2064,7 +2064,7 @@ In this scenario, you want to migrate five files named File1.txt, File2.txt, and
 
 Instead of typing the path five times, you can create a variable for the location as follows:
 
-``` syntax
+```xml
 <environment>
    <variable name="DATAPATH">
       <text>%SYSTEMDRIVE%\data\userdata\dir1\dir2 </text>
@@ -2074,7 +2074,7 @@ Instead of typing the path five times, you can create a variable for the locatio
 
 Then, you can specify the variable in an &lt;include&gt; rule as follows:
 
-``` syntax
+```xml
 <include>
    <objectSet>
       <pattern type="File">%DATAPATH% [File1.txt]</pattern>
@@ -2133,7 +2133,7 @@ Syntax:
 
 For example, from the MigUser.xml file:
 
-``` syntax
+```xml
 <exclude>
    <objectSet>
       <pattern type="File">%CSIDL_MYMUSIC%\* [*]</pattern>
@@ -2190,7 +2190,7 @@ Syntax:
 
 Example:
 
-``` syntax
+```xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/miguser">
 <!-- This component migrates My Video files -->
    <component type="System" context="System">
@@ -2297,7 +2297,7 @@ Syntax:
 
 For example, if you want to migrate all \*.doc files from the source computer, specifying the following code under the &lt;component&gt; element:
 
-``` syntax
+```xml
 <extensions> 
         <extension>doc</extension> 
 <extensions> 
@@ -2305,7 +2305,7 @@ For example, if you want to migrate all \*.doc files from the source computer, s
 
 is the same as specifying the following code below the &lt;rules&gt; element:
 
-``` syntax
+```xml
 <include> 
         <objectSet> 
                 <script>MigXmlHelper.GenerateDrivePatterns ("* [*.doc]", "Fixed")</script> 
@@ -2418,7 +2418,7 @@ Syntax:
 
 The following example is from the MigUser.xml file:
 
-``` syntax
+```xml
 <component type="Documents" context="User">
    <displayName _locID="miguser.myvideo">My Video</displayName>
       <paths>
@@ -2501,7 +2501,7 @@ The following functions return a Boolean value. You can use them to migrate cert
 
     For example:
 
-    ``` syntax
+    ```xml
     <include filter='MigXmlHelper.IgnoreIrrelevantLinks()'>
          <objectSet>
               <pattern type="File">%CSIDL_COMMON_VIDEO%\* [*]</pattern>
@@ -2517,7 +2517,7 @@ The following functions return a Boolean value. You can use them to migrate cert
 
     In the following example, HKCU\\Control Panel\\International \[Locale\] will be included in the store, but it will not be migrated to the destination computer:
 
-    ``` syntax
+    ```xml
     <include filter="MigXmlHelper.NeverRestore()">
        <objectSet>
           <pattern type="Registry">HKCU\Control Panel\International [Locale]</pattern>
@@ -2634,7 +2634,7 @@ Syntax:
 
 The following example is from the MigApp.xml file:
 
-``` syntax
+```xml
 <addObjects>
    <object>
       <location type="Registry">%HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [UpgradeVersion]</location>
@@ -2695,7 +2695,7 @@ Syntax:
 
 The following example is from the MigApp.xml file:
 
-``` syntax
+```xml
 <locationModify script="MigXmlHelper.RelativeMove('%CSIDL_APPDATA%\Microsoft\Office','%CSIDL_APPDATA%')">
    <objectSet>
       <pattern type="File">%CSIDL_APPDATA%\Microsoft\Office\ [Access10.pip]</pattern>
@@ -2740,7 +2740,7 @@ The following functions change the location of objects as they are migrated when
 ~~~
 For example:
 
-``` syntax
+```xml
 <locationModify script="MigXmlHelper.ExactMove('HKCU\Keyboard Layout\Toggle [HotKey]')">
      <objectSet>
           <pattern type="Registry">HKCU\Keyboard Layout\Toggle []</pattern>
@@ -2817,7 +2817,7 @@ For example:
 ~~~
 For example:
 
-``` syntax
+```xml
 <include>
    <objectSet>
       <pattern type="File">%CSIDL_COMMON_FAVORITES%\* [*]</pattern>
@@ -2923,7 +2923,7 @@ Syntax:
 
 The following example is from the MigUser.xml file:
 
-``` syntax
+```xml
 <rules>
    <include filter='MigXmlHelper.IgnoreIrrelevantLinks()'>
       <objectSet>
@@ -2948,7 +2948,7 @@ These functions control how collisions are resolved.
 
     For example:
 
-    ``` syntax
+    ```xml
     <merge script="MigXmlHelper.DestinationPriority()">
          <objectSet>
               <pattern type="Registry">HKCU\Software\Microsoft\Office\9.0\PhotoDraw\ [MyPictures]</pattern>
@@ -3037,7 +3037,7 @@ These functions control how collisions are resolved.
 
     For example:
 
-    ``` syntax
+    ```xml
     <merge script="MigXmlHelper.SourcePriority()">
      <objectSet>
        <pattern type="Registry">%HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Publisher [UpgradeVersion]</pattern>
@@ -3097,7 +3097,7 @@ Syntax:
 
 The following example is from the MigApp.xml file:
 
-``` syntax
+```xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/migapp">
 </migration>
 ```
@@ -3138,7 +3138,7 @@ This filter helper function can be used to filter the migration of files based o
 
 
 
-``` syntax
+```xml
 <component context="System"  type="Application">
 <displayName>File_size</displayName>
 <role role="Data">
@@ -3194,7 +3194,7 @@ Syntax:
 
 The following example is from the MigApp.xml file:
 
-``` syntax
+```xml
 <addObjects>
    <object>
       <location type="Registry">%HklmWowSoftware%\Microsoft\Office\12.0\Common\Migration\Office [UpgradeVersion]</location>
@@ -3230,7 +3230,7 @@ Syntax:
 
 The following example is from the MigUser.xml file:
 
-``` syntax
+```xml
 <component type="Documents" context="User">
    <displayName _locID="miguser.mymusic">My Music</displayName>
       <paths>
@@ -3273,7 +3273,7 @@ This is an internal USMT element. Do not use this element.
 
 You can use this element to specify multiple objects. You can specify multiple &lt;pattern&gt; elements for each &lt;objectSet&gt; element and they will be combined. If you are specifying files, you may want to use GenerateDrivePatterns with &lt;script&gt; instead. GenerateDrivePatterns is basically the same as a &lt;pattern&gt; rule, without the drive letter specification. For example, the following two lines of code are similar:
 
-``` syntax
+```xml
 <pattern type="File">C:\Folder\* [Sample.doc]</pattern>
 <script>MigXmlHelper.GenerateDrivePatterns("\Folder\* [Sample.doc]","Fixed"</script>
 ```
@@ -3336,13 +3336,13 @@ For example:
 
 -   To migrate a single registry key:
 
-    ``` syntax
+    ```xml
     <pattern type="Registry">HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache [Persistent]</pattern>
     ```
 
