diff --git a/browsers/internet-explorer/internet-explorer.yml b/browsers/internet-explorer/internet-explorer.yml index 4c11b5c85e..7a2759960e 100644 --- a/browsers/internet-explorer/internet-explorer.yml +++ b/browsers/internet-explorer/internet-explorer.yml @@ -1,69 +1,174 @@ -### YamlMime:YamlDocument +### YamlMime:Landing -documentType: LandingData -title: Internet Explorer 11 +title: Internet Explorer 11 documentation +summary: Consistent, reliable web browsing on Windows 7, Windows 8.1, and Windows 10, with the security, performance, backward compatibility, and modern standards support that large organizations need. metadata: - document_id: - title: Internet Explorer 11 - description: Consistent, reliable web browsing on Windows 7, Windows 8.1, and Windows 10, with the security, performance, backward compatibility, and modern standards support that large organizations need. - keywords: Internet Explorer 11. IE11 - ms.localizationpriority: medium - author: lizap + title: Internet Explorer 11 documentation + description: Consistent, reliable web browsing on Windows 7, Windows 8.1, and Windows 10, with the security, performance, backward compatibility, and modern standards support that large organizations need. + ms.topic: landing-page + author: lizap ms.author: elizapo - manager: dougkim - ms.topic: article - ms.devlang: na + ms.date: 07/06/2020 -sections: -- items: - - type: markdown - text: " - Consistent, reliable web browsing on Windows 7, Windows 8.1, and Windows 10, with the security, performance, backward compatibility, and modern standards support that large organizations need. - " -- title: Explore -- items: - - type: markdown - text: " - Find tools, step-by-step guides, updates, and other resources to help you get started.
- -

**Get started**
Get information om tools, frequently asked questions, requirements, and guidelines.
IE11 features and tools
System requirements and language support
Frequently asked questions
Internet Explorer 11 deployment guide
Use Enterprise Mode to improve compatibility
Lifecycle FAQ - Internet Explorer
**Downloads and tools**
Find tools and resources to help you address compatibility and get up to date.
Download IE11 with Windows 10
Enterprise Mode Site List Manager (schema, v.2)
Web Application Compatibility Lab Kit
Cumulative security updates for Internet Explorer 11
**Find training**
Find online training and hands-on labs for common configuration and management tasks.
Getting started with Windows 10 for IT professionals
Windows 10: Top Features for IT Pros
Manage and modernize Internet Explorer with Enterprise Mode
Virtual Lab: Enterprise Mode
- " -- title: Plan -- items: - - type: markdown - text: " - Find information and tips to help you assess compatibility and prioritize processes as you plan for Internet Explorer 11.
- -

**Get started with compatibility**
Find out how to extend your company's investment in older web apps through higher compatibility with older rendering engines while moving forward to a more modern browser like Internet Explorer 11.
What is Enterprise Mode?
Tips and tricks to manage Internet Explorer compatibility
Download the Enterprise Site Discovery Toolkit
Collect data using Enterprise Site Discovery
Manage Windows upgrades with Upgrade Readiness
Demo: Plan and manage Windows 10 upgrades and feature updates with Upgrade Readiness
**Using Enterprise Mode**
Learn how to avoid the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer by using Enterprise Mode.
Turn on Enterprise Mode and use a site list
Add sites to the Enterprise Mode site list
Edit the Enterprise Mode site list
Turn on local control and logging for Enterprise Mode
- " -- title: Deploy -- items: - - type: markdown - text: " - Find the resources you need to successfully deploy Internet Explorer 11 in your organization.
- -

**Customize Internet Explorer 11**
The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. You can use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after deployment.
Download IEAK 11
IEAK 11 user's guide
Frequently asked questions about IEAK 11
Customization and distribution guidelines
**Install Internet Explorer 11**
Explore the different options for installation.
Through Automatic Updates (recommended)
As part of an operating system deployment
Over the network
With System Center 2012 R2 Configuration Manager
With Windows Server Update Services (WSUS)
With Microsoft Intune
With third-party tools
- " -- title: Manage -- items: - - type: markdown - text: " - Find everything you need to manage Internet Explorer 11 effectively in your organization. Get information on Group Policy, blocked out-of-date ActiveX controls, scripts, and more.
