-**Figure 11** - Illustrates a device on which the existing operating system is not activated, but the Windows 10 Pro Education change is active.
+**Figure 11** - Illustrates a device on which the existing operating system isn't activated, but the Windows 10 Pro Education change is active.
@@ -245,7 +245,7 @@ Devices must be running Windows 10 Pro, version 1607 or higher, or domain joined
**To determine if a device is Azure AD joined**
-1. Open a command prompt and type the following:
+1. Open a command prompt and type the following command:
```
dsregcmd /status
@@ -268,19 +268,19 @@ Devices must be running Windows 10 Pro, version 1607 or higher, or domain joined
### Roll back Windows 10 Pro Education to Windows 10 Pro
-If your organization has the Windows 10 Pro to Windows 10 Pro Education change enabled, and you decide to roll back to Windows 10 Pro or to cancel the change, you can do this by:
+If your organization has the Windows 10 Pro to Windows 10 Pro Education change enabled, and you decide to roll back to Windows 10 Pro or to cancel the change, perform the following task:
-- Logging into Microsoft Store for Education page and turning off the automatic change.
+- Log into Microsoft Store for Education page and turning off the automatic change.
- Selecting the link to turn off the automatic change from the notification email sent to all global administrators.
-Once the automatic change to Windows 10 Pro Education is turned off, the change is effective immediately. Devices that were changed will revert to Windows 10 Pro only after the license has been refreshed (every 30 days) and the next time the user signs in. This means that a user whose device was changed may not immediately see Windows 10 Pro Education rolled back to Windows 10 Pro for up to 30 days. However, users who haven't signed in during the time that a change was enabled and then turned off will never see their device change from Windows 10 Pro.
+Once the automatic change to Windows 10 Pro Education is turned off, the change is effective immediately. Devices that were changed will revert to Windows 10 Pro only after the license has been refreshed (every 30 days) and the next time the user signs in. Therefore, users whose device was changed may not immediately see Windows 10 Pro Education rolled back to Windows 10 Pro for up to 30 days. However, users who haven't signed in during the time that a change was enabled and then turned off will never see their device change from Windows 10 Pro.
> [!NOTE]
-> Devices that were changed from mode to Windows 10 Pro Education cannot roll back to Windows 10 Pro Education S mode.
+> Devices that were changed from mode to Windows 10 Pro Education can't roll back to Windows 10 Pro Education S mode.
**To roll back Windows 10 Pro Education to Windows 10 Pro**
-1. Log in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your school or work account, or follow the link from the notification email to turn off the automatic change.
+1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your school or work account, or follow the link from the notification email to turn off the automatic change.
2. Select **Manage > Benefits** and locate the section **Windows 10 Pro Education** and follow the link.
3. In the **Revert to Windows 10 Pro** page, click **Revert to Windows 10 Pro**.
@@ -288,7 +288,7 @@ Once the automatic change to Windows 10 Pro Education is turned off, the change
-4. You will be asked if you're sure that you want to turn off automatic changes to Windows 10 Pro Education. Click **Yes**.
+4. You'll be asked if you're sure that you want to turn off automatic changes to Windows 10 Pro Education. Click **Yes**.
5. Click **Close** in the **Success** page.
All global admins get a confirmation email that a request was made to roll back your organization to Windows 10 Pro. If you, or another global admin, decide later that you want to turn on automatic changes again, you can do this by selecting **change to Windows 10 Pro Education for free** from the **Manage > Benefits** in the Microsoft Store for Education.
diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md
index 2e01f756fe..37e9cba645 100644
--- a/education/windows/chromebook-migration-guide.md
+++ b/education/windows/chromebook-migration-guide.md
@@ -1,6 +1,6 @@
---
title: Chromebook migration guide (Windows 10)
-description: In this guide you will learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment.
+description: In this guide, you'll learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment.
ms.assetid: 7A1FA48A-C44A-4F59-B895-86D4D77F8BEA
ms.reviewer:
manager: dansimp
@@ -22,23 +22,23 @@ ms.date: 10/13/2017
- Windows 10
-In this guide you will learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment. You will learn how to perform the necessary planning steps, including Windows device deployment, migration of user and device settings, app migration or replacement, and cloud storage migration. You will then learn the best method to perform the migration by using automated deployment and migration tools.
+In this guide, you'll learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment. You'll learn how to perform the necessary planning steps, including Windows device deployment, migration of user and device settings, app migration or replacement, and cloud storage migration. You'll then learn the best method to perform the migration by using automated deployment and migration tools.
## Plan Chromebook migration
Before you begin to migrate Chromebook devices, plan your migration. As with most projects, there can be an urge to immediately start doing before planning. When you plan your Chromebook migration before you perform the migration, you can save countless hours of frustration and mistakes during the migration process.
-In the planning portion of this guide, you will identify all the decisions that you need to make and how to make each decision. At the end of the planning section, you will have a list of information you need to collect and what you need to do with the information. You will be ready to perform your Chromebook migration.
+In the planning portion of this guide, you'll identify all the decisions that you need to make and how to make each decision. At the end of the planning section, you'll have a list of information you need to collect and what you need to do with the information. You'll be ready to perform your Chromebook migration.
## Plan for app migration or replacement
-App migration or replacement is an essential part of your Chromebook migration. In this section you will plan how you will migrate or replace Chromebook (Chrome OS) apps that are currently in use with the same or equivalent Windows apps. At the end of this section, you will have a list of the active Chrome OS apps and the Windows app counterparts.
+App migration or replacement is an essential part of your Chromebook migration. In this section, you'll plan how you'll migrate or replace Chromebook (Chrome OS) apps that are currently in use with the same or equivalent Windows apps. At the end of this section, you'll have a list of the active Chrome OS apps and the Windows app counterparts.
**Identify the apps currently in use on Chromebook devices**
-Before you can do any analysis or make decisions about which apps to migrate or replace, you need to identify which apps are currently in use on the Chromebook devices. You will create a list of apps that are currently in use (also called an app portfolio).
+Before you can do any analysis or make decisions about which apps to migrate or replace, you need to identify which apps are currently in use on the Chromebook devices. You'll create a list of apps that are currently in use (also called an app portfolio).
> [!NOTE]
> The majority of Chromebook apps are web apps. For these apps you need to first perform Microsoft Edge compatibility testing and then publish the web app URL to the Windows users. For more information, see the [Perform app compatibility testing for web apps](#perform-testing-webapps) section.
@@ -63,7 +63,7 @@ Record the following information about each app in your app portfolio:
- App priority (how necessary is the app to the day-to-day process of the institution or a classroom? Rank as high, medium, or low)
-Throughout the entire app migration or replacement process, focus on the higher priority apps. Focus on lower priority apps only after you have determined what you will do with the higher priority apps.
+Throughout the entire app migration or replacement process, focus on the higher priority apps. Focus on lower priority apps only after you've determined what you'll do with the higher priority apps.
###
@@ -85,13 +85,13 @@ Table 1. Google App replacements
-It may be that you will decide to replace Google Apps after you deploy Windows devices. For more information on making this decision, see the [Select cloud services migration strategy](#select-cs-migrationstrat) section of this guide.
+It may be that you'll decide to replace Google Apps after you deploy Windows devices. For more information on making this decision, see the [Select cloud services migration strategy](#select-cs-migrationstrat) section of this guide.
**Find the same or similar apps in the Microsoft Store**
In many instances, software vendors will create a version of their app for multiple platforms. You can search the Microsoft Store to find the same or similar apps to any apps not identified in the [Select Google Apps replacements](#select-googleapps) section.
-In other instances, the offline app does not have a version written for the Microsoft Store or is not a web app. In these cases, look for an app that provides similar functions. For example, you might have a graphing calculator offline Android app published on the Chrome OS, but the software publisher does not have a version for Windows devices. Search the Microsoft Store for a graphing calculator app that provides similar features and functionality. Use that Microsoft Store app as a replacement for the graphing calculator offline Android app published on the Chrome OS.
+In other instances, the offline app doesn't have a version written for the Microsoft Store or isn't a web app. In these cases, look for an app that provides similar functions. For example, you might have a graphing calculator offline Android app published on the Chrome OS, but the software publisher doesn't have a version for Windows devices. Search the Microsoft Store for a graphing calculator app that provides similar features and functionality. Use that Microsoft Store app as a replacement for the graphing calculator offline Android app published on the Chrome OS.
Record the Windows app that replaces the Chromebook app in your app portfolio.
@@ -99,20 +99,20 @@ Record the Windows app that replaces the Chromebook app in your app portfolio.
**Perform app compatibility testing for web apps**
-The majority of Chromebook apps are web apps. Because you cannot run native offline Chromebook apps on a Windows device, there is no reason to perform app compatibility testing for offline Chromebook apps. However, you may have a number of web apps that will run on both platforms.
+Most of the Chromebook apps are web apps. Because you can't run native offline Chromebook apps on a Windows device, there's no reason to perform app compatibility testing for offline Chromebook apps. However, you may have many web apps that will run on both platforms.
Ensure that you test these web apps in Microsoft Edge. Record the level of compatibility for each web app in Microsoft Edge in your app portfolio.
## Plan for migration of user and device settings
-Some institutions have configured the Chromebook devices to make the devices easier to use by using the Google Chrome Admin Console. You have also probably configured the Chromebook devices to help ensure the user data access and ensure that the devices themselves are secure by using the Google Chrome Admin Console.
+Some institutions have configured the Chromebook devices to make the devices easier to use by using the Google Chrome Admin Console. You've also probably configured the Chromebook devices to help ensure the user data access and ensure that the devices themselves are secure by using the Google Chrome Admin Console.
However, in addition to your centralized configuration in the Google Admin Console, Chromebook users have probably customized their device. In some instances, users may have changed the web content that is displayed when the Chrome browser starts. Or they may have bookmarked websites for future reference. Or users may have installed apps for use in the classroom.
-In this section, you will identify the user and device configuration settings for your Chromebook users and devices. Then you will prioritize these settings to focus on the configuration settings that are essential to your educational institution.
+In this section, you'll identify the user and device configuration settings for your Chromebook users and devices. Then you'll prioritize these settings to focus on the configuration settings that are essential to your educational institution.
-At the end of this section, you should have a list of Chromebook user and device settings that you want to migrate to Windows, as well as a level of priority for each setting. You may discover at the end of this section that you have few or no higher priority settings to be migrated. If this is the case, you can skip the [Perform migration of user and device settings](#migrate-user-device-settings) section of this guide.
+At the end of this section, you should have a list of Chromebook user and device settings that you want to migrate to Windows, and a level of priority for each setting. You may discover at the end of this section that you've few or no higher priority settings to be migrated. If so, you can skip the [Perform migration of user and device settings](#migrate-user-device-settings) section of this guide.
**Identify Google Admin Console settings to migrate**
@@ -122,17 +122,17 @@ You use the Google Admin Console (as shown in Figure 1) to manage user and devic
Figure 1. Google Admin Console
-Table 2 lists the settings in the Device Management node in the Google Admin Console. Review the settings and determine which settings you will migrate to Windows.
+Table 2 lists the settings in the Device Management node in the Google Admin Console. Review the settings and determine which settings you'll migrate to Windows.
Table 2. Settings in the Device Management node in the Google Admin Console
|Section |Settings |
|---------|---------|
|Network | These settings configure the network connections for Chromebook devices and include the following settings categories:
1 Internet access fees may apply. (./User/Vendor/MSFT/EnterpriseAppVManagement) contains the following sub-nodes. (./User/Vendor/MSFT/EnterpriseAppVManagement) contains the following subnodes. AppVPublishing - An exec action node that contains the App-V publishing configuration for an MDM device (applied globally to all users for that device) or a specific MDM user. This example shows how to allow package scripts to run during package operations (publish, run, and unpublish). Allowing package scripts assists in package deployments (add and publish of App-V apps). This example shows how to allow package scripts to run during package operations (publish, run, and unpublish). Allowing package scripts helps package deployments (add and publish of App-V apps).
diff --git a/education/windows/windows-editions-for-education-customers.md b/education/windows/windows-editions-for-education-customers.md
index 6f271715c9..759d485046 100644
--- a/education/windows/windows-editions-for-education-customers.md
+++ b/education/windows/windows-editions-for-education-customers.md
@@ -22,7 +22,7 @@ manager: dansimp
Windows 10, version 1607 (Anniversary Update) continues our commitment to productivity, security, and privacy for all customers. Windows 10 Pro and Windows 10 Enterprise offer the functionality and safety features demanded by business and education customers around the globe. Windows 10 is the most secure Windows we’ve ever built. All of our Windows commercial editions can be configured to support the needs of schools, through group policies, domain join, and more. To learn more about Microsoft’s commitment to security and privacy in Windows 10, see more on both [security](/windows/security/security-foundations) and [privacy](https://go.microsoft.com/fwlink/?LinkId=822620).
-Beginning with version 1607, Windows 10 offers a variety of new features and functionality, such as simplified provisioning with the [Set up School PCs app](./use-set-up-school-pcs-app.md) or [Windows Configuration Designer](./set-up-students-pcs-to-join-domain.md), easier delivery of digital assessments with [Take a Test](./take-tests-in-windows-10.md), and faster log in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information on [windows.com](https://www.windows.com/).
+Beginning with version 1607, Windows 10 offers various new features and functionality, such as simplified provisioning with the [Set up School PCs app](./use-set-up-school-pcs-app.md) or [Windows Configuration Designer](./set-up-students-pcs-to-join-domain.md), easier delivery of digital assessments with [Take a Test](./take-tests-in-windows-10.md), and faster sign-in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information on [windows.com](https://www.windows.com/).
Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: [Windows 10 Pro Education](#windows-10-pro-education) and [Windows 10 Education](#windows-10-education). These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.
@@ -35,7 +35,7 @@ For Cortana[1](#footnote1):
- If you're using new devices with version 1703 or later, Cortana is turned on by default.
- If you're upgrading from version 1607 to version 1703 or later, Cortana will be enabled.
-You can use the **AllowCortana** policy to turn Cortana off. For more information, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
+You can use the **AllowCortana** policy to turn off Cortana. For more information, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
Windows 10 Pro Education is available on new devices pre-installed with Windows 10, version 1607 or newer versions that are purchased with discounted K-12 academic licenses through OEM partners (these discounted licenses are sometimes referred to as National Academic or Shape the Future).
@@ -54,9 +54,9 @@ For Cortana1:
- If you're using new devices with version 1703 or later, Cortana is turned on by default.
- If you're upgrading from version 1607 to version 1703 or later, Cortana will be enabled.
-You can use the **AllowCortana** policy to turn Cortana off. For more information, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
+You can use the **AllowCortana** policy to turn off Cortana. For more information, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
-Windows 10 Education is available through Microsoft Volume Licensing. Customers who are already running Windows 10 Education can upgrade to Windows 10, version 1607 or newer versions through Windows Update or from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). We recommend Windows 10 Education to all K-12 customers as it provides the most complete and secure edition for education environments. If you do not have access to Windows 10 Education, contact your Microsoft representative or see more information [here](https://go.microsoft.com/fwlink/?LinkId=822628).
+Windows 10 Education is available through Microsoft Volume Licensing. Customers who are already running Windows 10 Education can upgrade to Windows 10, version 1607 or newer versions through Windows Update or from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). We recommend Windows 10 Education to all K-12 customers as it provides the most complete and secure edition for education environments. If you don't have access to Windows 10 Education, contact your Microsoft representative or see more information [here](https://go.microsoft.com/fwlink/?LinkId=822628).
Customers who deploy Windows 10 Enterprise are able to configure the product to have similar feature settings to Windows 10 Education using policies. More detailed information on these policies and the configuration steps required is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](/windows/configuration/manage-tips-and-suggestions). We recommend that K-12 customers using commercial Windows 10 Enterprise read the [document](/windows/configuration/manage-tips-and-suggestions) and apply desired settings for your environment.
diff --git a/store-for-business/billing-understand-your-invoice-msfb.md b/store-for-business/billing-understand-your-invoice-msfb.md
index 9f73223f1d..725ba3bd9f 100644
--- a/store-for-business/billing-understand-your-invoice-msfb.md
+++ b/store-for-business/billing-understand-your-invoice-msfb.md
@@ -110,7 +110,7 @@ At the bottom of the invoice, there are instructions for paying your bill. You c
If you have third-party services in your bill, the name and address of each publisher is listed at the bottom of your invoice.
## Next steps
-If there are Azure charges on your invoice that you would like more details on, see [Understand the Azure charges on your Microsoft Customer Agreement invoice](/azure/cost-management-billing/understand/download-azure-invoice#invoices-for-mca-and-mpa-billing-accounts).
+If there are Azure charges on your invoice that you would like more details on, see [Understand the Azure charges on your Microsoft Customer Agreement invoice](/azure/cost-management-billing/understand/mca-understand-your-invoice).
## Need help? Contact us.
diff --git a/store-for-business/configure-mdm-provider-microsoft-store-for-business.md b/store-for-business/configure-mdm-provider-microsoft-store-for-business.md
index 9baef1a798..0249a8b606 100644
--- a/store-for-business/configure-mdm-provider-microsoft-store-for-business.md
+++ b/store-for-business/configure-mdm-provider-microsoft-store-for-business.md
@@ -45,7 +45,7 @@ After your management tool is added to your Azure AD directory, you can configur
3. From the list of MDM tools, select the one you want to synchronize with Microsoft Store, and then click **Activate.**
Your MDM tool is ready to use with Microsoft Store. To learn how to configure synchronization and deploy apps, see these topics:
-- [Manage apps you purchased from Microsoft Store for Business with Microsoft Intune](/intune-classic/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune)
+- [Manage apps you purchased from Microsoft Store for Business with Microsoft Intune](/mem/intune/apps/windows-store-for-business)
- [Manage apps from Microsoft Store for Business with Microsoft Endpoint Configuration Manager](/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
For third-party MDM providers or management servers, check your product documentation.
\ No newline at end of file
diff --git a/store-for-business/distribute-apps-with-management-tool.md b/store-for-business/distribute-apps-with-management-tool.md
index 3e744d9281..38c26e9d99 100644
--- a/store-for-business/distribute-apps-with-management-tool.md
+++ b/store-for-business/distribute-apps-with-management-tool.md
@@ -29,7 +29,7 @@ You can configure a mobile device management (MDM) tool to synchronize your Micr
Your MDM tool needs to be installed and configured in Azure AD, in the same Azure AD directory used with Microsoft Store.
-In Azure AD management portal, find the MDM application, and then add it to your directory. Once the MDM has been configured in Azure AD, you can authorize the tool to work with the Microsoft Store for Business or Microsoft Store for Education. This allows the MDM tool to call Microsoft Store management tool services. For more information, see [Configure MDM provider](configure-mdm-provider-microsoft-store-for-business.md) and [Manage apps you purchased from the Microsoft Store for Business with Microsoft Intune](/intune/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune).
+In Azure AD management portal, find the MDM application, and then add it to your directory. Once the MDM has been configured in Azure AD, you can authorize the tool to work with the Microsoft Store for Business or Microsoft Store for Education. This allows the MDM tool to call Microsoft Store management tool services. For more information, see [Configure MDM provider](configure-mdm-provider-microsoft-store-for-business.md) and [Manage apps you purchased from the Microsoft Store for Business with Microsoft Intune](/mem/intune/apps/windows-store-for-business).
Microsoft Store services provide:
@@ -61,4 +61,5 @@ This diagram shows how you can use a management tool to distribute an online-lic
## Related topics
[Configure MDM Provider](configure-mdm-provider-microsoft-store-for-business.md)
-[Manage apps you purchased from the Microsoft Store for Business and Education with Microsoft Intune](/intune-classic/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune)
\ No newline at end of file
+
+[Manage apps you purchased from the Microsoft Store for Business and Education with Microsoft Intune](/mem/intune/apps/windows-store-for-business)
diff --git a/store-for-business/includes/store-for-business-content-updates.md b/store-for-business/includes/store-for-business-content-updates.md
index d14bc10108..5555b333e4 100644
--- a/store-for-business/includes/store-for-business-content-updates.md
+++ b/store-for-business/includes/store-for-business-content-updates.md
@@ -2,21 +2,10 @@
-## Week of December 13, 2021
+## Week of April 25, 2022
| Published On |Topic title | Change |
|------|------------|--------|
-| 12/13/2021 | [Microsoft Store for Business and Education release history](/microsoft-store/release-history-microsoft-store-business-education) | modified |
-| 12/13/2021 | [Change history for Microsoft Store for Business and Education](/microsoft-store/sfb-change-history) | modified |
-| 12/14/2021 | [Manage user accounts in Microsoft Store for Business and Microsoft Store for Education (Windows 10)](/microsoft-store/manage-users-and-groups-microsoft-store-for-business) | modified |
-| 12/14/2021 | [Troubleshoot Microsoft Store for Business (Windows 10)](/microsoft-store/troubleshoot-microsoft-store-for-business) | modified |
-
-
-## Week of November 15, 2021
-
-
-| Published On |Topic title | Change |
-|------|------------|--------|
-| 11/16/2021 | [Microsoft Store for Business and Microsoft Store for Education overview (Windows 10)](/microsoft-store/microsoft-store-for-business-overview) | modified |
-| 11/19/2021 | [Microsoft Store for Business and Microsoft Store for Education overview (Windows 10)](/microsoft-store/microsoft-store-for-business-overview) | modified |
+| 4/28/2022 | [Prerequisites for Microsoft Store for Business and Education (Windows 10)](/microsoft-store/prerequisites-microsoft-store-for-business) | modified |
+| 4/28/2022 | [Prerequisites for Microsoft Store for Business and Education (Windows 10)](/microsoft-store/prerequisites-microsoft-store-for-business) | modified |
diff --git a/store-for-business/manage-users-and-groups-microsoft-store-for-business.md b/store-for-business/manage-users-and-groups-microsoft-store-for-business.md
index 717074d334..5253b14c06 100644
--- a/store-for-business/manage-users-and-groups-microsoft-store-for-business.md
+++ b/store-for-business/manage-users-and-groups-microsoft-store-for-business.md
@@ -41,7 +41,7 @@ For more information on Azure AD, see [About Office 365 and Azure Active Directo
## Add user accounts to your Azure AD directory
If you created a new Azure AD directory when you signed up for Store for Business, you'll have a directory set up with one user account - the global administrator. That global administrator can add user accounts to your Azure AD directory. However, adding user accounts to your Azure AD directory will not give those employees access to Store for Business. You'll need to assign Store for Business roles to your employees. For more information, see [Roles and permissions in the Store for Business.](roles-and-permissions-microsoft-store-for-business.md)
-You can use the [Office 365 admin dashboard](https://portal.office.com/adminportal) or [Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=691086) to add user accounts to your Azure AD directory. If you'll be using Azure management portal, you'll need an active subscription to [Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=708617).
+You can use the [Office 365 admin dashboard](https://portal.office.com/adminportal) or [Azure management portal](https://portal.azure.com/) to add user accounts to your Azure AD directory. If you'll be using Azure management portal, you'll need an active subscription to [Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=708617).
For more information, see:
- [Add user accounts using Office 365 admin dashboard](/microsoft-365/admin/add-users)
diff --git a/store-for-business/microsoft-store-for-business-education-powershell-module.md b/store-for-business/microsoft-store-for-business-education-powershell-module.md
index 3bdd7d61bc..fd4d4e8c20 100644
--- a/store-for-business/microsoft-store-for-business-education-powershell-module.md
+++ b/store-for-business/microsoft-store-for-business-education-powershell-module.md
@@ -46,7 +46,7 @@ All of the **Microsoft Store for Business and Education** PowerShell cmdlets fol
## Install Microsoft Store for Business and Education PowerShell module
> [!NOTE]
-> Installing **Microsoft Store for Business and Education** PowerShell model using **PowerShellGet** requires [Windows Management Framework 5.0](https://www.microsoft.com/download/details.aspx?id=48729). The framework is included with Windows 10 by default).
+> Installing **Microsoft Store for Business and Education** PowerShell model using **PowerShellGet** requires [Windows Management Framework 5.0](https://www.microsoft.com/download/details.aspx?id=54616). The framework is included with Windows 10 by default).
To install **Microsoft Store for Business and Education PowerShell** with PowerShellGet, run this command:
diff --git a/windows/application-management/app-v/appv-about-appv.md b/windows/application-management/app-v/appv-about-appv.md
index b7490960fc..290b271595 100644
--- a/windows/application-management/app-v/appv-about-appv.md
+++ b/windows/application-management/app-v/appv-about-appv.md
@@ -27,8 +27,8 @@ Previous versions of the App-V Sequencer required manual sequencing and updating
Using the automatic sequencer to package your apps gives you the following benefits:
* **Automatic virtual machine (VM) sequencing environment provisioning**. To learn more, see [Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-provision-a-vm.md).
-* **Package batch-sequencing**. This means that multiple apps can be sequenced at the same time, in a single group. To learn more, see [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md).
-* **Package batch-updating**. This means that multiple apps can be updated at the same time, in a single group. To learn more, see [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md).
+* **Package batch-sequencing**. This benefit denotes that multiple apps can be sequenced at the same time, in a single group. To learn more, see [Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-sequencing.md).
+* **Package batch-updating**. This benefit denotes that multiple apps can be updated at the same time, in a single group. To learn more, see [Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer)](appv-auto-batch-updating.md).
### Updates to the App-V project template
@@ -36,7 +36,7 @@ Starting with Windows 10, version 1703, you can now save an App-V project templa
### Automatically clean up unpublished App-V packages from the App-V client
-Previous versions of App-V have required you to manually remove your unpublished packages from your client devices, to free up additional storage space. Windows 10, version 1703 introduces the ability to use PowerShell or Group Policy settings to automatically clean up your unpublished packages after a device restart. To learn more, see [Automatically clean up unpublished packages on the App-V client](../app-v/appv-auto-clean-unpublished-packages.md).
+Previous versions of App-V have required you to manually remove your unpublished packages from your client devices, to free up more storage space. Windows 10, version 1703 introduces the ability to use PowerShell or Group Policy settings to automatically clean up your unpublished packages after a device restart. To learn more, see [Automatically clean up unpublished packages on the App-V client](../app-v/appv-auto-clean-unpublished-packages.md).
## What's new in App-V in Windows 10, version 1607
diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
index cbda9f3cbe..6e37203bad 100644
--- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
+++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
@@ -67,9 +67,9 @@ The App-V Client performs tasks to keep virtual applications running properly an
| Copy on Write (COW) Local | %LocalAppData%\Microsoft\AppV\Client\VFS| Writeable non-roaming location for package modification.|
| Machine Registry | HKLM\Software\Microsoft\AppV| Contains package state information, including VReg for machine or globally published packages (Machine hive).|
| User Registry | HKCU\Software\Microsoft\AppV| Contains user package state information including VReg.|
-| User Registry Classes | HKCU\Software\Classes\AppV| Contains additional user package state information.|
+| User Registry Classes | HKCU\Software\Classes\AppV| Contains more user package state information.|
-Additional details for the table are provided in the section below and throughout the document.
+More details for the table are provided in the section below and throughout the document.
### Package store
@@ -92,10 +92,10 @@ If the App-V Client is configured in Shared Content Store mode, no data is writt
### Package catalogs
-The App-V Client manages the following two file-based locations:
+The App-V Client manages the following file-based locations:
- **Catalogs (user and machine).**
-- **Registry locations**—depends on how the package is targeted for publishing. There is a Catalog (data store) for the computer, and a catalog for each individual user. The Machine catalog stores global information applicable to all users or any specific user, and the User catalog stores information applicable to a specific user. The catalog is a collection of Dynamic Configurations and manifest files; there is discrete data for both file and registry per package version.
+- **Registry locations**—depends on how the package is targeted for publishing. There's a Catalog (data store) for the computer, and a catalog for each individual user. The Machine catalog stores global information applicable to all users or any specific user, and the User catalog stores information applicable to a specific user. The catalog is a collection of Dynamic Configurations and manifest files; there's discrete data for both file and registry per package version.
### Machine catalog
@@ -103,8 +103,8 @@ The locations described in this table can be found in the %programdata%\Microsof
| | Location |
|:---|:---|
-|**Description**|Stores package documents that are available to users on the machine when packages are added and published. However, if a package is “global” at publishing time, the integrations are available to all users.
If a package is non-global, the integrations are published only for specific users, but there are still global resources that are modified and visible to anyone on the client computer (such as when the package directory is in a shared disk location).
If a package is available to a user on the computer (global or non-global), the manifest is stored in the Machine Catalog. When a package is published globally, there is a Dynamic Configuration file, stored in the Machine Catalog; therefore, the determination of whether a package is global is defined according to whether there is a policy file (UserDeploymentConfiguration file) in the Machine Catalog.|
-|**Default storage location**|%programdata%\Microsoft\AppV\Client\Catalog\
This location is not the same as the Package Store location. The Package Store is the golden or pristine copy of the package files.|
+|**Description**|Stores package documents that are available to users on the machine when packages are added and published. However, if a package is “global” at publishing time, the integrations are available to all users.
If a package is non-global, the integrations are published only for specific users, but there are still global resources that are modified and visible to anyone on the client computer (such as when the package directory is in a shared disk location).
If a package is available to a user on the computer (global or non-global), the manifest is stored in the Machine Catalog. When a package is published globally, there's a Dynamic Configuration file, stored in the Machine Catalog; therefore, the determination of whether a package is global is defined according to whether there's a policy file (UserDeploymentConfiguration file) in the Machine Catalog.|
+|**Default storage location**|%programdata%\Microsoft\AppV\Client\Catalog\
This location isn't the same as the Package Store location. The Package Store is the golden or pristine copy of the package files.|
|**Files in the machine catalog**|- Manifest.xml
- DeploymentConfiguration.xml
- UserManifest.xml (Globally Published Package)
- UserDeploymentConfiguration.xml (Globally Published Package)|
|**Additional machine catalog location, used when the package is part of a connection group**|The following location is in addition to the specific package location mentioned previously as the default storage location:
%programdata%\Microsoft\AppV\Client\Catalog\PackageGroups\ConGroupGUID\ConGroupVerGUID|
|**Additional files in the machine catalog when the package is part of a connection group**|- PackageGroupDescriptor.xml
- UserPackageGroupDescriptor.xml (globally published Connection Group)|
@@ -115,7 +115,7 @@ The locations described in this table can be found in the appdata\roaming\Micros
|| Location |
|:---|:---|
-|**Description**|Created during the publishing process. Contains information used for publishing the package, and for making sure that a package is provisioned to a specific user at launch. Created in a roaming location and includes user-specific publishing information.
When a package is published for a user, the policy file is stored in the User Catalog. At the same time, a copy of the manifest is also stored in the User Catalog. When a package entitlement is removed for a user, the relevant package files are removed from the User Catalog. Looking at the user catalog, an administrator can view the presence of a Dynamic Configuration file, which indicates that the package is entitled for that user.
For roaming users, the User Catalog needs to be in a roaming or shared location to preserve the legacy App-V behavior of targeting users by default. Entitlement and policy are tied to a user, not a computer, so they should roam with the user once they are provisioned.|
+|**Description**|Created during the publishing process. Contains information used for publishing the package, and for making sure that a package is provisioned to a specific user at launch. Created in a roaming location and includes user-specific publishing information.
When a package is published for a user, the policy file is stored in the User Catalog. At the same time, a copy of the manifest is also stored in the User Catalog. When a package entitlement is removed for a user, the relevant package files are removed from the User Catalog. Looking at the user catalog, an administrator can view the presence of a Dynamic Configuration file, which indicates that the package is entitled for that user.
For roaming users, the User Catalog needs to be in a roaming or shared location to preserve the legacy App-V behavior of targeting users by default. Entitlement and policy are tied to a user, not a computer, so they should roam with the user once they're provisioned.|
|**Default storage location**|appdata\roaming\Microsoft\AppV\Client\Catalog\Packages\PkgGUID\VerGUID|
|**Files in the user catalog**|- UserManifest.xml
- DynamicConfiguration.xml or UserDeploymentConfiguration.xml|
|**Additional user catalog location, used when the package is part of a connection group**|The following location is in addition to the specific package location mentioned above:
appdata\roaming\Microsoft\AppV\Client\Catalog\PackageGroups\PkgGroupGUID\PkgGroupVerGUID|
@@ -135,7 +135,7 @@ The COW Roaming location described above stores changes to files and directories
### COW local
-The COW Local location is similar to the roaming location, but the directories and files are not roamed to other computers, even if roaming support has been configured. The COW Local location described above stores changes applicable to typical windows and not the %AppData% location. The directories listed will vary but there will be two locations for any typical Windows locations (for example, Common AppData and Common AppDataS). The **S** signifies the restricted location when the virtual service requests the change as a different elevated user from the signed-in users. The non-**S** location stores user-based changes.
+The COW Local location is similar to the roaming location, but the directories and files aren't roamed to other computers, even if roaming support has been configured. The COW Local location described above stores changes applicable to typical windows and not the %AppData% location. The directories listed will vary but there will be two locations for any typical Windows locations (for example, Common AppData and Common AppDataS). The **S** signifies the restricted location when the virtual service requests the change as a different elevated user from the signed-in users. The non-**S** location stores user-based changes.
## Package registry
@@ -151,15 +151,15 @@ When the first application from the package is launched on the client, the clien
When connection groups are present, the previous process of staging the registry holds true, but instead of having one hive file to process, there are more than one. The files are processed in the order in which they appear in the connection group XML, with the first writer winning any conflicts.
-The staged registry persists the same way as in the single package case. Staged user registry data remains for the connection group until it is disabled; staged machine registry data is removed on connection group removal.
+The staged registry persists the same way as in the single package case. Staged user registry data remains for the connection group until it's disabled; staged machine registry data is removed on connection group removal.
### Virtual registry
-The purpose of the virtual registry (VREG) is to provide a single merged view of the package registry and the native registry to applications. It also provides copy-on-write (COW) functionality—that is, any changes made to the registry from the context of a virtual process are made to a separate COW location. This means that the VREG must combine up to three separate registry locations into a single view based on the populated locations in the **registry COW** > **package** > **native**. When a request is made for a registry data it will locate in order until it finds the data it was requesting. Meaning if there is a value stored in a COW location it will not proceed to other locations, however, if there is no data in the COW location it will proceed to the Package and then Native location until it finds the appropriate data.
+The purpose of the virtual registry (VREG) is to provide a single merged view of the package registry and the native registry to applications. It also provides copy-on-write (COW) functionality—that is, any changes made to the registry from the context of a virtual process are made to a separate COW location. This functionality means that the VREG must combine up to three separate registry locations into a single view based on the populated locations in the **registry COW** > **package** > **native**. When a request is made for a registry data it will locate in order until it finds the data it was requesting. Meaning if there's a value stored in a COW location it will not proceed to other locations, however, if there's no data in the COW location it will proceed to the Package and then Native location until it finds the appropriate data.
### Registry locations
-There are two package registry locations and two connection group locations where the App-V Client stores registry information, depending on whether the Package is published individually or as part of a connection group. There are three COW locations for packages and three for connection groups, which are created and managed by the VREG. Settings for packages and connection groups are not shared:
+There are two package registry locations and two connection group locations where the App-V Client stores registry information, depending on whether the Package is published individually or as part of a connection group. There are three COW locations for packages and three for connection groups, which are created and managed by the VREG. Settings for packages and connection groups aren't shared:
#### Single Package VReg
@@ -207,7 +207,7 @@ The following locations are configured as pass-through locations by default:
- HKEY\_CURRENT\_USER\\SOFTWARE\\Policies
-The purpose of pass-through keys is to ensure that a virtual application does not write registry data in the VReg that is required for non-virtual applications for successful operation or integration. The Policies key ensures that Group Policy-based settings set by the administrator are utilized and not per package settings. The AppModel key is required for integration with Windows Modern UI-based applications. Administers ideally should not modify any of the default pass-through keys, but in some instances, the admin may need to add additional pass-through keys to adjust application behavior.