 -   To migrate the EngineeringDrafts folder and any subfolders from the C: drive:
 
-    ``` syntax
+    ```xml
     <pattern type="File">C:\EngineeringDrafts\* [*]</pattern>
     ```
 
@@ -3352,13 +3352,13 @@ For example:
 
 -   To migrate the Sample.doc file from C:\\EngineeringDrafts:
 
-    ``` syntax
+    ```xml
     <pattern type="File"> C:\EngineeringDrafts\ [Sample.doc]</pattern>
     ```
 
 -   To migrate the Sample.doc file from where ever it exists on the C: drive use pattern in the following way. If multiple files exist with the same name on the C: drive, then all of these files will be migrated.
 
-    ``` syntax
+    ```xml
     <pattern type="File"> C:\* [Sample.doc] </pattern>
     ```
 
@@ -3484,7 +3484,7 @@ Syntax:
 
 The following example is from the MigUser.xml file. For more examples, see the MigApp.xml file:
 
-``` syntax
+```xml
 <component type="System" context="User">
    <displayName _locID="miguser.startmenu">Start Menu</displayName>
    <paths>
@@ -3571,7 +3571,7 @@ Syntax:
 
 The following example is from the MigUser.xml file:
 
-``` syntax
+```xml
 <component type="Documents" context="User">
    <displayName _locID="miguser.mymusic">My Music</displayName>
       <paths>
@@ -3679,7 +3679,7 @@ Examples:
 
 To migrate the Sample.doc file from any drive on the source computer, use &lt;script&gt; as follows. If multiple files exist with the same name, all such files will get migrated.
 
-``` syntax
+```xml
 <script>MigXmlHelper.GenerateDrivePatterns("* [sample.doc]", "Fixed")</script> 
 ```
 
@@ -3744,7 +3744,7 @@ These functions return either a string or a pattern.
 ~~~
 For example:
 
-``` syntax
+```xml
 <variable name="MSNMessengerInstPath">
 <script>MigXmlHelper.GetStringContent("Registry","%HklmWowSoftware%\Microsoft\MSNMessenger [InstallationDirectory]")</script>
 </variable>
@@ -3849,7 +3849,7 @@ If GenerateUserPattens('File','%userprofile% \[\*.doc\]','FALSE') is called whil
 
 The following is example code for this scenario. The first &lt;rules&gt; element migrates all.doc files on the source computer with the exception of those inside C:\\Documents and Settings. The second &lt;rules&gt; elements will migrate all .doc files from C:\\Documents and Settings with the exception of the .doc files in the profiles of the other users. Because the second &lt;rules&gt; element will be processed in each migrated user context, the end result will be the desired behavior. The end result is the one we expected.
 
-``` syntax
+```xml
 <rules context="System">
   <include>
     <objectSet>
@@ -3915,7 +3915,7 @@ This helper function invokes the document finder to scan the system for all file
 
 
 
-``` syntax
+```xml
  <!-- This component migrates data in user context -->
   <component type="Documents" context="User">
     <displayName>MigDocUser</displayName>
@@ -3942,7 +3942,7 @@ The following scripts have no return value. You can use the following errors wit
 
 -   **AskForLogoff()**. Prompts the user to log off at the end of the migration. For example:
 
-    ``` syntax
+    ```xml
          <processing when="apply-success">
               <script>MigXmlHelper.AskForLogoff()</script>
          </processing>
@@ -3952,7 +3952,7 @@ The following scripts have no return value. You can use the following errors wit
 
 -   **KillExplorer()**. Stops Explorer.exe for the current user context. This allows access to certain keys and files that are kept open when Explorer.exe is running. For example:
 
-    ``` syntax
+    ```xml
          <processing when="pre-apply">
               <script>MigXmlHelper.KillExplorer()</script>
          </processing>
@@ -3960,7 +3960,7 @@ The following scripts have no return value. You can use the following errors wit
 
 -   **RegisterFonts(FileEncodedLocation)**. Registers the given font or all of the fonts in the given directory. For example:
 
-    ``` syntax
+    ```xml
     <processing when="apply-success">
     <script>MigXmlHelper.RegisterFonts("%CSIDL_COMMON_FONTS%")</script>
     </processing>
@@ -3970,7 +3970,7 @@ The following scripts have no return value. You can use the following errors wit
 
 -   **RestartExplorer().** Restarts Explorer.exe at the end of the migration. For example:
 
-    ``` syntax
+    ```xml
          <processing when="post-apply">
               <script>MigXmlHelper.RestartExplorer()</script>
          </processing>
@@ -4020,7 +4020,7 @@ Syntax:
 
 For example:
 
-``` syntax
+```xml
 <variable name="QuickTime5or6DataSys">
   <text>%CSIDL_COMMON_APPDATA%\QuickTime</text> 
 </variable>
@@ -4045,7 +4045,7 @@ Syntax:
 
 The following .xml file excludes all .mp3 files from migration. For additional examples of how to use this element, see the [Exclude Files and Settings](usmt-exclude-files-and-settings.md).
 
-``` syntax
+```xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/excludefiles">
   <component context="System" type="Documents">
         <displayName>Test</displayName>
@@ -4116,7 +4116,7 @@ Syntax:
 
 The following example is from the MigApp.xml file:
 
-``` syntax
+```xml
 <environment>
    <variable name="HklmWowSoftware">
       <text>HKLM\Software</text>
@@ -4168,7 +4168,7 @@ Syntax:
 
 For example:
 
-``` syntax
+```xml
 <version>4.*</version>
 ```
 

windows/deployment/usmt/xml-file-requirements.md

@@ -20,20 +20,20 @@ When creating custom .xml files, note the following requirements:
 
 -   **The file must be in Unicode Transformation Format-8 (UTF-8).** You must save the file in this format, and you must specify the following syntax at the beginning of each .xml file:
 
-    ``` syntax
+    ```xml
     <?xml version="1.0" encoding="UTF-8"?>
     ```
 
 -   **The file must have a unique migration urlid**. The urlid of each file that you specify on the command line must be different. If two migration .xml files have the same urlid, the second .xml file that is specified on the command line will not be processed. This is because USMT uses the urlid to define the components within the file. For example, you must specify the following syntax at the beginning of each file:
 
-    ``` syntax
+    ```xml
     <?xml version="1.0" encoding="UTF-8"?>
     <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/<CustomFileName>">
     ```
 
 -   **Each component in the file must have a display name in order for it to appear in the Config.xml file.** This is because the Config.xml file defines the components by the display name and the migration urlid. For example, specify the following syntax:
 
-    ``` syntax
+    ```xml
     <displayName>My Application</displayName>
     ```
 

windows/deployment/volume-activation/use-vamt-in-windows-powershell.md

@@ -36,7 +36,7 @@ The Volume Activation Management Tool (VAMT) PowerShell cmdlets can be used to p
   cd “C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT 3.0”
   ```
 - Import the VAMT PowerShell module. To import the module, type the following at a command prompt:
-  ``` syntax
+  ```powershell
   Import-Module .\VAMT.psd1
   ```
   Where **Import-Module** imports a module only into the current session. To import the module into all sessions, add an **Import-Module** command to a Windows PowerShell profile. For more information about profiles, type `get-help about_profiles`.

windows/deployment/windows-deployment-scenarios-and-tools.md

@@ -43,7 +43,7 @@ Dism.exe /Online /Enable-Feature /FeatureName:NetFX3 /All /Source:D:\Sources\SxS
 
 In Windows 10, you can use Windows PowerShell for many of the functions performed by DISM.exe. The equivalent command in Windows 10 using PowerShell is:
 
-``` syntax
+```powershell
 Enable-WindowsOptionalFeature -Online -FeatureName NetFx3 -All 
 -Source D:\Sources\SxS -LimitAccess
 ```
@@ -132,7 +132,7 @@ Figure 6. The updated Volume Activation Management Tool.
 