- -

**Enforce settings with Group Policy**
Learn how to use Group Policy to enforce settings on the computers in your organization.
Group Policy for beginners
New Group Policy settings for IE11
Administrative templates for IE11
**Standardize with Group Policy preferences**
Group Policy preferences simplify deployment and standardize configurations, but unlike Group Policy, they can later be changed by users.
Group Policy preferences for IE11
Configure Group Policy preferences

**Blocked out-of-date ActiveX controls**
Find out more about the out-of-date ActiveX control blocking security feature available in Internet Explorer.
Blocked out-of-date ActiveX controls
Out-of-date ActiveX control blocking
Update to block out-of-date ActiveX controls in Internet Explorer
**Scripts for IT professionals**
Find scripts to help you save time and automate common tasks.
Batch loop: Check is a process running, if yes, wait in loop
Script to join user to AD with automatic Local user Profile Migration
Find-IE Citrix receiver Version
See all scripts
- " -- title: Support -- items: - - type: markdown - text: " - Get help from product specialists and community experts, and find solutions to commonly encountered issues.
- -

**Troubleshoot common issues**
Find solutions to common issues and get tips from Microsoft product teams and community experts.
Change or reset Internet Explorer settings
Troubleshoot custom package and IEAK 11 problems
Troubleshoot problems with setup, installation, auto configuration, and more
Disable VBScript execution in Internet Explorer for Internet Zone and Restricted Sites Zone
**Find answers and community support**
Find FAQs or visit the forums to ask a question or find answers.
Lifecycle FAQ - Internet Explorer
Frequently asked questions about IEAK 11
Microsoft Edge FAQ
Internet Explorer 8, 9, 10, 11 forum
Internet Explorer development forums
Windows 8.1 forums
Windows 10: General (includes Microsoft Edge)
**Contact Microsoft for additional help**
Explore the support options that are available from Microsoft.
Contact a Microsoft support professional
Support options for Microsoft Partners
Microsoft Services Premier Support
Microsoft Small Business Support Center
General support
- " -- title: Stay informed -- items: - - type: markdown - text: " - -

**Sign up for the Windows IT Pro Insider**
Get the latest tools, tips, and expert guidance on deployment, management, security, and more.
Learn more
**Microsoft Edge Dev blog**
Keep up with the latest browser trends, security tips, and news for IT professionals.
Read the blog
**Microsoft Edge Dev on Twitter**
Get the latest news and updates from the Microsoft Web Platform team.
Visit Twitter
- " +# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new + +landingContent: +# Cards and links should be based on top customer tasks or top subjects +# Start card title with a verb + # Card + - title: Explore + linkLists: + - linkListType: get-started + links: + - text: IE11 features and tools + url: /internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11 + - text: System requirements and language support + url: /internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11 + - text: Frequently asked questions + url: /internet-explorer/ie11-faq/faq-for-it-pros-ie11 + - text: Internet Explorer 11 deployment guide + url: /internet-explorer/ie11-deploy-guide/ + - text: Use Enterprise Mode to improve compatibility + url: /microsoft-edge/deploy/emie-to-improve-compatibility + - text: Lifecycle FAQ - Internet Explorer + url: https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer + - linkListType: download + links: + - text: Download IE11 with Windows 10 + url: https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise + - text: Enterprise Mode Site List Manager (schema, v.2) + url: https://www.microsoft.com/download/details.aspx?id=49974 + - text: Cumulative security updates for Internet Explorer 11 + url: https://www.catalog.update.microsoft.com/Search.aspx?q=cumulative%20security%20update%20for%20internet%20explorer%2011 + - linkListType: learn + links: + - text: Getting started with Windows 10 for IT professionals + url: https://mva.microsoft.com/training-courses/getting-started-with-windows-10-for-it-professionals-10629?l=fCowqpy8_5905094681 + - text: 'Windows 10: Top Features for IT Pros' + url: https://mva.microsoft.com/training-courses/windows-10-top-features-for-it-pros-16319?l=xBnT2ihhC_7306218965 + - text: Manage and modernize Internet Explorer with Enterprise Mode + url: https://channel9.msdn.com/events/teched/newzealand/2014/pcit307 + - text: 'Virtual Lab: Enterprise Mode' + url: https://www.microsoft.com/handsonlabs/SelfPacedLabs/?storyGuid=e4155067-2c7e-4b46-8496-eca38bedca02 + + # Card + - title: Plan + linkLists: + - linkListType: get-started + links: + - text: What is Enterprise Mode? + url: /internet-explorer/ie11-deploy-guide/what-is-enterprise-mode + - text: Tips and tricks to manage Internet Explorer compatibility + url: /internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility + - text: Download the Enterprise Site Discovery Toolkit + url: https://www.microsoft.com/download/details.aspx?id=44570 + - text: Collect data using Enterprise Site Discovery + url: /internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery + - text: Manage Windows upgrades with Upgrade Readiness + url: /windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness + - text: 'Demo: Plan and manage Windows 10 upgrades and feature updates with' + url: https://techcommunity.microsoft.com/t5/Microsoft-Ignite-Content-2017/Windows-Analytics-Plan-and-manage-Windows-10-upgrades-and/td-p/98639 + - linkListType: how-to-guide + links: + - text: Turn on Enterprise Mode and use a site list + url: /internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list + - text: Add sites to the Enterprise Mode site list + url: /internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool + - text: Edit the Enterprise Mode site list + url: /internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager + - text: Turn on local control and logging for Enterprise Mode + url: /internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode + + # Card + - title: Deploy + linkLists: + - linkListType: get-started + links: + - text: IEAK 11 user's guide + url: /internet-explorer/ie11-ieak/ + - text: Download IEAK 11 + url: /internet-explorer/ie11-ieak/ieak-information-and-downloads + - text: Frequently asked questions about IEAK 11 + url: /internet-explorer/ie11-faq/faq-ieak11 + - text: Customization and distribution guidelines + url: /internet-explorer/ie11-ieak/licensing-version-and-features-ieak11#customization-guidelines + - linkListType: deploy + links: + - text: Install Internet Explorer 11 through automatic updates (recommended) + url: /internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates + - text: Install Internet Explorer 11 as part of an operating system deployment + url: /internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems + - text: Install Internet Explorer 11 over the network + url: /internet-explorer/ie11-deploy-guide/install-ie11-using-the-network + - text: Install Internet Explorer 11 with System Center 2012 R2 Configuration Manager + url: /internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager + - text: Install Internet Explorer 11 with Windows Server Update Services (WSUS) + url: /internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus + - text: Install Internet Explorer 11 with Microsoft Intune + url: /internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune + - text: Install Internet Explorer 11 with third-party tools + url: /internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools + + # Card + - title: Manage + linkLists: + - linkListType: tutorial + links: + - text: Group Policy for beginners + url: /previous-versions/windows/it-pro/windows-7/hh147307(v=ws.10) + - text: New Group Policy settings for IE11 + url: /internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11 + - text: Administrative templates for IE11 + url: https://www.microsoft.com/download/details.aspx?id=40905 + - text: Group Policy preferences for IE11 + url: /internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11 + - text: Configure Group Policy preferences + url: https://support.microsoft.com/help/2898604/how-to-configure-group-policy-preference-settings-for-internet-explorer-11-in-windows-8.1-or-windows-server-2012-r2 + - text: Blocked out-of-date ActiveX controls + url: /internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls + - text: Out-of-date ActiveX control blocking + url: /internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking + - text: Update to block out-of-date ActiveX controls in Internet Explorer + url: https://support.microsoft.com/help/2991000/update-to-block-out-of-date-activex-controls-in-internet-explorer + - text: Script to join user to AD with automatic Local user Profile Migration + url: https://gallery.technet.microsoft.com/scriptcenter/script-to-join-active-7b16d9d3 + - text: Scripts