+The purpose of pass-through keys is to ensure that a virtual application doesn't write registry data in the VReg that is required for non-virtual applications for successful operation or integration. The Policies key ensures that Group Policy-based settings set by the administrator are utilized and not per package settings. The AppModel key is required for integration with Windows Modern UI-based applications. Administers ideally shouldn't modify any of the default pass-through keys, but in some instances, the admin may need to add more pass-through keys to adjust application behavior.
## App-V package store behavior
@@ -233,7 +233,7 @@ The App-V Client can be configured to change the default behavior of streaming.
|PackageSourceRoot|The root override where packages should be streamed from|
|SharedContentStoreMode|Enables the use of Shared Content Store for VDI scenarios|
-These settings affect the behavior of streaming App-V package assets to the client. By default, App-V only downloads the assets required after downloading the initial publishing and primary feature blocks. There are three specific behaviors in streaming packages that it's particularly important to understand:
+These settings affect the behavior of streaming App-V package assets to the client. By default, App-V only downloads the assets required after downloading the initial publishing and primary feature blocks. There are three specific behaviors in streaming packages that is important to understand:
- Background Streaming
- Optimized Streaming
@@ -241,7 +241,7 @@ These settings affect the behavior of streaming App-V package assets to the clie
### Background streaming
-The Windows PowerShell cmdlet **Get-AppvClientConfiguration** can be used to determine the current mode for background streaming with the AutoLoad setting and modified with either the **Set-AppvClientConfiguration** cmdlet or from the registry (HKLM\\SOFTWARE\\Microsoft\\AppV\\ClientStreaming key). Background streaming is a default setting where the Autoload setting is set to download previously used packages. The behavior based on default setting (value=1) downloads App-V data blocks in the background after the application has been launched. This setting can either be disabled altogether (value=0) or enabled for all packages (value=2), regardless of whether they have been launched.
+The Windows PowerShell cmdlet **Get-AppvClientConfiguration** can be used to determine the current mode for background streaming with the AutoLoad setting and modified with either the **Set-AppvClientConfiguration** cmdlet or from the registry (HKLM\\SOFTWARE\\Microsoft\\AppV\\ClientStreaming key). Background streaming is a default setting where the Autoload setting is set to download previously used packages. The behavior based on default setting (value=1) downloads App-V data blocks in the background after the application has been launched. This setting can either be disabled altogether (value=0) or enabled for all packages (value=2), regardless of whether they've been launched.
### Optimized streaming
@@ -249,7 +249,7 @@ App-V packages can be configured with a primary feature block during sequencing.
### Stream faults
-After the initial stream of any publishing data and the primary feature block, requests for additional files perform stream faults. These blocks of data are downloaded to the package store on an as-needed basis. This allows a user to download only a small part of the package, typically enough to launch the package and run normal tasks. All other blocks are downloaded when a user initiates an operation that requires data not currently in the package store.
+After the initial stream of any publishing data and the primary feature block, requests for more files perform stream faults. These blocks of data are downloaded to the package store on an as-needed basis. This flexibility allows a user to download only a small part of the package, typically enough to launch the package and run normal tasks. All other blocks are downloaded when a user initiates an operation that requires data not currently in the package store.
### Package upgrades
@@ -257,11 +257,11 @@ App-V Packages require updating throughout the lifecycle of the application. App
### Package removal
-The App-V Client's behavior when packages are removed depends on the package removal method. Using an App-V full infrastructure to unpublish the application, the user catalog files (machine catalog for globally published applications) are removed, but the package store location and COW locations remain. When the **Remove-AppVClientPackge** Windows PowerShell cmdlet is used to remove an App-V Package, the package store location is cleaned. Remember that unpublishing an App-V Package from the Management Server does not perform a Remove operation. Neither operation will remove the Package Store package files.
+The App-V Client's behavior when packages are removed depends on the package removal method. Using an App-V full infrastructure to unpublish the application, the user catalog files (machine catalog for globally published applications) are removed, but the package store location and COW locations remain. When the **Remove-AppVClientPackge** Windows PowerShell cmdlet is used to remove an App-V Package, the package store location is cleaned. Remember that unpublishing an App-V Package from the Management Server doesn't perform a Remove operation. Neither operation will remove the Package Store package files.
## Roaming registry and data
-App-V is able to provide a near-native experience when roaming, depending on how the application being used is written. By default, App-V roams AppData that is stored in the roaming location, based on the roaming configuration of the operating system. Other locations for storage of file-based data do not roam from computer to computer, since they are in locations that are not roamed.
+App-V is able to provide a near-native experience when roaming, depending on how the application being used is written. By default, App-V roams AppData that is stored in the roaming location, based on the roaming configuration of the operating system. Other locations for storage of file-based data don't roam from computer to computer, since they're in locations that aren't roamed.
### Roaming requirements and user catalog data storage
@@ -270,7 +270,7 @@ App-V stores data, which represents the state of the user’s catalog, in the fo
- Files under %appdata%\\Microsoft\\AppV\\Client\\Catalog
- Registry settings under HKEY_CURRENT_USER\Software\Microsoft\AppV\Client\Packages
-Together, these files and registry settings represent the user’s catalog, so either both must be roamed, or neither must be roamed for a given user. App-V does not support roaming %AppData%, but not roaming the user’s profile (registry), or vice versa.
+Together, these files and registry settings represent the user’s catalog, so either both must be roamed, or neither must be roamed for a given user. App-V doesn't support roaming %AppData%, but not roaming the user’s profile (registry), or vice versa.
>[!NOTE]
>The **Repair-AppvClientPackage** cmdlet doesn't repair the publishing state of packages where the user’s App-V state under HKEY_CURRENT_USER is missing or mismatched with the data in %appdata%.
@@ -281,8 +281,8 @@ App-V registry roaming falls into two scenarios, as shown in the following table
|Scenario|Description|
|---|---|
-|Applications that are run as standard users|When a standard user launches an App-V application, both HKLM and HKCU for App-V applications are stored in the HKCU hive on the machine. This presents as two distinct paths:
- HKLM's location is HKCU\SOFTWARE\Classes\AppV\Client\Packages\\{PkgGUID}\REGISTRY\MACHINE\SOFTWARE
- HKCU's location is HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\REGISTRY\USER\\{UserSID}\SOFTWARE
The locations are enabled for roaming based on the operating system settings.|
-|Applications that are run with elevation|When an application is launched with elevation:
- HKLM data is stored in the HKLM hive on the local computer
- HKCU data is stored in the User Registry location
In this scenario, these settings are not roamed with normal operating system roaming configurations, and the resulting registry keys and values are stored in the following locations:
- HKLM's location is HKLM\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\{UserSID}\REGISTRY\MACHINE\SOFTWARE
- HKCU's location is HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\Registry\User\\{UserSID}\SOFTWARE|
+|Applications that are run as standard users|When a standard user launches an App-V application, both HKLM and HKCU for App-V applications are stored in the HKCU hive on the machine. This scenario presents two distinct paths:
- HKLM's location is HKCU\SOFTWARE\Classes\AppV\Client\Packages\\{PkgGUID}\REGISTRY\MACHINE\SOFTWARE
- HKCU's location is HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\REGISTRY\USER\\{UserSID}\SOFTWARE
The locations are enabled for roaming based on the operating system settings.|
+|Applications that are run with elevation|When an application is launched with elevation:
- HKLM data is stored in the HKLM hive on the local computer
- HKCU data is stored in the User Registry location
In this scenario, these settings aren't roamed with normal operating system roaming configurations, and the resulting registry keys and values are stored in the following locations:
- HKLM's location is HKLM\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\{UserSID}\REGISTRY\MACHINE\SOFTWARE
- HKCU's location is HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\Registry\User\\{UserSID}\SOFTWARE|
### App-V and folder redirection
@@ -290,7 +290,7 @@ App-V supports folder redirection of the roaming AppData folder (%AppData%). Whe
A typical package has several locations mapped in the user’s backing store for settings in both AppData\\Local and AppData\\Roaming. These locations are the Copy on Write locations that are stored per user in the user’s profile, and that are used to store changes made to the package VFS directories and to protect the default package VFS.
-The following table shows local and roaming locations when folder redirection has not been implemented.
+The following table shows local and roaming locations when folder redirection hasn't been implemented.
| VFS directory in package | Mapped location of backing store |
|---|---|
@@ -310,13 +310,13 @@ The following table shows local and roaming locations when folder redirection ha
| appv_ROOT | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\appv\_ROOT |
| AppData | \\Fileserver\users\Local\roaming\Microsoft\AppV\Client\VFS\\<GUID>\AppData |
-The current App-V Client VFS driver can't write to network locations, so the App-V Client detects the presence of folder redirection and copies the data on the local drive during publishing and when the virtual environment starts. After the user closes the App-V application and the App-V Client closes the virtual environment, the local storage of the VFS AppData is copied back to the network, enabling roaming to additional machines, where the process will be repeated. Here's what happens during the process:
+The current App-V Client VFS driver can't write to network locations, so the App-V Client detects the presence of folder redirection and copies the data on the local drive during publishing and when the virtual environment starts. After the user closes the App-V application and the App-V Client closes the virtual environment, the local storage of the VFS AppData is copied back to the network, enabling roaming to more machines, where the process will be repeated. Here's what happens during the process:
1. During publishing or virtual environment startup, the App-V Client detects the location of the AppData directory.
2. If the roaming AppData path is local or no AppData\\Roaming location is mapped, nothing happens.
-3. If the roaming AppData path is not local, the VFS AppData directory is mapped to the local AppData directory.
+3. If the roaming AppData path isn't local, the VFS AppData directory is mapped to the local AppData directory.
-This process solves the problem of a non-local %AppData% that is not supported by the App-V Client VFS driver. However, the data stored in this new location is not roamed with folder redirection. All changes during the running of the application happen to the local AppData location and must be copied to the redirected location. The process does the following things:
+This process solves the problem of a non-local %AppData% that isn't supported by the App-V Client VFS driver. However, the data stored in this new location isn't roamed with folder redirection. All changes during the running of the application happen to the local AppData location and must be copied to the redirected location. The process does the following things:
1. Shuts down the App-V application, which also shuts down the virtual environment.
2. Compresses the local cache of the roaming AppData location and store it in a .zip file.
@@ -324,7 +324,7 @@ This process solves the problem of a non-local %AppData% that is not supported b
4. Records the time stamp in the HKEY\_CURRENT\_USER\\Software\\Microsoft\\AppV\\Client\\Packages\\<GUID>\\AppDataTime registry as the last known AppData time stamp.
5. Calls the folder redirection process to evaluate and initiate the .zip file uploaded to the roaming AppData directory.
-The time stamp is used to determine a “last writer wins” scenario if there is a conflict and is used to optimize the download of the data when the App-V application is published, or the virtual environment is started. Folder redirection will make the data available from any other clients covered by the supporting policy and will initiate the process of storing the AppData\\Roaming data to the local AppData location on the client. Here's what happens during the process:
+The time stamp is used to determine a “last writer wins” scenario if there's a conflict and is used to optimize the download of the data when the App-V application is published, or the virtual environment is started. Folder redirection will make the data available from any other clients covered by the supporting policy and will initiate the process of storing the AppData\\Roaming data to the local AppData location on the client. Here's what happens during the process:
1. The user starts an application, which also starts the virtual environment.
2. The application’s virtual environment checks for the most recent time stamped .zip file, if present.
@@ -334,7 +334,7 @@ The time stamp is used to determine a “last writer wins” scenario if there i
6. After the .zip file is successfully extracted, the local cache of the roaming AppData directory is renamed and the new data moved into place.
7. The renamed directory is deleted and the application opens with the most recently saved roaming AppData data.
-This completes the successful roaming of application settings that are present in AppData\\Roaming locations. The only other condition that must be addressed is a package repair operation. The process does the following things:
+This process completes the successful roaming of application settings that are present in AppData\\Roaming locations. The only other condition that must be addressed is a package repair operation. The process does the following things:
1. During repair, detects if the path to the user’s roaming AppData directory isn't local.
2. Maps the non-local roaming AppData path targets, recreating the expected roaming and local AppData locations.
@@ -344,7 +344,7 @@ This process will recreate both the local and network locations for AppData and
## App-V Client application lifecycle management
-In an App-V Full Infrastructure, after applications are sequenced they are managed and published to users or computers through the App-V Management and Publishing servers. This section details the operations that occur during the common App-V application lifecycle operations (Add, publishing, launch, upgrade, and removal) and the file and registry locations that are changed and modified from the App-V Client perspective. The App-V Client operations are input as PowerShell commands on the computer running the App-V Client.
+In an App-V Full Infrastructure, after applications are sequenced, they're managed and published to users or computers through the App-V Management and Publishing servers. This section details the operations that occur during the common App-V application lifecycle operations (Add, publishing, launch, upgrade, and removal) and the file and registry locations that are changed and modified from the App-V Client perspective. The App-V Client operations are input as PowerShell commands on the computer running the App-V Client.
This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Microsoft Endpoint Configuration Manager, see [Deploy App-V virtual applications with Configuration Manager](/mem/configmgr/apps/get-started/deploying-app-v-virtual-applications).
@@ -357,7 +357,7 @@ The publishing refresh process comprises several smaller operations that are per
- **Add-AppVPublishingServer** configures the client with an App-V Publishing Server that provides App-V packages.
- **Set-AppVPublishingServer** modifies the current settings for the App-V Publishing Server.
- **Set-AppVClientConfiguration** modifies the currents settings for the App-V Client.
-- **Sync-AppVPublishingServer** initiates an App-V Publishing Refresh process manually. This is also utilized in the scheduled tasks created during configuration of the publishing server.
+- **Sync-AppVPublishingServer** initiates an App-V Publishing Refresh process manually. This process is also utilized in the scheduled tasks created during configuration of the publishing server.
The following sections will elaborate what goes on during the publishing refresh process.
@@ -365,7 +365,7 @@ The following sections will elaborate what goes on during the publishing refresh
Adding an App-V package to the client is the first step of the publishing refresh process. The end result is the same as the **Add-AppVClientPackage** cmdlet in Windows PowerShell, except the publishing refresh add process contacts the configured publishing server and passes a high-level list of applications back to the client to pull more detailed information, rather than just doing a single package add operation.
-The process then configures the client for package or connection group additions or updates, then accesses the appv file. Next, the contents of the appv file are expanded and placed on the local operating system in the appropriate locations. The following is a detailed workflow of the process, assuming the package is configured for Fault Streaming.
+The process then configures the client for package or connection group additions or updates, then accesses the appv file. Next, the contents of the appv file are expanded and placed on the local operating system in the appropriate locations. The following steps are a detailed workflow of the process, assuming the package is configured for Fault Streaming.
#### How to add an App-V package
@@ -373,9 +373,9 @@ The process then configures the client for package or connection group additions
1. The App-V Client makes an HTTP connection and requests a list of applications based on the target. The Publishing refresh process supports targeting machines or users.
- 2. The App-V Publishing Server uses the identity of the initiating target, user or machine, and queries the database for a list of entitled applications. The list of applications is provided as an XML response, which the client uses to send additional requests to the server for more information on a per-package basis.
+ 2. The App-V Publishing Server uses the identity of the initiating target, user or machine, and queries the database for a list of entitled applications. The list of applications is provided as an XML response, which the client uses to send more requests to the server for more information on a per-package basis.
-2. The Publishing Agent on the App-V Client will evaluate any connection groups that are unpublished or disabled, since package version updates that are part of the connection group cannot be processed.
+2. The Publishing Agent on the App-V Client will evaluate any connection groups that are unpublished or disabled, since package version updates that are part of the connection group can't be processed.
3. Configure the packages by identifying the **Add** or **Update** operations.
@@ -389,7 +389,7 @@ The process then configures the client for package or connection group additions
- Portable Executable Headers (PE Headers): Targets of extension points that contain the base information about the image need on disk, accessed directly or through file types.
- Scripts: Download scripts directory for use throughout the publishing process.
- 4. Populate the Package store by doing the following:
+ 4. Populate the Package store by performing the following sub-steps:
1. Create sparse files on disk that represent the extracted package for any directories listed.
@@ -409,7 +409,7 @@ The process then configures the client for package or connection group additions
4. Configure Connection Groups by adding and enabling or disabling.
-5. Remove objects that are not published to the target (user or machine).
+5. Remove objects that aren't published to the target (user or machine).
> [!NOTE]
>This will not perform a package deletion but rather remove integration points for the specific target (user or machine) and remove user catalog files (machine catalog files for globally published).
@@ -421,7 +421,7 @@ The process then configures the client for package or connection group additions
> [!NOTE]
>This condition occurs as a product of removal without unpublishing with background addition of the package.
-This completes an App-V package add for the publishing refresh process. The next step is publishing the package to a specific target (machine or user).
+This process completes an App-V package add for the publishing refresh process. The next step is publishing the package to a specific target (machine or user).
@@ -452,7 +452,7 @@ During the Publishing Refresh operation, the specific publishing operation, **Pu
3. Run scripts targeted for publishing timing.
-Publishing an App-V Package that is part of a Connection Group is very similar to the above process. For connection groups, the path that stores the specific catalog information includes PackageGroups as a child of the Catalog Directory. Review the Machine and User Catalog information in the preceding sections for details.
+Publishing an App-V Package that is part of a Connection Group is similar to the above process. For connection groups, the path that stores the specific catalog information includes PackageGroups as a child of the Catalog Directory. Review the Machine and User Catalog information in the preceding sections for details.
@@ -460,7 +460,7 @@ Publishing an App-V Package that is part of a Connection Group is very similar t
### Application launch
-After the Publishing Refresh process, the user launches and then relaunches an App-V application. The App-V Client checks the path to the user catalog for files created during publishing. After establishing rights to launch the package, the App-V Client creates a virtual environment, begins streaming any necessary data, and applies the appropriate manifest and deployment configuration files during virtual environment creation. Once the virtual environment created and configured for the specific package and application, the application starts. This might seem like a lot, but the process in action is actually quite fast, and is optimized to minimize network traffic.
+After the Publishing Refresh process, the user launches and then relaunches an App-V application. The App-V Client checks the path to the user catalog for files created during publishing. After establishing rights to launch the package, the App-V Client creates a virtual environment, begins streaming any necessary data, and applies the appropriate manifest and deployment configuration files during virtual environment creation. Once the virtual environment created and configured for the specific package and application, the application starts. This might seem like a lot, but the process in action is fast, and is optimized to minimize network traffic.
#### How to launch App-V applications
@@ -471,11 +471,13 @@ After the Publishing Refresh process, the user launches and then relaunches an A
- **UserDeploymentConfiguration.xml**
- **UserManifest.xml**
-3. If the files are present, the application is entitled for that specific user and the application will start the process for launch. There is no network traffic at this point.
+3. If the files are present, the application is entitled for that specific user and the application will start the process for launch. There's no network traffic at this point.
4. Next, the App-V Client checks that the path for the package registered for the App-V Client service is found in the registry.
-5. Upon finding the path to the package store, the virtual environment is created. If this is the first launch, the Primary Feature Block downloads if present.
+5. Upon finding the path to the package store, the virtual environment is created.
+
+ If this process execution is the first launch, the Primary Feature Block downloads if present.
6. After downloading, the App-V Client service consumes the manifest and deployment configuration files to configure the virtual environment and all App-V subsystems are loaded.
@@ -487,7 +489,7 @@ After the Publishing Refresh process, the user launches and then relaunches an A
### Upgrading an App-V package
-The current version of App-V's package upgrade process differs from the older versions in its storage optimization. App-V supports multiple versions of the same package on a machine entitled to different users. Package versions can be added at any time, as the package store and catalogs are updated with the new resources. During an upgrade in the new version, only new files are added to the new version store location, and hard links are created for unchanged files. This reduces overall storage by only presenting the file on one disk location, then projecting it into all folders with a file location entry on the disk.
+The current version of App-V's package upgrade process differs from the older versions in its storage optimization. App-V supports multiple versions of the same package on a machine entitled to different users. Package versions can be added at any time, as the package store and catalogs are updated with the new resources. During an upgrade in the new version, only new files are added to the new version store location, and hard links are created for unchanged files. Such results reduce overall storage by only presenting the file on one disk location, then projecting it into all folders with a file location entry on the disk.
#### How to upgrade an App-V package
@@ -521,7 +523,7 @@ If you try to upgrade a package that is currently in use, the upgrade task is pl
| Task type | Applicable rule |
|---|---|
-| User-based tasks, such as publishing a package to a user | The pending task will be performed after the user logs off and then logs back on. |
+| User-based tasks, such as publishing a package to a user | The pending task will be performed after the user signs out and then signs back in. |
| Globally based tasks, such as enabling a connection group globally | The pending task will be performed when the computer is shut down and then restarted. |
When a task is placed in a pending state, the App-V Client also generates a registry key for the pending task, as follows:
@@ -542,19 +544,19 @@ Use the following example scenarios as a guide for updating packages.
| Scenario | Requirements |
|---|---|
-| App-V package is not in use when you try to upgrade | None of the following components of the package can be in use: virtual application, COM server, or shell extensions.
The administrator publishes a newer version of the package and the upgrade works the next time a component or application inside the package is launched. The new version of the package is streamed and ran. |
-| App-V package is in use when the administrator publishes a newer version of the package | The App-V Client sets the operation to "pending," which means that it is queued and will be carried out later when the package is not in use.
If the package application is in use, the user shuts down the virtual application, after which the upgrade can occur.
If the package has shell extensions, which are permanently loaded by Windows Explorer, the user won't be able to sign in. Users must sign off and then sign back in to initiate the App-V package upgrade.|
+| App-V package isn't in use when you try to upgrade | None of the following components of the package can be in use: virtual application, COM server, or shell extensions.
The administrator publishes a newer version of the package and the upgrade works the next time a component or application inside the package is launched. The new version of the package is streamed and ran. |
+| App-V package is in use when the administrator publishes a newer version of the package | The App-V Client sets the operation to "pending," which means that it's queued and will be carried out later when the package isn't in use.
If the package application is in use, the user shuts down the virtual application, after which the upgrade can occur.
If the package has shell extensions, which are permanently loaded by Windows Explorer, the user won't be able to sign in. Users must sign off and then sign back in to initiate the App-V package upgrade.|
### Global vs. user publishing
-App-V Packages can be published in one of two ways; as user, which entitles an App-V package to a specific user or group of users, or as global, which entitles the App-V package to the entire machine for all users of the machine. Once a package upgrade has been pended and the App-V package is not in use, consider the two types of publishing:
+App-V Packages can be published in one of two ways; as user, which entitles an App-V package to a specific user or group of users, or as global, which entitles the App-V package to the entire machine for all users of the machine. Once a package upgrade has been pended and the App-V package isn't in use, consider the two types of publishing:
- Global publishing is when the application is published to a machine; all users on that machine can use it. The upgrade will happen when the App-V Client Service starts, which effectively means a machine restart.
-- User publishing is when the application is published to a user. If there are multiple users on the machine, the application can be published to a subset of the users. The upgrade will happen when the user signs in or when it is published again (periodically, ConfigMgr Policy refresh and evaluation, or an App-V periodic publishing/refresh, or explicitly through Windows PowerShell commands).
+- User publishing is when the application is published to a user. If there are multiple users on the machine, the application can be published to a subset of the users. The upgrade will happen when the user signs in or when it's published again (periodically, ConfigMgr Policy refresh and evaluation, or an App-V periodic publishing/refresh, or explicitly through Windows PowerShell commands).
### Removing an App-V package
-Removing App-V applications in a Full Infrastructure is an unpublish operation and does not perform a package removal. The process is the same as the publish process above, but instead of adding the removal process reverses the changes that have been made for App-V Packages.
+Removing App-V applications in a Full Infrastructure is an unpublish operation and doesn't perform a package removal. The process is the same as the publish process above, but instead of adding the removal process reverses the changes that have been made for App-V Packages.
### Repairing an App-V package
@@ -577,12 +579,12 @@ When App-V applications are published to a computer with the App-V Client, some
- Backup and Restore: Existing native application data and registry (such as FTA registrations) are backed up during publishing.
1. App-V packages are given ownership based on the last integrated package where the ownership is passed to the newest published App-V application.
- 2. Ownership transfers from one App-V package to another when the owning App-V package is unpublished. This will not initiate a restore of the data or registry.
+ 2. Ownership transfers from one App-V package to another when the owning App-V package is unpublished. This transfer won't initiate a restore of the data or registry.
3. Restore the backed-up data when the last package is unpublished or removed on a per-extension point basis.
### Extension points
-The App-V publishing files (manifest and dynamic configuration) provide several extension points to integrate the application with the local operating system. These extension points perform typical application installation tasks, such as placing shortcuts, creating file type associations, and registering components. As these are virtualized applications that are not installed in the same manner a traditional application, there are some differences. The following is a list of extension points covered in this section:
+The App-V publishing files (manifest and dynamic configuration) provide several extension points to integrate the application with the local operating system. These extension points perform typical application installation tasks, such as placing shortcuts, creating file type associations, and registering components. As these are virtualized applications that aren't installed in the same manner a traditional application, there are some differences. The following is a list of extension points covered in this section:
- Shortcuts
- File type associations
@@ -598,7 +600,7 @@ The App-V publishing files (manifest and dynamic configuration) provide several
The shortcut is one of the basic elements of integration with the OS and is the interface for direct user launch of an App-V application. During the publishing and unpublishing of App-V applications.
-From the package manifest and dynamic configuration XML files, the path to a specific application executable can be found in a section like the following:
+From the package manifest and dynamic configuration XML files, the path to a specific application executable can be found in a section as shown in the following example:
```XML
1,000
5,000
10,000|120
120
120
120|Dual Core
Dual Core
Quad Core
Quad Core|LAN|1
2
2
3|100
99
89
77|
|Multiple packages in each refresh.|Number of packages|1,000
1,000|500
1,000|Quad Core|LAN|2
3|92
91|
-|Network between client and publishing server.|1.5 Mbps Slow link network|100
500
1,000|120
120
120|Quad Core|1.5 Mbps intra-continental network|3
10 (0.2% failure rate)
7 (1% failure rate)||
+|Network between client and publishing server.|1.5 Mbps Slow link network|100
500
1,000|120
120
120|Quad Core|1.5-Mbps intra-continental network|3
10 (0.2% failure rate)
7 (1% failure rate)||
## App-V streaming capacity planning recommendations
@@ -159,9 +159,9 @@ Computers running the App-V client stream the virtual application package from t
|Scenario|Summary|
|---|---|
-|Multiple App-V clients stream applications from a single streaming server simultaneously.|If the number of clients simultaneously streaming from the same server increases, there is a linear relationship with the package download/streaming time.|
+|Multiple App-V clients stream applications from a single streaming server simultaneously.|If the number of clients simultaneously streaming from the same server increases, there's a linear relationship with the package download/streaming time.|
|Size of the package being streamed.|The package size has a significant impact on the streaming/download time only for larger packages with a size of about 1 GB. For package sizes ranging from 3 MB to 100 MB, the streaming time ranges from 20 seconds to 100 seconds, with 100 simultaneous clients.|
-|Network between the App-V client and the streaming server.|Across a slow network (1.5 Mbps bandwidth), there is a 70–80% increase in response time compared to LAN (up to 100 users).|
+|Network between the App-V client and the streaming server.|Across a slow network (1.5-Mbps bandwidth), there's a 70–80% increase in response time compared to LAN (up to 100 users).|
The following table displays sample values for each of the factors in the previous list:
@@ -169,22 +169,22 @@ The following table displays sample values for each of the factors in the previo
|---|---|---|---|---|---|
|Multiple App-V clients streaming virtual application packages from a streaming server.|Number of clients.|100
200
1,000
100
200
1,000|3.5 MB
3.5 MB
3.5 MB
5 MB
5 MB
5 MB|LAN|29
39
391
35
68
461|
|Size of each package being streamed.|Size of each package.|100
200
100
200|21 MB
21 MB
109 MB
109 MB|LAN|33
83
100
160|
-|Network connection between client and App-V streaming server.|1.5 Mbps Slow link network.|100
100|3.5 MB
5 MB|1.5 Mbps intra-continental network|102
121|
+|Network connection between client and App-V streaming server.|1.5 Mbps Slow link network.|100
100|3.5 MB
5 MB|1.5-Mbps intra-continental network|102
121|
Each App-V streaming server should be able to handle a minimum of 200 clients concurrently streaming virtualized applications.
>[!NOTE]
>The actual time to it will take to stream is determined primarily by the number of clients streaming simultaneously, number of packages, package size, the server’s network activity, and network conditions.
-For example, an average user can stream a 100 MB package in less than 2 minutes, when 100 simultaneous clients are streaming from the server. However, a package of size 1 GB could take up to 30 minutes. In most real-world environments, streaming demand is not uniformly distributed, you will need to understand the approximate peak streaming requirements present in your environment to properly size the number of required streaming servers.
+For example, an average user can stream a 100-MB package in less than 2 minutes, when 100 simultaneous clients are streaming from the server. However, a package of size 1 GB could take up to 30 minutes. In most real-world environments, streaming demand isn't uniformly distributed, you'll need to understand the approximate peak streaming requirements present in your environment to properly size the number of required streaming servers.
-The number of clients a streaming server can support can be significantly increased and the peak streaming requirements reduced if you pre-cache your applications. You can also increase the number of clients a streaming server can support by using on-demand streaming delivery and stream optimized packages.
+The number of clients a streaming server can support can be increased and the peak streaming requirements reduced if you pre-cache your applications. You can also increase the number of clients a streaming server can support by using on-demand streaming delivery and stream optimized packages.
## Combining App-V server roles
-Discounting scaling and fault-tolerance requirements, the minimum number of servers that a location with Active Directory connectivity needs to function is one. This server will host the management server, management server service, and Microsoft SQL Server roles. This means that you can arrange server roles in any combination you like, as they don't conflict with one another.
+Discounting scaling and fault-tolerance requirements, the minimum number of servers that a location with Active Directory connectivity needs to function is 1. This server will host the management server, management server service, and Microsoft SQL Server roles. This coverage means that you can arrange server roles in any combination you like, as they don't conflict with one another.
-Ignoring scaling requirements, the minimum number of servers that a fault-tolerant implementation needs to function is four. The management server and Microsoft SQL Server roles support placement in fault-tolerant configurations. The management server service can be combined with any of the roles, but remains a single point of failure.
+Notwithstanding scaling requirements, the minimum number of servers that a fault-tolerant implementation needs to function is four. The management server and Microsoft SQL Server roles support placement in fault-tolerant configurations. The management server service can be combined with any of the roles, but remains a single point of failure.
Although there are many fault-tolerance strategies and technologies you can use, not all are applicable to a given service. Additionally, if App-V roles are combined, the resulting incompatibilities could cause certain fault-tolerance options to stop working.
diff --git a/windows/application-management/app-v/appv-client-configuration-settings.md b/windows/application-management/app-v/appv-client-configuration-settings.md
index 46288270d4..25ab412507 100644
--- a/windows/application-management/app-v/appv-client-configuration-settings.md
+++ b/windows/application-management/app-v/appv-client-configuration-settings.md
@@ -16,7 +16,7 @@ ms.topic: article
[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
-The Microsoft Application Virtualization (App-V) client stores its configuration in the registry. Understanding how the register's format for data works can help you better understand the client, as you can configure many client actions by changing registry entries. This topic lists the App-V client configuration settings and explains their uses. You can use Windows PowerShell to modify the client configuration settings. For more information about using Windows PowerShell and App-V see [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md).
+The Microsoft Application Virtualization (App-V) client stores its configuration in the registry. Understanding how the register's format for data works can help you better understand the client, as you can configure many client actions by changing registry entries. This topic lists the App-V client configuration settings and explains their uses. You can use Windows PowerShell to modify the client configuration settings. For more information about using Windows PowerShell and App-V, see [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md).
You can use Group Policy to configure App-V client settings by navigating to the **Group Policy management console** at **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
@@ -35,7 +35,7 @@ The following table provides information about App-V client configuration settin
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-LocationProvider**
String | Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface. | Policy value not written (same as Not Configured) |
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-CertFilterForClientSsl**
String | Specifies the path to a valid certificate in the certificate store. | Policy value not written (same as Not Configured) |
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-VerifyCertificateRevocationList**
True (enabled); False (Disabled state) | Verifies Server certificate revocation status before streaming with HTTPS. | 0 |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-SharedContentStoreMode**
True (enabled); False (Disabled state) | Specifies that streamed package contents will be not be saved to the local hard disk. | 0 |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-SharedContentStoreMode**
True (enabled); False (Disabled state) | Specifies that streamed package contents will not be saved to the local hard disk. | 0 |
| Set-AppvPublishingServer
**-Name**
String | Displays the name of publishing server. | Policy value not written (same as Not Configured) |
| Set-AppvPublishingServer
**-URL**
String | Displays the URL of publishing server. | Policy value not written (same as Not Configured) |
| Set-AppvPublishingServer
**-GlobalRefreshEnabled**
True (enabled); False (Disabled state) | Enables global publishing refresh (Boolean) | False |
@@ -46,20 +46,20 @@ The following table provides information about App-V client configuration settin
| Set-AppvPublishingServer
**-UserRefreshOnLogon**
True (enabled); False (Disabled state) | Triggers a user publishing refresh on sign in. (Boolean) Word count (with spaces): 60 | False |
| Set-AppvPublishingServer
**-UserRefreshInterval**
Word count (with spaces): 85
Integer (0–744 Hours) | Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. | 0 |
| Set-AppvPublishingServer
**-UserRefreshIntervalUnit**
0 for hour, 1 for day | Specifies the interval unit (Hour 0–23, Day 0–31). | 1 |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-MigrationMode**
True (enabled state); False (Disabled state) | Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created by a previous version of App-V. | |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-MigrationMode**
True (enabled state); False (Disabled state) | Migration mode allows the App-V client to modify shortcuts and FTAs for packages created by a previous version of App-V. | |
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-EnablePackageScripts**
True (enabled); False (Disabled state) | Enables scripts defined in the package manifest of configuration files that should run. | |
-| Set-AppvClientConfiguration
**-RoamingFileExclusions**
String | Specifies the file paths relative to %userprofile% that do not roam with a user's profile. For example, ```/ROAMINGFILEEXCLUSIONS='desktop;my pictures'``` | |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-RoamingRegistryExclusions**
String | Specifies the registry paths that do not roam with a user profile. For example, ```/ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients``` | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-IntegrationRootUser**
String | Specifies the location to create symbolic links associated with the current version of a per-user published package. All virtual application extensions, such as shortcuts and file type associations, will point to this path. If you don't specify a path, symbolic links will not be used when you publish the package. For example, ```%localappdata%\\Microsoft\\AppV\\Client\\Integration```. | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-IntegrationRootGlobal**
String | Specifies the location to create symbolic links associated with the current version of a globally published package. All virtual application extensions, such as shortcuts and file type associations, will point to this path. If you don't specify a path, symbolic links will not be used when you publish the package. For example, ```%allusersprofile%\\Microsoft\\AppV\\Client\\Integration```. | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration
**-RoamingFileExclusions**
String | Specifies the file paths relative to %userprofile% that don't roam with a user's profile. For example, ```/ROAMINGFILEEXCLUSIONS='desktop;my pictures'``` | |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-RoamingRegistryExclusions**
String | Specifies the registry paths that don't roam with a user profile. For example, ```/ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients``` | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-IntegrationRootUser**
String | Specifies the location to create symbolic links associated with the current version of a per-user published package. All virtual application extensions, such as shortcuts and file type associations, will point to this path. If you don't specify a path, symbolic links won't be used when you publish the package. For example, ```%localappdata%\\Microsoft\\AppV\\Client\\Integration```. | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-IntegrationRootGlobal**
String | Specifies the location to create symbolic links associated with the current version of a globally published package. All virtual application extensions, such as shortcuts and file type associations, will point to this path. If you don't specify a path, symbolic links won't be used when you publish the package. For example, ```%allusersprofile%\\Microsoft\\AppV\\Client\\Integration```. | Policy value not written (same as Not Configured) |
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-VirtualizableExtensions**
String | A comma-delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment. When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application associated with the extension point is locally installed. If the extension is located, the **RunVirtual** command-line parameter will be added, and the application will run virtually. For more information about the **RunVirtual** parameter, see [Running a locally installed application inside a virtual environment with virtualized applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md). | Policy value not written |
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReportingEnabled**
True (enabled); False (Disabled state) | Returns information to a reporting server. | False |
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReportingServerURL**
String | Specifies the location on the reporting server where client information is saved. | Policy value not written (same as Not Configured) |
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReportingDataCacheLimit**
Integer \[0–1024\] | Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024. | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReportingDataBlockSize**
Integer \[1024 - Unlimited\] | Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited. | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReportingDataBlockSize**
Integer \[1024 - Unlimited\] | Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This limit can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited. | Policy value not written (same as Not Configured) |
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReportingStartTime**
Integer (0–23) | Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0–23 corresponding to the hour of the day. By default the **ReportingStartTime** will start on the current day at 10 P.M.or 22.