 VAMT also can be used to create reports, switch from MAK to KMS, manage Active Directory-based activation, and manage Office 2010 and Office 2013 volume activation. VAMT also supports PowerShell (instead of the old command-line tool). For example, if you want to get information from the VAMT database, you can type:
 
-``` syntax
+```powershell
 Get-VamtProduct
 ```
 

windows/security/identity-protection/credential-guard/additional-mitigations.md

@@ -71,7 +71,7 @@ Then on the devices that are running Windows Defender Credential Guard, enroll t
 **Enrolling devices in a certificate**
 
 Run the following command:
-``` syntax
+```powershell
 CertReq -EnrollCredGuardCert MachineAuthentication
 ```
 
@@ -87,7 +87,7 @@ Beginning with the Windows Server 2008 R2 domain functional level, domain contro
 -   The [get-IssuancePolicy.ps1](#bkmk-getscript) shows all of the issuance policies that are available on the certificate authority.
     From a Windows PowerShell command prompt, run the following command:
 
-    ``` syntax
+    ```powershell
     .\get-IssuancePolicy.ps1 –LinkedToGroup:All
     ```
 
@@ -96,7 +96,7 @@ Beginning with the Windows Server 2008 R2 domain functional level, domain contro
 -   The [set-IssuancePolicyToGroupLink.ps1](#bkmk-setscript) creates a Universal security group, creates an organizational unit, and links the issuance policy to that Universal security group.
     From a Windows PowerShell command prompt, run the following command:
 
-    ``` syntax
+    ```powershell
     .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:"<name of issuance policy>" –groupOU:"<Name of OU to create>" –groupName:”<name of Universal security group to create>"
     ```
 
@@ -143,7 +143,7 @@ Here is a list of scripts mentioned in this topic.
 
 Save this script file as get-IssuancePolicy.ps1.
 
-``` syntax
+```powershell
 #######################################
 ##     Parameters to be defined      ##
 ##     by the user                   ##

windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md

@@ -96,7 +96,7 @@ Then on the devices that are running Windows Defender Credential Guard, enroll t
 **Enrolling devices in a certificate**
 
 Run the following command:
-``` syntax
+```powershell
 CertReq -EnrollCredGuardCert MachineAuthentication
 ```
 
@@ -112,7 +112,7 @@ Beginning with the Windows Server 2008 R2 domain functional level, domain contro
 -   The [get-IssuancePolicy.ps1](#bkmk-getscript) shows all of the issuance policies that are available on the certificate authority.
     From a Windows PowerShell command prompt, run the following command:
 
-    ``` syntax
+    ```powershell
     .\get-IssuancePolicy.ps1 –LinkedToGroup:All
     ```
 
@@ -121,7 +121,7 @@ Beginning with the Windows Server 2008 R2 domain functional level, domain contro
 -   The [set-IssuancePolicyToGroupLink.ps1](#bkmk-setscript) creates a Universal security group, creates an organizational unit, and links the issuance policy to that Universal security group.
     From a Windows PowerShell command prompt, run the following command:
 
-    ``` syntax
+    ```powershell
     .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:"<name of issuance policy>" –groupOU:"<Name of OU to create>" –groupName:”<name of Universal security group to create>"
     ```
 
@@ -172,7 +172,7 @@ Here is a list of scripts mentioned in this topic.
 
 Save this script file as get-IssuancePolicy.ps1.
 
-``` syntax
+```powershell
 #######################################
 ##     Parameters to be defined      ##
 ##     by the user                   ##
@@ -363,7 +363,7 @@ write-host "There are no issuance policies which are not mapped to groups"
 
 Save the script file as set-IssuancePolicyToGroupLink.ps1.
 
-``` syntax
+```powershell
 #######################################
 ##     Parameters to be defined      ##
 ##     by the user                   ##

windows/security/identity-protection/credential-guard/credential-guard-scripts.md

@@ -25,7 +25,7 @@ Here is a list of scripts mentioned in this topic.
 
 Save this script file as get-IssuancePolicy.ps1.
 
-``` syntax
+```powershell
 #######################################
 ##     Parameters to be defined      ##
 ##     by the user                   ##
@@ -216,7 +216,7 @@ write-host "There are no issuance policies which are not mapped to groups"
 
 Save the script file as set-IssuancePolicyToGroupLink.ps1.
 
-``` syntax
+```powershell
 #######################################
 ##     Parameters to be defined      ##
 ##     by the user                   ##

windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md

@@ -206,7 +206,7 @@ This command returns the volumes on the target, current encryption status and vo
 
 For example, suppose that you want to enable BitLocker on a computer without a TPM chip. To properly enable BitLocker for the operating system volume, you will need to use a USB flash drive as a startup key to boot (in this example, the drive letter E). You would first create the startup key needed for BitLocker using the –protectors option and save it to the USB drive on E: and then begin the encryption process. You will need to reboot the computer when prompted to complete the encryption process.
 
-``` syntax
+```powershell
 manage-bde –protectors -add C: -startupkey E:
 manage-bde -on C:
 ```
@@ -237,7 +237,7 @@ Data volumes use the same syntax for encryption as operating system volumes but
 
 A common protector for a data volume is the password protector. In the example below, we add a password protector to the volume and turn BitLocker on.
 
-``` syntax
+```powershell
 manage-bde -protectors -add -pw C:
 manage-bde -on C:
 ```
@@ -382,13 +382,13 @@ Occasionally, all protectors may not be shown when using <strong>Get-BitLockerVo
 
 If you wanted to remove the existing protectors prior to provisioning BitLocker on the volume, you can utilize the `Remove-BitLockerKeyProtector` cmdlet. Accomplishing this requires the GUID associated with the protector to be removed.
 A simple script can pipe the values of each **Get-BitLockerVolume** return out to another variable as seen below:
-``` syntax
+```powershell
 $vol = Get-BitLockerVolume
 $keyprotectors = $vol.KeyProtector
 ```
 Using this, we can display the information in the **$keyprotectors** variable to determine the GUID for each protector.
 Using this information, we can then remove the key protector for a specific volume using the command:
-``` syntax
+```powershell
 Remove-BitLockerKeyProtector <volume>: -KeyProtectorID "{GUID}"
 ```
 > **Note:**  The BitLocker cmdlet requires the key protector GUID enclosed in quotation marks to execute. Ensure the entire GUID, with braces, is included in the command.
@@ -398,19 +398,19 @@ Remove-BitLockerKeyProtector <volume>: -KeyProtectorID "{GUID}"
 Using the BitLocker Windows PowerShell cmdlets is similar to working with the manage-bde tool for encrypting operating system volumes. Windows PowerShell offers users a lot of flexibility. For example, users can add the desired protector as part command for encrypting the volume. Below are examples of common user scenarios and steps to accomplish them using the BitLocker cmdlets for Windows PowerShell.
 To enable BitLocker with just the TPM protector. This can be done using the command:
 
-``` syntax
+```powershell
 Enable-BitLocker C:
 ```
 The example below adds one additional protector, the StartupKey protectors, and chooses to skip the BitLocker hardware test. In this example, encryption starts immediately without the need for a reboot.
 
