**Important**
The data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
## Getting ready to use Enterprise Site Discovery
+Before you can start to collect your data, you must run the provided PowerShell script (IETelemetrySetUp.ps1) on your client devices to start generating the site discovery data and to set up a place to store this data locally. Then, you must start collecting the site discovery data from the client devices, using one of these three options:
+
+- Collect your hardware inventory using the MOF Editor, while connecting to a client device.
+-OR- +- Collect your hardware inventory using the MOF Editor with a .MOF import file.
+-OR- +- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only) + +### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes.
**Important**
You must run this script if you’re using WMI as your data output. It's not necessary if you're using XML as your data output.
-  **To set up Enterprise Site Discovery**
+ **To set up Enterprise Site Discovery**
-- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](http://go.microsoft.com/fwlink/p/?linkid=517460).
-
-### Optional: Set up your firewall for WMI data
+- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](http://go.microsoft.com/fwlink/p/?linkid=517460).
+### WMI only: Set up your firewall for WMI data
If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps:
-  **To set up your firewall**
+ **To set up your firewall**
-1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
+1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
-2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
+2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
-3. Restart your computer to start collecting your WMI data.
+3. Restart your computer to start collecting your WMI data.
-## Setting up Enterprise Site Discovery using PowerShell
-After you finish the initial setup for Site Discovery using PowerShell, you have the option to continue with PowerShell or to switch to Group Policy.
+## Use PowerShell to finish setting up Enterprise Site Discovery
+You can determine which zones or domains are used for data collection, using PowerShell. If you don’t want to use PowerShell, you can do this using Group Policy. For more info, see [Use Group Policy to finish setting up Enterprise Site Discovery](#use-group-policy-to-finish-setting-up-enterprise-site-discovery).
**Important**
The .ps1 file updates turn on Enterprise Site Discovery and WMI collection for all users on a device.
-### Setting up zones or domains for data collection
-You can determine which zones or domains are used for data collection, using PowerShell.
+- **Domain allow list.** If you have a domain allow list, a comma-separated list of domains that should have this feature turned on, you should use this process.
-- **Domain allow list.** If you have a domain allow list, a comma-separated list of domains that should have this feature turned on, you should use this process.
-
-- **Zone allow list.** If you have a zone allow list, a comma-separated list of zones that should have this feature turned on, you should use this process.
+- **Zone allow list.** If you have a zone allow list, a comma-separated list of zones that should have this feature turned on, you should use this process.
 **To set up data collection using a domain allow list**
-
-- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
-
**Important**
Wildcards, like \*.microsoft.com, aren’t supported.
+
+ - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
+
+ **Important**
Wildcards, like \*.microsoft.com, aren’t supported.
 **To set up data collection using a zone allow list**
+
+ - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
+
+ **Important**
Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
-- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
-
**Important**
Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
-
-## Setting up Enterprise Site Discovery using Group Policy
-If you don’t want to continue using PowerShell, you can switch to Group Policy after the initial Site Discovery setup.
+## Use Group Policy to finish setting up Enterprise Site Discovery
+You can use Group Policy to finish setting up Enterprise Site Discovery. If you don’t want to use Group Policy, you can do this using PowerShell. For more info, see [Use Powershell to finish setting up Enterprise Site Discovery](#use-powershell-to-finish-setting-up-enterprise-site-discovery).
**Note**
All of the Group Policy settings can be used individually or as a group.
 **To set up Enterprise Site Discovery using Group Policy**
@@ -136,7 +143,6 @@ If you don’t want to continue using PowerShell, you can switch to Group Policy
|Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by domain |Manages which domains can collect data |To specify which domains can collect data, you must include your selected domains, one domain per line, in the provided box. It should look like:
microsoft.sharepoint.com
outlook.com
onedrive.com
timecard.contoso.com
LOBApp.contoso.com |
### Combining WMI and XML Group Policy settings
-
You can use both the WMI and XML settings individually or together, based on:
 **To turn off Enterprise Site Discovery**
@@ -163,12 +169,17 @@ You can use both the WMI and XML settings individually or together, based on:
+-OR- +- Collect your hardware inventory using the MOF Editor with a .MOF import file.