**Note** You should configure this setting to a time when computers running the App-V client are least likely to be offline. | Policy value not written (same as Not Configured) |
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReportingInterval**
Integer | Specifies the retry interval that the client will use to resend data to the reporting server. | Policy value not written (same as Not Configured) |
-| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReportingRandomDelay**
Integer \[0 - ReportingRandomDelay\] | Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and **ReportingRandomDelay** and will wait the specified duration before sending data. This can help to prevent collisions on the server. | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-ReportingRandomDelay**
Integer \[0 - ReportingRandomDelay\] | Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and **ReportingRandomDelay** and will wait the specified duration before sending data. This method can help to prevent collisions on the server. | Policy value not written (same as Not Configured) |
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
-EnableDynamicVirtualization
1 (Enabled), 0 (Disabled) | Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications. | |
| Set-AppvClientConfiguration,
Set-AppvPublishingServer
**-EnablePublishingRefreshUI**
1 (Enabled), 0 (Disabled) | Enables the publishing refresh progress bar for the computer running the App-V Client. | |
| Sync-AppvPublishingServer
**-HidePublishingRefreshUI**
1 (Enabled), 0 (Disabled) | Hides the publishing refresh progress bar. | |
diff --git a/windows/application-management/app-v/appv-connection-group-virtual-environment.md b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
index 7abccf3fec..1329a1cb1a 100644
--- a/windows/application-management/app-v/appv-connection-group-virtual-environment.md
+++ b/windows/application-management/app-v/appv-connection-group-virtual-environment.md
@@ -18,9 +18,9 @@ ms.topic: article
## How package priority is determined
-The virtual environment and its current state are associated with the connection group, not with the individual packages. If you remove an App-V package from the connection group, the state that existed as part of the connection group will not migrate with the package.
+The virtual environment and its current state are associated with the connection group, not with the individual packages. If you remove an App-V package from the connection group, the state that existed as part of the connection group won't migrate with the package.
-If the same package is a part of two different connection groups, you have to indicate which connection group App-V should use. For example, you might have two packages in a connection group that each define the same registry DWORD value.
+If the same package is a part of two different connection groups, you have to indicate which connection group App-V should use. For example, you might have two packages in a connection group wherein each defines the same registry DWORD value.
The connection group that is used is based on the order in which a package appears inside the **AppConnectionGroup** XML document:
@@ -48,12 +48,12 @@ Consider the following example section:
Assume that same DWORD value ABC (HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region) is defined in the first and third package.
-For this example, the DWORD value definition would be the following:
+For this example, the DWORD value definition would be as shown below:
- Package 1 (A8731008-4523-4713-83A4-CD1363907160): HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region=5
- Package 3 (04220DCA-EE77-42BE-A9F5-96FD8E8593F2): HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region=10
-Since Package 1 appears first, the AppConnectionGroup's virtual environment will have the single DWORD value of 5 (HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region=5). This means that the virtual applications in Package 1, Package 2, and Package 3 will all see the value 5 when they query for HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region.
+Since Package 1 appears first, the AppConnectionGroup's virtual environment will have the single DWORD value of 5 (HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region=5). This result means that the virtual applications in Package 1, Package 2, and Package 3 will all see the value 5 when they query for HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region.
Other virtual environment resources are resolved in a similar way, but usually collisions occur in the registry.
@@ -72,7 +72,7 @@ The following example shows the order and relationship of a file name lookup in
|C:\Windows\System32|C:\Windows\System32|
|C:\AppTest|C:\AppTest|
-When a virtualized application tries to find a specific file, App-V will first for a matching file path in Package A. If it doesn't find a matching path in Package A, it will then search Package B using the following mapping rules:
+When a virtualized application tries to find a specific file, App-V will search for a matching file path in Package A. If it doesn't find a matching path in Package A, it will then search Package B using the following mapping rules:
- If a file named **test.txt** exists in the same virtual folder hierarchy in both application packages, App-V will use the first matching file.
- If a file named **bar.txt** exists in the virtual folder hierarchy of one application package, but not in the other, App-V will use the first matching file.
diff --git a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
index 07b82ff103..9f0ed57692 100644
--- a/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
+++ b/windows/application-management/app-v/appv-convert-a-package-created-in-a-previous-version-of-appv.md
@@ -38,7 +38,7 @@ The App-V package converter will save the App-V 4.6 installation root folder and
2. You can enter the following cmdlets to check or convert packages:
- - **Test-AppvLegacyPackage**—This cmdlet checks packages. It will return information about any failures with the package such as missing **.sft** files, an invalid source, **.osd** file errors, or invalid package version. This cmdlet will not parse the **.sft** file or do any in-depth validation. For information about options and basic functionality for this cmdlet, using Windows PowerShell, enter the following cmdlet:
+ - **Test-AppvLegacyPackage**—This cmdlet checks packages. It will return information about any failures with the package such as missing **.sft** files, an invalid source, **.osd** file errors, or invalid package version. This cmdlet won't parse the **.sft** file or do any in-depth validation. For information about options and basic functionality for this cmdlet, using Windows PowerShell, enter the following cmdlet:
```PowerShell
Test-AppvLegacyPackage -?
@@ -50,9 +50,9 @@ The App-V package converter will save the App-V 4.6 installation root folder and
ConvertFrom-AppvLegacyPackage C:\contentStore C:\convertedPackages
```
- In this cmdlet, `C:\contentStore` represents the location of the existing package and `C:\convertedPackages` is the output directory to which the resulting App-V for Windows client virtual application package file will be saved. By default, if you do not specify a new name, the old package name will be used.
+ In this cmdlet, `C:\contentStore` represents the location of the existing package and `C:\convertedPackages` is the output directory to which the resulting App-V for Windows client virtual application package file will be saved. By default, if you don't specify a new name, the old package name will be used.
- Additionally, the package converter optimizes performance of packages in App-V for Windows client by setting the package to stream fault the App-V package. This is more performant than the primary feature block and fully downloading the package. The flag **DownloadFullPackageOnFirstLaunch** allows you to convert the package and set the package to be fully downloaded by default.
+ Additionally, the package converter optimizes performance of packages in App-V for Windows client by setting the package to stream fault the App-V package. This definition of setting is more performant than the primary feature block and fully downloading the package. The flag **DownloadFullPackageOnFirstLaunch** allows you to convert the package and set the package to be fully downloaded by default.
> [!NOTE]
> Before you specify the output directory, you must create the output directory.
@@ -71,9 +71,9 @@ The App-V package converter will save the App-V 4.6 installation root folder and
dir .\ | Test-AppvLegacyPackage | ConvertFrom-AppvLegacyAppvPackage -Target .\ConvertedPackages
```
- This piped example command tests packages, then passes the objects on for conversion. You can also apply a filter on packages without errors or only specify a directory which contains an **.sprj** file or pipe them to another cmdlet that adds the filtered package to the server or publishes them to the App-V client.
+ This piped example command tests packages, then passes the objects on for conversion. You can also apply a filter on packages without errors or only specify a directory that contains an **.sprj** file or pipe them to another cmdlet that adds the filtered package to the server or publishes them to the App-V client.
-- Batching—The Windows PowerShell command enables batching. More specifically, the cmdlets support taking a string\[\] object for the *-Source* parameter that represents a list of directory paths. This allows you to enter the following cmdlets together:
+- Batching—The Windows PowerShell command enables batching. More specifically, the cmdlets support taking a string\[\] object for the *-Source* parameter that represents a list of directory paths. This feature allows you to enter the following cmdlets together:
```PowerShell
$packages = dir C:\contentStore
diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
index 74d2dbc8fb..4a69807fe8 100644
--- a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
+++ b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md
@@ -22,17 +22,17 @@ App-V Package Accelerators automatically sequence large, complex applications. A
1. Install the App-V sequencer. For more information about installing the sequencer, see [How to install the sequencer](appv-install-the-sequencer.md).
2. To open a Windows PowerShell console, select **Start** and enter **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**.
-3. Make sure that you have the .appv package to create an accelerator from the installation media or installation files. You can also optionally use a readme file for the accelerator's users to reference.
+3. Ensure there's the App-V package to create an accelerator from the installation media or installation files. You can also optionally use a readme file for the accelerator's users to reference.
4. Enter the **New-AppvPackageAccelerator** cmdlet.
The following parameters are required to use the package accelerator cmdlet:
- *InstalledFilesPath* specifies the application installation path.
- *Installer* specifies the path to the application installer media.
- - *InputPackagePath* specifies the path to the .appv package.
+ - *InputPackagePath* specifies the path to the App-V package.
- *Path* specifies the output directory for the package.
- The following example cmdlet shows how you can create a package accelerator with an .appv package and the installation media:
+ The following example cmdlet shows how you can create a package accelerator with the App-V package and the installation media:
```PowerShell
New-AppvPackageAccelerator -InputPackagePath
Specifies the products and languages to include in the package.|N/A|
-|OfficeClientEdition (attribute of Add element):
Specifies the edition of Office 2013 product to use: 32-bit or 64-bit. The operation fails if **OfficeClientEdition** is not set to a valid value.|```OfficeClientEdition="32"```
```OfficeClientEdition="64"```|
+|OfficeClientEdition (attribute of Add element):
Specifies the edition of Office 2013 product to use: 32-bit or 64-bit. The operation fails if **OfficeClientEdition** isn't set to a valid value.|```OfficeClientEdition="32"```
```OfficeClientEdition="64"```|
|Product element:
Specifies the application. Project 2013 and Visio 2013 must be specified here as an added product to be included in the applications.|```Product ID="O365ProPlusRetail"```
```Product ID="VisioProRetail"```
```Product ID="ProjectProRetail"```
```Product ID="ProPlusVolume"```
```Product ID="ProjectProVolume"```|
|Language element:
Specifies the language supported in the applications.|```Language ID="en-us"```|
|Version (attribute of Add element):
Optional. Specifies a build to use for the package. Defaults to latest advertised build (as defined in v32.CAB at the Office source).|```15.1.2.3```|
@@ -220,11 +220,11 @@ After you download the Office 2013 applications through the Office Deployment To
|Element|Description|
|---|---|
- |```\\server\Office2013```|This is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, which in this example is named **Customconfig.xml**.|
- |```setup.exe```|This is the Office Deployment Tool.|
- |```/packager```|This creates the Office 2013 App-V package with Volume Licensing as specified in the **Customconfig.xml** file.|
- |```\\server\Office2013\Customconfig.xml```|This passes the configuration XML file, which in this example is named "Customconfig," that has been prepared for the packaging stage.|
- |```\\server\share\Office2013AppV```|This specifies the location of the newly created Office App-V package.|
+ |```\\server\Office2013```|This network share location is the one that contains the Office Deployment Tool and the custom Configuration.xml file, which in this example is named **Customconfig.xml**.|
+ |```setup.exe```|This element is the Office Deployment Tool.|
+ |```/packager```|This element creates the Office 2013 App-V package with Volume Licensing as specified in the **Customconfig.xml** file.|
+ |```\\server\Office2013\Customconfig.xml```|This element passes the configuration XML file, which in this example is named "Customconfig," that has been prepared for the packaging stage.|
+ |```\\server\share\Office2013AppV```|This element specifies the location of the newly created Office App-V package.|
After you run the **/packager** command, the following folders will appear in the directory where you specified the package should be saved:
@@ -303,7 +303,7 @@ Use the steps in this section to enable Office plug-ins with your Office package
### Disabling Office 2013 applications
-You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2013 App-V package has been published, you will save the changes, add the Office 2013 App-V package, then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications.
+You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You don't have to re-sequence the application. When you change the Deployment Configuration File after the Office 2013 App-V package has been published, you'll save the changes, add the Office 2013 App-V package, then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications.
>[!NOTE]
>To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting. For more information, see [Reference for Click-to-Run configuration.xml file](/DeployOffice/configuration-options-for-the-office-2016-deployment-tool#excludeapp-element).
@@ -371,7 +371,7 @@ You may want to disable shortcuts for certain Office applications instead of unp
3. Save the Deployment Configuration File.
4. Republish Office 2013 App-V Package with new Deployment Configuration File.
-Many additional settings can be changed through modifying the Deployment Configuration for App-V packages, for example, file type associations, Virtual File System, and more. For additional information on how to use Deployment Configuration Files to change App-V package settings, refer to the additional resources section at the end of this document.
+Many more settings can be changed through modifying the Deployment Configuration for App-V packages, for example, file type associations, Virtual File System, and more. For additional information on how to use Deployment Configuration Files to change App-V package settings, refer to the additional resources section at the end of this document.
### Managing Office 2013 package upgrades
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
index b8a5d91571..f00ec718f9 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
@@ -55,11 +55,11 @@ The following table describes the recommended methods for excluding specific Off
Complete the following steps to create an Office 2016 package for App-V.
>[!IMPORTANT]
->In App-V 5.0 and later, you must use the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
+>In App-V 5.0 and later, you must use the Office Deployment Tool to create a package. You can't use the Sequencer to create packages.
### Review prerequisites for using the Office Deployment Tool
-The computer on which you are installing the Office Deployment Tool must have the following:
+The computer on which you're installing the Office Deployment Tool must have the following:
| Prerequisite | Description |
|----------------------|--------------------|
@@ -77,7 +77,7 @@ Create Office 2016 App-V packages on 64-bit Windows computers. Once created, the
### Download the Office Deployment Tool
-Office 2016 App-V packages are created using the Office Deployment Tool, which generates an Office 2016 App-V Package. The package cannot be created or modified through the App-V sequencer. To begin package creation, follow these steps:
+Office 2016 App-V packages are created using the Office Deployment Tool, which generates an Office 2016 App-V Package. The package can't be created or modified through the App-V sequencer. To begin package creation, follow these steps:
1. Download the [Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117).
@@ -114,7 +114,7 @@ The XML file included in the Office Deployment Tool specifies the product detail
> [!NOTE]
>The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. To uncomment these lines, remove the `````` from the end of the line.
- The previous example of an XML configuration file specifies that Office 2016 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office2016 location where Office applications will be saved. Note that the Product ID of the applications will not affect Office's final licensing. You can create Office 2016 App-V packages with various licensing from the same applications by specifying licensing in a later stage. The following table summarizes the XML file's customizable attributes and elements:
+ The previous example of an XML configuration file specifies that Office 2016 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office2016 location where Office applications will be saved. The Product ID of the applications won't affect Office's final licensing. You can create Office 2016 App-V packages with various licensing from the same applications by specifying licensing in a later stage. The following table summarizes the XML file's customizable attributes and elements:
| Input | Description | Example |
|--------------|----------------------------|----------------|
@@ -127,7 +127,7 @@ The XML file included in the Office Deployment Tool specifies the product detail
| Channel (part of **Add** element) | Optional. Defines which channel will be used to update Office after installation.
The default is **Deferred** for Microsoft 365 Apps for enterprise and **Current** for Visio Pro for Office 365 and Project Desktop Client.
For more information about update channels, see [Overview of update channels for Microsoft 365 Apps for enterprise](/DeployOffice/overview-of-update-channels-for-office-365-proplus). | `Channel="Current"`
`Channel="Deferred"`
`Channel="FirstReleaseDeferred"`
`Channel="FirstReleaseCurrent"` |
After editing the **configuration.xml** file to specify the desired product, languages, and the location where the Office 2016 applications will be saved to, you can save the configuration file under a name of your choice, such as "Customconfig.xml."
-2. **Download the applications into the specified location:** Use an elevated command prompt and a 64-bit operating system to download the Office 2016 applications that will later be converted into an App-V package. The following is an example command:
+2. **Download the applications into the specified location:** Use an elevated command prompt and a 64-bit operating system to download the Office 2016 applications that will later be converted into an App-V package. An example command is:
`\\server\Office2016\setup.exe /download \\server\Office2016\Customconfig.xml`
@@ -135,10 +135,10 @@ After editing the **configuration.xml** file to specify the desired product, lan
| Element | Description |
|-------------------------------|--------------------------------------|
- | ```\\server\Office2016``` | This is the network share location that contains the Office Deployment Tool and the custom **Configuration.xml** file, which in this example is **Customconfig.xml**. |
- | ``Setup.exe`` | This is the Office Deployment Tool. |
+ | ```\\server\Office2016``` | This network share location is the one that contains the Office Deployment Tool and the custom **Configuration.xml** file, which in this example is **Customconfig.xml**. |
+ | ``Setup.exe`` | This element is the Office Deployment Tool. |
| ```/download``` | Downloads the Office 2016 applications that you specify in the **Customconfig.xml** file. |
- | ```\\server\Office2016\Customconfig.xml```| This passes the XML configuration file required to complete the download process. In this example, the file used is **Customconfig.xml**. After using the download command, Office applications should be found in the location specified in the configuration file, which in this example is ```\\Server\Office2016```. |
+ | ```\\server\Office2016\Customconfig.xml```| This element passes the XML configuration file required to complete the download process. In this example, the file used is **Customconfig.xml**. After the download command is used, Office applications should be found in the location specified in the configuration file, which in this example is ```\\Server\Office2016```. |
### Convert the Office applications into an App-V package
@@ -194,7 +194,7 @@ After you download the Office 2016 applications through the Office Deployment To
>Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
2. Use the /packager command to convert the Office applications to an Office 2016 App-V package.
- The following is an example packager command:
+ An example packager command is:
```syntax
\\server\Office2016\setup.exe /packager \\server\Office2016\Customconfig.xml \\server\share\Office2016AppV
@@ -204,11 +204,11 @@ After you download the Office 2016 applications through the Office Deployment To
| Element | Description |
|-------------------------------|--------------------------------------|
- |```\\server\Office2016```|This is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, which in this example is Customconfig.xml.|
- |```Setup.exe```|This is the Office Deployment Tool.|
+ |```\\server\Office2016```|This network share location is the one that contains the Office Deployment Tool and the custom Configuration.xml file, which in this example is Customconfig.xml.|
+ |```Setup.exe```|This element is the Office Deployment Tool.|
|```/packager```|This command creates the Office 2016 App-V package with the license type specified in the Customconfig.xml file.|
- |```\\server\Office2016\Customconfig.xml```|This passes the configuration XML file that has been prepared for the packaging stage. In this example, the file is Customconfig.xml.|
- |```\\server\share\Office2016AppV```|This specifies the location of the newly created Office App-V package.|
+ |```\\server\Office2016\Customconfig.xml```|This element passes the configuration XML file that has been prepared for the packaging stage. In this example, the file is Customconfig.xml.|
+ |```\\server\share\Office2016AppV```|This element specifies the location of the newly created Office App-V package.|
After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
@@ -249,7 +249,7 @@ Run the following command to publish an Office package globally:
Add-AppvClientPackage
If you are not deploying Office, you can create a package that contains Visio and/or Project, as long as you follow the packaging, publishing, and deployment requirements described in this topic. |
+| How do I package and publish Visio 2016 and Project 2016 with Office? | You must include Visio 2016 and Project 2016 in the same package with Office.
If you're not deploying Office, you can create a package that contains Visio and/or Project, as long as you follow the packaging, publishing, and deployment requirements described in this topic. |
| How can I deploy Visio 2016 and Project 2016 to specific users? | Use one of the following methods:
**To create two different packages and deploy each one to a different group of users**:
Create and deploy the following packages:
- A package that contains only Office—deploy to computers whose users need only Office.
- A package that contains Office, Visio, and Project—deploy to computers whose users need all three applications.
**To create only one package for the whole organization, or to create a package intended for users who share computers**:
1. Create a package that contains Office, Visio, and Project.
2. Deploy the package to all users.
3. Use [AppLocker](/windows/security/threat-protection/applocker/applocker-overview) to prevent specific users from using Visio and Project. |
## Related topics
diff --git a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
index f4a34b1bfc..0336c74412 100644
--- a/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
+++ b/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client.md
@@ -16,7 +16,7 @@ ms.topic: article
[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
-The App-V Sequencer and client let administrators to virtualize and run virtual applications.
+The App-V Sequencer and client let administrators virtualize and run virtual applications.
## Enable the client
@@ -35,12 +35,12 @@ The App-V client stores its configuration in the registry. Understanding the for
You can use Group Policy to configure the client settings for the App-V client and the Remote Desktop Services client.
-To manage the ADMX template, perform the following steps on the computer that you will use to manage Group Policy. This is typically the Domain Controller.
+To manage the ADMX template, perform the following steps on the computer that you'll use to manage Group Policy. This computer is typically the Domain Controller.
1. Save the **.admx** file to the following directory: ```Windows\PolicyDefinitions```
2. Save the **.adml** file to the following directory: ```Windows\PolicyDefinitions\
If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package that can be downloaded from the following locations:
If you have a Microsoft Developer Network (MSDN) subscription, use the [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/subscriptions/downloads/default.aspx#FileId=65215) to download the MDOP ISO package.
If you're using [Windows client for Enterprise or Education](https://www.microsoft.com/WindowsForBusiness/windows-product-home), download it from the [Volume Licensing Service Center](https://www.microsoft.com/licensing/default.aspx).
See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components.|
+| App-V server components | App-V offers five server components that work together to allow you to host and publish virtual applications, generate usage reports, and manage your App-V environment. For more information, see [Deploying the App-V Server](appv-deploying-the-appv-server.md).
If you're already using App-V 5.x, you don't need to redeploy the App-V server components, as they haven't changed since App-V 5.0's release. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package that can be downloaded from the following locations:
If you have a Microsoft Developer Network (MSDN) subscription, use the [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/subscriptions/downloads/default.aspx#FileId=65215) to download the MDOP ISO package.
If you're using [Windows client for Enterprise or Education](https://www.microsoft.com/WindowsForBusiness/windows-product-home), download it from the [Volume Licensing Service Center](https://www.microsoft.com/licensing/default.aspx).
For more information about installing and using the server components, see [Deploying the App-V Server](appv-deploying-the-appv-server.md).|
| App-V client and App-V Remote Desktop Services (RDS) client | The App-V client is the component that runs virtualized applications on user devices, allowing users to interact with icons and file names to start virtualized applications. | Starting with Windows 10 version 1607, the App-V client is automatically installed.
To learn how to enable the client, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md). |
| App-V sequencer | Use the App-V sequencer to convert Win32 applications into virtual packages for deployment to user devices. Devices must run the App-V client to allow users to interact with virtual applications. | Installed with the [Windows Assessment and Deployment kit (ADK) for Windows client](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). |
@@ -48,7 +48,7 @@ If you're new to App-V, it's a good idea to read the documentation thoroughly. B
## Getting started with App-V
-[What's new in App-V](appv-about-appv.md) provides a high-level overview of App-V and how it can be used in your organization.
+[What's new in App-V](appv-about-appv.md) provides a high-level overview of App-V and how it can be used in your organization?
[Evaluating App-V](appv-evaluating-appv.md) provides information about how you can best evaluate App-V for use in your organization.
diff --git a/windows/application-management/app-v/appv-high-level-architecture.md b/windows/application-management/app-v/appv-high-level-architecture.md
index 2871a6ae7b..e9865ae8bb 100644
--- a/windows/application-management/app-v/appv-high-level-architecture.md
+++ b/windows/application-management/app-v/appv-high-level-architecture.md
@@ -24,9 +24,9 @@ A typical App-V implementation consists of the following elements.
|Element|Description|
|---|---|
-|App-V Management server|The App-V Management server provides overall management functionality for the App-V infrastructure. Additionally, you can install more than one instance of the management server in your environment which provides the following benefits:
**Fault tolerance and high availability**—installing and configuring the App-V Management server on two separate computers can help in situations when one of the servers is unavailable or offline. You can also help increase App-V availability by installing the Management server on multiple computers. In this scenario, consider using a network load balancer to keep server requests balanced.
**Scalability**—you can add additional management servers as necessary to support a high load. For example, you can install multiple servers behind a load balancer.|
-|App-V Publishing Server|The App-V publishing server provides functionality for virtual application hosting and streaming. The publishing server does not require a database connection and supports HTTP and HTTPS protocols.
You can also help increase App-V availability by installing the Publishing server on multiple computers. You should also consider having a network load balancer to keep server requests balanced.|
-|App-V Reporting Server|The App-V Reporting server lets authorized users run and view existing App-V reports and ad hoc reports for managing App-V infrastructure. The Reporting server requires a connection to the App-V reporting database. You can also help increase App-V availability by installing the Reporting server on multiple computers. You should also consider having a network load balancer to keep server requests balanced.|
+|App-V Management server|The App-V Management server provides overall management functionality for the App-V infrastructure. Additionally, you can install more than one instance of the management server in your environment, which provides the following benefits:
**Fault tolerance and high availability**—installing and configuring the App-V Management server on two separate computers can help in situations when one of the servers is unavailable or offline. You can also help increase App-V availability by installing the Management server on multiple computers. In this scenario, consider using a network load balancer to keep server requests balanced.
**Scalability**—you can add more management servers as necessary to support a high load. For example, you can install multiple servers behind a load balancer.|
+|App-V Publishing Server|The App-V publishing server provides functionality for virtual application hosting and streaming. The publishing server doesn't require a database connection and supports HTTP and HTTPS protocols.
You can also help increase App-V availability by installing the Publishing server on multiple computers. You should also consider having a network load balancer to keep server requests balanced.|
+|App-V Reporting Server|The App-V Reporting server lets authorized users run and view existing App-V reports and unplanned reports for managing App-V infrastructure. The Reporting server requires a connection to the App-V reporting database. You can also help increase App-V availability by installing the Reporting server on multiple computers. You should also consider having a network load balancer to keep server requests balanced.|
|App-V Client|The App-V client enables packages created using App-V to run on target computers.|
>[!NOTE]
diff --git a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
index 71e2b8fe63..ad8668ac96 100644
--- a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
+++ b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
@@ -22,7 +22,7 @@ Use the following Windows PowerShell procedure to convert any number of Active D
Before attempting this procedure, you should read and understand the information and examples displayed in the following list:
-- **.INPUTS** – The account or accounts used to convert to SID format. This can be a single account name or an array of account names.
+- **.INPUTS** – The account or accounts used to convert to SID format. This item can be a single account name or an array of account names.
- **.OUTPUTS** - A list of account names with the corresponding SID in standard and hexadecimal formats.
@@ -129,7 +129,7 @@ Before attempting this procedure, you should read and understand the information
}
```
-3. Run the script you saved in step one of this procedure passing the accounts to convert as arguments.
+3. Run the script you saved in Step 1 of this procedure passing the accounts to convert as arguments.
For example,
diff --git a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
index 1a78d968d1..7a32f99f96 100644
--- a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
@@ -49,7 +49,7 @@ This topic explains the following procedures:
Enable-AppvClientConnectionGroup –name "Financial Applications"
- When any virtual applications that are in the member packages are run on the target computer, they will run inside the connection group’s virtual environment and will be available to all the virtual applications in the other packages in the connection group.
+ When any virtual applications that are in the member packages are run on the target computer, they'll run inside the connection group’s virtual environment and will be available to all the virtual applications in the other packages in the connection group.
## To enable or disable a connection group for a specific user
diff --git a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
index f0417294aa..45669bd33e 100644
--- a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
+++ b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
@@ -28,7 +28,7 @@ You can also use the `–OSDsToIncludeInPackage` parameter with the `ConvertFrom
|New in App-V for Windows client|Prior to App-V for Windows 10|
|--- |--- |
-|New .xml files are created corresponding to the .osd files associated with a package; these files include the following information:
You can now choose to add information from a subset of the .osd files in the source directory to the package using the -OSDsToIncludeInPackage parameter.|Registry information and scripts included in .osd files associated with a package were not included in package converter output.
The package converter would populate the new package with information from all of the .osd files in the source directory.|
+|New .xml files are created corresponding to the .osd files associated with a package; these files include the following information:
You can now choose to add information from a subset of the .osd files in the source directory to the package using the -OSDsToIncludeInPackage parameter.|Registry information and scripts included in .osd files associated with a package weren't included in package converter output.
The package converter would populate the new package with information from all of the .osd files in the source directory.|
### Example conversion statement
@@ -79,7 +79,7 @@ ConvertFrom-AppvLegacyPackage –SourcePath \\OldPkgStore\ContosoApp\
|These Source directory files…|…are converted to these Destination directory files…|…and will contain these items|Description|
|--- |--- |--- |--- |
|
In this example, there are three .xml files, corresponding with the three .osd files in the source directory. Each .xml file contains the environment variables, shortcuts, file type associations, registry information, and scripts in its corresponding .osd file.|
-|
In this example, environment variables, shortcuts, and file type associations included in X.osd and Y.osd were converted and placed in the App-V package, and some of this information was also included in the deployment configuration and user configuration files. X.osd and Y.osd were used because they were included as arguments to the -OSDsToIncludeInPackage parameter. No information from Z.osd was included in the package, because it was not included as one of these arguments.|
+|
In this example, environment variables, shortcuts, and file type associations included in X.osd and Y.osd were converted and placed in the App-V package, and some of this information was also included in the deployment configuration and user configuration files. X.osd and Y.osd were used because they were included as arguments to the -OSDsToIncludeInPackage parameter. No information from Z.osd was included in the package, because it wasn't included as one of these arguments.|
## Converting packages created using a prior version of App-V
@@ -96,23 +96,23 @@ After you convert an existing package you should test the package prior to deplo
|Issue|Workaround|
|--- |--- |
-|Virtual packages using DSC are not linked after conversion.|Link the packages using connection groups. See [Managing Connection Groups](appv-managing-connection-groups.md).|
+|Virtual packages using DSC aren't linked after conversion.|Link the packages using connection groups. See [Managing Connection Groups](appv-managing-connection-groups.md).|
|Environment variable conflicts are detected during conversion.|Resolve any conflicts in the associated **.osd** file.|
-|Hard-coded paths are detected during conversion.|Hard-coded paths are difficult to convert correctly. The package converter will detect and return packages with files that contain hard-coded paths. View the file with the hard-coded path, and determine whether the package requires the file. If so, it is recommended to re-sequence the package.|
+|Hard-coded paths are detected during conversion.|Hard-coded paths are difficult to convert correctly. The package converter will detect and return packages with files that contain hard-coded paths. View the file with the hard-coded path, and determine whether the package requires the file. If so, it's recommended to re-sequence the package.|
When converting a package check for failing files or shortcuts, locate the item in App-V 4.6 package. It could possibly be a hard-coded path. Convert the path.
**Note**
-It is recommended that you use the App-V sequencer for converting critical applications or applications that need to take advantage of features. See [How to Sequence a New Application with App-V](appv-sequence-a-new-application.md).
+It's recommended that you use the App-V sequencer for converting critical applications or applications that need to take advantage of features. See [How to Sequence a New Application with App-V](appv-sequence-a-new-application.md).
-If a converted package does not open after you convert it, it is also recommended that you re-sequence the application using the App-V sequencer.
+If a converted package doesn't open after you convert it, it's also recommended that you resequence the application using the App-V sequencer.
[How to Convert a Package Created in a Previous Version of App-V](appv-convert-a-package-created-in-a-previous-version-of-appv.md)
## Migrating the App-V Server Full Infrastructure
-There is no direct method to upgrade to a full App-V infrastructure. Use the information in the following section for information about upgrading the App-V server.
+There's no direct method to upgrade to a full App-V infrastructure. Use the information in the following section for information about upgrading the App-V server.
|Task|More Information|
|--- |--- |
diff --git a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
index 6f8fa8364b..86dd8a2e20 100644
--- a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
+++ b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
@@ -48,11 +48,11 @@ This topic explains how to:
5. On the **Prepare Computer** page, review the issues that could cause the application update to fail or cause the updated application to contain unnecessary data. Resolve all potential issues before you continue. After making any corrections and resolving all potential issues, click **Refresh** > **Next**.
**Important**
- If you are required to disable virus scanning software, first scan the computer that runs the sequencer to ensure that no unwanted or malicious files are added to the package.
+ If you're required to disable virus scanning software, first scan the computer that runs the sequencer to ensure that no unwanted or malicious files are added to the package.
-6. On the **Select Installer** page, click **Browse** and specify the update installation file for the application. If the update does not have an associated installer file, and if you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
+6. On the **Select Installer** page, click **Browse** and specify the update installation file for the application. If the update doesn't have an associated installer file, and if you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
-7. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the application update so the sequencer can monitor the installation process. If additional installation files must be run as part of the installation, click **Run**, and then locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**.
+7. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the application update so the sequencer can monitor the installation process. If additional installation files must be run as part of the installation, click **Run**, and then locate and run the additional installation files. When you're finished with the installation, select **I am finished installing**. Click **Next**.
>**Note** The sequencer monitors all changes and installations that occur on the computer that runs the sequencer. This includes any changes and installations that are performed outside of the sequencing wizard.
@@ -62,7 +62,7 @@ This topic explains how to:
>**Note** You can stop an application from loading during this step. In the **Application Launch** dialog box, click **Stop**, and then select either **Stop all applications** or **Stop this application only**.
-10. On the **Create Package** page, to modify the package without saving it, select the check box for **Continue to modify package without saving using the package editor**. When you select this option, the package opens in the App-V Sequencer console, where you can modify the package before it is saved. Click **Next**.
+10. On the **Create Package** page, to modify the package without saving it, select the check box for **Continue to modify package without saving using the package editor**. When you select this option, the package opens in the App-V Sequencer console, where you can modify the package before it's saved. Click **Next**.
To save the package immediately, select the default **Save the package now**. Add optional **Comments** to associate with the package. Comments are useful to identify the application version and provide other information about the package. The default **Save Location** is also displayed. To change the default location, click **Browse** and specify the new location. Click **Create**.
@@ -97,7 +97,7 @@ This topic explains how to:
- Edit registry settings.
- - Review additional package settings (except operating system file properties).
+ - Review the extra package settings (except operating system file properties).
- Set virtualized registry key state (override or merge).