-``` syntax
+```powershell
 Enable-BitLocker C: -StartupKeyProtector -StartupKeyPath <path> -SkipHardwareTest
 ```
 ### Data volume
 
 Data volume encryption using Windows PowerShell is the same as for operating system volumes. You should add the desired protectors prior to encrypting the volume. The following example adds a password protector to the E: volume using the variable $pw as the password. The $pw variable is held as a SecureString value to store the user defined password. Last, encryption begins.
 
-``` syntax
+```powershell
 $pw = Read-Host -AsSecureString
 <user inputs password>
 Enable-BitLockerKeyProtector E: -PasswordProtector -Password $pw
@@ -423,12 +423,12 @@ The ADAccountOrGroup protector is an Active Directory SID-based protector. This
  
 To add an ADAccountOrGroup protector to a volume requires either the actual domain SID or the group name preceded by the domain and a backslash. In the example below, the CONTOSO\\Administrator account is added as a protector to the data volume G.
 
-``` syntax
+```powershell
 Enable-BitLocker G: -AdAccountOrGroupProtector -AdAccountOrGroup CONTOSO\Administrator
 ```
 For users who wish to use the SID for the account or group, the first step is to determine the SID associated with the account. To get the specific SID for a user account in Windows PowerShell, use the following command:
 
-``` syntax
+```powershell
 get-aduser -filter {samaccountname -eq "administrator"}
 ```
 > **Note:**  Use of this command requires the RSAT-AD-PowerShell feature.
@@ -437,7 +437,7 @@ get-aduser -filter {samaccountname -eq "administrator"}
  
 In the example below, the user wishes to add a domain SID based protector to the previously encrypted operating system volume. The user knows the SID for the user account or group they wish to add and uses the following command:
 
-``` syntax
+```powershell
 Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup "<SID>"
 ```
 > **Note:**  Active Directory-based protectors are normally used to unlock Failover Cluster enabled volumes.
@@ -469,7 +469,7 @@ Administrators who prefer a command line interface can utilize manage-bde to che
 
 To check the status of a volume using manage-bde, use the following command:
 
-``` syntax
+```powershell
 manage-bde -status <volume>
 ```
 > **Note:**  If no volume letter is associated with the -status command, all volumes on the computer display their status.
@@ -480,7 +480,7 @@ Windows PowerShell commands offer another way to query BitLocker status for volu
 
 Using the Get-BitLockerVolume cmdlet, each volume on the system will display its current BitLocker status. To get information that is more detailed on a specific volume, use the following command:
 
-``` syntax
+```powershell
 Get-BitLockerVolume <volume> -Verbose | fl
 ```
 This command will display information about the encryption method, volume type, key protectors, etc.
@@ -506,12 +506,12 @@ Once decryption is complete, the drive will update its status in the control pan
 
 Decrypting volumes using manage-bde is very straightforward. Decryption with manage-bde offers the advantage of not requiring user confirmation to start the process. Manage-bde uses the -off command to start the decryption process. A sample command for decryption is:
 
-``` syntax
+```powershell
 manage-bde -off C:
 ```
 This command disables protectors while it decrypts the volume and removes all protectors when decryption is complete. If a user wishes to check the status of the decryption, they can use the following command:
 
-``` syntax
+```powershell
 manage-bde -status C:
 ```
 ### Decrypting volumes using the BitLocker Windows PowerShell cmdlets
@@ -520,12 +520,12 @@ Decryption with Windows PowerShell cmdlets is straightforward, similar to manage
 
 Using the Disable-BitLocker command, they can remove all protectors and encryption at the same time without the need for additional commands. An example of this command is:
 
-``` syntax
+```powershell
 Disable-BitLocker
 ```
 If a user did not want to input each mount point individually, using the `-MountPoint` parameter in an array can sequence the same command into one line without requiring additional user input. An example command is:
 
-``` syntax
+```powershell
 Disable-BitLocker -MountPoint E:,F:,G:
 ```
 ## See also

windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md

@@ -52,14 +52,14 @@ The `servermanager` Windows PowerShell module can use either the `Install-Window
 
 By default, installation of features in Windows PowerShell does not include optional sub-features or management tools as part of the install process. This can be seen using the `-WhatIf` option in Windows PowerShell.
 
-``` syntax
+```powershell
 Install-WindowsFeature BitLocker -WhatIf
 ```
 The results of this command show that only the BitLocker Drive Encryption feature installs using this command.
 
 To see what would be installed with the BitLocker feature including all available management tools and sub-features, use the following command:
 
-``` syntax
+```powershell
 Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools -WhatIf | fl
 ```
 
@@ -75,7 +75,7 @@ The result of this command displays the following list of all the administration
 
 The command to complete a full installation of the BitLocker feature with all available features and then rebooting the server at completion is:
 
-``` syntax
+```powershell
 Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools -Restart
 ```
 
@@ -85,7 +85,7 @@ Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools -
 
 The `dism` Windows PowerShell module uses the `Enable-WindowsOptionalFeature` cmdlet to install features. The BitLocker feature name for BitLocker is `BitLocker`. The `dism` module does not support wildcards when searching for feature names. To list feature names for the `dism` module, use the `Get-WindowsOptionalFeatures` cmdlet. The following command will list all of the optional features in an online (running) operating system.
 
-``` syntax
+```powershell
 Get-WindowsOptionalFeature -Online | ft
 ```
 
@@ -93,13 +93,13 @@ From this output, we can see that there are three BitLocker related optional fea
 
 To install BitLocker using the `dism` module, use the following command:
 
-``` syntax
+```powershell
 Enable-WindowsOptionalFeature -Online -FeatureName BitLocker -All
 ```
 
 This command will prompt the user for a reboot. The Enable-WindowsOptionalFeature cmdlet does not offer support for forcing a reboot of the computer. This command does not include installation of the management tools for BitLocker. For a complete installation of BitLocker and all available management tools, use the following command:
 
-``` syntax
+```powershell
 Enable-WindowsOptionalFeature -Online -FeatureName BitLocker, BitLocker-Utilities -All
 ```
 ## More information

windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md

@@ -313,7 +313,7 @@ Troubleshooting Network Unlock issues begins by verifying the environment. Many
 - Verify the clients were rebooted after applying the policy.
 - Verify the **Network (Certificate Based)** protector is listed on the client. This can be done using either manage-bde or Windows PowerShell cmdlets. For example the following command will list the key protectors currently configured on the C: drive of the lcoal computer:
 
-  ``` syntax
+  ```powershell
   manage-bde –protectors –get C:
   ```
   >**Note:**  Use the output of manage-bde along with the WDS debug log to determine if the proper certificate thumbprint is being used for Network Unlock

windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md

@@ -278,26 +278,25 @@ You can reset the recovery password in two ways:
 
 1.  Remove the previous recovery password
 