+-OR-
+- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
+
+### Collect your hardware inventory using the MOF Editor while connected to a client device
+You can collect your hardware inventory using the MOF Editor, while you’re connected to your client devices.
 **To collect your inventory**
@@ -193,8 +204,8 @@ You can collect your hardware inventory using the MOF Editor, while you’re con
5. Click **OK** to close the default windows.
Your environment is now ready to collect your hardware inventory and review the sample reports.
-### Collect your hardware inventory using the MOF Editor with a MOF import file
-You can collect your hardware inventory using the MOF Editor and a MOF import file.
+### Collect your hardware inventory using the MOF Editor with a .MOF import file
+You can collect your hardware inventory using the MOF Editor and a .MOF import file.
 **To collect your inventory**
@@ -207,8 +218,8 @@ You can collect your hardware inventory using the MOF Editor and a MOF import fi
4. Click **OK** to close the default windows.
Your environment is now ready to collect your hardware inventory and review the sample reports.
-### Collect your hardware inventory using the SMS\DEF.MOF file
-You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file.
+### Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
+You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for System Center Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option.
 **To collect your inventory**
@@ -281,7 +292,7 @@ You can collect your hardware inventory using the using the Systems Management S
3. Save the file and close it to the same location.
Your environment is now ready to collect your hardware inventory and review the sample reports.
-### Viewing the sample reports
+## View the sample reports with your collected data
The sample reports, **SCCM Report Sample – ActiveX.rdl** and **SCCM Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data.
### SCCM Report Sample – ActiveX.rdl
@@ -336,7 +347,7 @@ Each site is validated and if successful, added to the global site list when you
3. Click **OK** to close the **Bulk add sites to the list** menu.
-## Turn off data collection on your client computers
+## Turn off data collection on your client devices
After you’ve collected your data, you’ll need to turn Enterprise Site Discovery off.
 **To stop collecting data, using PowerShell**
diff --git a/mdop/TOC.md b/mdop/TOC.md
index ebafec6c21..56e5ab8cd5 100644
--- a/mdop/TOC.md
+++ b/mdop/TOC.md
@@ -3,10 +3,12 @@
## [Application Virtualization]()
### [Application Virtualization 5](appv-v5/)
### [Application Virtualization 4](appv-v4/)
+### [SoftGrid Application Virtualization](softgrid-application-virtualization.md)
## [Diagnostics and Recovery Toolset]()
### [Diagnostics and Recovery Toolset 10](dart-v10/)
### [Diagnostics and Recovery Toolset 8](dart-v8/)
### [Diagnostics and Recovery Toolset 7](dart-v7/)
+### [Diagnostics and Recovery Toolset 6.5](dart-v65.md)
## [Microsoft Bitlocker Administration and Monitoring]()
### [Microsoft Bitlocker Administration and Monitoring 2.5](mbam-v25/)
### [Microsoft Bitlocker Administration and Monitoring 2](mbam-v2/)
diff --git a/mdop/agpm/resources-for-agpm.md b/mdop/agpm/resources-for-agpm.md
index a87c1701fd..def2f4bf52 100644
--- a/mdop/agpm/resources-for-agpm.md
+++ b/mdop/agpm/resources-for-agpm.md
@@ -12,10 +12,6 @@ author: jamiejdt
- [Advanced Group Policy Management 4.0 documents](http://go.microsoft.com/fwlink/?LinkID=158931)
-- [Advanced Group Policy Management 3.0 documents](http://go.microsoft.com/fwlink/?LinkID=158930)
-
-- [Advanced Group Policy Management 2.5 documents](http://go.microsoft.com/fwlink/?LinkId=163556)
-
### Microsoft Desktop Optimization Pack resources
- [Microsoft Desktop Optimization Pack (MDOP) for Software Assurance TechCenter](http://go.microsoft.com/fwlink/?LinkID=159870) (http://www.microsoft.com/technet/mdop): Links to MDOP videos and resources.