@@ -117,15 +117,15 @@ This topic explains how to:
3. On the **Select Task** page, click **Add New Application** > **Next**.
-4. On the **Select Package** page, click **Browse** to locate the virtual application package to which you will add the application, and then click **Next**.
+4. On the **Select Package** page, click **Browse** to locate the virtual application package to which you'll add the application, and then click **Next**.
5. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or cause the revised package to contain unnecessary data. Resolve all potential issues before you continue. After making any corrections and resolving all potential issues, click **Refresh** > **Next**.
- >**Important** If you are required to disable virus scanning software, first scan the computer that runs the sequencer to ensure that no unwanted or malicious files can be added to the package.
+ >**Important** If you're required to disable virus scanning software, first scan the computer that runs the sequencer to ensure that no unwanted or malicious files can be added to the package.
-6. On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
+6. On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application doesn't have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
-7. On the **Installation** page, when the sequencer and application installer are ready, install the application so that the sequencer can monitor the installation process. If additional installation files must be run as part of the installation, click **Run**, and locate and run the additional installation files. When you finish the installation, select **I am finished installing** > **Next**. In the **Browse for Folder** dialog box, specify the primary directory where the application will be installed. Ensure that this is a new location so that you don’t overwrite the existing version of the virtual application package.
+7. On the **Installation** page, when the sequencer and application installer are ready, install the application so that the sequencer can monitor the installation process. If more installation files must be run as part of the installation, click **Run**, and locate and run those installation files. When you finish the installation, select **I am finished installing** > **Next**. In the **Browse for Folder** dialog box, specify the primary directory where the application will be installed. Ensure that this directory is a new location so that you don’t overwrite the existing version of the virtual application package.
>**Note** The sequencer monitors all changes and installations that occur on the computer that runs the sequencer. This includes any changes and installations that are performed outside of the sequencing wizard.
@@ -133,9 +133,9 @@ This topic explains how to:
9. On the **Installation Report** page, you can review information about the updated virtual application. In **Additional Information**, double-click the event to obtain more detailed information, and then click **Next** to open the **Customize** page.
-10. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 13 of this procedure. If you want to perform the following described customization, click **Customize**.
+10. If you're finished installing and configuring the virtual application, select **Stop now** and skip to step 13 of this procedure. If you want to perform the following described customization, click **Customize**.
- If you are customizing, prepare the virtual package for streaming, and then click **Next**. Streaming improves the experience when the virtual application package is run on target computers.
+ If you're customizing, prepare the virtual package for streaming, and then click **Next**. Streaming improves the experience when the virtual application package is run on target computers.
11. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**.
diff --git a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
index cf90a40aa9..011db77850 100644
--- a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
+++ b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
@@ -25,9 +25,9 @@ Use the following information to create a new management server console in your
Follow these steps to create a new management server console:
-1. Install the management server on a computer in your environment. For more information about installing the management server see [Deploying the App-V server](appv-deploying-the-appv-server.md).
+1. Install the management server on a computer in your environment. For more information about installing the management server, see [Deploying the App-V server](appv-deploying-the-appv-server.md).
-2. After you have completed the installation, use the following link to connect it to the App-V database - [How to install the Management Server on a Standalone Computer and Connect it to the Database](appv-install-the-management-server-on-a-standalone-computer.md).
+2. After you've completed the installation, use the following link to connect it to the App-V database - [How to install the Management Server on a Standalone Computer and Connect it to the Database](appv-install-the-management-server-on-a-standalone-computer.md).
diff --git a/windows/application-management/app-v/appv-operations.md b/windows/application-management/app-v/appv-operations.md
index 88041be96f..80ba2f4fbd 100644
--- a/windows/application-management/app-v/appv-operations.md
+++ b/windows/application-management/app-v/appv-operations.md
@@ -34,7 +34,7 @@ This section of the Microsoft Application Virtualization (App-V) Administrator
Describes how to deploy App-V packages by using an ESD.
- [Using the App-V Client Management Console](appv-using-the-client-management-console.md)
- Describes how perform client configuration tasks using the client management console.
+ Describes how to perform client configuration tasks using the client management console.
- [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)
Provides instructions for migrating to App-V from a previous version.
diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md
index 7aa779a219..ee185b6c84 100644
--- a/windows/application-management/app-v/appv-performance-guidance.md
+++ b/windows/application-management/app-v/appv-performance-guidance.md
@@ -44,15 +44,15 @@ To help determine what information is relevant to your environment, you should r
## App-V in stateful\* non-persistent deployments
-This section provides information about an approach that helps ensure a user will have access to all virtual applications within seconds after logging in. This is achieved by uniquely addressing the often long-running App-V publishing refresh. As you will discover the basis of the approach, the fastest publishing refresh, is one that doesn’t have to actually do anything. Many conditions must be met and steps followed to provide the optimal user experience.
+This section provides information about an approach that helps ensure a user will have access to all virtual applications within seconds after logging in. This access is achieved by uniquely addressing the often long-running App-V publishing refresh. As you'll discover the basis of the approach, the fastest publishing refresh, is one that doesn’t have to actually do anything. Many conditions must be met and steps followed to provide the optimal user experience.
Use the information in the following section for more information:
-[Usage Scenarios](#bkmk-us) - As you review the two scenarios, keep in mind that these are the approach extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users and/or virtual applications packages.
+[Usage Scenarios](#bkmk-us) - As you review the two scenarios, keep in mind that these scenarios are the approach extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users and/or virtual applications packages.
- Optimized for Performance – To provide the optimal experience, you can expect the base image to include some of the App-V virtual application package. This and other requirements are discussed.
-- Optimized for Storage – If you are concerned with the storage impact, following this scenario will help address those concerns.
+- Optimized for Storage – If you're concerned with the storage impact, following this scenario will help address those concerns.
[Preparing your Environment](#bkmk-pe)
@@ -62,9 +62,9 @@ Use the information in the following section for more information:
[User Experience Walk-through](#bkmk-uewt)
-- Walk-through – This is a step-by-step walk-through of the App-V and UE-V operations and the expectations users should have.
+- Walk-through – It's a step-by-step walk-through of the App-V and UE-V operations and the expectations users should have.
-- Outcome – This describes the expected results.
+- Outcome – It describes the expected results.
[Impact to Package Lifecycle](#bkmk-plc)
@@ -89,13 +89,13 @@ Use the information in the following section for more information:
### Usage Scenarios
-As you review the two scenarios, keep in mind that these approach the extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users, virtual application packages, or both.
+As you review the two scenarios, keep in mind that these scenarios represent the extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users, virtual application packages, or both.
- **Performance**: To provide the most optimal user experience, this approach uses the capabilities of a UPM solution and requires extra image preparation and can incur some more image management overhead.
- The following describes many performance improvements in stateful non-persistent deployments. For more information, see [Sequencing Steps to Optimize Packages for Publishing Performance](#sequencing-steps-to-optimize-packages-for-publishing-performance) (in this article).
+ The following section describes many performance improvements in stateful non-persistent deployments. For more information, see [Sequencing Steps to Optimize Packages for Publishing Performance](#sequencing-steps-to-optimize-packages-for-publishing-performance) (in this article).
-- **Storage**: The general expectations of the previous scenario still apply here. However, keep in mind that VM images are typically stored in costly arrays; a slight alteration has been made to the approach. Do not pre-configure user-targeted virtual application packages in the base image.
+- **Storage**: The general expectations of the previous scenario still apply here. However, keep in mind that VM images are typically stored in costly arrays; a slight alteration has been made to the approach. Don't pre-configure user-targeted virtual application packages in the base image.
The impact of this alteration is detailed in the [User Experience Walk-through](#bkmk-uewt) (in this article).
@@ -137,14 +137,14 @@ The following information displays the required steps to prepare the base image
For critical App-V Client configurations and for a little more context and how-to, review the following configuration settings:
-- **Shared Content Store (SCS) Mode**: When running the shared content store only publishing data is maintained on hard disk; other virtual application assets are maintained in memory (RAM). This helps to conserve local storage and minimize disk I/O per second (IOPS).
+- **Shared Content Store (SCS) Mode**: When running the shared content store, only publishing data is maintained on hard disk; other virtual application assets are maintained in memory (RAM). Such a result helps to conserve local storage and minimize disk I/O per second (IOPS).
This setting is recommended when low-latency connections are available between the App-V Client endpoint and the SCS content server, SAN.
- Configurable in Windows PowerShell: `Set-AppvClientConfiguration -SharedContentStoreMode 1`
- Configurable with Group Policy: See [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).
-- **PreserveUserIntegrationsOnLogin**: If you have not pre-configured (**Add-AppvClientPackage**) a specific package and this setting is not configured, the App-V Client will de-integrate* the persisted user integrations, then reintegrate*.
+- **PreserveUserIntegrationsOnLogin**: If you have not pre-configured (**Add-AppvClientPackage**) a specific package and this setting isn't configured, the App-V Client will de-integrate* the persisted user integrations, then reintegrate*.
For every package that meets the above conditions, effectively twice the work will be done during publishing/refresh.
@@ -156,13 +156,13 @@ For critical App-V Client configurations and for a little more context and how-t
- **MaxConcurrentPublishingRefresh**: This setting determines the number of users that can perform a publishing refresh/sync at the same time. The default setting is no limit.
- Limiting the number of concurrent publishing refreshes prevents excessive CPU usage that could impact computer performance. This limit is recommended in an RDS environment, where multiple users can log in to the same computer at the same time and perform a publishing refresh sync.
+ Limiting the number of concurrent publishing refreshes prevents excessive CPU usage that could impact computer performance. This limit is recommended in an RDS environment, where multiple users can log in to the same computer at the same time and perform a publishing refresh sync.
- If the concurrent publishing refresh threshold is reached, the time required to publish new applications and make them available to end users after they log in could take an indeterminate amount of time.
+ If the concurrent publishing refresh threshold is reached, the time required to publish new applications and make them available to end users after they sign in could take an indeterminate amount of time.
- Configure in the Registry under `HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Publishing`.
- Create the DWORD value **MaxConcurrentPublishingrefresh** with the desired maximum number of concurrent publishing refreshes.
- - The App-V client service and computer do not need to be restarted.
+ - The App-V client service and computer don't need to be restarted.
### Configure UE-V solution for App-V Approach
@@ -177,9 +177,9 @@ For more information, see:
In essence all that is required is to enable the UE-V service and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](https://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information about UE-V templates, see [User Experience Virtualization (UE-V) for Windows client overview](/windows/configuration/ue-v/uev-for-windows).
> [!Note]
-> Without performing an additional configuration step, User Environment Virtualization (UE-V) will not be able to synchronize the Start menu shortcuts (.lnk files) on the target computer. The .lnk file type is excluded by default.
+> Without performing an additional configuration step, User Environment Virtualization (UE-V) won't be able to synchronize the Start menu shortcuts (.lnk files) on the target computer. The .lnk file type is excluded by default.
-UE-V will only support removing the .lnk file type from the exclusion list in the RDS and VDI scenarios, where every user’s device will have the same set of applications installed to the same location and every .lnk file is valid for all the users’ devices. For example, UE-V would not currently support the following two scenarios, because the net result will be that the shortcut will be valid on one but not all devices.
+UE-V will only support removing the .lnk file type from the exclusion list in the RDS and VDI scenarios, where every user’s device will have the same set of applications installed to the same location and every .lnk file is valid for all the users’ devices. For example, UE-V wouldn't currently support the following two scenarios, because the net result will be that the shortcut will be valid on one but not all devices.
- If a user has an application installed on one device with .lnk files enabled and the same native application installed on another device to a different installation root with .lnk files enabled.
@@ -196,11 +196,11 @@ The expectation in a stateful environment is that a UPM solution is implemented
The requirements for the UPM solution are as follows.
-To enable an optimized login experience, for example the App-V approach for the user, the solution must be capable of:
+To enable an optimized sign-in experience, for example the App-V approach for the user, the solution must be capable of:
- Persisting the below user integrations as part of the user profile/persona.
-- Triggering a user profile sync on login (or application start), which can guarantee that all user integrations are applied before publishing/refresh begin, or,
+- Triggering a user profile sync on sign in (or application start), which can guarantee that all user integrations are applied before publishing/refresh begin, or,
- Attaching and detaching a user profile disk (UPD) or similar technology that contains the user integrations.
@@ -208,13 +208,13 @@ To enable an optimized login experience, for example the App-V approach for the
>
> App-V is supported when using UPD only when the entire profile is stored on the user profile disk.
>
- > App-V packages are not supported when using UPD with selected folders stored in the user profile disk. The Copy on Write driver does not handle UPD selected folders.
+ > App-V packages are not supported when using UPD with selected folders stored in the user profile disk. The Copy on Write driver doesn't handle UPD selected folders.
-- Capturing changes to the locations, which constitute the user integrations, prior to session logoff.
+- Capturing changes to the locations, which constitute the user integrations, prior to session sign out.
-With App-V when you add a publishing server (**Add-AppvPublishingServer**) you can configure synchronization, for example refresh during log on and/or after a specified refresh interval. In both cases a scheduled task is created.
+With App-V when you add a publishing server (**Add-AppvPublishingServer**) you can configure synchronization, for example refresh during a sign in and/or after a specified refresh interval. In both cases, a scheduled task is created.
-In previous versions of App-V, both scheduled tasks were configured using a VBScript that would initiate the user and global refresh. Starting with Hotfix Package 4 for Application Virtualization 5.0 SP2 the user refresh on log on was initiated by **SyncAppvPublishingServer.exe**. This change was introduced to provide UPM solutions a trigger process. This process delays the publish /refresh to allow the UPM solution to apply the user integrations. It will exit once the publishing/refresh is complete.
+In previous versions of App-V, both scheduled tasks were configured using a VBScript that would initiate the user and global refresh. Starting with Hotfix Package 4 for Application Virtualization 5.0 SP2, the user refresh on a sign in was initiated by **SyncAppvPublishingServer.exe**. This change was introduced to provide UPM solutions a trigger process. This process delays the publish /refresh to allow the UPM solution to apply the user integrations. It will exit once the publishing/refresh is complete.
### User Integrations
@@ -248,37 +248,37 @@ Registry – HKEY\_CURRENT\_USER
### User Experience Walk-through
-This following is a step-by-step walk-through of the App-V and UPM operations and the expectations users should expect.
+This following process is a step-by-step walk-through of the App-V and UPM operations, and the users' expectations.
- **Performance**: After implementing this approach in the VDI/RDSH environment, on first login,
- (Operation) A user-publishing/refresh is initiated.
- (Expectation) If this is the first time a user has published virtual applications (e.g. non-persistent), this will take the usual duration of a publishing/refresh.
+ (Expectation) If it's the first time that a user has published virtual applications (for example, non-persistent), this operation will take the usual duration of a publishing/refresh.
- (Operation) After the publishing/refresh, the UPM solution captures the user integrations.
- (Expectation) Depending on how the UPM solution is configured, this may occur as part of the logoff process. This will incur the same/similar overhead as persisting the user state.
+ (Expectation) Depending on how the UPM solution is configured, this capture may occur as part of the sign-out process. This result will incur the same/similar overhead as persisting the user state.
**On subsequent logins**:
- (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh.
- (Expectation) There will be shortcuts present on the desktop, or in the start menu, which work immediately. When the publishing/refresh completes (i.e., package entitlements change), some may go away.
+ (Expectation) There will be shortcuts present on the desktop, or in the start menu, which work immediately. When the publishing/refresh completes (that is, package entitlements change), some may go away.
- - (Operation) Publishing/refresh will process un-publish and publish operations for changes in user package entitlements.
+ - (Operation) Publishing/refresh will process unpublish and publish operations for changes in user package entitlements.
(Expectation) If there are no entitlement changes, publishing will complete in seconds. Otherwise, the publishing/refresh will increase relative to the number and complexity of virtual applications
The publishing operation (**Publish-AppVClientPackage**) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps.
- - (Operation) UPM solution will capture user integrations again at logoff.
+ - (Operation) UPM solution will capture user integrations again at sign off.
(Expectation) Same as previous.
**Outcome**:
- - Because the user integrations are entirely preserved, there will be no work for example, integration for the publishing/refresh to complete. All virtual applications will be available within seconds of login.
- - The publishing/refresh will process changes to the users entitled virtual applications which impacts the experience.
+ - Because the user integrations are entirely preserved, there will be no work for example, integration for the publishing/refresh to complete. All virtual applications will be available within seconds of sign in.
+ - The publishing/refresh will process changes to the users-entitled virtual applications, which impacts the experience.
- **Storage**: After implementing this approach in the VDI/RDSH environment, on first login
@@ -286,12 +286,12 @@ This following is a step-by-step walk-through of the App-V and UPM operations an
(Expectation):
- - If this is the first time a user has published virtual applications (e.g., non-persistent), this will take the usual duration of a publishing/refresh.
+ - If this instance is the first time a user has published virtual applications (for example, non-persistent), this will take the usual duration of a publishing/refresh.
- First and subsequent logins will be impacted by pre-configuring of packages (add/refresh).
- (Operation) After the publishing/refresh, the UPM solution captures the user integrations.
- (Expectation) Depending on how the UPM solution is configured, this may occur as part of the logoff process. This will incur the same/similar overhead as persisting the user state.
+ (Expectation) Depending on how the UPM solution is configured, this capture may occur as part of the sign-off process. This result will incur the same/similar overhead as persisting the user state.
**On subsequent logins**:
@@ -299,24 +299,24 @@ This following is a step-by-step walk-through of the App-V and UPM operations an
- (Operation) Add/refresh must pre-configure all user targeted applications.
- (Expectation):
- - This may increase the time to application availability significantly (on the order of 10’s of seconds).
+ - This may increase the time to application availability significantly (on the order of 10s of seconds).
- This will increase the publishing refresh time relative to the number and complexity* of virtual applications.
- - (Operation) Publishing/refresh will process un-publish and publish operations for changes to user package entitlements.
+ - (Operation) Publishing/refresh will process unpublish and publish operations for changes to user package entitlements.
- **Outcome**: Because the add/refresh must re-configure all the virtual applications to the VM, the publishing refresh time on every login will be extended.
+ **Outcome**: Because the add/refresh must reconfigure all the virtual applications to the VM, the publishing refresh time on every login will be extended.
### Impact to Package Life Cycle
-Upgrading a package is a crucial aspect of the package lifecycle. To help guarantee users have access to the appropriate upgraded (published) or downgraded (un-published) virtual application packages, it is recommended you update the base image to reflect these changes. To understand why review the following section:
+Upgrading a package is a crucial aspect of the package lifecycle. To help guarantee users have access to the appropriate upgraded (published) or downgraded (unpublished) virtual application packages, it's recommended you update the base image to reflect these changes. To understand why review the following section:
App-V 5.0 SP2 introduced the concept of pending states. In the past,
-- If an administrator changed entitlements or created a new version of a package (upgraded) and during a publishing/refresh that package was in-use, the un-publish or publish operation, respectively, would fail.
+- If an administrator changed entitlements or created a new version of a package (upgraded) and during a publishing/refresh that package was in-use, the unpublish or publish operation, respectively, would fail.
-- Now, if a package is in-use the operation will be pended. The un-publish and publish-pend operations will be processed on service restart or if another publish or un-publish command is issued. In the latter case, if the virtual application is in-use otherwise, the virtual application will remain in a pending state. For globally published packages, a restart (or service restart) often needed.
+- Now, if a package is in use, the operation will be pended. The unpublish and publish-pend operations will be processed on service restart or if another publish or unpublish command is issued. In the latter case, if the virtual application is in-use otherwise, the virtual application will remain in a pending state. For globally published packages, a restart (or service restart) often needed.
-In a non-persistent environment, it is unlikely these pended operations will be processed. The pended operations, for example tasks are captured under **HKEY\_CURRENT\_USER** \\ **Software** \\ **Microsoft** \\ **AppV** \\ **Client** \\ **PendingTasks**. Although this location is persisted by the UPM solution, if it is not applied to the environment prior to log on, it will not be processed.
+In a non-persistent environment, it's unlikely these pended operations will be processed. The pended operations, for example tasks are captured under **HKEY\_CURRENT\_USER** \\ **Software** \\ **Microsoft** \\ **AppV** \\ **Client** \\ **PendingTasks**. Although this location is persisted by the UPM solution, if it isn't applied to the environment prior to a sign in, it will not be processed.
### Enhancing the VDI Experience through Performance Optimization Tuning
@@ -362,17 +362,17 @@ Several App-V features facilitate new scenarios or enable new customer deploymen
|Step|Consideration|Benefits|Tradeoffs|
|--- |--- |--- |--- |
-|No Feature Block 1 (FB1, also known as Primary FB)|No FB1 means the application will launch immediately and stream fault (application requires file, DLL and must pull down over the network) during launch. If there are network limitations, FB1 will:
Running of scripts during virtual application launch (StartVirtualEnvironment, StartProcess) and/or Add+Publish will impact the perceived performance during one or more of these lifecycle operations.|Use of Asynchronous (Non-Blocking) Scripts will ensure that the lifecycle operations complete efficiently.|This step requires working knowledge of all virtual application packages with embedded script collateral, which have associated dynamic configurations files and which reference and run scripts synchronously.|
-|Remove Extraneous Virtual Fonts from Package.|The majority of applications investigated by the App-V product team contained a small number of fonts, typically fewer than 20.|Virtual Fonts impact publishing refresh performance.|Desired fonts will need to be enabled/installed natively. For instructions, see Install or uninstall fonts.|
+|Account for Synchronous Script Execution during Package Lifecycle.|If script collateral is embedded in the package, Add cmdlets may be slower.
Running of scripts during virtual application launch (StartVirtualEnvironment, StartProcess) and/or Add+Publish will impact the perceived performance during one or more of these lifecycle operations.|Use of Asynchronous (Non-Blocking) Scripts will ensure that the lifecycle operations complete efficiently.|This step requires working knowledge of all virtual application packages with embedded script collateral, which have associated dynamic configurations files and which reference and run scripts synchronously.|
+|Remove Extraneous Virtual Fonts from Package.|Most applications investigated by the App-V product team contained a few fonts, typically fewer than 20.|Virtual Fonts impact publishing refresh performance.|Desired fonts will need to be enabled/installed natively. For instructions, see Install or uninstall fonts.|
### Determining what virtual fonts exist in the package
@@ -446,7 +446,7 @@ For documentation on How to Apply a Dynamic Configuration, see:
- Rename Package\_copy.appv to Package\_copy.zip
-- Open AppxManifest.xml and locate the following:
+- Open AppxManifest.xml and locate the following syntax:
```xml
- LocalAppData contains a local cache of the user’s roaming AppData folder for the package in use. The local cache is located under ```%LocalAppData%\Microsoft\AppV\Client\VFS\PackageGUID\AppData```
- The latest data from the user’s roaming AppData folder is copied to and replaces the data currently in the local cache.
- While the virtual environment is running, data continues to be saved to the local cache. Data is served only out of %LocalAppData% and is not moved or synchronized with %AppData% until the end user shuts down the computer.
- Entries to the AppData folder are made using the user context, not the system context.|
+|When the virtual environment starts.|The virtual file system (VFS) AppData folder is mapped to the local AppData folder (%LocalAppData%) instead of to the user’s roaming AppData folder (%AppData%).
- LocalAppData contains a local cache of the user’s roaming AppData folder for the package in use. The local cache is located under ```%LocalAppData%\Microsoft\AppV\Client\VFS\PackageGUID\AppData```
- The latest data from the user’s roaming AppData folder is copied to and replaces the data currently in the local cache.
- While the virtual environment is running, data continues to be saved to the local cache. Data is served only out of %LocalAppData% and isn't moved or synchronized with %AppData% until the end user shuts down the computer.
- Entries to the AppData folder are made using the user context, not the system context.|
|When the virtual environment shuts down.|The local cached data in AppData (roaming) is zipped up and copied to the “real” roaming AppData folder in %AppData%. A time stamp that indicates the last known upload is simultaneously saved as a registry key under ```HKCU\Software\Microsoft\AppV\Client\Packages\
If you enable the App-V client to send report information without using the App-V Reporting server, the reporting data will be stored in associated .xml files. |
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv.md b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
index cb78bbb208..e25bc08e0a 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
@@ -20,7 +20,7 @@ There are several different deployment configurations and requirements to consid
## App-V supported configurations
-[App-V supported configurations](appv-supported-configurations.md) describes the minimum hardware and operating system requirements for each App-V components. For information about software that you must install before you install App-V, see [App-V Prerequisites](appv-prerequisites.md).
+[App-V supported configurations](appv-supported-configurations.md) describes the minimum hardware and operating system requirements for each App-V component. For information about software that you must install before you install App-V, see [App-V Prerequisites](appv-prerequisites.md).
## App-V capacity planning
diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
index 130251c08a..5d42b2690d 100644
--- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
+++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
@@ -20,7 +20,7 @@ ms.author: aaroncz
The following are known issues and workarounds for Application Virtualization (App-V) running on Windows 10, version 1607.
## Windows Installer packages (.msi files) generated by the App-V sequencer (version 5.1 and earlier) fail to install on computers with the in-box App-V client
-MSI packages that were generated using an App-V sequencer from previous versions of App-V (App-V versions 5.1 and earlier) include a check to validate that the App-V client is installed on client devices before allowing the MSI package to install. Now that the App-V client is installed automatically when you upgrade user devices to Windows 10, version 1607, the pre-requisite check fails and causes the MSI to fail.
+There are MSI packages generated by an App-V sequencer from previous versions of App-V (Versions 5.1 and earlier). These packages include a check to validate whether the App-V client is installed on client devices, before allowing the MSI package to be installed. As the App-V client gets installed automatically when you upgrade user devices to Windows 10, version 1607, the pre-requisite check fails and causes the MSI to fail.
**Workaround**:
@@ -44,21 +44,22 @@ MSI packages that were generated using an App-V sequencer from previous versions
`Update-AppvPackageMsi -MsiPackage "
The previous example will send the reporting data to the ```\\MyShare\MyData\``` location indicated by the **-URL** parameter. After the data has been sent, the cache is cleared.|
+|f you have an existing App-V reporting server, create a customized scheduled task or script. Specify that the client sends the data to the specified location at the desired frequency.|If you don't have an existing App-V reporting Server, use the **–URL** parameter to send the data to a specified share. For example: ```Send-AppVClientReport –URL \\Myshare\MyData\ -DeleteOnSuccess```
The previous example will send the reporting data to the ```\\MyShare\MyData\``` location indicated by the **-URL** parameter. After the data has been sent, the cache is cleared.|
>[!NOTE]
>If a location other than the Reporting Server is specified, the data is sent in **.xml** format with no additional processing.
### Creating reports
-To retrieve report information and create reports using App-V you must use one of the following methods:
+To retrieve report information and create reports using App-V, you must use one of the following methods:
-* Microsoft SQL Server Reporting Services (SSRS)—Microsoft SSRS is available with Microsoft SQL Server. SSRS is not installed when you install the App-V reporting server. It must be deployed separately to generate the associated reports. For more information, see the [What is SQL Server Reporting Services (SSRS)?](/sql/reporting-services/create-deploy-and-manage-mobile-and-paginated-reports) article.
+* Microsoft SQL Server Reporting Services (SSRS)—Microsoft SSRS is available with Microsoft SQL Server. SSRS isn't installed when you install the App-V reporting server. It must be deployed separately to generate the associated reports. For more information, see the [What is SQL Server Reporting Services (SSRS)?](/sql/reporting-services/create-deploy-and-manage-mobile-and-paginated-reports) article.
* Scripting—You can generate reports by scripting directly against the App-V reporting database. For example:
diff --git a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
index a005d725cb..8f37e1c8d1 100644
--- a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
+++ b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
@@ -22,7 +22,7 @@ ms.author: aaroncz
- Windows Server 2012 R2
- Windows Server 2016
-You can run a locally installed application in a virtual environment, alongside applications that have been virtualized by using Microsoft Application Virtualization (App-V). You might want to do this if you:
+You can run a locally installed application in a virtual environment, alongside applications that have been virtualized by using Microsoft Application Virtualization (App-V). You might want to do this task if you:
- Want to install and run an application locally on client computers, but want to virtualize and run specific plug-ins that work with that local application.
@@ -45,7 +45,7 @@ Each method accomplishes essentially the same task, but some methods may be bett
To add a locally installed application to a package or to a connection group’s virtual environment, you add a subkey to the `RunVirtual` registry key in the Registry Editor, as described in the following sections.
-There is no Group Policy setting available to manage this registry key, so you have to use Microsoft Endpoint Manager or another electronic software distribution (ESD) system, or manually edit the registry.
+There's no Group Policy setting available to manage this registry key, so you have to use Microsoft Endpoint Manager or another electronic software distribution (ESD) system, or manually edit the registry.
Starting with App-V 5.0 SP3, when using RunVirtual, you can publish packages globally or to the user.
@@ -63,16 +63,16 @@ Starting with App-V 5.0 SP3, when using RunVirtual, you can publish packages glo
For example, create `HKEY_CURRENT_USER \SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe`.
- Connection group can be:
- - Packages that are published just globally or just to the user
+ - Packages that are published globally or just to the user
- Packages that are published globally and to the user
- Use the `HKEY_LOCAL_MACHINE` or `HKEY_CURRENT_USER` key. But, all of the following must be true:
+ Use the `HKEY_LOCAL_MACHINE` or `HKEY_CURRENT_USER` key. But, all of the following conditions must be fulfilled:
- If you want to include multiple packages in the virtual environment, you must include them in an enabled connection group.
- Create only one subkey for one of the packages in the connection group. If, for example, you have one package that is published globally, and another package that is published to the user, you create a subkey for either of these packages, but not both. Although you create a subkey for only one of the packages, all of the packages in the connection group, plus the local application, will be available in the virtual environment.
- The key under which you create the subkey must match the publishing method you used for the package.
- For example, if you published the package to the user, you must create the subkey under `HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual`. Do not add a key for the same application under both hives.
+ For example, if you published the package to the user, you must create the subkey under `HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual`. Don't add a key for the same application under both hives.
2. Set the new registry subkey’s value to the PackageId and VersionId of the package, separating the values with an underscore.
@@ -80,7 +80,7 @@ Starting with App-V 5.0 SP3, when using RunVirtual, you can publish packages glo
**Example**: 4c909996-afc9-4352-b606-0b74542a09c1\_be463724-Oct1-48f1-8604-c4bd7ca92fa
- The application in the previous example would produce a registry export file (.reg file) like the following:
+ The application in the previous example would produce a registry export file (.reg file) like the following example:
```registry
Windows Registry Editor Version 5.00
diff --git a/windows/application-management/app-v/appv-security-considerations.md b/windows/application-management/app-v/appv-security-considerations.md
index 46ae70c3ee..4c9e36326a 100644
--- a/windows/application-management/app-v/appv-security-considerations.md
+++ b/windows/application-management/app-v/appv-security-considerations.md
@@ -19,15 +19,15 @@ ms.topic: article
This topic contains a brief overview of the accounts and groups, log files, and other security-related considerations for Microsoft Application Virtualization (App-V).
>[!IMPORTANT]
->App-V is not a security product and does not provide any guarantees for a secure environment.
+>App-V isn't a security product and doesn't provide any guarantees for a secure environment.
## The PackageStoreAccessControl (PSAC) feature has been deprecated
-Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature introduced in Microsoft Application Virtualization (App-V) 5.0 Service Pack 2 (SP2) has been deprecated in both single-user and multi-user environments.
+Effective as of June 2014, the PackageStoreAccessControl (PSAC) feature introduced in Microsoft Application Virtualization (App-V) 5.0 Service Pack 2 (SP2) has been deprecated in both single-user and multi-user environments.
## General security considerations
-**Understand the security risks.** The most serious risk to App-V is from unauthorized users hijacking an App-V client's functionality, giving the hacker the ability to reconfigure key data on App-V clients. By comparison, short-term loss of App-V functionality from a denial-of-service attack would not be as catastrophic.
+**Understand the security risks.** The most serious risk to App-V is from unauthorized users hijacking an App-V client's functionality, giving the hacker the ability to reconfigure key data on App-V clients. By comparison, short-term loss of App-V functionality from a denial-of-service attack wouldn't be as catastrophic.
**Physically secure your computers**. A security strategy that doesn't consider physical security is incomplete. Anyone with physical access to an App-V server could potentially attack the entire client base, so potential physical attacks or thefts should be prevented at all cost. App-V servers should be stored in a physically secure server room with controlled access. Lock the computer with the operating system or a secured screen saver to keep computers secure when the administrators are away.
@@ -50,8 +50,8 @@ No groups are created automatically during App-V setup. You should create the fo
|---|---|---|
|App-V Management Admin group|Used to manage the App-V management server. This group is created during the App-V Management Server installation.|The management console can't create a new group after installation is complete.|
|Database read/write for Management Service account|Provides read/write access to the management database. This account should be created during App-V management database installation.||
-|App-V Management Service install admin account|Provides public access to schema-version table in management database. This account should be created during App-V management database installation.|This is only required if the management database is being installed separately from the service.|
-|App-V Reporting Service install admin account|Public access to schema-version table in reporting database. This account should be created during the App-V reporting database installation.|This is only required if reporting database is being installed separately from the service.|
+|App-V Management Service install admin account|Provides public access to schema-version table in management database. This account should be created during App-V management database installation.|This account is only required if the management database is being installed separately from the service.|
+|App-V Reporting Service install admin account|Public access to schema-version table in reporting database. This account should be created during the App-V reporting database installation.|This account is only required if reporting database is being installed separately from the service.|
Consider the following additional information:
@@ -62,9 +62,9 @@ Consider the following additional information:
### App-V package security
-The following will help you plan how to ensure that virtualized packages are secure.
+The following information will help you plan how to ensure that virtualized packages are secure.
-* If an application installer applies an access control list (ACL) to a file or directory, then that ACL is not persisted in the package. If the file or directory is modified by a user when the package is deployed, the modified file or directory will either inherit the ACL in the **%userprofile%** or inherit the ACL of the target computer’s directory. The former occurs if the file or directory does not exist in a virtual file system location; the latter occurs if the file or directory exists in a virtual file system location, such as **%windir%**.
+* If an application installer applies an access control list (ACL) to a file or directory, then that ACL isn't persisted in the package. If the file or directory is modified by a user when the package is deployed, the modified file or directory will either inherit the ACL in the **%userprofile%** or inherit the ACL of the target computer’s directory. The former occurs if the file or directory doesn't exist in a virtual file system location; the latter occurs if the file or directory exists in a virtual file system location, such as **%windir%**.
## App-V log files
diff --git a/windows/application-management/app-v/appv-supported-configurations.md b/windows/application-management/app-v/appv-supported-configurations.md
index 4342db61a0..0214e455b2 100644
--- a/windows/application-management/app-v/appv-supported-configurations.md
+++ b/windows/application-management/app-v/appv-supported-configurations.md
@@ -50,7 +50,7 @@ You can install the App-V Management server on a server running Windows Server 2
### Management server hardware requirements
* A 64-bit (x64) processor that runs at 1.4 GHz or faster.
-* 1 GB RAM (64-bit).
+* 1-GB RAM (64-bit).
* 200 MB of available hard disk space, not including the content directory.