-    ``` syntax
+    ```powershell
     Manage-bde –protectors –delete C: –type RecoveryPassword
     ```
 
 2.  Add the new recovery password
 
-    ``` syntax
+    ```powershell
     Manage-bde –protectors –add C: -RecoveryPassword
-
     ```
 
 3.  Get the ID of the new recovery password. From the screen copy the ID of the recovery password.
 
-    ``` syntax
+    ```powershell
     Manage-bde –protectors –get C: -Type RecoveryPassword
-
     ```
+
 4.  Backup the new recovery password to AD DS
 
-    ``` syntax
+    ```powershell
     Manage-bde –protectors –adbackup C: -id {EXAMPLE6-5507-4924-AA9E-AFB2EB003692}
     ```
     >**Warning:**  You must include the braces in the ID string.
@@ -315,7 +314,7 @@ You can reset the recovery password in two ways:
  
 You can use the following sample script to create a VBScript file to reset the recovery passwords.
 
-``` syntax
+```vb
 ' Target drive letter
 strDriveLetter = "c:"
 ' Target computer name
@@ -404,7 +403,7 @@ The following sample script exports all previously-saved key packages from AD D
 
 You can use the following sample script to create a VBScript file to retrieve the BitLocker key package from AD DS.
 
-``` syntax
+```vb
 ' --------------------------------------------------------------------------------
 ' Usage
 ' --------------------------------------------------------------------------------
@@ -551,7 +550,7 @@ The following sample script exports a new key package from an unlocked, encrypte
 
     **cscript GetBitLockerKeyPackage.vbs  -?**
 
-``` syntax
+```vb
 ' --------------------------------------------------------------------------------
 ' Usage
 ' --------------------------------------------------------------------------------

windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md

@@ -46,7 +46,7 @@ Listed below are examples of basic valid commands for operating system volumes.
 
 A good practice when using manage-bde is to determine the volume status on the target system. Use the following command to determine volume status:
 
-``` syntax
+```powershell
 manage-bde -status
 ```
 This command returns the volumes on the target, current encryption status, encryption method, and volume type (operating system or data) for each volume:
@@ -55,7 +55,7 @@ This command returns the volumes on the target, current encryption status, encry
 
 The following example illustrates enabling BitLocker on a computer without a TPM chip. Before beginning the encryption process you must create the startup key needed for BitLocker and save it to the USB drive. When BitLocker is enabled for the operating system volume, the BitLocker will need to access the USB flash drive to obtain the encryption key (in this example, the drive letter E represents the USB drive). You will be prompted to reboot to complete the encryption process.
 
-``` syntax
+```powershell
 manage-bde –protectors -add C: -startupkey E:
 manage-bde -on C:
 ```
@@ -64,7 +64,7 @@ manage-bde -on C:
  
 An alternative to the startup key protector on non-TPM hardware is to use a password and an **ADaccountorgroup** protector to protect the operating system volume. In this scenario, you would add the protectors first. This is done with the command:
 
-``` syntax
+```powershell
 manage-bde -protectors -add C: -pw -sid <user or group>
 ```
 
@@ -72,13 +72,13 @@ This command will require you to enter and then confirm the password protector b
 
 On computers with a TPM it is possible to encrypt the operating system volume without any defined protectors using manage-bde. The command to do this is:
 
-``` syntax
+```powershell
 manage-bde -on C:
 ```
 
 This will encrypt the drive using the TPM as the default protector. If you are not sure if a TPM protector is available, to list the protectors available for a volume, run the following command:
 
-``` syntax
+```powershell
  manage-bde -protectors -get <volume>
 ```
 ### Using manage-bde with data volumes
@@ -87,7 +87,7 @@ Data volumes use the same syntax for encryption as operating system volumes but
 
 A common protector for a data volume is the password protector. In the example below, we add a password protector to the volume and turn BitLocker on.
 
-``` syntax
+```powershell
 manage-bde -protectors -add -pw C:
 manage-bde -on C:
 ```
@@ -257,7 +257,7 @@ If you want to remove the existing protectors prior to provisioning BitLocker on
 
 A simple script can pipe the values of each Get-BitLockerVolume return out to another variable as seen below:
 
-``` syntax
+```powershell
 $vol = Get-BitLockerVolume
 $keyprotectors = $vol.KeyProtector
 ```
@@ -266,7 +266,7 @@ Using this, you can display the information in the $keyprotectors variable to de
 
 Using this information, you can then remove the key protector for a specific volume using the command:
 
-``` syntax
+```powershell
 Remove-BitLockerKeyProtector <volume>: -KeyProtectorID "{GUID}"
 ```
 
@@ -278,13 +278,13 @@ Using the BitLocker Windows PowerShell cmdlets is similar to working with the ma
 
 The following example shows how to enable BitLocker on an operating system drive using only the TPM protector:
 
-``` syntax
+```powershell
 Enable-BitLocker C:
-
 ```
+
 In the example below, adds one additional protector, the StartupKey protector and chooses to skip the BitLocker hardware test. In this example, encryption starts immediately without the need for a reboot.
 
-``` syntax
+```powershell
 Enable-BitLocker C: -StartupKeyProtector -StartupKeyPath <path> -SkipHardwareTest
 ```
 
@@ -293,7 +293,7 @@ Enable-BitLocker C: -StartupKeyProtector -StartupKeyPath <path> -SkipHardwareTes
 Data volume encryption using Windows PowerShell is the same as for operating system volumes. You should add the desired protectors prior to encrypting the volume. The following example adds a password protector to the E: volume using the variable $pw as the password. The $pw variable is held as a
 SecureString value to store the user defined password.
 
-``` syntax
+```powershell
 $pw = Read-Host -AsSecureString
 <user inputs password>
 Enable-BitLockerKeyProtector E: -PasswordProtector -Password $pw
@@ -306,7 +306,7 @@ The **ADAccountOrGroup** protector, introduced in Windows 8 and Windows Server 2
  
 To add an **ADAccountOrGroup** protector to a volume requires either the actual domain SID or the group name preceded by the domain and a backslash. In the example below, the CONTOSO\\Administrator account is added as a protector to the data volume G.
 
-``` syntax
+```powershell
 Enable-BitLocker G: -AdAccountOrGroupProtector -AdAccountOrGroup CONTOSO\Administrator
 ```
 
@@ -314,7 +314,7 @@ For users who wish to use the SID for the account or group, the first step is to
 
 >**Note:**  Use of this command requires the RSAT-AD-PowerShell feature.
  