diff --git a/mdop/appv-v5/about-client-configuration-settings51.md b/mdop/appv-v5/about-client-configuration-settings51.md
index e8512afd4f..f77a20a083 100644
--- a/mdop/appv-v5/about-client-configuration-settings51.md
+++ b/mdop/appv-v5/about-client-configuration-settings51.md
@@ -15,444 +15,46 @@ The Microsoft Application Virtualization (App-V) 5.1 client stores its configura
The following table displays information about the App-V 5.1 client configuration settings:
-
| Setting Name | -Setup Flag | -Description | -Setting Options | -Registry Key Value | -Disabled Policy State Keys and Values | -
|---|---|---|---|---|---|
PackageInstallationRoot |
-PACKAGEINSTALLATIONROOT |
-Specifies directory where all new applications and updates will be installed. |
-String |
-Streaming\PackageInstallationRoot |
-Policy value not written (same as Not Configured) |
-
PackageSourceRoot |
-PACKAGESOURCEROOT |
-Overrides source location for downloading package content. |
-String |
-Streaming\PackageSourceRoot |
-Policy value not written (same as Not Configured) |
-
AllowHighCostLaunch |
-Not available. |
-This setting controls whether virtualized applications are launched on Windows 10 machines connected via a metered network connection (For example, 4G). |
-True (enabled); False (Disabled state) |
-Streaming\AllowHighCostLaunch |
-0 |
-
ReestablishmentRetries |
-Not available. |
-Specifies the number of times to retry a dropped session. |
-Integer (0-99) |
-Streaming\ReestablishmentRetries |
-Policy value not written (same as Not Configured) |
-
ReestablishmentInterval |
-Not available. |
-Specifies the number of seconds between attempts to reestablish a dropped session. |
-Integer (0-3600) |
-Streaming\ReestablishmentInterval |
-Policy value not written (same as Not Configured) |
-
AutoLoad |
-AUTOLOAD |
-Specifies how new packages should be loaded automatically by App-V on a specific computer. |
-(0x0) None; (0x1) Previously used; (0x2) All |
-Streaming\AutoLoad |
-Policy value not written (same as Not Configured) |
-
LocationProvider |
-Not available. |
-Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface. |
-String |
-Streaming\LocationProvider |
-Policy value not written (same as Not Configured) |
-
CertFilterForClientSsl |
-Not available. |
-Specifies the path to a valid certificate in the certificate store. |
-String |
-Streaming\CertFilterForClientSsl |
-Policy value not written (same as Not Configured) |
-
VerifyCertificateRevocationList |
-Not available. |
-Verifies Server certificate revocation status before steaming using HTTPS. |
-True(enabled); False(Disabled state) |
-Streaming\VerifyCertificateRevocationList |
-0 |
-
SharedContentStoreMode |
-SHAREDCONTENTSTOREMODE |
-Specifies that streamed package contents will be not be saved to the local hard disk. |
-True(enabled); False(Disabled state) |
-Streaming\SharedContentStoreMode |
-0 |
-
Name -
-Note
-
-This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet. -
-
- |
-PUBLISHINGSERVERNAME |
-Displays the name of publishing server. |
-String |
-Publishing\Servers\{serverId}\FriendlyName |
-Policy value not written (same as Not Configured) |
-
URL -
-Note
-
-This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet. -
-
- |
-PUBLISHINGSERVERURL |
-Displays the URL of publishing server. |
-String |
-Publishing\Servers\{serverId}\URL |
-Policy value not written (same as Not Configured) |
-
GlobalRefreshEnabled -
-Note
-
-This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet. -
-
- |
-GLOBALREFRESHENABLED |
-Enables global publishing refresh (Boolean) |
-True(enabled); False(Disabled state) |
-Publishing\Servers\{serverId}\GlobalEnabled |
-False |
-
GlobalRefreshOnLogon -
-Note
-
-This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet. -
-
- |
-GLOBALREFRESHONLOGON |
-Triggers a global publishing refresh on logon. ( Boolean) |
-True(enabled); False(Disabled state) |
-Publishing\Servers\{serverId}\GlobalLogonRefresh |
-False |
-
GlobalRefreshInterval -
-Note
-
-This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet. -
-
- |
-GLOBALREFRESHINTERVAL |
-Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0. |
-Integer (0-744 |
-Publishing\Servers\{serverId}\GlobalPeriodicRefreshInterval |
-0 |
-
GlobalRefreshIntervalUnit -
-Note
-
-This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet. -
-
- |
-GLOBALREFRESHINTERVALUNI |
-Specifies the interval unit (Hour 0-23, Day 0-31). |
-0 for hour, 1 for day |
-Publishing\Servers\{serverId}\GlobalPeriodicRefreshIntervalUnit |
-1 |
-
UserRefreshEnabled -
-Note
-
-This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet. -
-
- |
-USERREFRESHENABLED |
-Enables user publishing refresh (Boolean) |
-True(enabled); False(Disabled state) |
-Publishing\Servers\{serverId}\UserEnabled |
-False |
-
UserRefreshOnLogon -
-Note
-
-This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet. -
-
- |
-USERREFRESHONLOGON |
-Triggers a user publishing refresh onlogon. ( Boolean) -Word count (with spaces): 60 |
-True(enabled); False(Disabled state) |
-Publishing\Servers\{serverId}\UserLogonRefresh |
-False |
-
UserRefreshInterval -
-Note
-
-This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet. -
-
- |
-USERREFRESHINTERVAL |
-Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. -Word count (with spaces): 85 |
-Integer (0-744 Hours) |
-Publishing\Servers\{serverId}\UserPeriodicRefreshInterval |
-0 |
-
UserRefreshIntervalUnit -
-Note
-
-This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet. -
-
- |
-USERREFRESHINTERVALUNIT |
-Specifies the interval unit (Hour 0-23, Day 0-31). |
-0 for hour, 1 for day |
-Publishing\Servers\{serverId}\UserPeriodicRefreshIntervalUnit |
-1 |
-
MigrationMode |
-MIGRATIONMODE |
-Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created using a previous version of App-V. |
-True(enabled state); False (disabled state) |
-Coexistence\MigrationMode |
-- |
CEIPOPTIN |
-CEIPOPTIN |
-Allows the computer running the App-V 5.1 Client to collect and return certain usage information to help allow us to further improve the application. |
-0 for disabled; 1 for enabled |
-SOFTWARE/Microsoft/AppV/CEIP/CEIPEnable |
-0 |
-
EnablePackageScripts |
-ENABLEPACKAGESCRIPTS |
-Enables scripts defined in the package manifest of configuration files that should run. |
-True(enabled); False(Disabled state) |
-\Scripting\EnablePackageScripts |
-- |
RoamingFileExclusions |
-ROAMINGFILEEXCLUSIONS |
-Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /ROAMINGFILEEXCLUSIONS='desktop;my pictures' |
-- | - | - |
RoamingRegistryExclusions |
-ROAMINGREGISTRYEXCLUSIONS |
-Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients |
-String |
-Integration\RoamingReglstryExclusions |
-Policy value not written (same as Not Configured) |
-
IntegrationRootUser |
-Not available. |
-Specifies the location to create symbolic links associated with the current version of a per-user published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %localappdata%\Microsoft\AppV\Client\Integration. |
-String |
-Integration\IntegrationRootUser |
-Policy value not written (same as Not Configured) |
-
IntegrationRootGlobal |
-Not available. |
-Specifies the location to create symbolic links associated with the current version of a globally published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %allusersprofile%\Microsoft\AppV\Client\Integration |
-String |
-Integration\IntegrationRootGlobal |
-Policy value not written (same as Not Configured) |
-
VirtualizableExtensions |
-Not available. |
-A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment. -When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the RunVirtual command line parameter will be added, and the application will run virtually. -For more information about the RunVirtual parameter, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md). |
-String |
-Integration\VirtualizableExtensions |
-Policy value not written |
-
ReportingEnabled |
-Not available. |
-Enables the client to return information to a reporting server. |
-True (enabled); False (Disabled state) |
-Reporting\EnableReporting |
-False |
-
ReportingServerURL |
-Not available. |
-Specifies the location on the reporting server where client information is saved. |