### Management server database requirements
@@ -59,7 +59,7 @@ The following table lists the SQL Server versions that the App-V Management data
|SQL Server version|Service pack|System architecture|
|---|---|---|
-|Microsoft SQL Server 2019||32-bit or 64-bit|
+|Microsoft SQL Server 2019|CU4|32-bit or 64-bit|
|Microsoft SQL Server 2017||32-bit or 64-bit|
|Microsoft SQL Server 2016|SP2|32-bit or 64-bit|
|Microsoft SQL Server 2014||32-bit or 64-bit|
@@ -74,10 +74,10 @@ The App-V Publishing server can be installed on a server that runs Windows Serve
### Publishing server hardware requirements
-App-V adds no additional requirements beyond those of Windows Server.
+App-V adds requires nothing beyond the requirements of Windows Server.
* A 64-bit (x64) processor that runs at 1.4 GHz or faster.
-* 2 GB RAM (64-bit).
+* 2-GB RAM (64-bit).
* 200 MB of available hard disk space, not including the content directory.
### Reporting server operating system requirements
@@ -86,10 +86,10 @@ You can install the App-V Reporting server on a server running Windows Server 20
### Reporting server hardware requirements
-App-V adds no additional requirements beyond those of Windows Server.
+App-V adds no other requirements beyond those requirements of Windows Server.
* A 64-bit (x64) processor that runs at 1.4 GHz or faster.
-* 2 GB RAM (64-bit).
+* 2-GB RAM (64-bit).
* 200 MB of available hard disk space, not including the content directory.
### Reporting server database requirements
@@ -98,6 +98,7 @@ The following table lists the SQL Server versions that are supported for the App
|SQL Server version|Service pack|System architecture|
|---|---|---|
+|Microsoft SQL Server 2019|CU4|32-bit or 64-bit|
|Microsoft SQL Server 2017||32-bit or 64-bit|
|Microsoft SQL Server 2016|SP2|32-bit or 64-bit|
|Microsoft SQL Server 2014||32-bit or 64-bit|
diff --git a/windows/application-management/app-v/appv-technical-reference.md b/windows/application-management/app-v/appv-technical-reference.md
index 6c11271006..36c6a128fb 100644
--- a/windows/application-management/app-v/appv-technical-reference.md
+++ b/windows/application-management/app-v/appv-technical-reference.md
@@ -24,21 +24,21 @@ This section provides reference information related to managing App-V.
- [Performance Guidance for Application Virtualization](appv-performance-guidance.md)
- Provides strategy and context for many performance optimizations. Not all practices will be applicable. However, these are tested and supported. Using all suggested practices that are applicable to your organization will provide the optimal end-user experience.
+ Provides strategy and context for many performance optimizations. Not all practices will be applicable. However, these practices are tested and supported. Using all suggested practices that are applicable to your organization will provide the optimal end-user experience.
- [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md)
Describes how the following App-V client operations affect the local operating system:
- App-V files and data storage locations
-- package registry
-- package store behavior
-- roaming registry and data
-- client application lifecycle management
-- integration of App-V packages
-- dynamic configuration
-- side-by-side assemblies
-- client logging
+- Package registry
+- Package store behavior
+- Roaming registry and data
+- Client application lifecycle management
+- Integration of App-V packages
+- Dynamic configuration
+- Side-by-side assemblies
+- Client logging
- [Viewing App-V Server Publishing Metadata](appv-viewing-appv-server-publishing-metadata.md)
diff --git a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
index 82f04edd79..69dd653179 100644
--- a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
@@ -21,13 +21,13 @@ Use the following procedure to transfer the access and default package configura
**To transfer access and configurations to another version of a package**
-1. To view the package that you want to configure, open the App-V Management Console. Select the package to which you will transfer the new configuration, right-click the package and select **transfer default configuration from** or **transfer access and configurations from**, depending on the configuration that you want to transfer.
+1. To view the package that you want to configure, open the App-V Management Console. Select the package to which you'll transfer the new configuration, right-click the package and select **transfer default configuration from** or **transfer access and configurations from**, depending on the configuration that you want to transfer.
2. To transfer the configuration, in the **Select Previous Version** dialog box, select the package that contains the settings that you want to transfer, and then click **OK**.
If you select **transfer default configuration from**, then only the underlying dynamic deployment configuration will be transferred.
- If you select **transfer access and configurations from**, then all access permissions, as well as the configuration settings, will be copied.
+ If you select **transfer access and configurations from**, then all access permissions, and the configuration settings, will be copied.
diff --git a/windows/application-management/enterprise-background-activity-controls.md b/windows/application-management/enterprise-background-activity-controls.md
index 2d457de57d..b9d63a3d9c 100644
--- a/windows/application-management/enterprise-background-activity-controls.md
+++ b/windows/application-management/enterprise-background-activity-controls.md
@@ -25,11 +25,11 @@ Users have the ability to control background activity for their device through t
-The **Battery usage by app** page allows fine-grained tuning of background activity. Users have the ability to set background activity to by **Managed By Windows**, as well as turning it on or off for each app. Only devices with a battery have this page available in the **Settings** app. Here is the set of available controls on desktop:
+The **Battery usage by app** page allows fine-grained tuning of background activity. Users have the ability to set background activity to by **Managed By Windows**, and turning it on or off for each app. Only devices with a battery have this page available in the **Settings** app. Here's the set of available controls on desktop:
-Here is the set of available controls for mobile devices:
+Here's the set of available controls for mobile devices:
@@ -48,13 +48,13 @@ These policies control the background activity battery settings for Universal Wi
An app can determine which settings are in place for itself by using [BackgroundExecutionManager.RequestAccessAsync](/uwp/api/Windows.ApplicationModel.Background.BackgroundAccessStatus) before any background activity is attempted, and then examining the returned [BackgroundAccessStatus](/uwp/api/windows.applicationmodel.background.backgroundaccessstatus) enumeration. The values of this enumeration correspond to settings in the **battery usage by App** settings page:
-- **AlwaysAllowed**: Corresponds to **Always Allowed in Background** and **Managed By User**. This enables apps to run as much as possible in the background, including while the device is in battery saver mode.
+- **AlwaysAllowed**: Corresponds to **Always Allowed in Background** and **Managed By User**. This correspondence enables apps to run as much as possible in the background, including while the device is in battery saver mode.
-- **AllowedSubjectToSystemPolicy**: This is the default value. It corresponds to **Managed by Windows**. This enables apps to run in the background as determined by Windows. If the device is currently in the battery saver state then background activities do not run.
+- **AllowedSubjectToSystemPolicy**: This value is the default one. It corresponds to **Managed by Windows**. This correspondence enables apps to run in the background as determined by Windows. If the device is currently in the battery saver state, then background activities don't run.
-- **DeniedDueToSystemPolicy**: Corresponds to **Managed by Windows** and indicates that the system has determined that the app cannot currently run in the background.
+- **DeniedDueToSystemPolicy**: Corresponds to **Managed by Windows** and indicates that the system has determined that the app can't currently run in the background.
-- **DeniedByUser**: Corresponds to **Never Allowed in the Background**. The app cannot run in the background. Either the configuration in the settings app, or enterprise policy, has defined that this app is not allowed to run in the background.
+- **DeniedByUser**: Corresponds to **Never Allowed in the Background**. The app can't run in the background. Either the configuration in the settings app, or enterprise policy, has defined that this app isn't allowed to run in the background.
The Universal Windows Platform ensures that consumers will have great battery life and that foreground apps will perform well. Enterprises have the ability to change settings to enable scenarios specific to their business needs. Administrators can use the **Background apps** policies to enable or disable whether a UWP app can run in the background.
diff --git a/windows/application-management/sideload-apps-in-windows-10.md b/windows/application-management/sideload-apps-in-windows-10.md
index 270911d1f0..b166f06efd 100644
--- a/windows/application-management/sideload-apps-in-windows-10.md
+++ b/windows/application-management/sideload-apps-in-windows-10.md
@@ -53,7 +53,7 @@ You can sideload apps on managed or unmanaged devices.
Managed devices are typically owned by your organization. They're managed by Group Policy (on-premises), or a Mobile Device Management (MDM) provider, such as Microsoft Intune (cloud). Bring your own devices (BYOD) and personal devices can also be managed by your organization. On managed devices, you can create a policy that turns on sideloading, and then deploy this policy to your Windows devices.
-Unmanaged devices are devices that are not managed by your organization. These devices are typically personal devices owned by users. Users can turn on sideloading using the Settings app.
+Unmanaged devices are devices that aren't managed by your organization. These devices are typically personal devices owned by users. Users can turn on sideloading using the Settings app.
> [!IMPORTANT]
> To install an app on Windows client, you can:
diff --git a/windows/application-management/svchost-service-refactoring.md b/windows/application-management/svchost-service-refactoring.md
index 29bf7f6ae6..6158870fa4 100644
--- a/windows/application-management/svchost-service-refactoring.md
+++ b/windows/application-management/svchost-service-refactoring.md
@@ -16,7 +16,7 @@ manager: dougeby
> Applies to: Windows 10
-The **Service Host (svchost.exe)** is a shared-service process that serves as a shell for loading services from DLL files. Services are organized into related host groups, and each group runs inside a different instance of the Service Host process. In this way, a problem in one instance does not affect other instances. Service Host groups are determined by combining the services with matching security requirements. For example:
+The **Service Host (svchost.exe)** is a shared-service process that serves as a shell for loading services from DLL files. Services are organized into related host groups, and each group runs inside a different instance of the Service Host process. In this way, a problem in one instance doesn't affect other instances. Service Host groups are determined by combining the services with matching security requirements. For example:
* Local Service
* Local Service No Network
@@ -33,7 +33,7 @@ Benefits of this design change include:
* Increased reliability by insulating critical network services from the failure of another non-network service in the host, and adding the ability to restore networking connectivity seamlessly when networking components crash.
* Reduced support costs by eliminating the troubleshooting overhead associated with isolating misbehaving services in the shared host.
-* Increased security by providing additional inter-service isolation
+* Increased security by providing more inter-service isolation
* Increased scalability by allowing per-service settings and privileges
* Improved resource management through per-service CPU, I/O and memory management and increase clear diagnostic data (report CPU, I/O and network usage per service).
@@ -58,24 +58,24 @@ Compare that to the same view of running processes in Windows 10 version 1703:
## Exceptions
-Some services will continue to be grouped on PCs running with 3.5GB or higher RAM. For example, the Base Filtering Engine (BFE) and the Windows Firewall (Mpssvc) will be grouped together in a single host group, as will the RPC Endpoint Mapper and Remote Procedure Call services.
+Some services will continue to be grouped on PCs running with 3.5 GB or higher RAM. For example, the Base Filtering Engine (BFE) and the Windows Firewall (Mpssvc) will be grouped together in a single host group, as will the RPC Endpoint Mapper and Remote Procedure Call services.
If you need to identify services that will continue to be grouped, in addition to seeing them in Task Manager and using command line tools, you can look for the *SvcHostSplitDisable* value in their respective service keys under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.
The default value of **1** prevents the service from being split.
-For example, this is the registry key configuration for BFE:
+For example, the registry key configuration for BFE is:
## Memory footprint
-Be aware that separating services increases the total number of SvcHost instances, which increases memory utilization. (Service grouping provided a modest reduction to the overall resource footprint of the services involved.)
+Separating services increases the total number of SvcHost instances, which increases memory utilization. (Service grouping provided a modest reduction to the overall resource footprint of the services involved.)
-Consider the following:
+Consider the following example:
-|Grouped Services (< 3.5GB) | Split Services (3.5GB+)
+|Grouped Services (< 3.5 GB) | Split Services (3.5 GB+)
|--------------------------------------- | ------------------------------------------ |
| | |
diff --git a/windows/client-management/advanced-troubleshooting-802-authentication.md b/windows/client-management/advanced-troubleshooting-802-authentication.md
index 95c6a16227..59c8210b09 100644
--- a/windows/client-management/advanced-troubleshooting-802-authentication.md
+++ b/windows/client-management/advanced-troubleshooting-802-authentication.md
@@ -18,11 +18,11 @@ ms.collection: highpri
## Overview
-This article includes general troubleshooting for 802.1X wireless and wired clients. While troubleshooting 802.1X and wireless, it's important to know how the flow of authentication works, and then figure out where it's breaking. It involves a lot of third-party devices and software. Most of the time, we have to identify where the problem is, and another vendor has to fix it. We don't make access points or switches, so it's not an end-to-end Microsoft solution.
+This article includes general troubleshooting for 802.1X wireless and wired clients. While troubleshooting 802.1X and wireless, it's important to know how the flow of authentication works, and then figure out where it's breaking. It involves many third-party devices and software. Most of the time, we have to identify where the problem is, and another vendor has to fix it. We don't make access points or switches, so it's not an end-to-end Microsoft solution.
## Scenarios
-This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 through Windows 10 (and Windows 11) for clients, and Windows Server 2008 R2 through Windows Server 2012 R2 for NPS.
+This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication are attempted and then fail to establish. The workflow covers Windows 7 through Windows 10 (and Windows 11) for clients, and Windows Server 2008 R2 through Windows Server 2012 R2 for NPS.
## Known issues
@@ -38,9 +38,9 @@ Viewing [NPS authentication status events](/previous-versions/windows/it-pro/win
NPS event log entries contain information about the connection attempt, including the name of the connection request policy that matched the connection attempt and the network policy that accepted or rejected the connection attempt. If you don't see both success and failure events, see the [NPS audit policy](#audit-policy) section later in this article.
-Check the Windows Security event log on the NPS Server for NPS events that correspond to rejected ([event ID 6273](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735399(v%3dws.10))) or accepted ([event ID 6272](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735388(v%3dws.10))) connection attempts.
+Check the Windows Security event log on the NPS Server for NPS events that correspond to the rejected ([event ID 6273](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735399(v%3dws.10))) or the accepted ([event ID 6272](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735388(v%3dws.10))) connection attempts.
-In the event message, scroll to the very bottom, and then check the [Reason Code](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd197570(v%3dws.10)) field and the text that's associated with it.
+In the event message, scroll to the bottom, and then check the [Reason Code](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd197570(v%3dws.10)) field and the text that's associated with it.
*Example: event ID 6273 (Audit Failure)*
@@ -48,7 +48,7 @@ In the event message, scroll to the very bottom, and then check the [Reason Code
*Example: event ID 6272 (Audit Success)*
-The WLAN AutoConfig operational log lists information and error events based on conditions detected by or reported to the WLAN AutoConfig service. The operational log contains information about the wireless network adapter, the properties of the wireless connection profile, the specified network authentication, and, in the event of connectivity problems, the reason for the failure. For wired network access, the Wired AutoConfig operational log is an equivalent one.
+The WLAN AutoConfig operational log lists information and error events based on conditions detected by or reported to the WLAN AutoConfig service. The operational log contains information about the wireless network adapter, the properties of the wireless connection profile, the specified network authentication, and, if connectivity problems occur, the reason for the failure. For wired network access, the Wired AutoConfig operational log is an equivalent one.
On the client side, go to **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\WLAN-AutoConfig/Operational** for wireless issues. For wired network access issues, go to **..\Wired-AutoConfig/Operational**. See the following example:
@@ -114,7 +114,7 @@ auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enab
Even if audit policy appears to be fully enabled, it sometimes helps to disable and then re-enable this setting. You can also enable Network Policy Server logon/logoff auditing by using Group Policy. To get to the success/failure setting, select **Computer Configuration** > **Policies** > **Windows Settings** > **Security Settings** > **Advanced Audit Policy Configuration** > **Audit Policies** > **Logon/Logoff** > **Audit Network Policy Server**.
-## Additional references
+## More references
[Troubleshooting Windows Vista 802.11 Wireless Connections](/previous-versions/windows/it-pro/windows-vista/cc766215(v=ws.10))
[Troubleshooting Windows Vista Secure 802.3 Wired Connections](/previous-versions/windows/it-pro/windows-vista/cc749352(v=ws.10))
diff --git a/windows/client-management/advanced-troubleshooting-boot-problems.md b/windows/client-management/advanced-troubleshooting-boot-problems.md
index 858333629a..dd92af8c4f 100644
--- a/windows/client-management/advanced-troubleshooting-boot-problems.md
+++ b/windows/client-management/advanced-troubleshooting-boot-problems.md
@@ -46,11 +46,11 @@ Essential drivers required to start the Windows kernel are loaded and the kernel
**4. Windows NT OS Kernel**
-The kernel loads into memory the system registry hive and additional drivers that are marked as BOOT_START.
+The kernel loads into memory the system registry hive and other drivers that are marked as BOOT_START.
-The kernel passes control to the session manager process (Smss.exe) which initializes the system session, and loads and starts the devices and drivers that are not marked BOOT_START.
+The kernel passes control to the session manager process (Smss.exe) which initializes the system session, and loads and starts the devices and drivers that aren't marked BOOT_START.
-Here is a summary of the boot sequence, what will be seen on the display, and typical boot problems at that point in the sequence. Before starting troubleshooting, you have to understand the outline of the boot process and display status to ensure that the issue is properly identified at the beginning of the engagement.
+Here's a summary of the boot sequence, what will be seen on the display, and typical boot problems at that point in the sequence. Before starting troubleshooting, you have to understand the outline of the boot process and display status to ensure that the issue is properly identified at the beginning of the engagement.
[Click to enlarge](img-boot-sequence.md)
@@ -76,15 +76,15 @@ To determine whether the system has passed the BIOS phase, follow these steps:
1. If there are any external peripherals connected to the computer, disconnect them.
-2. Check whether the hard disk drive light on the physical computer is working. If it is not working, this indicates that the startup process is stuck at the BIOS phase.
+2. Check whether the hard disk drive light on the physical computer is working. If it's not working, this dysfunction indicates that the startup process is stuck at the BIOS phase.
-3. Press the NumLock key to see whether the indicator light toggles on and off. If it does not, this indicates that the startup process is stuck at BIOS.
+3. Press the NumLock key to see whether the indicator light toggles on and off. If it doesn't toggle, this dysfunction indicates that the startup process is stuck at BIOS.
If the system is stuck at the BIOS phase, there may be a hardware problem.
## Boot loader phase
-If the screen is completely black except for a blinking cursor, or if you receive one of the following error codes, this indicates that the boot process is stuck in the Boot Loader phase:
+If the screen is black except for a blinking cursor, or if you receive one of the following error codes, this status indicates that the boot process is stuck in the Boot Loader phase:
- Boot Configuration Data (BCD) missing or corrupted
- Boot file or MBR corrupted
@@ -100,7 +100,7 @@ To troubleshoot this problem, use Windows installation media to start the comput
The Startup Repair tool automatically fixes many common problems. The tool also lets you quickly diagnose and repair more complex startup problems. When the computer detects a startup problem, the computer starts the Startup Repair tool. When the tool starts, it performs diagnostics. These diagnostics include analyzing startup log files to determine the cause of the problem. When the Startup Repair tool determines the cause, the tool tries to fix the problem automatically.
-To do this, follow these steps.
+To do this task of invoking the Startup Repair tool, follow these steps.
> [!NOTE]
> For additional methods to start WinRE, see [Windows Recovery Environment (Windows RE)](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#span-identrypointsintowinrespanspan-identrypointsintowinrespanspan-identrypointsintowinrespanentry-points-into-winre).
@@ -144,7 +144,7 @@ BOOTREC /FIXBOOT
If you receive BCD-related errors, follow these steps:
-1. Scan for all the systems that are installed. To do this, run the following command:
+1. Scan for all the systems that are installed. To do this step, run the following command:
```console
Bootrec /ScanOS
@@ -152,7 +152,7 @@ If you receive BCD-related errors, follow these steps:
2. Restart the computer to check whether the problem is fixed.
-3. If the problem is not fixed, run the following commands:
+3. If the problem isn't fixed, run the following commands:
```console
bcdedit /export c:\bcdbackup
@@ -168,7 +168,7 @@ If you receive BCD-related errors, follow these steps:
### Method 4: Replace Bootmgr
-If methods 1, 2 and 3 do not fix the problem, replace the Bootmgr file from drive C to the System Reserved partition. To do this, follow these steps:
+If methods 1, 2 and 3 don't fix the problem, replace the Bootmgr file from drive C to the System Reserved partition. To do this replacement, follow these steps:
1. At a command prompt, change the directory to the System Reserved partition.
@@ -198,7 +198,7 @@ If methods 1, 2 and 3 do not fix the problem, replace the Bootmgr file from driv
### Method 5: Restore System Hive
-If Windows cannot load the system registry hive into memory, you must restore the system hive. To do this, use the Windows Recovery Environment or use Emergency Repair Disk (ERD) to copy the files from the C:\Windows\System32\config\RegBack to C:\Windows\System32\config.
+If Windows can't load the system registry hive into memory, you must restore the system hive. To do this step,, use the Windows Recovery Environment or use Emergency Repair Disk (ERD) to copy the files from the C:\Windows\System32\config\RegBack to C:\Windows\System32\config.
If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced.
@@ -207,7 +207,7 @@ If the problem persists, you may want to restore the system state backup to an a
## Kernel Phase
-If the system gets stuck during the kernel phase, you experience multiple symptoms or receive multiple error messages. These include, but are not limited to, the following:
+If the system gets stuck during the kernel phase, you experience multiple symptoms or receive multiple error messages. These error messages include, but aren't limited to, the following examples:
- A Stop error appears after the splash screen (Windows Logo screen).
@@ -250,7 +250,7 @@ On the **Advanced Boot Options** screen, try to start the computer in **Safe Mod
### Clean boot
To troubleshoot problems that affect services, do a clean boot by using System Configuration (msconfig).
-Select **Selective startup** to test the services one at a time to determine which one is causing the problem. If you cannot find the cause, try including system services. However, in most cases, the problematic service is third-party.
+Select **Selective startup** to test the services one at a time to determine which one is causing the problem. If you can't find the cause, try including system services. However, in most cases, the problematic service is third-party.
Disable any service that you find to be faulty, and try to start the computer again by selecting **Normal startup**.
@@ -275,7 +275,7 @@ problems can be solved. Modify the registry at your own risk.
To troubleshoot this Stop error, follow these steps to filter the drivers:
-1. Go to Windows Recovery Environment (WinRE) by putting an ISO disk of the system in the disk drive. The ISO should be of same version of Windows or a later version.
+1. Go to Windows Recovery Environment (WinRE) by putting an ISO disk of the system in the disk drive. The ISO should be of the same version of Windows or a later version.
2. Open the registry.
@@ -291,7 +291,7 @@ To troubleshoot this Stop error, follow these steps to filter the drivers:
7. Restart the server in Normal mode.
-For additional troubleshooting steps, see the following articles:
+For more troubleshooting steps, see the following articles:
- [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md)
@@ -316,7 +316,7 @@ To fix problems that occur after you install Windows updates, check for pending
Try to start the computer.
-If the computer does not start, follow these steps:
+If the computer doesn't start, follow these steps:
1. Open A Command Prompt window in WinRE, and start a text editor, such as Notepad.
@@ -348,7 +348,7 @@ If the Stop error occurs late in the startup process, or if the Stop error is st
- [Generate a kernel or complete crash dump](./generate-kernel-or-complete-crash-dump.md)
-For more information about page file problems in Windows 10 or Windows Server 2016, see the following:
+For more information about page file problems in Windows 10 or Windows Server 2016, see the following article:
- [Introduction to page files](./introduction-page-file.md)
For more information about Stop errors, see the following Knowledge Base article:
@@ -359,7 +359,7 @@ If the dump file shows an error that is related to a driver (for example, window
- Check the functionality that is provided by the driver. If the driver is a third-party boot driver, make sure that you understand what it does.
-- If the driver is not important and has no dependencies, load the system hive, and then disable the driver.
+- If the driver isn't important and has no dependencies, load the system hive, and then disable the driver.
- If the stop error indicates system file corruption, run the system file checker in offline mode.
@@ -371,7 +371,7 @@ If the dump file shows an error that is related to a driver (for example, window
For more information, see [Using System File Checker (SFC) To Fix Issues](/archive/blogs/askcore/using-system-file-checker-sfc-to-fix-issues)
- - If there is disk corruption, run the check disk command:
+ - If there's disk corruption, run the check disk command:
```console
chkdsk /f /r
diff --git a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
index a9300a5ef2..8ab2aede4e 100644
--- a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
+++ b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
@@ -20,7 +20,7 @@ ms.topic: troubleshooting
## Overview
-This is a general troubleshooting of establishing Wi-Fi connections from Windows clients.
+This overview describes the general troubleshooting of establishing Wi-Fi connections from Windows clients.
Troubleshooting Wi-Fi connections requires understanding the basic flow of the Wi-Fi autoconnect state machine. Understanding this flow makes it easier to determine the starting point in a repro scenario in which a different behavior is found.
This workflow involves knowledge and use of [TextAnalysisTool](https://github.com/TextAnalysisTool/Releases), an extensive text filtering tool that is useful with complex traces with numerous ETW providers such as wireless_dbg trace scenario.
@@ -29,11 +29,11 @@ This workflow involves knowledge and use of [TextAnalysisTool](https://github.co
This article applies to any scenario in which Wi-Fi connections fail to establish. The troubleshooter is developed with Windows 10 clients in focus, but also may be useful with traces as far back as Windows 7.
> [!NOTE]
-> This troubleshooter uses examples that demonstrate a general strategy for navigating and interpreting wireless component [Event Tracing for Windows](/windows/desktop/etw/event-tracing-portal) (ETW). It is not meant to be representative of every wireless problem scenario.
+> This troubleshooter uses examples that demonstrate a general strategy for navigating and interpreting wireless component [Event Tracing for Windows](/windows/desktop/etw/event-tracing-portal) (ETW). It's not meant to be representative of every wireless problem scenario.
-Wireless ETW is incredibly verbose and calls out a lot of innocuous errors (rather flagged behaviors that have little or nothing to do with the problem scenario). Simply searching for or filtering on "err", "error", and "fail" will seldom lead you to the root cause of a problematic Wi-Fi scenario. Instead it will flood the screen with meaningless logs that will obfuscate the context of the actual problem.
+Wireless ETW is incredibly verbose and calls out many innocuous errors (rather flagged behaviors that have little or nothing to do with the problem scenario). Searching for or filtering on "err", "error", and "fail" will seldom lead you to the root cause of a problematic Wi-Fi scenario. Instead it will flood the screen with meaningless logs that will obfuscate the context of the actual problem.
-It is important to understand the different Wi-Fi components involved, their expected behaviors, and how the problem scenario deviates from those expected behaviors.
+It's important to understand the different Wi-Fi components involved, their expected behaviors, and how the problem scenario deviates from those expected behaviors.
The intention of this troubleshooter is to show how to find a starting point in the verbosity of wireless_dbg ETW and home in on the responsible components that are causing the connection problem.
### Known Issues and fixes
@@ -57,14 +57,14 @@ Make sure that you install the latest Windows updates, cumulative updates, and r
## Data Collection
-1. Network Capture with ETW. Enter the following at an elevated command prompt:
+1. Network Capture with ETW. Enter the following command at an elevated command prompt:
```console
netsh trace start wireless_dbg capture=yes overwrite=yes maxsize=4096 tracefile=c:\tmp\wireless.etl
```
2. Reproduce the issue.
- - If there is a failure to establish connection, try to manually connect.
- - If it is intermittent but easily reproducible, try to manually connect until it fails. Record the time of each connection attempt, and whether it was a success or failure.
+ - If there's a failure to establish connection, try to manually connect.
+ - If it's intermittent but easily reproducible, try to manually connect until it fails. Record the time of each connection attempt, and whether it was a success or failure.
- If the issue is intermittent but rare, netsh trace stop command needs to be triggered automatically (or at least alerted to admin quickly) to ensure trace doesn’t overwrite the repro data.
- If intermittent connection drops trigger stop command on a script (ping or test network constantly until fail, then netsh trace stop).
3. Stop the trace by entering the following command:
@@ -78,11 +78,11 @@ Make sure that you install the latest Windows updates, cumulative updates, and r
netsh trace convert c:\tmp\wireless.etl
```
-See the [example ETW capture](#example-etw-capture) at the bottom of this article for an example of the command output. After running these commands, you will have three files: wireless.cab, wireless.etl, and wireless.txt.
+See the [example ETW capture](#example-etw-capture) at the bottom of this article for an example of the command output. After running these commands, you'll have three files: wireless.cab, wireless.etl, and wireless.txt.
## Troubleshooting
-The following is a high-level view of the main wifi components in Windows.
+The following view is a high-level one of the main wifi components in Windows.
|Wi-fi Components|Description|
|--- |--- |
@@ -116,7 +116,7 @@ Filtering the ETW trace with the [TextAnalysisTool](https://github.com/TextAnaly
Use the **FSM transition** trace filter to see the connection state machine. You can see [an example](#textanalysistool-example) of this filter applied in the TAT at the bottom of this page.
-The following is an example of a good connection setup:
+An example of a good connection setup is:
```console
44676 [2]0F24.1020::2018-09-17 10:22:14.658 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Disconnected to State: Reset
@@ -127,7 +127,7 @@ The following is an example of a good connection setup:
49465 [2]0F24.17E0::2018-09-17 10:22:14.990 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Authenticating to State: Connected
```
-The following is an example of a failed connection setup:
+An example of a failed connection setup is:
```console
44676 [2]0F24.1020::2018-09-17 10:22:14.658 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Disconnected to State: Reset
@@ -138,9 +138,9 @@ The following is an example of a failed connection setup:
49465 [2]0F24.17E0::2018-09-17 10:22:14.990 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Authenticating to State: Roaming
```
-By identifying the state at which the connection fails, one can focus more specifically in the trace on logs just prior to the last known good state.
+By identifying the state at which the connection fails, one can focus more specifically in the trace on logs prior to the last known good state.
-Examining **[Microsoft-Windows-WLAN-AutoConfig]** logs just prior to the bad state change should show evidence of error. Often, however, the error is propagated up through other wireless components.
+Examining **[Microsoft-Windows-WLAN-AutoConfig]** logs prior to the bad state change should show evidence of error. Often, however, the error is propagated up through other wireless components.
In many cases the next component of interest will be the MSM, which lies just below Wlansvc.
The important components of the MSM include:
@@ -149,10 +149,10 @@ The important components of the MSM include:
-Each of these components has their own individual state machines which follow specific transitions.
+Each of these components has its own individual state machines that follow specific transitions.
Enable the **FSM transition, SecMgr Transition,** and **AuthMgr Transition** filters in TextAnalysisTool for more detail.
-Continuing with the example above, the combined filters look like this:
+Further to the preceding example, the combined filters look like the following command example:
```console
[2] 0C34.2FF0::08/28/17-13:24:28.693 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
@@ -177,7 +177,7 @@ Authenticating to State: Roaming
> [!NOTE]
> In the next to last line the SecMgr transition is suddenly deactivating:
>\[2\] 0C34.2FF0::08/28/17-13:24:29.7512788 \[Microsoft-Windows-WLAN-AutoConfig\]Port\[13\] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
->This transition is what eventually propagates to the main connection state machine and causes the Authenticating phase to devolve to Roaming state. As before, it makes sense to focus on tracing just prior to this SecMgr behavior to determine the reason for the deactivation.
+>This transition is what eventually propagates to the main connection state machine and causes the Authenticating phase to devolve to Roaming state. As before, it makes sense to focus on tracing prior to this SecMgr behavior to determine the reason for the deactivation.
Enabling the **Microsoft-Windows-WLAN-AutoConfig** filter will show more detail leading to the DEACTIVATE transition:
@@ -203,7 +203,7 @@ The trail backwards reveals a **Port Down** notification:
Port events indicate changes closer to the wireless hardware. The trail can be followed by continuing to see the origin of this indication.
-Below, the MSM is the native wifi stack. These are Windows native wifi drivers which talk to the wifi miniport drivers. It is responsible for converting Wi-Fi (802.11) packets to 802.3 (Ethernet) so that TCPIP and other protocols and can use it.
+Below, the MSM is the native wifi stack. These drivers are Windows native wifi drivers that talk to the wifi miniport drivers. It's responsible for converting Wi-Fi (802.11) packets to 802.3 (Ethernet) so that TCPIP and other protocols and can use it.
Enable trace filter for **[Microsoft-Windows-NWifi]:**
@@ -230,7 +230,7 @@ In the trace above, we see the line:
[0]0000.0000::08/28/17-13:24:29.127 [Microsoft-Windows-NWiFi]DisAssoc: 0x8A1514B62510 Reason: 0x4
```
-This is followed by **PHY_STATE_CHANGE** and **PORT_DOWN** events due to a disassociate coming from the Access Point (AP), as an indication to deny the connection. This could be due to invalid credentials, connection parameters, loss of signal/roaming, and various other reasons for aborting a connection. The action here would be to examine the reason for the disassociate sent from the indicated AP MAC (8A:15:14:B6:25:10). This would be done by examining internal logging/tracing from the AP.
+This line is followed by **PHY_STATE_CHANGE** and **PORT_DOWN** events due to a disassociate coming from the Access Point (AP), as an indication to deny the connection. This denail could be due to invalid credentials, connection parameters, loss of signal/roaming, and various other reasons for aborting a connection. The action here would be to examine the reason for the disassociate sent from the indicated AP MAC (8A:15:14:B6:25:10). This action would be done by examining internal logging/tracing from the AP.
### Resources
diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index ec54bee4ae..cf0c18ee1d 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -31,11 +31,11 @@ From its release, Windows 10 has supported remote connections to PCs joined to A
## Set up
-- Both PCs (local and remote) must be running Windows 10, version 1607 or later. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 are not supported.
-- Your local PC (where you are connecting from) must be either Azure AD-joined or Hybrid Azure AD-joined if using Windows 10, version 1607 and above, or [Azure AD registered](/azure/active-directory/devices/concept-azure-ad-register) if using Windows 10, version 2004 and above. Remote connections to an Azure AD-joined PC from an unjoined device or a non-Windows 10 device are not supported.
-- The local PC and remote PC must be in the same Azure AD tenant. Azure AD B2B guests are not supported for Remote desktop.
+- Both PCs (local and remote) must be running Windows 10, version 1607 or later. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 aren't supported.
+- Your local PC (where you're connecting from) must be either Azure AD-joined or Hybrid Azure AD-joined if using Windows 10, version 1607 and above, or [Azure AD registered](/azure/active-directory/devices/concept-azure-ad-register) if using Windows 10, version 2004 and above. Remote connections to an Azure AD-joined PC from an unjoined device or a non-Windows 10 device aren't supported.
+- The local PC and remote PC must be in the same Azure AD tenant. Azure AD B2B guests aren't supported for Remote desktop.
-Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard), a new feature in Windows 10, version 1607, is turned off on the client PC you are using to connect to the remote PC.
+Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard), a new feature in Windows 10, version 1607, is turned off on the client PC you're using to connect to the remote PC.
- On the PC you want to connect to:
@@ -45,7 +45,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
- 3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Users can be added either manually or through MDM policies:
+ 3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no other configuration is needed. To allow more users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Users can be added either manually or through MDM policies:
- Adding users manually
@@ -55,14 +55,14 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
```
where *the-UPN-attribute-of-your-user* is the name of the user profile in C:\Users\, which is created based on the DisplayName attribute in Azure AD.
- In order to execute this PowerShell command you be a member of the local Administrators group. Otherwise, you'll get an error like this example:
+ In order to execute this PowerShell command, you must be a member of the local Administrators group. Otherwise, you'll get an error like this example:
- for cloud only user: "There is no such global user or group : *name*"
- for synced user: "There is no such global user or group : *name*"
> [!NOTE]
> For devices running Windows 10, version 1703 or earlier, the user must sign in to the remote device first before attempting remote connections.
>
- > Starting in Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.
+ > Starting in Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there's a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.