-``` syntax
+```powershell
 get-aduser -filter {samaccountname -eq "administrator"}
 ```
 
@@ -322,7 +322,7 @@ get-aduser -filter {samaccountname -eq "administrator"}
  
 The following example adds an **ADAccountOrGroup** protector to the previously encrypted operating system volume using the SID of the account:
 
-``` syntax
+```powershell
 Add-BitLockerKeyProtector C: -ADAccountOrGroupProtector -ADAccountOrGroup S-1-5-21-3651336348-8937238915-291003330-500
 ```
 

windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md

@@ -66,13 +66,13 @@ BitLocker encryption is available for disks before or after addition to a cluste
 2.  Ensure the disk is formatted NTFS and has a drive letter assigned to it.
 3.  Identify the name of the cluster with Windows PowerShell.
 
-    ``` syntax
+    ```powershell
     Get-Cluster
-
     ```
+
 4.  Enable BitLocker on the volume of your choice with an **ADAccountOrGroup** protector, using the cluster name. For example, use a command such as:
 
-    ``` syntax
+    ```powershell
     Enable-BitLocker E: -ADAccountOrGroupProtector -ADAccountOrGroup CLUSTER$
     ```
 
@@ -88,32 +88,32 @@ When the cluster service owns a disk resource already, it needs to be set into m
 1.  Install the BitLocker Drive Encryption feature if it is not already installed.
 2.  Check the status of the cluster disk using Windows PowerShell.
 
-    ``` syntax
+    ```powershell
     Get-ClusterResource "Cluster Disk 1"
     ```
 
 3.  Put the physical disk resource into maintenance mode using Windows PowerShell.
 
-    ``` syntax
+    ```powershell
     Get-ClusterResource "Cluster Disk 1" | Suspend-ClusterResource
     ```
 
 4.  Identify the name of the cluster with Windows PowerShell.
 
-    ``` syntax
+    ```powershell
     Get-Cluster
     ```
 
 5.  Enable BitLocker on the volume of your choice with an **ADAccountOrGroup** protector, using the cluster name. For example, use a command such as:
 
-    ``` syntax
+    ```powershell
     Enable-BitLocker E: -ADAccountOrGroupProtector -ADAccountOrGroup CLUSTER$
     ```
     >**Warning:**  You must configure an **ADAccountOrGroup** protector using the cluster CNO for a BitLocker enabled volume to either be shared in a Cluster Shared Volume or to fail over properly in a traditional failover cluster.
      
 6.  Use **Resume-ClusterResource** to take the physical disk resource back out of maintenance mode:
 
-    ``` syntax
+    ```powershell
     Get-ClusterResource "Cluster Disk 1" | Resume-ClusterResource
     ```
 
@@ -146,7 +146,7 @@ You can also use manage-bde to enable BitLocker on clustered volumes. The steps
 6.  Once the disk is online in the storage pool, it can be added to a CSV by right clicking on the disk resource and choosing "**Add to cluster shared volumes**".
 CSVs can include both encrypted and unencrypted volumes. To check the status of a particular volume for BitLocker encryption, administrators can utilize the manage-bde -status command with a path to the volume inside the CSV namespace as seen in the example command line below.
 
-``` syntax
+```powershell
 manage-bde -status "C:\ClusterStorage\volume1"
 ```
 

windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md

@@ -413,7 +413,7 @@ Here are the minimum steps for WEF to operate:
 
 ## <a href="" id="bkmk-appendixe"></a>Appendix E – Annotated baseline subscription event query
 
-``` syntax
+```xml
 <QueryList>
   <Query Id="0" Path="System">
     <!-- Anti-malware *old* events, but only detect events (cuts down noise) -->
@@ -578,8 +578,7 @@ Here are the minimum steps for WEF to operate:
 
 ## <a href="" id="bkmk-appendixf"></a>Appendix F – Annotated Suspect Subscription Event Query
 
-``` syntax
+```xml
-
 <QueryList>
   <Query Id="0" Path="Security">
     <!-- Network logon events-->

windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md

@@ -41,6 +41,6 @@ You can also manually merge AppLocker policies. For the procedure to do this, se
 
 Gets the local AppLocker policy, and then merges the policy with the existing AppLocker policy in the GPO specified in the LDAP path.
 
-``` syntax
+```powershell
 C:\PS>Get-AppLockerPolicy -Local | Set-AppLockerPolicy -LDAP "LDAP://DC13.Contoso.com/CN={31B2F340-016D-11D2-945F-00C044FB984F9},CN=Policies,CN=System,DC=Contoso,DC=com" -Merge
 ```

windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md

@@ -80,7 +80,7 @@ This script does the following:
 
 Type each cmdlet on a single line, even though they may appear to wrap across several lines because of formatting constraints.
 
-``` syntax
+```powershell
 # Create a Security Group for the computers that will get the policy
 $pathname = (Get-ADDomain).distinguishedname
 New-ADGroup -name "IPsec client and servers" -SamAccountName "IPsec client and servers" `
@@ -120,7 +120,7 @@ Use a Windows PowerShell script similar to the following to create a local IPsec
 
 Type each cmdlet on a single line, even though they may appear to wrap across several lines because of formatting constraints.
 
-``` syntax
+```powershell
 #Set up the certificate
 $certprop = New-NetIPsecAuthProposal -machine -cert -Authority "DC=com, DC=contoso, DC=corp, CN=corp-APP1-CA"
 $myauth = New-NetIPsecPhase1AuthSet -DisplayName "IKEv2TestPhase1AuthSet" -proposal $certprop
@@ -173,7 +173,7 @@ Follow these procedures to verify and troubleshoot your IKEv2 IPsec connections:
 
 6.  Open the wfpdiag.xml file with your an XML viewer program or Notepad, and then examine the contents. There will be a lot of data in this file. One way to narrow down where to start looking is to search the last “errorFrequencyTable” at the end of the file. There might be many instances of this table, so make sure that you look at the last table in the file. For example, if you have a certificate problem, you might see the following entry in the last table at the end of the file:
 
-    ``` syntax
+    ```xml
     <item>
       <error>ERROR_IPSEC_IKE_NO_CERT</error>
       <frequency>32</frequency>

windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md

@@ -67,7 +67,7 @@ netsh advfirewall set allprofiles state on
 
 **Windows PowerShell**
 
-``` syntax
+```powershell
 Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True
 ```
 
@@ -88,7 +88,7 @@ netsh advfirewall set allprofiles logging filename %SystemRoot%\System32\LogFile
 
 Windows PowerShell
 
-``` syntax
+```powershell
 Set-NetFirewallProfile -DefaultInboundAction Block -DefaultOutboundAction Allow –NotifyOnListen True -AllowUnicastResponseToMulticast True –LogFileName %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log
 ```
 
@@ -140,7 +140,7 @@ netsh advfirewall firewall add rule name="Allow Inbound Telnet" dir=in program=
 
 Windows PowerShell
 
-``` syntax
+```powershell
 New-NetFirewallRule -DisplayName “Allow Inbound Telnet” -Direction Inbound -Program %SystemRoot%\System32\tlntsvr.exe -RemoteAddress LocalSubnet -Action Allow
 ```
 