-String |
-Reporting\ReportingServer |
-Policy value not written (same as Not Configured) |
-
ReportingDataCacheLimit |
-Not available. |
-Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024. |
-Integer [0-1024] |
-Reporting\DataCacheLimit |
-Policy value not written (same as Not Configured) |
-
ReportingDataBlockSize |
-Not available. |
-Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited. |
-Integer [1024 - Unlimited] |
-Reporting\DataBlockSize |
-Policy value not written (same as Not Configured) |
-
ReportingStartTime |
-Not available. |
-Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0-23 corresponding to the hour of the day. By default the ReportingStartTime will start on the current day at 10 P.M.or 22. -
-Note
-
-You should configure this setting to a time when computers running the App-V 5.1 client are least likely to be offline. -
-
- |
-Integer (0 – 23) |
-Reporting\ StartTime |
-Policy value not written (same as Not Configured) |
-
ReportingInterval |
-Not available. |
-Specifies the retry interval that the client will use to resend data to the reporting server. |
-Integer |
-Reporting\RetryInterval |
-Policy value not written (same as Not Configured) |
-
ReportingRandomDelay |
-Not available. |
-Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and ReportingRandomDelay and will wait the specified duration before sending data. This can help to prevent collisions on the server. |
-Integer [0 - ReportingRandomDelay] |
-Reporting\RandomDelay |
-Policy value not written (same as Not Configured) |
-
EnableDynamicVirtualization -
-Important
-
-This setting is available only with App-V 5.0 SP2 or later. -
-
- |
-Not available. |
-Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications. |
-1 (Enabled), 0 (Disabled) |
-HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Virtualization |
-- |
EnablePublishingRefreshUI -
-Important
-
-This setting is available only with App-V 5.0 SP2. -
-
- |
-Not available. |
-Enables the publishing refresh progress bar for the computer running the App-V 5.1 Client. |
-1 (Enabled), 0 (Disabled) |
-HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Publishing |
-- |
HideUI -
-Important
-
-This setting is available only with App-V 5.0 SP2. -
-
- |
-Not available. |
-Hides the publishing refresh progress bar. |
-1 (Enabled), 0 (Disabled) |
-- | - |
ProcessesUsingVirtualComponents |
-Not available. |
-Specifies a list of process paths (that may contain wildcards), which are candidates for using dynamic virtualization (supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization. |
-String |
-Virtualization\ProcessesUsingVirtualComponents |
-Empty string. |
-
| Parameter | -Description | -
|---|---|
RecoveryServiceEndPoint |
- A string specifying the MBAM recovery service endpoint. |
-
| Common return values | -Error message | -
|---|---|
S_OK -0 (0x0) |
- The method was successful |
-
MBAM_E_TPM_NOT_PRESENT -2147746304 (0x80040200) |
- TPM is not present in the computer or is disabled in the BIOS configuration. |
-
MBAM_E_TPM_INCORRECT_STATE -2147746305 (0x80040201) |
- TPM is not in the correct state (enabled, activated and owner installation allowed). |
-
MBAM_E_TPM_AUTO_PROVISIONING_PENDING -2147746306 (0x80040202) |
- MBAM cannot take ownership of TPM because auto-provisioning is pending. Try again after auto-provisioning is completed. |
-
MBAM_E_TPM_OWNERAUTH_READFAIL -2147746307 (0x80040203) |
- MBAM cannot read the TPM owner authorization value. The value might have been removed after a successful escrow. On Windows 7, MBAM cannot read the value if the TPM is owned by others. |
-
MBAM_E_REBOOT_REQUIRED -2147746308 (0x80040204) |
- The computer must be restarted to set TPM to the correct state. You might need to manually reboot the computer. |
-
MBAM_E_SHUTDOWN_REQUIRED -2147746309 (0x80040205) |
- The computer must be shut down and turned back on to set TPM to the correct state. You might need to manually reboot the computer. |
-
WS_E_ENDPOINT_ACCESS_DENIED -2151481349 (0x803D0005) |
- Access was denied by the remote endpoint. |
-