- Adding users using policy
diff --git a/windows/client-management/data-collection-for-802-authentication.md b/windows/client-management/data-collection-for-802-authentication.md
index 0002838314..8717d386a2 100644
--- a/windows/client-management/data-collection-for-802-authentication.md
+++ b/windows/client-management/data-collection-for-802-authentication.md
@@ -42,7 +42,7 @@ Use the following steps to collect wireless and wired logs on Windows and Window
netsh trace start scenario=lan globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wired_cli.etl
```
-3. Run the following command to enable CAPI2 logging and increase the size :
+3. Run the following command to enable CAPI2 logging and increase the size:
```
wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:true
wevtutil sl Microsoft-Windows-CAPI2/Operational /ms:104857600
@@ -70,7 +70,7 @@ Use the following steps to collect wireless and wired logs on Windows and Window
netsh trace start scenario=lan globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wired_nps.etl
```
-6. Run the following command to enable CAPI2 logging and increase the size :
+6. Run the following command to enable CAPI2 logging and increase the size:
```
wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:true
wevtutil sl Microsoft-Windows-CAPI2/Operational /ms:104857600
@@ -241,7 +241,7 @@ Use the following steps to collect wireless and wired logs on Windows and Window
wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-CredentialRoaming_Operational.evtx
wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%_CertPoleEng_Operational.evtx
```
- - Run the following 3 commands on Windows Server 2012 and later:
+ - Run the following commands on Windows Server 2012 and later:
```
wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-System_Operational.evtx
@@ -320,7 +320,7 @@ Use the following steps to collect wireless and wired logs on Windows and Window
wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-CredentialRoaming_Operational.evtx
wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%_CertPoleEng_Operational.evtx
```
- - Run the following 3 lines on Windows 2012 and up
+ - Run the following lines on Windows 2012 and up
```
wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-System_Operational.evtx
@@ -371,9 +371,9 @@ Use the following steps to collect wireless and wired logs on Windows and Window
reg export HKLM\SOFTWARE\Microsoft\Cryptography c:\MSLOG\%COMPUTERNAME%_Cryptography.txt
```
3. Copy the following files, if exist, to C:\MSLOG: %windir%\CAPolicy.inf
-4. Log on to a domain controller and create C:\MSLOG to store captured logs.
+4. Sign in to a domain controller and create C:\MSLOG to store captured logs.
5. Launch Windows PowerShell as an administrator.
-6. Run the following PowerShell cmdlets. Replace the domain name in ";.. ,DC=test,DC=local"; with appropriate domain name. The example shows commands for ";test.local"; domain.
+6. Run the following PowerShell cmdlets. Replace the domain name in ";.. ,DC=test,DC=local"; with appropriate domain name. The example shows commands for "; test.local"; domain.
```powershell
Import-Module ActiveDirectory
diff --git a/windows/client-management/determine-appropriate-page-file-size.md b/windows/client-management/determine-appropriate-page-file-size.md
index be28170923..6c0e959124 100644
--- a/windows/client-management/determine-appropriate-page-file-size.md
+++ b/windows/client-management/determine-appropriate-page-file-size.md
@@ -15,7 +15,7 @@ ms.collection: highpri
# How to determine the appropriate page file size for 64-bit versions of Windows
-Page file sizing depends on the system crash dump setting requirements and the peak usage or expected peak usage of the system commit charge. Both considerations are unique to each system, even for systems that are identical. This means that page file sizing is also unique to each system and cannot be generalized.
+Page file sizing depends on the system crash dump setting requirements and the peak usage or expected peak usage of the system commit charge. Both considerations are unique to each system, even for systems that are identical. This uniqueness means that page file sizing is also unique to each system and can't be generalized.
## Determine the appropriate page file size
@@ -23,17 +23,17 @@ Use the following considerations for page file sizing for all versions of Window
### Crash dump setting
-If you want a crash dump file to be created during a system crash, a page file or a dedicated dump file must exist and be large enough to back up the system crash dump setting. Otherwise, a system memory dump file is not created.
+If you want a crash dump file to be created during a system crash, a page file or a dedicated dump file must exist and be large enough to back up the system crash dump setting. Otherwise, a system memory dump file isn't created.
For more information, see [Support for system crash dumps](introduction-page-file.md#support-for-system-crash-dumps) section.
### Peak system commit charge
-The system commit charge cannot exceed the system commit limit. This limit is the sum of physical memory (RAM) and all page files combined. If no page files exist, the system commit limit is slightly less than the physical memory that is installed. Peak system-committed memory usage can vary greatly between systems. Therefore, physical memory and page file sizing also vary.
+The system commit charge can't exceed the system commit limit. This limit is the sum of physical memory (RAM) and all page files combined. If no page files exist, the system commit limit is slightly less than the physical memory that is installed. Peak system-committed memory usage can vary greatly between systems. Therefore, physical memory and page file sizing also vary.
### Quantity of infrequently accessed pages
-The purpose of a page file is to *back* (support) infrequently accessed modified pages so that they can be removed from physical memory. This provides more available space for more frequently accessed pages. The "\Memory\Modified Page List Bytes" performance counter measures, in part, the number of infrequently accessed modified pages that are destined for the hard disk. However, be aware that not all the memory on the modified page list is written out to disk. Typically, several hundred megabytes of memory remains resident on the modified list. Therefore, consider extending or adding a page file if all the following conditions are true:
+The purpose of a page file is to *back* (support) infrequently accessed modified pages so that they can be removed from physical memory. This removal provides more available space for more frequently accessed pages. The "\Memory\Modified Page List Bytes" performance counter measures, in part, the number of infrequently accessed modified pages that are destined for the hard disk. However, not all the memory on the modified page list is written out to disk. Typically, several hundred megabytes of memory remains resident on the modified list. Therefore, consider extending or adding a page file if all the following conditions are true:
- More available physical memory (\Memory\Available MBytes) is required.
@@ -43,7 +43,7 @@ The purpose of a page file is to *back* (support) infrequently accessed modified
## Support for system crash dumps
-A system crash (also known as a “bug check” or a "Stop error") occurs when the system cannot run correctly. The dump file that is produced from this event is called a system crash dump. A page file or dedicated dump file is used to write a crash dump file (Memory.dmp) to disk. Therefore, a page file or a dedicated dump file must be large enough to support the kind of crash dump selected. Otherwise, the system cannot create the crash dump file.
+A system crash (also known as a “bug check” or a "Stop error") occurs when the system can't run correctly. The dump file that is produced from this event is called a system crash dump. A page file or dedicated dump file is used to write a crash dump file (Memory.dmp) to disk. Therefore, a page file or a dedicated dump file must be large enough to support the kind of crash dump selected. Otherwise, the system can't create the crash dump file.
>[!Note]
>During startup, system-managed page files are sized respective to the system crash dump settings. This assumes that enough free disk space exists.
@@ -57,29 +57,29 @@ A system crash (also known as a “bug check” or a "Stop error") occurs when t
\* 1 MB of header data and device drivers can total 256 MB of secondary crash dump data.
-The **Automatic memory dump** setting is enabled by default. This is a setting instead of a kind of crash dump. This setting automatically selects the best page file size, depending on the frequency of system crashes.
+The **Automatic memory dump** setting is enabled by default. This setting is an alternative to a kind of crash dump. This setting automatically selects the best page file size, depending on the frequency of system crashes.
The Automatic memory dump feature initially selects a small paging file size. It would accommodate the kernel memory most of the time. If the system crashes again within four weeks, the Automatic memory dump feature sets the page file size as either the RAM size or 32 GB, whichever is smaller.
-Kernel memory crash dumps require enough page file space or dedicated dump file space to accommodate the kernel mode side of virtual memory usage. If the system crashes again within four weeks of the previous crash, a Complete memory dump is selected at restart. This requires a page file or dedicated dump file of at least the size of physical memory (RAM) plus 1 MB for header information plus 256 MB for potential driver data to support all the potential data that is dumped from memory. Again, the system-managed page file will be increased to back this kind of crash dump. If the system is configured to have a page file or a dedicated dump file of a specific size, make sure that the size is sufficient to back the crash dump setting that is listed in the table earlier in this section together with and the peak system commit charge.
+Kernel memory crash dumps require enough page file space or dedicated dump file space to accommodate the kernel mode side of virtual memory usage. If the system crashes again within four weeks of the previous crash, a Complete memory dump is selected at restart. This dump requires a page file or dedicated dump file of at least the size of physical memory (RAM) plus 1 MB for header information plus 256 MB for potential driver data to support all the potential data that is dumped from memory. Again, the system-managed page file will be increased to back this kind of crash dump. If the system is configured to have a page file or a dedicated dump file of a specific size, make sure that the size is sufficient to back the crash dump setting that is listed in the table earlier in this section together with and the peak system commit charge.
### Dedicated dump files
-Computers that are running Microsoft Windows or Microsoft Windows Server usually must have a page file to support a system crash dump. System administrators now have the option to create a dedicated dump file instead.
+Computers that are running Microsoft Windows or Microsoft Windows Server usually must have a page file to support a system crash dump. System administrators can now create a dedicated dump file instead.
-A dedicated dump file is a page file that is not used for paging. Instead, it is “dedicated” to back a system crash dump file (Memory.dmp) when a system crash occurs. Dedicated dump files can be put on any disk volume that can support a page file. We recommend that you use a dedicated dump file if you want a system crash dump but you do not want a page file. To learn how to create it, see [Overview of memory dump file options for Windows](/troubleshoot/windows-server/performance/memory-dump-file-options).
+A dedicated dump file is a page file that isn't used for paging. Instead, it is “dedicated” to back a system crash dump file (Memory.dmp) when a system crash occurs. Dedicated dump files can be put on any disk volume that can support a page file. We recommend that you use a dedicated dump file if you want a system crash dump but you don't want a page file. To learn how to create it, see [Overview of memory dump file options for Windows](/troubleshoot/windows-server/performance/memory-dump-file-options).
## System-managed page files
-By default, page files are system-managed. This means that the page files increase and decrease based on many factors, such as the amount of physical memory installed, the process of accommodating the system commit charge, and the process of accommodating a system crash dump.
+By default, page files are system-managed. This system management means that the page files increase and decrease based on many factors, such as the amount of physical memory installed, the process of accommodating the system commit charge, and the process of accommodating a system crash dump.
-For example, when the system commit charge is more than 90 percent of the system commit limit, the page file is increased to back it. This continues to occur until the page file reaches three times the size of physical memory or 4 GB, whichever is larger. This all assumes that the logical disk that is hosting the page file is large enough to accommodate the growth.
+For example, when the system commit charge is more than 90 percent of the system commit limit, the page file is increased to back it. This surge continues to occur until the page file reaches three times the size of physical memory or 4 GB, whichever is larger. Therefore, it's assumes that the logical disk that is hosting the page file is large enough to accommodate the growth.
The following table lists the minimum and maximum page file sizes of system-managed page files in Windows 10 and Windows 11.
|Minimum page file size |Maximum page file size|
|---------------|------------------|
-|Varies based on page file usage history, amount of RAM (RAM ÷ 8, max 32 GB) and crash dump settings. |3 × RAM or 4 GB, whichever is larger. This is then limited to the volume size ÷ 8. However, it can grow to within 1 GB of free space on the volume if required for crash dump settings.|
+|Varies based on page file usage history, amount of RAM (RAM ÷ 8, max 32 GB) and crash dump settings. |3 × RAM or 4 GB, whichever is larger. This size is then limited to the volume size ÷ 8. However, it can grow to within 1 GB of free space on the volume if necessary for crash dump settings.|
## Performance counters
@@ -87,7 +87,7 @@ Several performance counters are related to page files. This section describes t
### \Memory\Page/sec and other hard page fault counters
-The following performance counters measure hard page faults (which include, but are not limited to, page file reads):
+The following performance counters measure hard page faults (which include, but aren't limited to, page file reads):
- \Memory\Page/sec
@@ -103,7 +103,7 @@ The following performance counters measure page file writes:
Hard page faults are faults that must be resolved by retrieving the data from disk. Such data can include portions of DLLs, .exe files, memory-mapped files, and page files. These faults might or might not be related to a page file or to a low-memory condition. Hard page faults are a standard function of the operating system. They occur when the following items are read:
-- Parts of image files (.dll and .exe files) as they are used
+- Parts of image files (.dll and .exe files) as they're used
- Memory-mapped files
@@ -111,11 +111,11 @@ Hard page faults are faults that must be resolved by retrieving the data from di
High values for these counters (excessive paging) indicate disk access of generally 4 KB per page fault on x86 and x64 versions of Windows and Windows Server. This disk access might or might not be related to page file activity but may contribute to poor disk performance that can cause system-wide delays if the related disks are overwhelmed.
-Therefore, we recommend that you monitor the disk performance of the logical disks that host a page file in correlation with these counters. Be aware that a system that has a sustained 100 hard page faults per second experiences 400 KB per second disk transfers. Most 7,200 RPM disk drives can handle about 5 MB per second at an IO size of 16 KB or 800 KB per second at an IO size of 4 KB. No performance counter directly measures which logical disk the hard page faults are resolved for.
+Therefore, we recommend that you monitor the disk performance of the logical disks that host a page file in correlation with these counters. A system that has a sustained 100 hard page faults per second experiences 400 KB per second disk transfers. Most 7,200-RPM disk drives can handle about 5 MB per second at an IO size of 16 KB or 800 KB per second at an IO size of 4 KB. No performance counter directly measures which logical disk the hard page faults are resolved for.
### \Paging File(*)\% Usage
-The \Paging File(*)\% Usage performance counter measures the percentage of usage of each page file. 100 percent usage of a page file does not indicate a performance problem as long as the system commit limit is not reached by the system commit charge, and if a significant amount of memory is not waiting to be written to a page file.
+The \Paging File(*)\% Usage performance counter measures the percentage of usage of each page file. 100 percent usage of a page file doesn't indicate a performance problem as long as the system commit limit isn't reached by the system commit charge, and if a significant amount of memory isn't waiting to be written to a page file.
>[!Note]
>The size of the Modified Page List (\Memory\Modified Page List Bytes) is the total of modified data that is waiting to be written to disk.
@@ -127,4 +127,4 @@ If the Modified Page List (a list of physical memory pages that are the least fr
## Multiple page files and disk considerations
-If a system is configured to have more than one page files, the page file that responds first is the one that is used. This means that page files that are on faster disks are used more frequently. Also, whether you put a page file on a “fast” or “slow” disk is important only if the page file is frequently accessed and if the disk that is hosting the respective page file is overwhelmed. Be aware that actual page file usage depends greatly on the amount of modified memory that the system is managing. This means that files that already exist on disk (such as .txt, .doc, .dll, and .exe) are not written to a page file. Only modified data that does not already exist on disk (for example, unsaved text in Notepad) is memory that could potentially be backed by a page file. After the unsaved data is saved to disk as a file, it is backed by the disk and not by a page file.
+If a system is configured to have more than one page files, the page file that responds first is the one that is used. This customized configuration means that page files that are on faster disks are used more frequently. Also, whether you put a page file on a “fast” or “slow” disk is important only if the page file is frequently accessed and if the disk that is hosting the respective page file is overwhelmed. Actual page file usage depends greatly on the amount of modified memory that the system is managing. This dependency means that files that already exist on disk (such as .txt, .doc, .dll, and .exe) aren't written to a page file. Only modified data that doesn't already exist on disk (for example, unsaved text in Notepad) is memory that could potentially be backed by a page file. After the unsaved data is saved to disk as a file, it's backed by the disk and not by a page file.
diff --git a/windows/client-management/generate-kernel-or-complete-crash-dump.md b/windows/client-management/generate-kernel-or-complete-crash-dump.md
index 12bd194bc7..b3c3a0f026 100644
--- a/windows/client-management/generate-kernel-or-complete-crash-dump.md
+++ b/windows/client-management/generate-kernel-or-complete-crash-dump.md
@@ -46,7 +46,7 @@ To enable memory dump setting, follow these steps:
When the computer crashes and restarts, the contents of physical RAM are written to the paging file that is located on the partition on which the operating system is installed.
-Depending on the speed of the hard disk on which Windows is installed, dumping more than 2 gigabytes (GB) of memory may take a long time. Even in a best case scenario, if the dump file is configured to reside on another local hard drive, a significant amount of data will be read and written to the hard disks. This can cause a prolonged server outage.
+Depending on the speed of the hard disk on which Windows is installed, dumping more than 2 gigabytes (GB) of memory may take a long time. Even in a best-case scenario, if the dump file is configured to reside on another local hard drive, a significant amount of data will be read and written to the hard disks. This read-and-write process can cause a prolonged server outage.
>[!Note]
>Use this method to generate complete memory dump files with caution. Ideally, you should do this only when you are explicitly requested to by the Microsoft Support engineer. Any kernel or complete memory dump file debugging should be the last resort after all standard troubleshooting methods have been completely exhausted.
@@ -55,7 +55,7 @@ Depending on the speed of the hard disk on which Windows is installed, dumping m
### Use the NotMyFault tool
-If you can log on while the problem is occurring, you can use the Microsoft Sysinternals NotMyFault tool. To do this, follow these steps:
+If you can sign in while the problem is occurring, you can use the Microsoft Sysinternals NotMyFault tool by following these steps:
1. Download the [NotMyFault](https://download.sysinternals.com/files/NotMyFault.zip) tool.
@@ -71,17 +71,17 @@ If you can log on while the problem is occurring, you can use the Microsoft Sysi
### Use NMI
-On some computers, you cannot use keyboard to generate a crash dump file. For example, Hewlett-Packard (HP) BladeSystem servers from the Hewlett-Packard Development Company are managed through a browser-based graphical user interface (GUI). A keyboard is not attached to the HP BladeSystem server.
+On some computers, you can't use keyboard to generate a crash dump file. For example, Hewlett-Packard (HP) BladeSystem servers from the Hewlett-Packard Development Company are managed through a browser-based graphical user interface (GUI). A keyboard isn't attached to the HP BladeSystem server.
In these cases, you must generate a complete crash dump file or a kernel crash dump file by using the Non-Maskable Interrupt (NMI) switch that causes an NMI on the system processor.
-To do this, follow these steps:
+To implement this process, follow these steps:
> [!IMPORTANT]
> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur.
> [!NOTE]
-> This registry key is not required for clients running Windows 8 and later, or servers running Windows Server 2012 and later. Setting this registry key on later versions of Windows has no effect.
+> This registry key isn't required for clients running Windows 8 and later, or servers running Windows Server 2012 and later. Setting this registry key on later versions of Windows has no effect.
1. In Registry Editor, locate the following registry subkey:
@@ -104,7 +104,7 @@ To do this, follow these steps:
>[!Note]
>For the exact steps, see the BIOS reference manual or contact your hardware vendor.
-9. Test this method on the server by using the NMI switch to generate a dump file. You will see a STOP 0x00000080 hardware malfunction.
+9. Test this method on the server by using the NMI switch to generate a dump file. You'll see a STOP 0x00000080 hardware malfunction.
If you want to run NMI in Microsoft Azure using Serial Console, see [Use Serial Console for SysRq and NMI calls](/azure/virtual-machines/linux/serial-console-nmi-sysrq).
diff --git a/windows/client-management/includes/allow-a-shared-books-folder-shortdesc.md b/windows/client-management/includes/allow-a-shared-books-folder-shortdesc.md
index ecfa4c5ca0..9b1d7821f3 100644
--- a/windows/client-management/includes/allow-a-shared-books-folder-shortdesc.md
+++ b/windows/client-management/includes/allow-a-shared-books-folder-shortdesc.md
@@ -9,4 +9,4 @@ ms.prod: edge
ms.topic: include
---
-Microsoft Edge does not use a shared folder by default but downloads book files to a per-user folder for each user. With this policy, you can configure Microsoft Edge to store books from the Books Library to a default, shared folder in Windows, which decreases the amount of storage used by book files. When you enable this policy, Microsoft Edge downloads books to a shared folder after user action to download the book to their device, which allows them to remove downloaded books at any time. For this policy to work correctly, you must also enable the **Allow a Windows app to share application data between users** group policy. Also, the users must be signed in with a school or work account.
+Microsoft Edge doesn't use a shared folder by default but downloads book files to a per-user folder for each user. With this policy, you can configure Microsoft Edge to store books from the Books Library to a default, shared folder in Windows, which decreases the amount of storage used by book files. When you enable this policy, Microsoft Edge downloads books to a shared folder after user action to download the book to their device, which allows them to remove downloaded books at any time. For this policy to work correctly, you must also enable the **Allow a Windows app to share application data between users** group policy. Also, the users must be signed in with a school or work account.
diff --git a/windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md b/windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md
index 9d39c7e091..6fa1849707 100644
--- a/windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md
+++ b/windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, and depending on the device configuration, Microsoft Edge gathers basic diagnostic data about the books in the Books Library and sends it to Microsoft. Enabling this policy gathers and sends both basic and additional diagnostic data, such as usage data.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, and depending on the device configuration, Microsoft Edge gathers basic diagnostic data about the books in the Books Library and sends it to Microsoft. Enabling this policy gathers and sends both basic and more diagnostic data, such as usage data.
diff --git a/windows/client-management/includes/allow-fullscreen-mode-shortdesc.md b/windows/client-management/includes/allow-fullscreen-mode-shortdesc.md
index 1aca979b7e..06b4e1eb02 100644
--- a/windows/client-management/includes/allow-fullscreen-mode-shortdesc.md
+++ b/windows/client-management/includes/allow-fullscreen-mode-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge allows fullscreen mode by default, which shows only the web content and hides the Microsoft Edge UI. When allowing fullscreen mode, users and extensions must have the proper permissions. Disabling this policy prevents fullscreen mode in Microsoft Edge.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows fullscreen mode by default, which shows only the web content and hides the Microsoft Edge UI. To use fullscreen mode, users and extensions must have the proper permissions. Disabling this policy prevents fullscreen mode in Microsoft Edge.
diff --git a/windows/client-management/includes/allow-saving-history-shortdesc.md b/windows/client-management/includes/allow-saving-history-shortdesc.md
index 9acffb1e18..822a8f9b81 100644
--- a/windows/client-management/includes/allow-saving-history-shortdesc.md
+++ b/windows/client-management/includes/allow-saving-history-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge saves the browsing history of visited websites and shows them in the History pane by default. Disabling this policy prevents Microsoft Edge from saving the browsing history. If browsing history existed before disabling this policy, the previous browsing history remains in the History pane. Disabling this policy does not stop roaming of existing browsing history or browsing history from other devices.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge saves the browsing history of visited websites and shows them in the History pane by default. Disabling this policy prevents Microsoft Edge from saving the browsing history. If browsing history existed before disabling this policy, the previous browsing history remains in the History pane. Disabling this policy doesn't stop roaming of existing browsing history or browsing history from other devices.
diff --git a/windows/client-management/includes/allow-search-engine-customization-shortdesc.md b/windows/client-management/includes/allow-search-engine-customization-shortdesc.md
index 4992a19eab..1ecba430cb 100644
--- a/windows/client-management/includes/allow-search-engine-customization-shortdesc.md
+++ b/windows/client-management/includes/allow-search-engine-customization-shortdesc.md
@@ -1,11 +1,16 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, users can add new search engines or change the default search engine, in Settings. With this policy, you can prevent users from customizing the search engine in Microsoft Edge.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can execute the following tasks in Settings:
+- Add new search engines
+- Change the default search engine
+
+With this policy, you can prevent users from customizing the search engine in the Microsoft Edge browser.
diff --git a/windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md b/windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md
index e16dbdc2db..985741be58 100644
--- a/windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md
+++ b/windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge allows sideloading, which installs and runs unverified extensions. Disabling this policy prevents sideloading of extensions but does not prevent sideloading using Add-AppxPackage via PowerShell. You can only install extensions through Microsoft store (including a store for business), enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage).
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge allows sideloading, which installs and runs unverified extensions. Disabling this policy prevents sideloading of extensions but doesn't prevent sideloading using Add-AppxPackage via PowerShell. You can only install extensions through Microsoft store (including a store for business), enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage).
diff --git a/windows/client-management/includes/configure-additional-search-engines-shortdesc.md b/windows/client-management/includes/configure-additional-search-engines-shortdesc.md
index f4a61c024c..cd9e9d9751 100644
--- a/windows/client-management/includes/configure-additional-search-engines-shortdesc.md
+++ b/windows/client-management/includes/configure-additional-search-engines-shortdesc.md
@@ -1,11 +1,18 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, users cannot add, remove, or change any of the search engines in Microsoft Edge, but they can set a default search engine. You can set the default search engine using the Set default search engine policy. However, with this policy, you can configure up to five additional search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+The Set default search engine policy enables the users to:
+
+- Set a default search engine
+- Configure up to five more search engines, and set any one of them as the default
+
+If you previously enabled this policy and now want to disable it, doing so results in deletion of all the configured search engines
+
diff --git a/windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md b/windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md
index 75a3631a95..90eddc5182 100644
--- a/windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md
+++ b/windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge does not send browsing history data to Microsoft 365 Analytics by default. With this policy though, you can configure Microsoft Edge to send intranet history only, internet history only, or both to Microsoft 365 Analytics for enterprise devices with a configured Commercial ID.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge doesn't send browsing history data to Microsoft 365 Analytics by default. With this policy though, you can configure Microsoft Edge to send intranet history only, internet history only, or both to Microsoft 365 Analytics for enterprise devices with a configured Commercial ID.
diff --git a/windows/client-management/includes/configure-do-not-track-shortdesc.md b/windows/client-management/includes/configure-do-not-track-shortdesc.md
index dd27fad917..c5253680b3 100644
--- a/windows/client-management/includes/configure-do-not-track-shortdesc.md
+++ b/windows/client-management/includes/configure-do-not-track-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge does not send ‘Do Not Track’ requests to websites asking for tracking information, but users can choose to send tracking information to sites they visit. With this policy, you can configure Microsoft Edge to send or never send tracking information.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge doesn't send ‘Do Not Track’ requests to websites that ask for tracking information. However, users can choose to send tracking information to sites they visit. With this policy, you can configure Microsoft Edge to send or never send tracking information.
diff --git a/windows/client-management/includes/configure-kiosk-mode-shortdesc.md b/windows/client-management/includes/configure-kiosk-mode-shortdesc.md
index 0247b490e6..8397ff7c18 100644
--- a/windows/client-management/includes/configure-kiosk-mode-shortdesc.md
+++ b/windows/client-management/includes/configure-kiosk-mode-shortdesc.md
@@ -1,11 +1,22 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single-app or as one of many apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with a tailored experience for kiosks, or normal browsing in Microsoft Edge.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+You can define a behavior for the Microsoft Edge browser, which it shall display when part of many applications running on a kiosk device.
+
+> [!NOTE]
+> You can define the browser's behavior only if you have the assigned access privileges.
+
+You can also define a behavior when Microsoft Edge serves as a single application.
+
+You can facilitate the following functionalities in the Microsoft Edge browser:
+- Execution of InPrivate full screen
+- Execution of InPrivate multi-tab with a tailored experience for kiosks
+- Provision for normal browsing
diff --git a/windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md b/windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md
index 8d1cc4f603..97d9c264c0 100644
--- a/windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md
+++ b/windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge loads a specific page or pages defined in the Configure Start Pages policy and allow users to make changes. With this policy, you can configure Microsoft Edge to load either the Start page, New Tab page, previously opened pages. You can also configure Microsoft Edge to prevent users from changing or customizing the Start page. For this policy to work correctly, you must also configure the Configure Start Pages. If you want to prevent users from making changes, don’t configure the Disable Lockdown of Start Pages policy.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge loads a specific page or pages defined in the Configure Start Pages policy and allows users to make changes. With this policy, you can configure Microsoft Edge to load the Start page, New Tab page, or the previously opened pages. You can also configure Microsoft Edge to prevent users from changing or customizing the Start page. For this policy to work correctly, you must also configure the Configure Start Pages. If you want to prevent users from making changes, don’t configure the Disable Lockdown of Start Pages policy.
diff --git a/windows/client-management/includes/configure-start-pages-shortdesc.md b/windows/client-management/includes/configure-start-pages-shortdesc.md
index 146511b737..e8c18a3d8b 100644
--- a/windows/client-management/includes/configure-start-pages-shortdesc.md
+++ b/windows/client-management/includes/configure-start-pages-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge loads the pages specified in App settings as the default Start pages. With this policy, you can configure one or more Start pages when you enable this policy and enable the Configure Open Microsoft Edge With policy. Once you set the Start pages, either in this policy or Configure Open Microsoft Edge With policy, users cannot make changes.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge loads the pages specified in App settings as the default Start pages. With this policy, you can configure one or more Start pages when you enable this policy and enable the Configure Open Microsoft Edge With policy. Once you set the Start pages, either in this policy or Configure Open Microsoft Edge With policy, users can't make changes.
diff --git a/windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md b/windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md
index 62547e8955..8eeb1e44a5 100644
--- a/windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md
+++ b/windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge uses Windows Defender SmartScreen (turned on) to protect users from potential phishing scams and malicious software by default. Also, by default, users cannot disable (turn off) Windows Defender SmartScreen. Enabling this policy turns on Windows Defender SmartScreen and prevent users from turning it off. Don’t configure this policy to let users choose to turn Windows defender SmartScreen on or off.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge uses Windows Defender SmartScreen (turned on) to protect users from potential phishing scams and malicious software by default. Also, by default, users can't disable (turn off) Windows Defender SmartScreen. Enabling this policy turns on Windows Defender SmartScreen and prevent users from turning it off. Don’t configure this policy to let users choose to turn Windows defender SmartScreen on or off.
diff --git a/windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md b/windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md
index 37ff4011ad..37156ee3a7 100644
--- a/windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md
+++ b/windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, the Start pages configured in either the Configure Start Pages policy or Configure Open Microsoft Edge policies cannot be changed and remain locked down. Enabling this policy unlocks the Start pages, and lets users make changes to either all configured Start page or any Start page configured with the Configure Start pages policy.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, the Start pages configured in either the Configure Start Pages policy or Configure Open Microsoft Edge policies can't be changed, and they remain locked down. Enabling this policy unlocks the Start pages, and lets users make changes to either all configured Start pages or any Start page configured with the Configure Start pages policy.
diff --git a/windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md b/windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md
index 5bf46ea949..f4acce9ce0 100644
--- a/windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md
+++ b/windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, users can access the about:flags page in Microsoft Edge, which is used to change developer settings and enable experimental features. Enabling this policy prevents users from accessing the about:flags page.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can access the about:flags page in Microsoft Edge that is used to change developer settings and enable experimental features. Enabling this policy prevents users from accessing the about:flags page.
diff --git a/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md b/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md
index 7264330137..b7331dd725 100644
--- a/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md
+++ b/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-Microsoft Edge allows users to uninstall extensions by default. Enabling this policy prevents users from uninstalling extensions but lets them configure options for extensions defined in this policy, such as allowing InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. If you enabled this policy and now you want to disable it, the list of extension package family names (PFNs) defined in this policy get ignored after disabling this policy.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+The Microsoft Edge browser allows users to uninstall extensions, by default. When the users work with extensions that come under a policy that is enabled, they can configure options for extensions defined in this policy, such as allowing InPrivate browsing. Any extra permissions requested by future updates of the extension get granted automatically. If - at this stage - you disable the policy, the list of extension package family names (PFNs) defined in this policy get ignored.
diff --git a/windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md b/windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
index 5ef4bbdeca..b7b66d315b 100644
--- a/windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
+++ b/windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
@@ -1,11 +1,12 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, Microsoft Edge shows localhost IP address while making calls using the WebRTC protocol. Enabling this policy hides the localhost IP addresses.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge shows localhost IP address while making calls through usage of the WebRTC protocol. Enabling this policy hides the localhost IP addresses.
diff --git a/windows/client-management/includes/provision-favorites-shortdesc.md b/windows/client-management/includes/provision-favorites-shortdesc.md
index 30b9677f92..2ddbc5c6d7 100644
--- a/windows/client-management/includes/provision-favorites-shortdesc.md
+++ b/windows/client-management/includes/provision-favorites-shortdesc.md
@@ -1,11 +1,21 @@
----
-author: dansimp
-ms.author: dansimp
-ms.date: 10/02/2018
-ms.reviewer:
-audience: itpro
manager: dansimp
-ms.prod: edge
-ms.topic: include
----
-
-By default, users can customize the Favorites list in Microsoft Edge. With this policy though, you provision a standard list of favorites, which can include folders, to appear in the Favorites list in addition to the user’s favorites. Edge. Once you provision the Favorites list, users cannot customize it, such as adding folders for organizing, and adding or removing any of the favorites configured.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+You can customize the Favorites list in the Microsoft Edge browser. Customization of the favorites list includes:
+
+- Creating a standard list
+ - This standard list includes:
+ - Folders (which you can add)
+ - the list of favorites that you manually add, after creating the standard list
+
+This customized favorite is the final version.
+
+
diff --git a/windows/client-management/introduction-page-file.md b/windows/client-management/introduction-page-file.md
index 329d185fad..be5ce9c487 100644
--- a/windows/client-management/introduction-page-file.md
+++ b/windows/client-management/introduction-page-file.md
@@ -35,7 +35,7 @@ For example, the following Windows servers require page files:
- Certificate servers
- ADAM/LDS servers
-This is because the algorithm of the database cache for Extensible Storage Engine (ESENT, or ESE for Microsoft Exchange Server) depends on the "\Memory\Transition Pages RePurposed/sec" performance monitor counter. A page file is required to make sure that the database cache can release memory if other services or applications request memory.
+This requirement is because the algorithm of the database cache for Extensible Storage Engine (ESENT, or ESE for Microsoft Exchange Server) depends on the "\Memory\Transition Pages RePurposed/sec" performance monitor counter. A page file is required to ensure that the database cache can release memory if other services or applications request memory.
For Windows Server 2012 Hyper-V and Windows Server 2012 R2 Hyper-V, the page file of the management OS (commonly called the host OS) should be left at the default of setting of "System Managed".
diff --git a/windows/client-management/manage-device-installation-with-group-policy.md b/windows/client-management/manage-device-installation-with-group-policy.md
index 3774c02704..29a9358bf0 100644
--- a/windows/client-management/manage-device-installation-with-group-policy.md
+++ b/windows/client-management/manage-device-installation-with-group-policy.md
@@ -27,19 +27,19 @@ By using Windows operating systems, administrators can determine what devices ca
## Introduction
### General
-This step-by-step guide describes how you can control device installation on the computers that you manage, including designating which devices users can and cannot install. This guide applies to all Windows versions starting with RS5 (1809). The guide includes the following scenarios:
+This step-by-step guide describes how you can control device installation on the computers that you manage, including designating which devices users can and can't install. This guide applies to all Windows versions starting with RS5 (1809). The guide includes the following scenarios:
-- Prevent users from installing devices that are on a "prohibited" list. If a device is not on the list, then the user can install it.
-- Allow users to install only devices that are on an "approved" list. If a device is not on the list, then the user cannot install it.
+- Prevent users from installing devices that are on a "prohibited" list. If a device isn't on the list, then the user can install it.
+- Allow users to install only devices that are on an "approved" list. If a device isn't on the list, then the user can't install it.
This guide describes the device installation process and introduces the device identification strings that Windows uses to match a device with the device-driver packages available on a machine. The guide also illustrates two methods of controlling device installation. Each scenario shows, step by step, one method you can use to allow or prevent the installation of a specific device or a class of devices.
-The example device used in the scenarios is a USB storage device. You can perform the steps in this guide using a different device. However, if you use a different device, then the instructions in the guide will not exactly match the user interface that appears on the computer.