@@ -157,7 +157,7 @@ netsh advfirewall firewall add rule name="Block Outbound Telnet" dir=out program
 
 Windows PowerShell
 
-``` syntax
+```powershell
 New-NetFirewallRule -DisplayName “Block Outbound Telnet” -Direction Outbound -Program %SystemRoot%\System32\tlntsvr.exe –Protocol TCP –LocalPort 23 -Action Block –PolicyStore domain.contoso.com\gpo_name
 ```
 
@@ -169,7 +169,7 @@ The following performs the same actions as the previous example (by adding a Tel
 
 Windows PowerShell
 
-``` syntax
+```powershell
 $gpo = Open-NetGPO –PolicyStore domain.contoso.com\gpo_name
 New-NetFirewallRule -DisplayName “Block Outbound Telnet” -Direction Outbound -Program %SystemRoot%\System32\telnet.exe –Protocol TCP –LocalPort 23 -Action Block –GPOSession $gpo
 Save-NetGPO –GPOSession $gpo
@@ -191,7 +191,7 @@ netsh advfirewall firewall set rule name="Allow Web 80" new remoteip=192.168.0.2
 
 Windows PowerShell
 
-``` syntax
+```powershell
 Set-NetFirewallRule –DisplayName “Allow Web 80” -RemoteAddress 192.168.0.2
 ```
 
@@ -205,7 +205,7 @@ In the following example, we assume the query returns a single firewall rule, wh
 
 Windows PowerShell
 
-``` syntax
+```powershell
 Get-NetFirewallPortFilter | ?{$_.LocalPort -eq 80} | Get-NetFirewallRule | ?{ $_.Direction –eq “Inbound” -and $_.Action –eq “Allow”} | Set-NetFirewallRule -RemoteAddress 192.168.0.2
 ```
 
@@ -213,7 +213,7 @@ You can also query for rules using the wildcard character. The following example
 
 Windows PowerShell
 
-``` syntax
+```powershell
 Get-NetFirewallApplicationFilter -Program "*svchost*" | Get-NetFirewallRule
 ```
 
@@ -223,7 +223,7 @@ In the following example, we add both inbound and outbound Telnet firewall rules
 
 Windows PowerShell
 
-``` syntax
+```powershell
 New-NetFirewallRule -DisplayName “Allow Inbound Telnet” -Direction Inbound -Program %SystemRoot%\System32\tlntsvr.exe -RemoteAddress LocalSubnet -Action Allow –Group “Telnet Management”
 New-NetFirewallRule -DisplayName “Block Outbound Telnet” -Direction Outbound -Program %SystemRoot%\System32\tlntsvr.exe -RemoteAddress LocalSubnet -Action Allow –Group “Telnet Management”
 ```
@@ -232,7 +232,7 @@ If the group is not specified at rule creation time, the rule can be added to th
 
 Windows PowerShell
 
-``` syntax
+```powershell
 $rule = Get-NetFirewallRule -DisplayName “Allow Inbound Telnet”
 $rule.Group = “Telnet Management”
 $rule | Set-NetFirewallRule
@@ -250,7 +250,7 @@ netsh advfirewall firewall set rule group="Windows Defender Firewall remote mana
 
 Windows PowerShell
 
-``` syntax
+```powershell
 Set-NetFirewallRule -DisplayGroup “Windows Defender Firewall Remote Management” –Enabled True
 ```
 
@@ -258,7 +258,7 @@ There is also a separate `Enable-NetFirewallRule` cmdlet for enabling rules by g
 
 Windows PowerShell
 
-``` syntax
+```powershell
 Enable-NetFirewallRule -DisplayGroup “Windows Defender Firewall Remote Management” -Verbose
 ```
 
@@ -276,7 +276,7 @@ netsh advfirewall firewall delete rule name=“Allow Web 80”
 
 Windows PowerShell
 
-``` syntax
+```powershell
 Remove-NetFirewallRule –DisplayName “Allow Web 80”
 ```
 
@@ -284,7 +284,7 @@ Like with other cmdlets, you can also query for rules to be removed. Here, all b
 
 Windows PowerShell
 
-``` syntax
+```powershell
 Remove-NetFirewallRule –Action Block
 ```
 
@@ -292,7 +292,7 @@ Note that it may be safer to query the rules with the **Get** command and save i
 
 Windows PowerShell
 
-``` syntax
+```powershell
 $x = Get-NetFirewallRule –Action Block
 $x
 $x[0-3] | Remove-NetFirewallRule
@@ -306,7 +306,7 @@ The following example returns all firewall rules of the persistent store on a de
 
 Windows PowerShell
 
-``` syntax
+```powershell
 Get-NetFirewallRule –CimSession RemoteDevice
 ```
 
@@ -314,7 +314,7 @@ We can perform any modifications or view rules on remote  devices by simply usin
 
 Windows PowerShell
 
-``` syntax
+```powershell
 $RemoteSession = New-CimSession –ComputerName RemoteDevice
 Remove-NetFirewallRule –DisplayName “AllowWeb80” –CimSession $RemoteSession -Confirm
 ```
@@ -342,7 +342,7 @@ netsh advfirewall consec add rule name="Require Inbound Authentication" endpoint
 
 Windows PowerShell
 
-``` syntax
+```powershell
 New-NetIPsecRule -DisplayName “Require Inbound Authentication” -PolicyStore domain.contoso.com\gpo_name
 ```
 
@@ -365,7 +365,7 @@ netsh advfirewall consec add rule name="Require Outbound Authentication" endpoin
 
 Windows PowerShell
 
-``` syntax
+```powershell
 $AHandESPQM = New-NetIPsecQuickModeCryptoProposal -Encapsulation AH,ESP –AHHash SHA1 -ESPHash SHA1 -Encryption DES3
 $QMCryptoSet = New-NetIPsecQuickModeCryptoSet –DisplayName “ah:sha1+esp:sha1-des3” -Proposal $AHandESPQM –PolicyStore domain.contoso.com\gpo_name
 New-NetIPsecRule -DisplayName “Require Inbound Authentication” -InboundSecurity Require -OutboundSecurity Request -QuickModeCryptoSet $QMCryptoSet.Name –PolicyStore domain.contoso.com\gpo_name
@@ -379,7 +379,7 @@ You can leverage IKEv2 capabilities in Windows Server 2012 by simply specifying
 
 Windows PowerShell
 
-``` syntax
+```powershell
 New-NetIPsecRule -DisplayName “Require Inbound Authentication” -InboundSecurity Require -OutboundSecurity Request –Phase1AuthSet MyCertAuthSet -KeyModule IKEv2 –RemoteAddress $nonWindowsGateway
 ```
 
@@ -395,7 +395,7 @@ Copying individual rules is a task that is not possible through the Netsh interf
 
 Windows PowerShell
 
-``` syntax
+```powershell
 $Rule = Get-NetIPsecRule –DisplayName “Require Inbound Authentication”
 $Rule | Copy-NetIPsecRule –NewPolicyStore domain.costoso.com\new_gpo_name
 $Rule | Copy-NetPhase1AuthSet –NewPolicyStore domain.costoso.com\new_gpo_name
@@ -407,7 +407,7 @@ To handle errors in your Windows PowerShell scripts, you can use the *–ErrorAc
 
 Windows PowerShell
 
-``` syntax
+```powershell
 Remove-NetFirewallRule –DisplayName “Contoso Messenger 98” –ErrorAction SilentlyContinue
 ```
 