for IT professionals + url: https://gallery.technet.microsoft.com/scriptcenter/site/search?query=Microsoft%20Edge%20or%20Internet + + # Card + - title: Support + linkLists: + - linkListType: get-started + links: + - text: Change or reset Internet Explorer settings + url: https://support.microsoft.com/help/17441/windows-internet-explorer-change-reset-settings + - text: Troubleshoot problems with setup, installation, auto configuration, and more + url: /internet-explorer/ie11-deploy-guide/troubleshoot-ie11 + - text: Disable VBScript execution in Internet Explorer for Internet Zone and Restricted Sites Zone + url: https://support.microsoft.com/help/4012494/option-to-disable-vbscript-execution-in-internet-explorer-for-internet + - text: Frequently asked questions about IEAK 11 + url: /internet-explorer/ie11-faq/faq-ieak11 + - text: Internet Explorer 8, 9, 10, 11 forum + url: https://social.technet.microsoft.com/forums/ie/home?forum=ieitprocurrentver + - text: Contact a Microsoft support professional + url: https://support.microsoft.com/contactus + - text: Support options for Microsoft Partners + url: https://mspartner.microsoft.com/Pages/Support/get-support.aspx + - text: Microsoft Services Premier Support + url: https://www.microsoft.com/en-us/microsoftservices/support.aspx + - text: Microsoft Small Business Support Center + url: https://smallbusiness.support.microsoft.com/product/internet-explorer + - text: General support + url: https://support.microsoft.com/products/internet-explorer + + # Card + - title: Stay informed + linkLists: + - linkListType: get-started + links: + - text: Sign up for the Windows IT Pro Insider + url: https://aka.ms/windows-it-pro-insider + - text: Microsoft Edge Dev blog + url: https://blogs.windows.com/msedgedev + - text: Microsoft Edge Dev on Twitter + url: https://twitter.com/MSEdgeDev diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index a1b759f011..f45e20d377 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 07/29/2019 +ms.date: ms.reviewer: manager: dansimp --- diff --git a/windows/client-management/mdm/images/autoenrollment-policy.png b/windows/client-management/mdm/images/autoenrollment-policy.png index 61421babee..ed1119f45c 100644 Binary files a/windows/client-management/mdm/images/autoenrollment-policy.png and b/windows/client-management/mdm/images/autoenrollment-policy.png differ diff --git a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md index 01010689aa..f2d59868c4 100644 --- a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md +++ b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md @@ -1,144 +1,145 @@ ---- -title: Activate using Key Management Service (Windows 10) -ms.assetid: f2417bfe-7d25-4e82-bc07-de316caa8dac -ms.reviewer: -manager: laurawi -ms.author: greglin -description: -keywords: vamt, volume activation, activation, windows activation -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: greg-lindsay -ms.localizationpriority: medium -ms.date: 10/16/2017 -ms.topic: article ---- - -# Activate using Key Management Service - -**Applies to** -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 R2 -- Windows Server 2012 -- Windows Server 2008 R2 - -**Looking for retail activation?** - -- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) - -There are three possible scenarios for volume activation of Windows 10 or Windows Server 2012 R2 by using a Key Management Service (KMS) host: -- Host KMS on a computer running Windows 10 -- Host KMS on a computer running Windows Server 2012 R2 -- Host KMS on a computer running an earlier version of Windows - -Check out [Windows 10 Volume Activation Tips](https://blogs.technet.microsoft.com/askcore/2015/09/15/windows-10-volume-activation-tips/). - -## Key Management Service in Windows 10 - -Installing a KMS host key on a computer running Windows 10 allows you to activate other computers running Windows 10 against this KMS host and earlier versions of the client operating system, such as Windows 8.1 or Windows 7. -Clients locate the KMS server by using resource records in DNS, so some configuration of DNS may be required. This scenario can be beneficial if your organization uses volume activation for clients and MAK-based activation for a smaller number of servers. -To enable KMS functionality, a KMS key is installed on a KMS host; then, the host is activated over the Internet or by phone using Microsoft’s activation services. - -**Configure KMS in Windows 10** - -1. Open an elevated command prompt. -2. Enter one of the following commands. - - To