+The example device used in the scenarios is a USB storage device. You can perform the steps in this guide using a different device. However, if you use a different device, then the instructions in the guide won't exactly match the user interface that appears on the computer.
-It is important to understand that the Group Policies that are presented in this guide are only apply to machines/machine-groups, not to users/user-groups.
+It's important to understand that the Group Policies that are presented in this guide are only applied to machines/machine-groups, not to users/user-groups.
> [!IMPORTANT]
-> The steps provided in this guide are intended for use in a test lab environment. This step-by-step guide is not meant to be used to deploy Windows Server features without accompanying documentation and should be used with discretion as a stand-alone document.
+> The steps provided in this guide are intended for use in a test lab environment. This step-by-step guide isn't meant to be used to deploy Windows Server features without accompanying documentation and should be used with discretion as a stand-alone document.
### Who Should Use This Guide?
@@ -56,7 +56,7 @@ Restricting the devices that users can install reduces the risk of data theft an
#### Reduce the risk of data theft
-It is more difficult for users to make unauthorized copies of company data if users' computers cannot install unapproved devices that support removable media. For example, if users cannot install a USB thumb-drive device, they cannot download copies of company data onto a removable storage. This benefit cannot eliminate data theft, but it creates another barrier to unauthorized removal of data.
+It's more difficult for users to make unauthorized copies of company data if users' computers can't install unapproved devices that support removable media. For example, if users can't install a USB thumb-drive device, they can't download copies of company data onto a removable storage. This benefit can't eliminate data theft, but it creates another barrier to unauthorized removal of data.
#### Reduce support costs
@@ -82,7 +82,7 @@ In this scenario, the administrator allows standard users to install all printer
### Scenario #3: Prevent installation of all printers while allowing a specific printer to be installed
-In this scenario, you will combine what you learned from both scenario #1 and scenario #2. The administrator wants to allow standard users to install only a specific printer while preventing the installation of all other printers. This is a more realistic scenario and brings you a step farther in understanding of the Device Installation Restrictions policies.
+In this scenario, you'll combine what you learned from both scenario #1 and scenario #2. The administrator wants to allow standard users to install only a specific printer while preventing the installation of all other printers. This scenario is a more realistic one and brings you a step farther in understanding of the Device Installation Restrictions policies.
### Scenario #4: Prevent installation of a specific USB device
@@ -90,7 +90,7 @@ This scenario, although similar to scenario #2, brings another layer of complexi
### Scenario #5: Prevent installation of all USB devices while allowing an installation of only an authorized USB thumb drive
-In this scenario, combining all previous 4 scenarios, you will learn how to protect a machine from all unauthorized USB devices. The administrator wants to allow users to install only a small set of authorized USB devices while preventing any other USB device from being installed. In addition, this scenario includes an explanation of how to apply the ‘prevent’ functionality to existing USB devices that have already been installed on the machine, and the administrator likes to prevent any farther interaction with them (blocking them all together). This scenario builds on the policies and structure we introduced in the first 4 scenarios and therefore it is preferred to go over them first before attempting this scenario.
+In this scenario, combining all previous four scenarios, you'll learn how to protect a machine from all unauthorized USB devices. The administrator wants to allow users to install only a small set of authorized USB devices while preventing any other USB device from being installed. In addition, this scenario includes an explanation of how to apply the ‘prevent’ functionality to existing USB devices that have already been installed on the machine, and the administrator likes to prevent any farther interaction with them (blocking them all together). This scenario builds on the policies and structure we introduced in the first four scenarios and therefore it's preferred to go over them first before attempting this scenario.
## Technology Review
@@ -99,9 +99,9 @@ The following sections provide a brief overview of the core technologies discuss
### Device Installation in Windows
-A device is a piece of hardware with which Windows interacts to perform some function, or in a more technical definition - it is a single instance of a hardware component with a unique representation in the Windows Plug and Play subsystem. Windows can communicate with a device only through a piece of software called a device-driver (also known as a _driver_). To install a driver, Windows detects the device, recognizes its type, and then finds the driver that matches that type.
+A device is a piece of hardware with which Windows interacts to perform some function, or in a more technical definition - it's a single instance of a hardware component with a unique representation in the Windows Plug and Play subsystem. Windows can communicate with a device only through a piece of software called a device-driver (also known as a _driver_). To install a driver, Windows detects the device, recognizes its type, and then finds the driver that matches that type.
-When Windows detects a device that has never been installed on the computer, the operating system queries the device to retrieve its list of device identification strings. A device usually has multiple device identification strings, which the device manufacturer assigns. The same device identification strings are included in the .inf file (also known as an _INF_) that is part of the driver package. Windows chooses which driver package to install by matching the device identification strings retrieved from the device to those included with the driver packages.
+When Windows detects a device that has never been installed on the computer, the operating system queries the device to retrieve its list of device identification strings. A device usually has multiple device identification strings, which the device manufacturer assigns. The same device identification strings are included in the .inf file (also known as an _INF_) that is part of the driver package. Windows chooses which driver package to install by matching the device identification strings retrieved from the device to those strings included with the driver packages.
Windows uses four types of identifiers to control device installation and configuration. You can use the Group Policy settings in Windows to specify which of these identifiers to allow or block.
@@ -122,24 +122,24 @@ Windows can use each string to match a device to a driver package. The strings r
##### Hardware IDs
-Hardware IDs are the identifiers that provide the exact match between a device and a driver package. The first string in the list of hardware IDs is referred to as the device ID, because it matches the exact make, model, and revision of the device. The other hardware IDs in the list match the details of the device less exactly. For example, a hardware ID might identify the make and model of the device but not the specific revision. This scheme allows Windows to use a driver for a different revision of the device if the driver for the correct revision is not available.
+Hardware IDs are the identifiers that provide the exact match between a device and a driver package. The first string in the list of hardware IDs is referred to as the device ID, because it matches the exact make, model, and revision of the device. The other hardware IDs in the list match the details of the device less exactly. For example, a hardware ID might identify the make and model of the device but not the specific revision. This scheme allows Windows to use a driver for a different revision of the device if the driver for the correct revision isn't available.
##### Compatible IDs
-Windows uses these identifiers to select a driver if the operating system cannot find a match with the device ID or any of the other hardware IDs. Compatible IDs are listed in the order of decreasing suitability. These strings are optional, and, when provided, they are very generic, such as Disk. When a match is made using a compatible ID, you can typically use only the most basic functions of the device.
+Windows uses these identifiers to select a driver if the operating system can't find a match with the device ID or any of the other hardware IDs. Compatible IDs are listed in the order of decreasing suitability. These strings are optional, and, when provided, they're generic, such as Disk. When a match is made using a compatible ID, you can typically use only the most basic functions of the device.
When you install a device, such as a printer, a USB storage device, or a keyboard, Windows searches for driver packages that match the device you are attempting to install. During this search, Windows assigns a "rank" to each driver package it discovers with at least one match to a hardware or compatible ID. The rank indicates how well the driver matches the device. Lower rank numbers indicate better matches between the driver and the device. A rank of zero represents the best possible match. A match with the device ID to one in the driver package results in a lower (better) rank than a match to one of the other hardware IDs. Similarly, a match to a hardware ID results in a better rank than a match to any of the compatible IDs. After Windows ranks all of the driver packages, it installs the one with the lowest overall rank. For more information about the process of ranking and selecting driver packages, see How Setup Selects Drivers in the Microsoft Docs library.
> [!NOTE]
> For more information about the driver installation process, see the "Technology review" section of the Step-by-Step Guide to Driver Signing and Staging.
-Some physical devices create one or more logical devices when they are installed. Each logical device might handle part of the functionality of the physical device. For example, a multi-function device, such as an all-in-one scanner/fax/printer, might have a different device identification string for each function.
+Some physical devices create one or more logical devices when they're installed. Each logical device might handle part of the functionality of the physical device. For example, a multi-function device, such as an all-in-one scanner/fax/printer, might have a different device identification string for each function.
-When you use Device Installation policies to allow or prevent the installation of a device that uses logical devices, you must allow or prevent all of the device identification strings for that device. For example, if a user attempts to install a multifunction device and you did not allow or prevent all of the identification strings for both physical and logical devices, you could get unexpected results from the installation attempt. For more detailed information about hardware IDs, see Device Identification Strings in Microsoft Docs.
+When you use Device Installation policies to allow or prevent the installation of a device that uses logical devices, you must allow or prevent all of the device identification strings for that device. For example, if a user attempts to install a multifunction device and you didn't allow or prevent all of the identification strings for both physical and logical devices, you could get unexpected results from the installation attempt. For more detailed information about hardware IDs, see Device Identification Strings in Microsoft Docs.
#### Device setup classes
-Device setup classes (also known as _Class_) are another type of identification string. The manufacturer assigns the Class to a device in the driver package. The Class groups devices that are installed and configured in the same way. For example, all Biometric devices are belong to the Biometric Class (ClassGuid = {53D29EF7-377C-4D14-864B-EB3A85769359}), and they use the same co-installer when installed. A long number called a globally unique identifier (GUID) represents each device setup class. When Windows starts, it builds an in-memory tree structure with the GUIDs for all of the detected devices. Along with the GUID for the Class of the device itself, Windows may need to insert into the tree the GUID for the Class of the bus to which the device is attached.
+Device setup classes (also known as _Class_) are another type of identification string. The manufacturer assigns the Class to a device in the driver package. The Class groups devices that are installed and configured in the same way. For example, all Biometric devices belong to the Biometric Class (ClassGuid = {53D29EF7-377C-4D14-864B-EB3A85769359}), and they use the same co-installer when installed. A long number called a globally unique identifier (GUID) represents each device setup class. When Windows starts, it builds an in-memory tree structure with the GUIDs for all of the detected devices. Along with the GUID for the Class of the device itself, Windows may need to insert into the tree the GUID for the Class of the bus to which the device is attached.
When you use device Classes to allow or prevent users from installing drivers, you must specify the GUIDs for all of the device's device setup classes, or you might not achieve the results you want. The installation might fail (if you want it to succeed) or it might succeed (if you want it to fail).
@@ -147,36 +147,36 @@ For example, a multi-function device, such as an all-in-one scanner/fax/printer,
For more information, see [Device Setup Classes](/windows-hardware/drivers/install/overview-of-device-setup-classes) in Microsoft Docs.
-This guide does not depict any scenarios that use device setup classes. However, the basic principles demonstrated with device identification strings in this guide also apply to device setup classes. After you discover the device setup class for a specific device, you can then use it in a policy to either allow or prevent installation of drivers for that class of devices.
+This guide doesn't depict any scenarios that use device setup classes. However, the basic principles demonstrated with device identification strings in this guide also apply to device setup classes. After you discover the device setup class for a specific device, you can then use it in a policy to either allow or prevent installation of drivers for that class of devices.
-The following two links provide the complete list of Device Setup Classes. ‘System Use’ classes are mostly refer to devices that come with a computer/machine from the factory, while ‘Vendor’ classes are mostly refer to devices that could be connected to an existing computer/machine:
+The following two links provide the complete list of Device Setup Classes. ‘System Use’ classes are mostly referred to devices that come with a computer/machine from the factory, while ‘Vendor’ classes are mostly referred to devices that could be connected to an existing computer/machine:
- [System-Defined Device Setup Classes Available to Vendors - Windows drivers](/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors)
- [System-Defined Device Setup Classes Reserved for System Use - Windows drivers](/windows-hardware/drivers/install/system-defined-device-setup-classes-reserved-for-system-use)
#### ‘Removable Device’ Device type
-Some devices could be classified as _Removable Device_. A device is considered _removable_ when the driver for the device to which it is connected indicates that the device is removable. For example, a USB device is reported to be removable by the drivers for the USB hub to which the device is connected.
+Some devices could be classified as _Removable Device_. A device is considered _removable_ when the driver for the device to which it's connected indicates that the device is removable. For example, a USB device is reported to be removable by the drivers for the USB hub to which the device is connected.
### Group Policy Settings for Device Installation
Group Policy is an infrastructure that allows you to specify managed configurations for users and computers through Group Policy settings and Group Policy Preferences.
-Device Installation section in Group Policy is a set of policies that control which device could or could not be installed on a machine. Whether you want to apply the settings to a stand-alone computer or to many computers in an Active Directory domain, you use the Group Policy Object Editor to configure and apply the policy settings. For more details, see Group Policy Object Editor Technical Reference.
+Device Installation section in Group Policy is a set of policies that control which device could or couldn't be installed on a machine. Whether you want to apply the settings to a stand-alone computer or to many computers in an Active Directory domain, you use the Group Policy Object Editor to configure and apply the policy settings. For more information, see Group Policy Object Editor Technical Reference.
The following passages are brief descriptions of the Device Installation policies that are used in this guide.
> [!NOTE]
-> Device Installation control is applied only to machines (‘computer configuration’) and not users (‘user configuration’) by the nature of the Windows OS design. These policy settings affect all users who log on to the computer where the policy settings are applied. You cannot apply these policies to specific users or groups except for the policy Allow administrators to override device installation policy. This policy exempts members of the local Administrators group from any of the device installation restrictions that you apply to the computer by configuring other policy settings as described in this section.
+> Device Installation control is applied only to machines (‘computer configuration’) and not users (‘user configuration’) by the nature of the Windows OS design. These policy settings affect all users who log on to the computer where the policy settings are applied. You can't apply these policies to specific users or groups except for the policy Allow administrators to override device installation policy. This policy exempts members of the local Administrators group from any of the device installation restrictions that you apply to the computer by configuring other policy settings as described in this section.
#### Allow administrators to override Device Installation Restriction policies
-This policy setting allows members of the local Administrators group to install and update the drivers for any device, regardless of other policy settings. If you enable this policy setting, administrators can use the Add Hardware Wizard or the Update Driver Wizard to install and update the drivers for any device. If you disable or do not configure this policy setting, administrators are subject to all policy settings that restrict device installation.
+This policy setting allows members of the local Administrators group to install and update the drivers for any device, regardless of other policy settings. If you enable this policy setting, administrators can use the Add Hardware Wizard or the Update Driver Wizard to install and update the drivers for any device. If you disable or don't configure this policy setting, administrators are subject to all policy settings that restrict device installation.
#### Allow installation of devices that match any of these device IDs
-This policy setting specifies a list of Plug and Play hardware IDs and compatible IDs that describe devices that users can install. This setting is intended to be used only when the Prevent installation of devices not described by other policy settings policy setting is enabled and does not take precedence over any policy setting that would prevent users from installing a device. If you enable this policy setting, users can install and update any device with a hardware ID or compatible ID that matches an ID in this list if that installation has not been specifically prevented by the Prevent installation of devices that match these device IDs policy setting, the Prevent installation of devices for these device classes policy setting, or the Prevent installation of removable devices policy setting. If another policy setting prevents users from installing a device, users cannot install it even if the device is also described by a value in this policy setting. If you disable or do not configure this policy setting and no other policy describes the device, the Prevent installation of devices not described by other policy settings policy setting determines whether users can install the device.
+This policy setting specifies a list of Plug and Play hardware IDs and compatible IDs that describe devices that users can install. This setting is intended to be used only when the Prevent installation of devices not described by other policy settings policy setting is enabled and doesn't take precedence over any policy setting that would prevent users from installing a device. If you enable this policy setting, users can install and update any device with a hardware ID or compatible ID that matches an ID in this list if that installation hasn't been prevented by the Prevent installation of devices that match these device IDs policy setting, the Prevent installation of devices for these device classes policy setting, or the Prevent installation of removable devices policy setting. If another policy setting prevents users from installing a device, users can't install it even if the device is also described by a value in this policy setting. If you disable or don't configure this policy setting and no other policy describes the device, the Prevent installation of devices not described by other policy settings policy setting determines whether users can install the device.
#### Allow installation of devices that match any of these device instance IDs
@@ -184,20 +184,20 @@ This policy setting allows you to specify a list of Plug and Play device instanc
#### Allow installation of devices using drivers that match these device setup classes
-This policy setting specifies a list of device setup class GUIDs that describe devices that users can install. This setting is intended to be used only when the Prevent installation of devices not described by other policy settings policy setting is enabled and does not take precedence over any policy setting that would prevent users from installing a device. If you enable this setting, users can install and update any device with a hardware ID or compatible ID that matches one of the IDs in this list if that installation has not been specifically prevented by the Prevent installation of devices that match these device IDs policy setting, the Prevent installation of devices for these device classes policy setting, or the Prevent installation of removable devices policy setting. If another policy setting prevents users from installing a device, users cannot install it even if the device is also described by a value in this policy setting. If you disable or do not configure this policy setting and no other policy setting describes the device, the Prevent installation of devices not described by other policy settings policy setting determines whether users can install the device.
+This policy setting specifies a list of device setup class GUIDs that describe devices that users can install. This setting is intended to be used only when the Prevent installation of devices not described by other policy settings policy setting is enabled and doesn't take precedence over any policy setting that would prevent users from installing a device. If you enable this setting, users can install and update any device with a hardware ID or compatible ID that matches one of the IDs in this list if that installation hasn't been prevented by the Prevent installation of devices that match these device IDs policy setting, the Prevent installation of devices for these device classes policy setting, or the Prevent installation of removable devices policy setting. If another policy setting prevents users from installing a device, users can't install it even if the device is also described by a value in this policy setting. If you disable or don't configure this policy setting and no other policy setting describes the device, the Prevent installation of devices not described by other policy settings policy setting determines whether users can install the device.
#### Prevent installation of devices that match these device IDs
-This policy setting specifies a list of Plug and Play hardware IDs and compatible IDs for devices that users cannot install. If you enable this policy setting, users cannot install or update the driver for a device if its hardware ID or compatible ID matches one in this list. If you disable or do not configure this policy setting, users can install devices and update their drivers, as permitted by other policy settings for device installation.
+This policy setting specifies a list of Plug and Play hardware IDs and compatible IDs for devices that users can't install. If you enable this policy setting, users can't install or update the driver for a device if its hardware ID or compatible ID matches one in this list. If you disable or don't configure this policy setting, users can install devices and update their drivers, as permitted by other policy settings for device installation.
Note: This policy setting takes precedence over any other policy settings that allow users to install a device. This policy setting prevents users from installing a device even if it matches another policy setting that would allow installation of that device.
#### Prevent installation of devices that match any of these device instance IDs
-This policy setting allows you to specify a list of Plug and Play device instance IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device. If you enable this policy setting, Windows is prevented from installing a device whose device instance ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.
+This policy setting allows you to specify a list of Plug and Play device instance IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device. If you enable this policy setting, Windows is prevented from installing a device whose device instance ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. If you disable or don't configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.
#### Prevent installation of devices using drivers that match these device setup classes
-This policy setting specifies a list of Plug and Play device setup class GUIDs for devices that users cannot install. If you enable this policy setting, users cannot install or update devices that belong to any of the listed device setup classes. If you disable or do not configure this policy setting, users can install and update devices as permitted by other policy settings for device installation.
+This policy setting specifies a list of Plug and Play device setup class GUIDs for devices that users can't install. If you enable this policy setting, users can't install or update devices that belong to any of the listed device setup classes. If you disable or don't configure this policy setting, users can install and update devices as permitted by other policy settings for device installation.
Note: This policy setting takes precedence over any other policy settings that allow users to install a device. This policy setting prevents users from installing a device from being installed even if it matches another policy setting that would allow installation of that device.
### Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria
@@ -209,7 +209,7 @@ This policy setting will change the evaluation order in which Allow and Prevent
> [!NOTE]
> This policy setting provides more granular control than the "Prevent installation of devices not described by other policy settings" policy setting. If these conflicting policy settings are enabled at the same time, the "Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria" policy setting will be enabled and the other policy setting will be ignored.
>
-> If you disable or do not configure this policy setting, the default evaluation is used. By default, all "Prevent installation..." policy settings have precedence over any other policy setting that allows Windows to install a device.
+> If you disable or don't configure this policy setting, the default evaluation is used. By default, all "Prevent installation..." policy settings have precedence over any other policy setting that allows Windows to install a device.
Some of these policies take precedence over other policies. The flowchart shown below illustrates how Windows processes them to determine whether a user can install a device or not, as shown in Figure below.
@@ -222,11 +222,11 @@ Some of these policies take precedence over other policies. The flowchart shown
### General
-To complete each of the scenarios, please ensure your have:
+To complete each of the scenarios, ensure your have:
- A client computer running Windows.
-- A USB thumb drive. The scenarios described in this guide use a USB thumb drive as the example device (also known as a “removable disk drive”, "memory drive," a "flash drive," or a "keyring drive"). Most USB thumb drives do not require any manufacturer-provided drivers, and these devices work with the inbox drivers provided with the Windows build.
+- A USB thumb drive. The scenarios described in this guide use a USB thumb drive as the example device (also known as a “removable disk drive”, "memory drive," a "flash drive," or a "keyring drive"). Most USB thumb drives don't require any manufacturer-provided drivers, and these devices work with the inbox drivers provided with the Windows build.
- A USB/network printer pre-installed on the machine.
@@ -234,18 +234,18 @@ To complete each of the scenarios, please ensure your have:
### Understanding implications of applying ‘Prevent’ policies retroactive
-All ‘Prevent’ policies have an option to apply the block functionality to already installed devices—devices that have been installed on the machine before the policy took effect. Using this option is recommended when the administrator is not sure of the installation history of devices on the machine and would like to make sure the policy applies to all devices.
+All ‘Prevent’ policies can apply the block functionality to already installed devices—devices that have been installed on the machine before the policy took effect. Using this option is recommended when the administrator isn't sure of the installation history of devices on the machine and would like to make sure the policy applies to all devices.
For example: A printer is already installed on the machine, preventing the installation of all printers will block any future printer from being installed while keeping only the installed printer usable. To apply the block retroactive, the administrator should check mark the “apply this policy to already installed devices” option. Marking this option will prevent access to already installed devices in addition to any future ones.
-This is a powerful tool, but as such it has to be used carefully.
+This option is a powerful tool, but as such it has to be used carefully.
> [!IMPORTANT]
> Applying the ‘Prevent retroactive’ option to crucial devices could render the machine useless/unacceptable! For example: Preventing retroactive all ‘Disk Drives’ could block the access to the disk on which the OS boots with; Preventing retroactive all ‘Net’ could block this machine from accessing network and to fix the issue the admin will have to have a direct connection.
## Determine device identification strings
-By following these steps, you can determine the device identification strings for your device. If the hardware IDs and compatible IDs for your device do not match those shown in this guide, use the IDs that are appropriate to your device (this applies to Instance IDs and Classes, but we are not going to give an example for them in this guide).
+By following these steps, you can determine the device identification strings for your device. If the hardware IDs and compatible IDs for your device don't match those IDs shown in this guide, use the IDs that are appropriate to your device (this policy applies to Instance IDs and Classes, but we aren't going to give an example for them in this guide).
You can determine the hardware IDs and compatible IDs for your device in two ways. You can use Device Manager, a graphical tool included with the operating system, or PnPUtil, a command-line tool available for all Windows versions. Use the following procedure to view the device identification strings for your device.
@@ -268,7 +268,7 @@ To find device identification strings using Device Manager
_Open the ‘Details’ tab to look for the device identifiers_
-6. From the ‘Value’ window, copy the most detailed Hardware ID – we will use this in the policies.
+6. From the ‘Value’ window, copy the most detailed Hardware ID – we'll use this value in the policies.
@@ -283,7 +283,7 @@ To find device identification strings using Device Manager
pnputil /enum-devices /ids
```
-Here is an example of an output for a single device on a machine:
+Here's an example of an output for a single device on a machine:
```console
_List of prevent Class GUIDs_
7. Click ‘OK’.
-8. Click ‘Apply’ on the bottom right of the policy’s window – this pushes the policy and blocks all future printer installations, but doesn’t apply to existing installs.
+8. Click ‘Apply’ on the bottom right of the policy’s window – this option pushes the policy and blocks all future printer installations, but doesn’t apply to existing installs.
9. Optional – if you would like to apply the policy to existing installs: Open the **Prevent installation of devices using drivers that match these device setup classes** policy again; in the ‘Options’ window mark the checkbox that says ‘also apply to matching devices that are already installed’
@@ -374,13 +374,13 @@ Creating the policy to prevent all printers from being installed:
### Testing the scenario
-1. If you have not completed step #9 – follow these steps:
+1. If you haven't completed step #9 – follow these steps:
1. Uninstall your printer: Device Manager > Printers > right click the Canon Printer > click “Uninstall device”.
1. For USB printer – unplug and plug back the cable; for network device – make a search for the printer in the Windows Settings app.
- 1. You should not be able to reinstall the printer.
+ 1. You shouldn't be able to reinstall the printer.
-2. If you completed step #9 above and restarted the machine, simply look for your printer under Device Manager or the Windows Settings app and see that it is no-longer available for you to use.
+2. If you completed step #9 above and restarted the machine, look for your printer under Device Manager or the Windows Settings app and see that it's no-longer available for you to use.
## Scenario #2: Prevent installation of a specific printer
@@ -392,13 +392,13 @@ Setting up the environment for the scenario with the following steps:
1. Open Group Policy Editor and navigate to the Device Installation Restriction section.
-2. Make sure all previous Device Installation policies are disabled except ‘Apply layered order of evaluation’ (this is optional to be On/Off this scenario). Although the policy is disabled in default, it is recommended to be enabled in most practical applications. For scenario #2 it is optional.
+2. Ensure all previous Device Installation policies are disabled except ‘Apply layered order of evaluation’ (this prerequisite is optional to be On/Off this scenario). Although the policy is disabled in default, it's recommended to be enabled in most practical applications. For scenario #2, it's optional.
### Scenario steps – preventing installation of a specific device
Getting the right device identifier to prevent it from being installed:
-1. Get your printer’s Hardware ID – in this example we will use the identifier we found previously
+1. Get your printer’s Hardware ID – in this example we'll use the identifier we found previously
_Printer Hardware ID_
@@ -414,7 +414,7 @@ Creating the policy to prevent a single printer from being installed:
3. Open **Prevent installation of devices that match any of these device IDs** policy and select the ‘Enable’ radio button.
-4. In the lower left side, in the ‘Options’ window, click the ‘Show…’ box. This will take you to a table where you can enter the device identifier to block.
+4. In the lower left side, in the ‘Options’ window, click the ‘Show…’ box. This option will take you to a table where you can enter the device identifier to block.
5. Enter the printer device ID you found above – WSDPRINT\CanonMX920_seriesC1A0
@@ -422,26 +422,26 @@ Creating the policy to prevent a single printer from being installed:
6. Click ‘OK’.
-7. Click ‘Apply’ on the bottom right of the policy’s window. This pushes the policy and blocks the target printer in future installations, but doesn’t apply to an existing install.
+7. Click ‘Apply’ on the bottom right of the policy’s window. This option pushes the policy and blocks the target printer in future installations, but doesn’t apply to an existing install.
8. Optional – if you would like to apply the policy to an existing install: Open the **Prevent installation of devices that match any of these device IDs** policy again; in the ‘Options’ window mark the checkbox that says ‘also apply to matching devices that are already installed’.
### Testing the scenario
-If you completed step #8 above and restarted the machine, simply look for your printer under Device Manager or the Windows Settings app and see that it is no-longer available for you to use.
+If you completed step #8 above and restarted the machine, look for your printer under Device Manager or the Windows Settings app and see that it's no-longer available for you to use.
-If you have not completed step #8, follow these steps:
+If you haven't completed step #8, follow these steps:
1. Uninstall your printer: Device Manager > Printers > right click the Canon Printer > click “Uninstall device”.
2. For USB printer – unplug and plug back the cable; for network device – make a search for the printer in the Windows Settings app.
-3. You should not be able to reinstall the printer.
+3. You shouldn't be able to reinstall the printer.
## Scenario #3: Prevent installation of all printers while allowing a specific printer to be installed
-Now, using the knowledge from both previous scenarios, you will learn how to prevent the installation of an entire Class of devices while allowing a single printer to be installed.
+Now, using the knowledge from both previous scenarios, you'll learn how to prevent the installation of an entire Class of devices while allowing a single printer to be installed.
### Setting up the environment
@@ -474,15 +474,15 @@ First create a ‘Prevent Class’ policy and then create ‘Allow Device’ one
4. Open **Prevent installation of devices using drivers that match these device setup classes** policy and select the ‘Enable’ radio button.
-5. In the lower left side, in the ‘Options’ window, click the ‘Show…’ box. This will take you to a table where you can enter the class identifier to block.
+5. In the lower left side, in the ‘Options’ window, click the ‘Show…’ box. This option will take you to a table where you can enter the class identifier to block.
-6. Enter the printer class GUID you found above with the curly braces (this is important! Otherwise, it won’t work): {4d36e979-e325-11ce-bfc1-08002be10318}
+6. Enter the printer class GUID you found above with the curly braces (this value is important! Otherwise, it won’t work): {4d36e979-e325-11ce-bfc1-08002be10318}
_List of prevent Class GUIDs_
7. Click ‘OK’.
-8. Click ‘Apply’ on the bottom right of the policy’s window – this pushes the policy and blocks all future printer installations, but doesn’t apply to existing installs.
+8. Click ‘Apply’ on the bottom right of the policy’s window – this option pushes the policy and blocks all future printer installations, but doesn’t apply to existing installs.
9. To complete the coverage of all future and existing printers – Open the **Prevent installation of devices using drivers that match these device setup classes** policy again; in the ‘Options’ window mark the checkbox that says ‘also apply to matching devices that are already installed’ and click ‘OK’
@@ -494,7 +494,7 @@ First create a ‘Prevent Class’ policy and then create ‘Allow Device’ one
9. Now Open **Allow installation of devices that match any of these device IDs** policy and select the ‘Enable’ radio button.
-10. In the lower left side, in the ‘Options’ window, click the ‘Show…’ box. This will take you to a table where you can enter the device identifier to allow.
+10. In the lower left side, in the ‘Options’ window, click the ‘Show…’ box. This option will take you to a table where you can enter the device identifier to allow.
11. Enter the printer device ID you found above: WSDPRINT\CanonMX920_seriesC1A0.
@@ -502,18 +502,18 @@ First create a ‘Prevent Class’ policy and then create ‘Allow Device’ one
12. Click ‘OK’.
-13. Click ‘Apply’ on the bottom right of the policy’s window – this pushes the policy and allows the target printer to be installed (or stayed installed).
+13. Click ‘Apply’ on the bottom right of the policy’s window – this option pushes the policy and allows the target printer to be installed (or stayed installed).
## Testing the scenario
-1. Simply look for your printer under Device Manager or the Windows Settings app and see that it is still there and accessible. Or just print a test document.
+1. Look for your printer under Device Manager or the Windows Settings app and see that it's still there and accessible. Or just print a test document.
-2. Go back to the Group Policy Editor, disable **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy and test again your printer – you should not be bale to print anything or able to access the printer at all.
+2. Go back to the Group Policy Editor, disable **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy and test again your printer – you shouldn't be bale to print anything or able to access the printer at all.
## Scenario #4: Prevent installation of a specific USB device
-The scenario builds upon the knowledge from scenario #2, Prevent installation of a specific printer. In this scenario, you will gain an understanding of how some devices are built into the PnP (Plug and Play) device tree.
+The scenario builds upon the knowledge from scenario #2, Prevent installation of a specific printer. In this scenario, you'll gain an understanding of how some devices are built into the PnP (Plug and Play) device tree.
### Setting up the environment
@@ -521,7 +521,7 @@ Setting up the environment for the scenario with the following steps:
1. Open Group Policy Editor and navigate to the Device Installation Restriction section
-2. Make sure all previous Device Installation policies are disabled except ‘Apply layered order of evaluation’ (this is optional to be On/Off this scenario) – although the policy is disabled in default, it is recommended to be enabled in most practical applications.
+2. Ensure all previous Device Installation policies are disabled except ‘Apply layered order of evaluation’ (this prerequisite is optional to be On/Off this scenario) – although the policy is disabled in default, it's recommended to be enabled in most practical applications.
### Scenario steps – preventing installation of a specific device
@@ -546,7 +546,7 @@ Getting the right device identifier to prevent it from being installed and its l
5. Double-click the USB thumb-drive and move to the ‘Details’ tab.
-6. From the ‘Value’ window, copy the most detailed Hardware ID—we will use this in the policies. In this case Device ID = USBSTOR\DiskGeneric_Flash_Disk______8.07
+6. From the ‘Value’ window, copy the most detailed Hardware ID—we'll use this value in the policies. In this case Device ID = USBSTOR\DiskGeneric_Flash_Disk______8.07
_USB device hardware IDs_
@@ -560,7 +560,7 @@ Creating the policy to prevent a single USB thumb-drive from being installed:
3. Open **Prevent installation of devices that match any of these device IDs** policy and select the ‘Enable’ radio button.
-4. In the lower left side, in the ‘Options’ window, click the ‘Show’ box. This will take you to a table where you can enter the device identifier to block.
+4. In the lower left side, in the ‘Options’ window, click the ‘Show’ box. This option will take you to a table where you can enter the device identifier to block.
5. Enter the USB thumb-drive device ID you found above – USBSTOR\DiskGeneric_Flash_Disk______8.07
@@ -568,24 +568,24 @@ Creating the policy to prevent a single USB thumb-drive from being installed:
6. Click ‘OK’.
-7. Click ‘Apply’ on the bottom right of the policy’s window – this pushes the policy and blocks the target USB thumb-drive in future installations, but doesn’t apply to an existing install.
+7. Click ‘Apply’ on the bottom right of the policy’s window – this option pushes the policy and blocks the target USB thumb-drive in future installations, but doesn’t apply to an existing install.
8. Optional – if you would like to apply the policy to an existing install: Open the **Prevent installation of devices that match any of these device IDs** policy again; in the ‘Options’ window, mark the checkbox that says ‘also apply to matching devices that are already installed’
### Testing the scenario
-1. If you have not completed step #8 – follow these steps:
+1. If you haven't completed step #8 – follow these steps:
- Uninstall your USB thumb-drive: Device Manager > Disk drives > right click the target USB thumb-drive > click “Uninstall device”.
- - You should not be able to reinstall the device.
+ - You shouldn't be able to reinstall the device.
-2. If you completed step #8 above and restarted the machine, simply look for your Disk drives under Device Manager and see that it is no-longer available for you to use.
+2. If you completed step #8 above and restarted the machine, look for your Disk drives under Device Manager and see that it's no-longer available for you to use.
## Scenario #5: Prevent installation of all USB devices while allowing an installation of only an authorized USB thumb-drive
-Now, using the knowledge from all the previous 4 scenarios, you will learn how to prevent the installation of an entire Class of devices while allowing a single authorized USB thumb-drive to be installed.
+Now, using the knowledge from all the previous four scenarios, you'll learn how to prevent the installation of an entire Class of devices while allowing a single authorized USB thumb-drive to be installed.
### Setting up the environment
@@ -611,11 +611,11 @@ Getting the device identifier for both the USB Classes and a specific USB thumb-
- USB Device
- Class = USBDevice
- ClassGuid = {88BAE032-5A81-49f0-BC3D-A4FF138216D6}
- - USBDevice includes all USB devices that do not belong to another class. This class is not used for USB host controllers and hubs.
+ - USBDevice includes all USB devices that don't belong to another class. This class isn't used for USB host controllers and hubs.