@@ -415,7 +415,7 @@ Note that the use of wildcards can also suppress errors, but they could potentia
 
 Windows PowerShell
 
-``` syntax
+```powershell
 Remove-NetFirewallRule –DisplayName “Contoso Messenger 98*”
 ```
 
@@ -423,7 +423,7 @@ When using wildcards, if you want to double-check the set of rules that is match
 
 Windows PowerShell
 
-``` syntax
+```powershell
 Remove-NetFirewallRule –DisplayName “Contoso Messenger 98*” –WhatIf
 ```
 
@@ -431,7 +431,7 @@ If you only want to delete some of the matched rules, you can use the *–Confir
 
 Windows PowerShell
 
-``` syntax
+```powershell
 Remove-NetFirewallRule –DisplayName “Contoso Messenger 98*” –Confirm
 ```
 
@@ -439,7 +439,7 @@ You can also just perform the whole operation, displaying the name of each rule
 
 Windows PowerShell
 
-``` syntax
+```powershell
 Remove-NetFirewallRule –DisplayName “Contoso Messenger 98*” –Verbose
 ```
 
@@ -457,7 +457,7 @@ netsh advfirewall consec show rule name=all
 
 Windows PowerShell
 
-``` syntax
+```powershell
 Show-NetIPsecRule –PolicyStore ActiveStore
 ```
 
@@ -473,7 +473,7 @@ netsh advfirewall monitor show mmsa all
 
 Windows PowerShell
 
-``` syntax
+```powershell
 Get-NetIPsecMainModeSA
 ```
 
@@ -485,7 +485,7 @@ For objects that come from a GPO (the *–PolicyStoreSourceType* parameter is sp
 
 Windows PowerShell
 
-``` syntax
+```powershell
 Get-NetIPsecRule –DisplayName “Require Inbound Authentication” –TracePolicyStore
 ```
 
@@ -506,7 +506,7 @@ netsh advfirewall consec add rule name=“Basic Domain Isolation Policy” profi
 
 Windows PowerShell
 
-``` syntax
+```powershell
 $kerbprop = New-NetIPsecAuthProposal –Machine –Kerberos
 $Phase1AuthSet = New-NetIPsecPhase1AuthSet -DisplayName "Kerberos Auth Phase1" -Proposal $kerbprop –PolicyStore domain.contoso.com\domain_isolation
 New-NetIPsecRule –DisplayName “Basic Domain Isolation Policy” –Profile Domain –Phase1AuthSet $Phase1AuthSet.Name –InboundSecurity Require –OutboundSecurity Request –PolicyStore domain.contoso.com\domain_isolation
@@ -524,7 +524,7 @@ netsh advfirewall consec add rule name="Tunnel from 192.168.0.0/16 to 192.157.0.
 
 Windows PowerShell
 
-``` syntax
+```powershell
 $QMProposal = New-NetIPsecQuickModeCryptoProposal -Encapsulation ESP -ESPHash SHA1 -Encryption DES3
 $QMCryptoSet = New-NetIPsecQuickModeCryptoSet –DisplayName “esp:sha1-des3” -Proposal $QMProposal
 New-NetIPSecRule -DisplayName “Tunnel from HQ to Dallas Branch” -Mode Tunnel -LocalAddress 192.168.0.0/16 -RemoteAddress 192.157.0.0/16 -LocalTunnelEndpoint 1.1.1.1 -RemoteTunnelEndpoint 2.2.2.2 -InboundSecurity Require -OutboundSecurity Require -QuickModeCryptoSet $QMCryptoSet.Name
@@ -548,7 +548,7 @@ netsh advfirewall firewall add rule name="Allow Authenticated Telnet" dir=in pro
 
 Windows PowerShell
 
-``` syntax
+```powershell
 New-NetFirewallRule -DisplayName “Allow Authenticated Telnet” -Direction Inbound -Program %SystemRoot%\System32\tlntsvr.exe -Authentication Required -Action Allow
 ```
 
@@ -562,7 +562,7 @@ netsh advfirewall consec add rule name="Authenticate Both Computer and User" end
 
 Windows PowerShell
 
-``` syntax
+```powershell
 $mkerbauthprop = New-NetIPsecAuthProposal -Machine –Kerberos
 $mntlmauthprop = New-NetIPsecAuthProposal -Machine -NTLM
 $P1Auth = New-NetIPsecPhase1AuthSet -DisplayName “Machine Auth” –Proposal $mkerbauthprop,$mntlmauthprop
@@ -593,7 +593,7 @@ The following example shows you how to create an SDDL string that represents sec
 
 Windows PowerShell
 
-``` syntax
+```powershell
 $user = new-object System.Security.Principal.NTAccount (“corp.contoso.com\Administrators”)
 $SIDofSecureUserGroup = $user.Translate([System.Security.Principal.SecurityIdentifier]).Value
 $secureUserGroup = "D:(A;;CC;;;$SIDofSecureUserGroup)"
@@ -603,7 +603,7 @@ By using the previous scriptlet, you can also get the SDDL string for a secure c
 
 Windows PowerShell
 
-``` syntax
+```powershell
 $secureMachineGroup = "D:(A;;CC;;;$SIDofSecureMachineGroup)"
 ```
 
@@ -622,7 +622,7 @@ netsh advfirewall firewall add rule name=“Allow Encrypted Inbound Telnet to Gr
 
 Windows PowerShell
 
-``` syntax
+```powershell
 New-NetFirewallRule -DisplayName "Allow Encrypted Inbound Telnet to Group Members Only" -Program %SystemRoot%\System32\tlntsvr.exe -Protocol TCP -Direction Inbound -Action Allow -LocalPort 23 -Authentication Required -Encryption Required –RemoteUser $secureUserGroup –PolicyStore domain.contoso.com\Server_Isolation
 ```
 
@@ -634,7 +634,7 @@ In this example, we set the global IPsec setting to only allow transport mode tr
 
 Windows PowerShell
 
-``` syntax
+```powershell
 Set-NetFirewallSetting -RemoteMachineTransportAuthorizationList $secureMachineGroup
 ```
 
@@ -653,7 +653,7 @@ netsh advfirewall firewall add rule name="Inbound Secure Bypass Rule" dir=in sec
 
 Windows PowerShell
 
-``` syntax
+```powershell
 New-NetFirewallRule –DisplayName “Inbound Secure Bypass Rule" –Direction Inbound –Authentication Required –OverrideBlockRules $true -RemoteMachine $secureMachineGroup –RemoteUser $secureUserGroup –PolicyStore domain.contoso.com\domain_isolation
 ```