install a KMS key, type **slmgr.vbs /ipk <KmsKey>**. - - To activate online, type **slmgr.vbs /ato**. - - To activate by using the telephone, type **slui.exe 4**. -3. After activating the KMS key, restart the Software Protection Service. - -For more information, see the information for Windows 7 in [Deploy KMS Activation](https://go.microsoft.com/fwlink/p/?LinkId=717032). - -## Key Management Service in Windows Server 2012 R2 -Installing a KMS host key on a computer running Windows Server allows you to activate computers running Windows Server 2012 R2, Windows Server 2008 R2, Windows Server 2008, Windows 10, Windows 8.1, Windows 7, and Windows Vista. - -**Note**   -You cannot install a client KMS key into the KMS in Windows Server. - -This scenario is commonly used in larger organizations that do not find the overhead of using a server a burden. - -**Note**   - -If you receive error 0xC004F015 when trying to activate Windows 10 Enterprise, see [KB 3086418](https://go.microsoft.com/fwlink/p/?LinkId=620687). - -**Configure KMS in Windows Server 2012 R2** - -1. Sign in to a computer running Windows Server 2012 R2 with an account that has local administrative credentials. -2. Launch Server Manager. -3. Add the Volume Activation Services role, as shown in Figure 4. - - ![Adding the Volume Activation Services role in Server Manager](../images/volumeactivationforwindows81-04.jpg) - - **Figure 4**. Adding the Volume Activation Services role in Server Manager\ - -4. When the role installation is complete, click the link to launch the Volume Activation Tools (Figure 5). - - ![Launching the Volume Activation Tools](../images/volumeactivationforwindows81-05.jpg) - - **Figure 5**. Launching the Volume Activation Tools - - 5. Select the **Key Management Service (KMS)** option, and specify the computer that will act as the KMS host (Figure 6). - This can be the same computer on which you installed the role or another computer. For example, it can be a client computer running Windows 10. - - ![Configuring the computer as a KMS host](../images/volumeactivationforwindows81-06.jpg) - - **Figure 6**. Configuring the computer as a KMS host - -5. Install your KMS host key by typing it in the text box, and then click **Commit** (Figure 7). - - ![Installing your KMS host key](../images/volumeactivationforwindows81-07.jpg) - - **Figure 7**. Installing your KMS host key - -6. If asked to confirm replacement of an existing key, click **Yes**. -7. After the product key is installed, you must activate it. Click **Next** (Figure 8). - - ![Activating the software](../images/volumeactivationforwindows81-08.jpg) - - **Figure 8**. Activating the software - - The KMS key can be activated online or by phone. See Figure 9. - - ![Choosing to activate online](../images/volumeactivationforwindows81-09.jpg) - - **Figure 9**. Choosing to activate online - -Now that the KMS host is configured, it will begin to listen for activation requests. However, it will not activate clients successfully until the activation threshold is met. - -## Verifying the configuration of Key Management Service - -You can verify KMS volume activation from the KMS host server or from the client computer. KMS volume activation requires a minimum threshold of 25 computers before activation requests will be processed. The verification process described here will increment the activation count each time a client computer contacts the KMS host, but unless the activation threshold is reached, the verification will take the form of an error message rather than a confirmation message. -**Note**   - -If you configured Active Directory-based activation before configuring KMS activation, you must use a client computer that will not first try to activate itself by using Active Directory-based activation. You could use a workgroup computer that is not joined to a domain or a computer running Windows 7 or Windows Server 2008 R2. - -To verify that KMS volume activation works, complete the following steps: - -1. On the KMS host, open the event log and confirm that DNS publishing is successful. -2. On a client computer, open a Command Prompt window, type **Slmgr.vbs /ato**, and then press ENTER.

-The **/ato** command causes the operating system to attempt activation by using whichever key has been installed in the operating system. The response should show the license state and detailed Windows version information. -3. On a client computer or the KMS host, open an elevated Command Prompt window, type **Slmgr /dlv**, and then press ENTER.