WS_E_ENDPOINT_NOT_FOUND -2151481357 (0x803D000D) |
- The remote endpoint does not exist or could not be located. |
-
WS_E_ENDPOINT_FAILURE -2151481357 (0x803D000F) |
- The remote endpoint could not process the request. |
-
WS_E_ENDPOINT_UNREACHABLE -2151481360 (0x803D0010) |
- The remote endpoint was not reachable. |
-
WS_E_ENDPOINT_FAULT_RECEIVED -2151481363 (0x803D0013) |
- A message containing a fault was received from the remote endpoint. Make sure you are connecting to the correct service endpoint. |
-
WS_E_INVALID_ENDPOINT_URL -2151481376 (0x803D0020) |
- The endpoint address URL is not valid. The URL must start with “http” or “https”. |
-
| Parameter | -Description | -
|---|---|
ReportingServiceEndPoint |
- A string specifying the MBAM status reporting service endpoint. |
-
| Common return values | -Error message | -
|---|---|
S_OK -0 (0x0) |
- The method was successful |
-
WS_E_ENDPOINT_ACCESS_DENIED -2151481349 (0x803D0005) |
- Access was denied by the remote endpoint. |
-
WS_E_ENDPOINT_NOT_FOUND -2151481357 (0x803D000D) |
- The remote endpoint does not exist or could not be located. |
-
WS_E_ENDPOINT_FAILURE -2151481357 (0x803D000F) |
- The remote endpoint could not process the request. |
-
WS_E_ENDPOINT_UNREACHABLE -2151481360 (0x803D0010) |
- The remote endpoint was not reachable. |
-
WS_E_ENDPOINT_FAULT_RECEIVED -2151481363 (0x803D0013) |
- A message containing a fault was received from the remote endpoint. Make sure you are connecting to the correct service endpoint. |
-
WS_E_INVALID_ENDPOINT_URL -2151481376 (0x803D0020) |
- The endpoint address URL is not valid. The URL must start with “http” or “https”. |
-
| Parameter | -Description | -
|---|---|
RecoveryServiceEndPoint |
- A string specifying the MBAM recovery service endpoint. |
-
| Common return values | -Error message | -
|---|---|
S_OK -0 (0x0) |
- The method was successful |
-
FVE_E_LOCKED_VOLUME -2150694912 (0x80310000) |
- The volume is locked. |
-
FVE_E_PROTECTOR_NOT_FOUND -2150694963 (0x80310033) |
- A Numerical Password protector was not found for the volume. |
-
WS_E_ENDPOINT_ACCESS_DENIED -2151481349 (0x803D0005) |
- Access was denied by the remote endpoint. |
-
WS_E_ENDPOINT_NOT_FOUND -2151481357 (0x803D000D) |
- The remote endpoint does not exist or could not be located. |
-
WS_E_ENDPOINT_FAILURE -2151481357 (0x803D000F) |
- The remote endpoint could not process the request. |
-
WS_E_ENDPOINT_UNREACHABLE -2151481360 (0x803D0010) |
- The remote endpoint was not reachable. |
-
WS_E_ENDPOINT_FAULT_RECEIVED -2151481363 (0x803D0013) |
- A message containing a fault was received from the remote endpoint. Make sure you are connecting to the correct service endpoint. |
-
WS_E_INVALID_ENDPOINT_URL -2151481376 (0x803D0020) |
- The endpoint address URL is not valid. The URL must start with “http” or “https”. |
-
Windows® XP Professional
X
Windows XP Professional x64 Edition
X
32-bit versions of Windows Vista
X
X
64-bit versions of Windows Vista
X
X
32-bit versions of Windows 7
Indicates a folder where files and settings will be saved. Note that StorePath cannot be c:\. You must specify the StorePath option in the ScanState command, except when using the /genconfig option. You cannot specify more than one StorePath location.
/apps
Scans the image for apps and includes them and their associated registry settings.
/ppkg [<FileName>]
Exports to a specific file location.
/o
Required to overwrite any existing data in the migration store or Config.xml file. If not specified, the ScanState command will fail if the migration store already contains data. You cannot use this option more than once on a command line.
|
-
|
-
|
-
[Protect your enterprise data using enterprise data protection (EDP)](protect-enterprise-data-using-edp.md)
With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures to their personal email account, copies and pastes product info to a public Yammer group or tweet, or saves an in-progress sales report to their public cloud storage.
With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.
[Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md)