- -The **/dlv** command displays the detailed licensing information. The response should return an error that states that the KMS activation count is too low. This confirms that KMS is functioning correctly, even though the client has not been activated. - -For more information about the use and syntax of slmgr.vbs, see [Slmgr.vbs Options](https://go.microsoft.com/fwlink/p/?LinkId=733639). - -## Key Management Service in earlier versions of Windows - -If you have already established a KMS infrastructure in your organization for an earlier version of Windows, you may want to continue using that infrastructure to activate computers running Windows 10 or Windows Server 2012 R2. Your existing KMS host must be running Windows 7 or later. To upgrade your KMS host, complete the following steps: - -1. Download and install the correct update for your current KMS host operating system. Restart the computer as directed. -2. Request a new KMS host key from the Volume Licensing Service Center. -3. Install the new KMS host key on your KMS host. -4. Activate the new KMS host key by running the slmgr.vbs script. - -For detailed instructions, see [Update that enables Windows 8.1 and Windows 8 KMS hosts to activate a later version of Windows](https://go.microsoft.com/fwlink/p/?LinkId=618265) and [Update that enables Windows 7 and Windows Server 2008 R2 KMS hosts to activate Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=626590). - -## See also -- [Volume Activation for Windows 10](volume-activation-windows-10.md) +--- +title: Activate using Key Management Service (Windows 10) +ms.assetid: f2417bfe-7d25-4e82-bc07-de316caa8dac +ms.reviewer: +manager: laurawi +ms.author: greglin +description: +keywords: vamt, volume activation, activation, windows activation +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: activation +audience: itpro +author: greg-lindsay +ms.localizationpriority: medium +ms.date: 10/16/2017 +ms.topic: article +--- + +# Activate using Key Management Service + +**Applies to** +- Windows 10 +- Windows 8.1 +- Windows 8 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2012 +- Windows Server 2008 R2 + +**Looking for retail activation?** + +- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) + +There are three possible scenarios for volume activation of Windows 10 or Windows Server 2012 R2 by using a Key Management Service (KMS) host: +- Host KMS on a computer running Windows 10 +- Host KMS on a computer running Windows Server 2012 R2 +- Host KMS on a computer running an earlier version of Windows + +Check out [Windows 10 Volume Activation Tips](https://blogs.technet.microsoft.com/askcore/2015/09/15/windows-10-volume-activation-tips/). + +## Key Management Service in Windows 10 + +Installing a KMS host key on a computer running Windows 10 allows you to activate other computers running Windows 10 against this KMS host and earlier versions of the client operating system, such as Windows 8.1 or Windows 7. +Clients locate the KMS server by using resource records in DNS, so some configuration of DNS may be required. This scenario can be beneficial if your organization uses volume activation for clients and MAK-based activation for a smaller number of servers. +To enable KMS functionality, a KMS key is installed on a KMS host; then, the host is activated over the Internet or by phone using Microsoft’s activation services. + +**Configure KMS in Windows 10** + +To activate by using the telephone, use the slmgr.vbs script. + +1. Run **slmgr.vbs /dti** and confirm the installation ID. +2. Call [Microsoft Licensing Activation Centers worldwide telephone numbers](https://www.microsoft.com/licensing/existing-customer/activation-centers) and follow the voice prompts to enter the installation ID that you obtained in step 1 on your telephone. +3. Follow the voice prompts and write down the responded 48-digit confirmation ID for OS activation. +4. Run **slmgr.vbs /atp \**. + +For more information, see the information for Windows 7 in [Deploy KMS Activation](https://go.microsoft.com/fwlink/p/?LinkId=717032). + +## Key Management Service in Windows Server 2012 R2 +Installing a KMS host key on a computer running Windows Server allows you to activate computers running Windows Server 2012 R2, Windows Server 2008 R2, Windows Server 2008, Windows 10, Windows 8.1, Windows 7, and Windows Vista. + +**Note**   +You cannot install a client KMS key into the KMS in Windows Server. + +This scenario is commonly used in larger organizations that do not find the overhead of using a server a burden. + +**Note**   + +If you receive error 0xC004F015 when trying to activate Windows 10 Enterprise, see [KB 3086418](https://go.microsoft.com/fwlink/p/?LinkId=620687). + +**Configure KMS in Windows Server 2012 R2** + +1. Sign in to a computer running Windows Server 2012 R2 with an account that has local administrative credentials. +2. Launch Server Manager. +3. Add the Volume Activation Services role, as shown in Figure 4. + + ![Adding the Volume Activation Services role in Server Manager](../images/volumeactivationforwindows81-04.jpg) + + **Figure 4**. Adding the Volume Activation Services role in Server Manager\ + +4. When the role installation is complete, click the link to launch the Volume Activation Tools (Figure 5). + + ![Launching the Volume Activation Tools](../images/volumeactivationforwindows81-05.jpg) + + **Figure 5**. Launching the Volume Activation Tools + + 5. Select the **Key Management Service (KMS)** option, and specify the computer that will act as the KMS host (Figure 6). + This can be the same computer on which you installed the role or another computer. For example, it can be a client computer running Windows 10. + + ![Configuring the computer as a KMS host](../images/volumeactivationforwindows81-06.jpg) + + **Figure 6**. Configuring the computer as a KMS host + +5. Install your KMS host key by typing it in the text box, and then click **Commit** (Figure 7). + + ![Installing your KMS host key](../images/volumeactivationforwindows81-07.jpg) + + **Figure 7**. Installing your KMS host key + +6. If asked to confirm replacement of an existing key, click **Yes**. +7. After the product key is installed, you must activate it. Click **Next** (Figure 8). + + ![Activating the software](../images/volumeactivationforwindows81-08.jpg) + + **Figure 8**. Activating the software + + The KMS key can be activated online or by phone. See Figure 9. + + ![Choosing to activate online](../images/volumeactivationforwindows81-09.jpg) + + **Figure 9**. Choosing to activate online + +Now that the KMS host is configured, it will begin to listen for activation requests. However, it will not activate clients successfully until the activation threshold is met. + +## Verifying the configuration of Key Management Service + +You can verify KMS volume activation from the KMS host server or from the client computer. KMS volume activation requires a minimum threshold of 25 computers before activation requests will be processed. The verification process described here will increment the activation count each time a client computer contacts the KMS host, but unless the activation threshold is reached, the verification will take the form of an error message rather than a confirmation message. + +> [!NOTE] +> If you configured Active Directory-based activation before configuring KMS activation, you must use a client computer that will not first try to activate itself by using Active Directory-based activation. You could use a workgroup computer that is not joined to a domain or a computer running Windows 7 or Windows Server 2008 R2. + +To verify that KMS volume activation works, complete the following steps: + +1. On the KMS host, open the event log and confirm that DNS publishing is successful. +2. On a client computer, open a Command Prompt window, type **Slmgr.vbs /ato**, and then press ENTER.

+The **/ato** command causes the operating system to attempt activation by using whichever key has been installed in the operating system. The response should show the license state and detailed Windows version information. +3. On a client computer or the KMS host, open an elevated Command Prompt window, type **Slmgr /dlv**, and then press ENTER.

+ +The **/dlv** command displays the detailed licensing information. The response should return an error that states that the KMS activation count is too low. This confirms that KMS is functioning correctly, even though the client has not been activated. + +For more information about the use and syntax of slmgr.vbs, see [Slmgr.vbs Options](https://go.microsoft.com/fwlink/p/?LinkId=733639). + +## Key Management Service in earlier versions of Windows + +If you have already established a KMS infrastructure in your organization for an earlier version of Windows, you may want to continue using that infrastructure to activate computers running Windows 10 or Windows Server 2012 R2. Your existing KMS host must be running Windows 7 or later. To upgrade your KMS host, complete the following steps: + +1. Download and install the correct update for your current KMS host operating system. Restart the computer as directed. +2. Request a new KMS host key from the Volume Licensing Service Center. +3. Install the new KMS host key on your KMS host. +4. Activate the new KMS host key by running the slmgr.vbs script. + +For detailed instructions, see [Update that enables Windows 8.1 and Windows 8 KMS hosts to activate a later version of Windows](https://go.microsoft.com/fwlink/p/?LinkId=618265) and [Update that enables Windows 7 and Windows Server 2008 R2 KMS hosts to activate Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=626590). + +## See also +- [Volume Activation for Windows 10](volume-activation-windows-10.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md index f48045b11f..1f7e4db8a1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md @@ -27,6 +27,10 @@ ms.topic: article The `DeviceLogonEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from the table. +> [!NOTE] +> Collection of DeviceLogonEvents is not supported on Windows 7 or Windows Server 2008 R2. +> We recommend upgrading to Windows 10 or Windows Server 2019 for optimal visibility into user logon activity. + For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md). | Column name | Data type | Description | @@ -68,4 +72,4 @@ For information on other tables in the advanced hunting schema, see [the advance ## Related topics - [Advanced hunting overview](advanced-hunting-overview.md) - [Learn the query language](advanced-hunting-query-language.md) -- [Understand the schema](advanced-hunting-schema-reference.md) \ No newline at end of file +- [Understand the schema](advanced-hunting-schema-reference.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md index 4fc24b4545..dbd5a4d5e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md @@ -41,7 +41,8 @@ While you can start a threat scan at any time with Microsoft Defender ATP, your RunAtLoad - StartCalendarInterval + StartCalendarInterval + Day 3 Hour @@ -68,11 +69,11 @@ While you can start a threat scan at any time with Microsoft Defender ATP, your 4. To load your file into **launchd**, enter the following commands: ```bash - `$ launchctl load /Library/LaunchDaemons/` - `$ launchctl start ` + launchctl load /Library/LaunchDaemons/ + launchctl start ``` -5. Your scheduled scan runs at the date, time, and frequency you defined in your .plist file. In the example, the scan runs at 2:00 AM every 7 days on a Friday, with the StartInterval using 604800 seconds for one week. +5. Your scheduled scan runs at the date, time, and frequency you defined in your .plist file. In the example, the scan runs at 2:00 AM every seven days on a Friday, with the StartInterval using 604,800 seconds for one week. > [!NOTE] > Agents executed with launchd will not run at the scheduled time if the computer is asleep, but will run once the computer is awake. If the computer is off, the scan will not run until the computer is on at the next scheduled time. diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md index 8ad3ce6f98..f0c0979e51 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md @@ -22,7 +22,7 @@ ms.date: 06/13/2018 **Applies to:** - Windows 10 -- Windows Server 2016 and above +- Windows Server 2019 Creating and maintaining application execution control policies has always been challenging, and finding ways to address this issue has been a frequently-cited request for customers of AppLocker and Windows Defender Application Control (WDAC). This is especially true for enterprises with large, ever changing software catalogs. @@ -36,7 +36,7 @@ A managed installer uses a new rule collection in AppLocker to specify one or mo Specifying an executable as a managed installer will cause Windows to tag files that are written from the executable’s process (or processes it launches) as having originated from a trusted installation authority. The Managed Installer rule collection is currently supported for AppLocker rules in Group Policy and in Configuration Manager, but not in the AppLocker CSP for OMA-URI policies. Once the IT administrator adds the Allow: Managed Installer option to a WDAC policy, the WDAC component will subsequently check for the presence of the origin information when evaluating other application execution control rules specified in the policy. -If there are no deny rules present for the file, it will be authorized based on the managed installer origin information.+ +If there are no deny rules present for the file, it will be authorized based on the managed installer origin information. Admins needs to ensure that there is a WDAC policy in place to allow the system to boot and run any other authorized applications that may not be deployed through a managed installer. Examples of WDAC policies available in C:\Windows\schemas\CodeIntegrity\ExamplePolicies help authorize Windows OS components, WHQL signed drivers and all Store apps. @@ -46,9 +46,9 @@ Examples of WDAC policies available in C:\Windows\schemas\CodeIntegrity\ExampleP Setting up managed installer tracking and application execution enforcement requires applying both an AppLocker and WDAC policy with specific rules and options enabled. There are three primary steps to keep in mind: -- Specify managed installers using the Managed Installer rule collection in AppLocker policy -- Enable service enforcement in AppLocker policy -- Enable the managed installer option in a WDAC policy +- Specify managed installers by using the Managed Installer rule collection in AppLocker policy. +- Enable service enforcement in AppLocker policy. +- Enable the managed installer option in a WDAC policy. ### Specify managed installers using the Managed Installer rule collection in AppLocker policy @@ -60,7 +60,7 @@ For more information about creating an AppLocker policy that includes a managed As mentioned above, the AppLocker CSP for OMA-URI policies does not currently support the Managed Installer rule collection or the Service Enforcement rule extensions mentioned below. -```code +```xml @@ -82,10 +82,10 @@ As mentioned above, the AppLocker CSP for OMA-URI policies does not currently su ## Enable service enforcement in AppLocker policy Since many installation processes rely on services, it is typically necessary to enable tracking of services. -Correct tracking of services requires the presence of at least one rule in the rule collection – a simple audit only rule will suffice. +Correct tracking of services requires the presence of at least one rule in the rule collection — a simple audit only rule will suffice. For example: -```code +```xml @@ -124,7 +124,7 @@ In order to enable trust for the binaries laid down by managed installers, the E This can be done by using the [Set-RuleOption cmdlet](https://docs.microsoft.com/powershell/module/configci/set-ruleoption). An example of the managed installer option being set in policy is shown below. -```code +```xml @@ -149,7 +149,7 @@ An example of the managed installer option being set in policy is shown below. To enable the managed installer, you need to set the AppLocker filter driver to autostart and start it. Run the following command as an Administrator: -```code +```console appidtel.exe start [-mionly] ```