- Hardware ID = USBSTOR\DiskGeneric_Flash_Disk______8.07
-As mentioned in scenario #4, it is not enough to enable only a single hardware ID in order to enable a single USB thumb-drive. The IT admin has to ensure all the USB devices that preceding the target one are not blocked (allowed) as well. In Our case the following devices has to be allowed so the target USB thumb-drive could be allowed as well:
+As mentioned in scenario #4, it's not enough to enable only a single hardware ID in order to enable a single USB thumb-drive. The IT admin has to ensure all the USB devices that preceding the target one aren't blocked (allowed) as well. In Our case the following devices has to be allowed so the target USB thumb-drive could be allowed as well:
- “Intel(R) USB 3.0 eXtensible Host Controller – 1.0 (Microsoft)” -> PCI\CC_0C03
- “USB Root Hub (USB 3.0)” -> USB\ROOT_HUB30
@@ -623,18 +623,18 @@ As mentioned in scenario #4, it is not enough to enable only a single hardware I
_USB devices nested under each other in the PnP tree_
-These devices are internal devices on the machine that define the USB port connection to the outside world. Enabling them should not enable any external/peripheral device from being installed on the machine.
+These devices are internal devices on the machine that define the USB port connection to the outside world. Enabling them shouldn't enable any external/peripheral device from being installed on the machine.
> [!IMPORTANT]
-> Some device in the system have several layers of connectivity to define their installation on the system. USB thumb-drives are such devices. Thus, when looking to either block or allow them on a system, it is important to understand the path of connectivity for each device. There are several generic Device IDs that are commonly used in systems and could provide a good start to build an ‘Allow list’ in such cases. See below for the list:
+> Some device in the system have several layers of connectivity to define their installation on the system. USB thumb-drives are such devices. Thus, when looking to either block or allow them on a system, it's important to understand the path of connectivity for each device. There are several generic Device IDs that are commonly used in systems and could provide a good start to build an ‘Allow list’ in such cases. See below for the list:
>
> PCI\CC_0C03; PCI\CC_0C0330; PCI\VEN_8086; PNP0CA1; PNP0CA1&HOST (for Host Controllers)/
> USB\ROOT_HUB30; USB\ROOT_HUB20 (for USB Root Hubs)/
> USB\USB20_HUB (for Generic USB Hubs)/
>
-> Specifically for desktop machines, it is very important to list all the USB devices that your keyboards and mice are connected through in the above list. Failing to do so could block a user from accessing its machine through HID devices.
+> Specifically for desktop machines, it's very important to list all the USB devices that your keyboards and mice are connected through in the above list. Failing to do so could block a user from accessing its machine through HID devices.
>
-> Different PC manufacturers sometimes have different ways to nest USB devices in the PnP tree, but in general this is how it is done.
+> Different PC manufacturers sometimes have different ways to nest USB devices in the PnP tree, but in general this is how it's done.
First create a ‘Prevent Class’ policy and then create ‘Allow Device’ one:
@@ -648,7 +648,7 @@ First create a ‘Prevent Class’ policy and then create ‘Allow Device’ one
4. Open **Prevent installation of devices using drivers that match these device setup classes** policy and select the ‘Enable’ radio button.
-5. In the lower left side, in the ‘Options’ window, click the ‘Show…’ box. This will take you to a table where you can enter the class identifier to block.
+5. In the lower left side, in the ‘Options’ window, click the ‘Show…’ box. This option will take you to a table where you can enter the class identifier to block.
6. Enter both USB classes GUID you found above with the curly braces:
@@ -657,7 +657,7 @@ First create a ‘Prevent Class’ policy and then create ‘Allow Device’ one
7. Click ‘OK’.
-8. Click ‘Apply’ on the bottom right of the policy’s window – this pushes the policy and blocks all future USB device installations, but doesn’t apply to existing installs.
+8. Click ‘Apply’ on the bottom right of the policy’s window – this option pushes the policy and blocks all future USB device installations, but doesn’t apply to existing installs.
> [!IMPORTANT]
> The previous step prevents all future USB devices from being installed. Before you move to the next step make sure you have as complete list as possible of all the USB Host Controllers, USB Root Hubs and Generic USB Hubs Device IDs available to prevent blocking you from interacting with your system through keyboards and mice.
@@ -668,7 +668,7 @@ First create a ‘Prevent Class’ policy and then create ‘Allow Device’ one
10. Now Open **Allow installation of devices that match any of these device IDs** policy and select the ‘Enable’ radio button.
-11. In the lower left side, in the ‘Options’ window, click the ‘Show…’ box. This will take you to a table where you can enter the device identifier to allow.
+11. In the lower left side, in the ‘Options’ window, click the ‘Show…’ box. This option will take you to a table where you can enter the device identifier to allow.
12. Enter the full list of USB device IDs you found above including the specific USB Thumb-drive you would like to authorize for installation – USBSTOR\DiskGeneric_Flash_Disk______8.07
@@ -682,4 +682,4 @@ First create a ‘Prevent Class’ policy and then create ‘Allow Device’ one
### Testing the scenario
-You should not be able to install any USB thumb-drive, except the one you authorized for usage
+You shouldn't be able to install any USB thumb-drive, except the one you authorized for usage
diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
index 55882ecb16..cc38c493dd 100644
--- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
+++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
@@ -17,9 +17,9 @@ ms.topic: article
# Manage Windows 10 in your organization - transitioning to modern management
-Use of personal devices for work, as well as employees working outside the office, may be changing how your organization manages devices. Certain parts of your organization might require deep, granular control over devices, while other parts might seek lighter, scenario-based management that empowers the modern workforce. Windows 10 offers the flexibility to respond to these changing requirements, and can easily be deployed in a mixed environment. You can shift the percentage of Windows 10 devices gradually, following the normal upgrade schedules used in your organization.
+Use of personal devices for work, and employees working outside the office, may be changing how your organization manages devices. Certain parts of your organization might require deep, granular control over devices, while other parts might seek lighter, scenario-based management that empowers the modern workforce. Windows 10 offers the flexibility to respond to these changing requirements, and can easily be deployed in a mixed environment. You can shift the percentage of Windows 10 devices gradually, following the normal upgrade schedules used in your organization.
-Your organization might have considered bringing in Windows 10 devices and downgrading them to Windows 7 until everything is in place for a formal upgrade process. While this may appear to save costs due to standardization, greater savings can come from avoiding the downgrade and immediately taking advantage of the cost reductions Windows 10 can provide. Because Windows 10 devices can be managed using the same processes and technology as other previous Windows versions, it’s easy for versions to coexist.
+Your organization might have considered bringing in Windows 10 devices and downgrading them to Windows 7 until everything is in place for a formal upgrade process. While this downgrade may appear to save costs due to standardization, greater savings can come from avoiding the downgrade and immediately taking advantage of the cost reductions Windows 10 can provide. Because Windows 10 devices can be managed using the same processes and technology as other previous Windows versions, it’s easy for versions to coexist.
Your organization can support various operating systems across a wide range of device types, and manage them through a common set of tools such as Microsoft Endpoint Configuration Manager, Microsoft Intune, or other third-party products. This “managed diversity” enables you to empower your users to benefit from the productivity enhancements available on their new Windows 10 devices (including rich touch and ink support), while still maintaining your standards for security and manageability. It can help you and your organization benefit from Windows 10 much faster.
@@ -50,7 +50,7 @@ As indicated in the diagram, Microsoft continues to provide support for deep man
## Deployment and Provisioning
-With Windows 10, you can continue to use traditional OS deployment, but you can also “manage out of the box.” To transform new devices into fully-configured, fully-managed devices, you can:
+With Windows 10, you can continue to use traditional OS deployment, but you can also “manage out of the box.” To transform new devices into fully configured, fully managed devices, you can:
- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services such as [Microsoft Autopilot](/windows/deployment/windows-10-auto-pilot) or [Microsoft Intune](/mem/intune/fundamentals/).
@@ -59,7 +59,7 @@ With Windows 10, you can continue to use traditional OS deployment, but you can
- Use traditional imaging techniques such as deploying custom images using [Microsoft Endpoint Configuration Manager](/configmgr/core/understand/introduction).
-You have multiple options for [upgrading to Windows 10](/windows/deployment/windows-10-deployment-scenarios). For existing devices running Windows 7 or Windows 8.1, you can use the robust in-place upgrade process for a fast, reliable move to Windows 10 while automatically preserving all the existing apps, data, and settings. This can mean significantly lower deployment costs, as well as improved productivity as end users can be immediately productive – everything is right where they left it. Of course, you can also use a traditional wipe-and-load approach if you prefer, using the same tools that you use today with Windows 7.
+You have multiple options for [upgrading to Windows 10](/windows/deployment/windows-10-deployment-scenarios). For existing devices running Windows 7 or Windows 8.1, you can use the robust in-place upgrade process for a fast, reliable move to Windows 10 while automatically preserving all the existing apps, data, and settings. This process usage can mean lower deployment costs, and improved productivity as end users can be immediately productive – everything is right where they left it. You can also use a traditional wipe-and-load approach if you prefer, using the same tools that you use today with Windows 7.
## Identity and Authentication
@@ -73,8 +73,8 @@ You can envision user and device management as falling into these two categories
- Likewise, for personal devices, employees can use a new, simplified [BYOD experience](/azure/active-directory/devices/overview) to add their work account to Windows, then access work resources on the device.
-- **Domain joined PCs and tablets used for traditional applications and access to important resources.** These may be traditional applications and resources that require authentication or accessing highly sensitive or classified resources on-premises.
- With Windows 10, if you have an on-premises [Active Directory](/windows-server/identity/whats-new-active-directory-domain-services) domain that’s [integrated with Azure AD](/azure/active-directory/devices/hybrid-azuread-join-plan), when employee devices are joined, they automatically register with Azure AD. This provides:
+- **Domain joined PCs and tablets used for traditional applications and access to important resources.** These applications and resources may be traditional ones that require authentication or accessing highly sensitive or classified resources on-premises.
+ With Windows 10, if you have an on-premises [Active Directory](/windows-server/identity/whats-new-active-directory-domain-services) domain that’s [integrated with Azure AD](/azure/active-directory/devices/hybrid-azuread-join-plan), when employee devices are joined, they automatically register with Azure AD. This registration provides:
- Single sign-on to cloud and on-premises resources from everywhere
@@ -98,7 +98,7 @@ As you review the roles in your organization, you can use the following generali
Your configuration requirements are defined by multiple factors, including the level of management needed, the devices and data managed, and your industry requirements. Meanwhile, employees are frequently concerned about IT applying strict policies to their personal devices, but they still want access to corporate email and documents. With Windows 10, you can create a consistent set of configurations across PCs, tablets, and phones through the common MDM layer.
-**MDM**: [MDM](https://www.microsoft.com/cloud-platform/mobile-device-management) gives you a way to configure settings that achieve your administrative intent without exposing every possible setting. (In contrast, Group Policy exposes fine-grained settings that you control individually.) One benefit of MDM is that it enables you to apply broader privacy, security, and application management settings through lighter and more efficient tools. MDM also allows you to target Internet-connected devices to manage policies without using GP that requires on-premises domain-joined devices. This makes MDM the best choice for devices that are constantly on the go.
+**MDM**: [MDM](https://www.microsoft.com/cloud-platform/mobile-device-management) gives you a way to configure settings that achieve your administrative intent without exposing every possible setting. (In contrast, Group Policy exposes fine-grained settings that you control individually.) One benefit of MDM is that it enables you to apply broader privacy, security, and application management settings through lighter and more efficient tools. MDM also allows you to target Internet-connected devices to manage policies without using GP that requires on-premises domain-joined devices. This provision makes MDM the best choice for devices that are constantly on the go.
**Group Policy** and **Microsoft Endpoint Configuration Manager**: Your organization might still need to manage domain joined computers at a granular level such as Internet Explorer’s 1,500 configurable Group Policy settings. If so, Group Policy and Configuration Manager continue to be excellent management choices:
@@ -115,7 +115,7 @@ MDM with Intune provide tools for applying Windows updates to client computers i
## Next steps
-There are a variety of steps you can take to begin the process of modernizing device management in your organization:
+There are various steps you can take to begin the process of modernizing device management in your organization:
**Assess current management practices, and look for investments you might make today.** Which of your current practices need to stay the same, and which can you change? Specifically, what elements of traditional management do you need to retain and where can you modernize? Whether you take steps to minimize custom imaging, re-evaluate settings management, or reassesses authentication and compliance, the benefits can be immediate. You can use the [MDM Migration Analysis Tool (MMAT)](https://aka.ms/mmat) to help determine which Group Policies are set for a target user/computer and cross-reference them against the list of available MDM policies.
@@ -123,10 +123,10 @@ There are a variety of steps you can take to begin the process of modernizing de
**Review the decision trees in this article.** With the different options in Windows 10, plus Configuration Manager and Enterprise Mobility + Security, you have the flexibility to handle imaging, authentication, settings, and management tools for any scenario.
-**Take incremental steps.** Moving towards modern device management doesn’t have to be an overnight transformation. New operating systems and devices can be brought in while older ones remain. With this “managed diversity,” users can benefit from productivity enhancements on new Windows 10 devices, while you continue to maintain older devices according to your standards for security and manageability. Starting with Windows 10, version 1803, the new policy [MDMWinsOverGP](./mdm/policy-csp-controlpolicyconflict.md#controlpolicyconflict-mdmwinsovergp) was added to allow MDM policies to take precedence over GP when both GP and its equivalent MDM policies are set on the device. You can start implementing MDM policies while keeping your GP environment. Here is the list of MDM policies with equivalent GP - [Policies supported by GP](./mdm/policy-configuration-service-provider.md)
+**Take incremental steps.** Moving towards modern device management doesn’t have to be an overnight transformation. New operating systems and devices can be brought in while older ones remain. With this “managed diversity,” users can benefit from productivity enhancements on new Windows 10 devices, while you continue to maintain older devices according to your standards for security and manageability. Starting with Windows 10, version 1803, the new policy [MDMWinsOverGP](./mdm/policy-csp-controlpolicyconflict.md#controlpolicyconflict-mdmwinsovergp) was added to allow MDM policies to take precedence over GP when both GP and its equivalent MDM policies are set on the device. You can start implementing MDM policies while keeping your GP environment. Here's the list of MDM policies with equivalent GP - [Policies supported by GP](./mdm/policy-configuration-service-provider.md)
-**Optimize your existing investments**. On the road from traditional on-premises management to modern cloud-based management, take advantage of the flexible, hybrid architecture of Configuration Manager and Intune. Starting with Configuration Manager 1710, co-management enables you to concurrently manage Windows 10 devices by using both Configuration Manager and Intune. See these topics for details:
+**Optimize your existing investments**. On the road from traditional on-premises management to modern cloud-based management, take advantage of the flexible, hybrid architecture of Configuration Manager and Intune. Configuration Manager 1710 onward, co-management enables you to concurrently manage Windows 10 devices by using both Configuration Manager and Intune. See these topics for details:
- [Co-management for Windows 10 devices](/configmgr/core/clients/manage/co-management-overview)
- [Prepare Windows 10 devices for co-management](/configmgr/core/clients/manage/co-management-prepare)
diff --git a/windows/client-management/mdm/accountmanagement-csp.md b/windows/client-management/mdm/accountmanagement-csp.md
index 5f2a7ff230..7be2cf47f8 100644
--- a/windows/client-management/mdm/accountmanagement-csp.md
+++ b/windows/client-management/mdm/accountmanagement-csp.md
@@ -19,7 +19,7 @@ AccountManagement CSP is used to configure setting in the Account Manager servic
> [!NOTE]
> The AccountManagement CSP is only supported in Windows Holographic for Business edition.
-The following shows the AccountManagement configuration service provider in tree format.
+The following syntax shows the AccountManagement configuration service provider in tree format.
```console
./Vendor/MSFT
@@ -41,7 +41,7 @@ Interior node.
**UserProfileManagement/EnableProfileManager**
Enable profile lifetime management for shared or communal device scenarios. Default value is false.
-Supported operations are Add, Get,Replace, and Delete. Value type is bool.
+Supported operations are Add, Get, Replace, and Delete. Value type is bool.
**UserProfileManagement/DeletionPolicy**
Configures when profiles will be deleted. Default value is 1.
@@ -52,19 +52,19 @@ Valid values:
- 1 - delete at storage capacity threshold
- 2 - delete at both storage capacity threshold and profile inactivity threshold
-Supported operations are Add, Get,Replace, and Delete. Value type is integer.
+Supported operations are Add, Get, Replace, and Delete. Value type is integer.
**UserProfileManagement/StorageCapacityStartDeletion**
Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first. Default value is 25.
-Supported operations are Add, Get,Replace, and Delete. Value type is integer.
+Supported operations are Add, Get, Replace, and Delete. Value type is integer.
**UserProfileManagement/StorageCapacityStopDeletion**
Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles. Default value is 50.
-Supported operations are Add, Get,Replace, and Delete. Value type is integer.
+Supported operations are Add, Get, Replace, and Delete. Value type is integer.
**UserProfileManagement/ProfileInactivityThreshold**
-Start deleting profiles when they have not been logged on during the specified period, given as number of days. Default value is 30.
+Start deleting profiles when they haven't been logged on during the specified period, given as number of days. Default value is 30.
-Supported operations are Add, Get,Replace, and Delete. Value type is integer.
+Supported operations are Add, Get, Replace, and Delete. Value type is integer.
diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md
index 1269c2797e..badfb5ccd9 100644
--- a/windows/client-management/mdm/accounts-csp.md
+++ b/windows/client-management/mdm/accounts-csp.md
@@ -1,6 +1,6 @@
---
title: Accounts CSP
-description: The Accounts configuration service provider (CSP) is used by the enterprise to rename devices, as well as create local Windows accounts & joint them to a group.
+description: The Accounts configuration service provider (CSP) is used by the enterprise to rename devices, and create local Windows accounts & join them to a group.
ms.author: dansimp
ms.topic: article
ms.prod: w10
@@ -17,7 +17,7 @@ manager: dansimp
The Accounts configuration service provider (CSP) is used by the enterprise (1) to rename a device, (2) to create a new local Windows account and join it to a local user group. This CSP was added in Windows 10, version 1803.
-The following shows the Accounts configuration service provider in tree format.
+The following syntax shows the Accounts configuration service provider in tree format.
```
./Device/Vendor/MSFT
@@ -37,7 +37,7 @@ Root node.
Interior node for the account domain information.
**Domain/ComputerName**
-This node specifies the DNS hostname for a device. This setting can be managed remotely, but note that this not supported for devices hybrid joined to Azure Active Directory and an on-premises Active directory. The server must explicitly reboot the device for this value to take effect. A couple of macros can be embedded within the value for dynamic substitution. Using any of these macros will limit the new name to 15 characters.
+This node specifies the DNS hostname for a device. This setting can be managed remotely, but this remote management isn't supported for devices hybrid joined to Azure Active Directory and an on-premises Active directory. The server must explicitly reboot the device for this value to take effect. A couple of macros can be embedded within the value for dynamic substitution. Using any of these macros will limit the new name to 15 characters.
Available naming macros:
@@ -61,9 +61,9 @@ This node specifies the username for a new local user account. This setting can
This node specifies the password for a new local user account. This setting can be managed remotely.
Supported operation is Add.
-GET operation is not supported. This setting will report as failed when deployed from the Endpoint Manager.
+GET operation isn't supported. This setting will report as failed when deployed from the Endpoint Manager.
**Users/_UserName_/LocalUserGroup**
-This optional node specifies the local user group that a local user account should be joined to. If the node is not set, the new local user account is joined just to the Standard Users group. Set the value to 2 for Administrators group. This setting can be managed remotely.
+This optional node specifies the local user group that a local user account should be joined to. If the node isn't set, the new local user account is joined just to the Standard Users group. Set the value to 2 for Administrators group. This setting can be managed remotely.
Supported operation is Add.
diff --git a/windows/client-management/mdm/activesync-csp.md b/windows/client-management/mdm/activesync-csp.md
index e69eef0c44..307391743a 100644
--- a/windows/client-management/mdm/activesync-csp.md
+++ b/windows/client-management/mdm/activesync-csp.md
@@ -17,7 +17,7 @@ ms.date: 06/26/2017
The ActiveSync configuration service provider is used to set up and change settings for Exchange ActiveSync. After an Exchange account has been updated over-the-air by the ActiveSync configuration service provider, the device must be powered off and then powered back on to see sync status.
-Configuring Windows Live ActiveSync accounts through this configuration service provider is not supported.
+Configuring Windows Live ActiveSync accounts through this configuration service provider isn't supported.
> [!NOTE]
> The target user must be logged in for the CSP to succeed. The correct way to configure an account is to use the ./User/Vendor/MSFT/ActiveSync path.
@@ -28,7 +28,7 @@ The ./Vendor/MSFT/ActiveSync path is deprecated, but will continue to work in th
-The following shows the ActiveSync configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
+The following example shows the ActiveSync configuration service provider management objects in tree format as used by Open Mobile Alliance Device Management (OMA DM), OMA Client Provisioning, and Enterprise DM.
```
./Vendor/MSFT
@@ -86,7 +86,7 @@ Defines a specific ActiveSync account. A globally unique identifier (GUID) must
Supported operations are Get, Add, and Delete.
-When managing over OMA DM, make sure to always use a unique GUID. Provisioning with an account that has the same GUID as an existing one deletes the existing account and does not create the new account.
+When managing over OMA DM, make sure to always use a unique GUID. Provisioning with an account that has the same GUID as an existing one deletes the existing account and doesn't create the new account.
Braces { } are required around the GUID. In OMA Client Provisioning, you can type the braces. For example:
@@ -107,7 +107,7 @@ For OMA DM, you must use the ASCII values of %7B and %7D for the opening and clo
***Account GUID*/EmailAddress**
Required. A character string that specifies the email address associated with the Exchange ActiveSync account.
-Supported operations are Get, Replace, and Add (cannot Add after the account is created).
+Supported operations are Get, Replace, and Add (can't Add after the account is created).
This email address is entered by the user during setup and must be in the fully qualified email address format, for example, "someone@example.com".
@@ -119,21 +119,21 @@ Supported operations are Get, Replace, Add, and Delete.
***Account GUID*/AccountIcon**
Required. A character string that specifies the location of the icon associated with the account.
-Supported operations are Get, Replace, and Add (cannot Add after the account is created).
+Supported operations are Get, Replace, and Add (can't Add after the account is created).
The account icon can be used as a tile in the **Start** list or an icon in the applications list under **Settings > email & accounts**. Some icons are already provided on the device. The suggested icon for POP/IMAP or generic ActiveSync accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.genericmail.png. The suggested icon for Exchange Accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.office.outlook.png. Custom icons can be added if desired.
***Account GUID*/AccountType**
Required. A character string that specifies the account type.
-Supported operations are Get and Add (cannot Add after the account is created).
+Supported operations are Get and Add (can't Add after the account is created).
-This value is entered during setup and cannot be modified once entered. An Exchange account is indicated by the string value "Exchange".
+This value is entered during setup and can't be modified once entered. An Exchange account is indicated by the string value "Exchange".
***Account GUID*/AccountName**
Required. A character string that specifies the name that refers to the account on the device.
-Supported operations are Get, Replace, and Add (cannot Add after the account is created).
+Supported operations are Get, Replace, and Add (can't Add after the account is created).
***Account GUID*/Password**
Required. A character string that specifies the password for the account.
@@ -145,14 +145,14 @@ For the Get command, only asterisks are returned.
***Account GUID*/ServerName**
Required. A character string that specifies the server name used by the account.
-Supported operations are Get, Replace, and Add (cannot Add after the account is created).
+Supported operations are Get, Replace, and Add (can't Add after the account is created).
***Account GUID*/UserName**
Required. A character string that specifies the user name for the account.
-Supported operations are Get, and Add (cannot Add after the account is created).
+Supported operations are Get, and Add (can't Add after the account is created).
-The user name cannot be changed after a sync has been successfully performed. The user name can be in the fully qualified format "someone@example.com", or just "username", depending on the type of account created. For most Exchange accounts, the user name format is just "username", whereas for Microsoft, Google, Yahoo, and most POP/IMAP accounts, the user name format is "someone@example.com".
+The user name can't be changed after a sync has been successfully performed. The user name can be in the fully qualified format "someone@example.com", or just "username", depending on the type of account created. For most Exchange accounts, the user name format is just "username", whereas for Microsoft, Google, Yahoo, and most POP/IMAP accounts, the user name format is "someone@example.com".
**Options**
Node for other parameters.
@@ -163,9 +163,9 @@ Specifies the time window used for syncing calendar items to the device. Value t
**Options/Logging**
Required. A character string that specifies whether diagnostic logging is enabled and at what level. The default is 0 (disabled).
-Supported operations are Get, Replace, and Add (cannot Add after the account is created).
+Supported operations are Get, Replace, and Add (can't Add after the account is created).
-Valid values are one of the following:
+Valid values are any of the following values:
- 0 (default) - Logging is off.
@@ -173,7 +173,7 @@ Valid values are one of the following:
- 2 - Advanced logging is enabled.
-Logging is set to off by default. The user might be asked to set this to Basic or Advanced when having a sync issue that customer support is investigating. Setting the logging level to Advanced has more of a performance impact than Basic.
+Logging is set to off by default. The user might be asked to set this logging to Basic or Advanced when having a sync issue that customer support is investigating. Setting the logging level to Advanced has more of a performance impact than Basic.
**Options/MailBodyType**
Indicates the email format. Valid values:
@@ -185,19 +185,19 @@ Indicates the email format. Valid values:
- 4 - MIME
**Options/MailHTMLTruncation**
-Specifies the size beyond which HTML-formatted email messages are truncated when they are synchronized to the mobile device. The value is specified in KB. A value of -1 disables truncation.
+Specifies the size beyond which HTML-formatted email messages are truncated when they're synchronized to the mobile device. The value is specified in KB. A value of -1 disables truncation.
**Options/MailPlainTextTruncation**
-This setting specifies the size beyond which text-formatted e-mail messages are truncated when they are synchronized to the mobile phone. The value is specified in KB. A value of -1 disables truncation.
+This setting specifies the size beyond which text-formatted e-mail messages are truncated when they're synchronized to the mobile phone. The value is specified in KB. A value of -1 disables truncation.
**Options/UseSSL**
Optional. A character string that specifies whether SSL is used.
-Supported operations are Get, Replace, and Add (cannot Add after the account is created).
+Supported operations are Get, Replace, and Add (can't Add after the account is created).
Valid values are:
-- 0 - SSL is not used.
+- 0 - SSL isn't used.
- 1 (default) - SSL is used.
@@ -206,7 +206,7 @@ Required. A character string that specifies the time until the next sync is perf
Supported operations are Get and Replace.
-Valid values are one of the following:
+Valid values are any of the following values:
- -1 (default) - A sync will occur as items are received
@@ -223,7 +223,7 @@ Required. A character string that specifies the time window used for syncing ema
Supported operations are Get and Replace.
-Valid values are one of the following:
+Valid values are any of the following values:
- 0 – No age filter is used, and all email items are synced to the device.
@@ -238,7 +238,7 @@ Valid values are one of the following:
**Options/ContentTypes/***Content Type GUID*
Defines the type of content to be individually enabled/disabled for sync.
-The *GUID* values allowed are one of the following:
+The *GUID* values allowed are any of the following values:
- Email: "{c6d47067-6e92-480e-b0fc-4ba82182fac7}"
@@ -251,11 +251,11 @@ The *GUID* values allowed are one of the following:
**Options/ContentTypes/*Content Type GUID*/Enabled**
Required. A character string that specifies whether sync is enabled or disabled for the selected content type. The default is "1" (enabled).
-Supported operations are Get, Replace, and Add (cannot Add after the account is created).
+Supported operations are Get, Replace, and Add (can't Add after the account is created).
-Valid values are one of the following:
+Valid values are any of the following values:
-- 0 - Sync for email, contacts, calendar, or tasks is disabled.
+- 0 - Sync for email, contacts, calendar, or tasks are disabled.
- 1 (default) - Sync is enabled.
**Options/ContentTypes/*Content Type GUID*/Name**
@@ -265,7 +265,7 @@ Required. A character string that specifies the name of the content type.
> In Windows 10, this node is currently not working.
-Supported operations are Get, Replace, and Add (cannot Add after the account is created).
+Supported operations are Get, Replace, and Add (can't Add after the account is created).
When you use Add or Replace inside an atomic block in the SyncML, the CSP returns an error and provisioning fails. When you use Add or Replace outside of the atomic block, the error is ignored and the account is provisioned as expected.
diff --git a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
index 740ad8289d..3328f5ca2a 100644
--- a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
+++ b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
@@ -57,7 +57,7 @@ Here's a step-by-step guide to adding an Azure Active Directory tenant, adding a
-10. After the purchase is completed, you can log in to your Office 365 Admin Portal and you will see the **Azure AD** option from the Admin drop-down menu along with other services (SharePoint, Exchange, etc....).
+10. After the purchase is completed, you can log on to your Office 365 Admin Portal and you'll see the **Azure AD** option from the Admin drop-down menu along with other services (SharePoint and Exchange).
@@ -75,7 +75,7 @@ If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Ent
-3. On the **Admin center** page, hover your mouse over the Admin tools icon on the left and then click **Azure AD**. This will take you to the Azure Active Directory sign-up page and brings up your existing Office 365 organization account information.
+3. On the **Admin center** page, hover your mouse over the Admin tools icon on the left and then click **Azure AD**. This option will take you to the Azure Active Directory sign-up page and brings up your existing Office 365 organization account information.
@@ -87,7 +87,7 @@ If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Ent
-6. You will see a welcome page when the process completes.
+6. You'll see a welcome page when the process completes.
diff --git a/windows/client-management/mdm/alljoynmanagement-csp.md b/windows/client-management/mdm/alljoynmanagement-csp.md
index 1df422d0db..de7482b72d 100644
--- a/windows/client-management/mdm/alljoynmanagement-csp.md
+++ b/windows/client-management/mdm/alljoynmanagement-csp.md
@@ -26,7 +26,7 @@ This CSP was added in Windows 10, version 1511.
For the firewall settings, note that PublicProfile and PrivateProfile are mutually exclusive. The Private Profile must be set on the directly on the device itself, and the only supported operation is Get. For PublicProfile, both Add and Get are supported. This CSP is intended to be used in conjunction with the AllJoyn Device System Bridge, and an understanding of the bridge will help when determining when and how to use this CSP. For more information, see [Device System Bridge (DSB)](https://wikipedia.org/wiki/AllJoyn). For more information, see [AllJoyn - Wikipedia](https://wikipedia.org/wiki/AllJoyn).
-The following shows the AllJoynManagement configuration service provider in tree format
+The following example shows the AllJoynManagement configuration service provider in tree format
```
./Vendor/MSFT
@@ -70,10 +70,10 @@ List of all AllJoyn objects that are discovered on the AllJoyn bus. All AllJoyn
The unique AllJoyn device ID (a GUID) that hosts one or more configurable objects.
**Services/*Node name*/Port**
-The set of ports that the AllJoyn object uses to communicate configuration settings. Typically only one port is used for communication, but it is possible to specify additional ports.
+The set of ports that the AllJoyn object uses to communicate configuration settings. Typically only one port is used for communication, but it's possible to specify more ports.
**Services/*Node name*/Port/***Node name*
-Port number used for communication. This is specified by the configurable AllJoyn object and reflected here.
+Port number used for communication. This value is specified by the configurable AllJoyn object and reflected here.
**Services/*Node name*/Port/*Node name*/CfgObject**
The set of configurable interfaces that are available on the port of the AllJoyn object.
@@ -89,7 +89,7 @@ This is the credential store. An administrator can set credentials for each AllJ
When a SyncML request arrives in the CSP to replace or query a configuration item on an AllJoyn object that requires authentication, then the CSP uses the credentials stored here during the authentication phase.
**Credentials/***Node name*
-This is the same service ID specified in \\AllJoynManagement\\Services\\ServiceID URI. It is typically implemented as a GUID.
+This is the same service ID specified in \\AllJoynManagement\\Services\\ServiceID URI. It's typically implemented as a GUID.
**Credentials/*Node name*/Key**
An alphanumeric key value that conforms to the AllJoyn SRP KEYX authentication standard.
@@ -128,7 +128,7 @@ SyncML xmlns="SYNCML:SYNCML1.2">
```
-You should replace \_ALLJOYN\_DEVICE\_ID\_ with an actual device ID. Note that the data is base-64 encoded representation of the configuration file that you are setting.
+You should replace \_ALLJOYN\_DEVICE\_ID\_ with an actual device ID. The data is base-64 encoded representation of the configuration file that you're setting.
Get PIN data
diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md
index 648d9c245f..d18a0ebd70 100644
--- a/windows/client-management/mdm/applicationcontrol-csp.md
+++ b/windows/client-management/mdm/applicationcontrol-csp.md
@@ -13,10 +13,10 @@ ms.date: 09/10/2020
# ApplicationControl CSP
-Windows Defender Application Control (WDAC) policies can be managed from an MDM server or locally using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently does not schedule a reboot.
+Windows Defender Application Control (WDAC) policies can be managed from an MDM server or locally using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and hence doesn't schedule a reboot.
Existing WDAC policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although WDAC policy deployment via the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only.
-The following shows the ApplicationControl CSP in tree format.
+The following example shows the ApplicationControl CSP in tree format.
```
./Vendor/MSFT
@@ -80,14 +80,14 @@ Scope is dynamic. Supported operation is Get.
Value type is char.
**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsEffective**
-This node specifies whether a policy is actually loaded by the enforcement engine and is in effect on a system.
+This node specifies whether a policy is loaded by the enforcement engine and is in effect on a system.
Scope is dynamic. Supported operation is Get.
Value type is bool. Supported values are as follows:
-- True — Indicates that the policy is actually loaded by the enforcement engine and is in effect on a system.
-- False — Indicates that the policy is not loaded by the enforcement engine and is not in effect on a system. This is the default.
+- True—Indicates that the policy is loaded by the enforcement engine and is in effect on a system.
+- False—Indicates that the policy isn't loaded by the enforcement engine and isn't in effect on a system. This value is the default value.
**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsDeployed**
This node specifies whether a policy is deployed on the system and is present on the physical machine.
@@ -96,18 +96,18 @@ Scope is dynamic. Supported operation is Get.
Value type is bool. Supported values are as follows:
-- True — Indicates that the policy is deployed on the system and is present on the physical machine.
-- False — Indicates that the policy is not deployed on the system and is not present on the physical machine. This is the default.
+- True—Indicates that the policy is deployed on the system and is present on the physical machine.
+- False—Indicates that the policy isn't deployed on the system and isn't present on the physical machine. This value is the default value.
**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsAuthorized**
-This node specifies whether the policy is authorized to be loaded by the enforcement engine on the system. If not authorized, a policy cannot take effect on the system.
+This node specifies whether the policy is authorized to be loaded by the enforcement engine on the system. If not authorized, a policy can't take effect on the system.
Scope is dynamic. Supported operation is Get.
Value type is bool. Supported values are as follows:
-- True — Indicates that the policy is authorized to be loaded by the enforcement engine on the system.
-- False — Indicates that the policy is not authorized to be loaded by the enforcement engine on the system. This is the default.
+- True—Indicates that the policy is authorized to be loaded by the enforcement engine on the system.
+- False—Indicates that the policy isn't authorized to be loaded by the enforcement engine on the system. This value is the default value.
The following table provides the result of this policy based on different values of IsAuthorized, IsDeployed, and IsEffective nodes:
@@ -144,7 +144,7 @@ For customers using Intune standalone or hybrid management with Configuration Ma
## Generic MDM Server Usage Guidance
-In order to leverage the ApplicationControl CSP without using Intune, you must:
+In order to use the ApplicationControl CSP without using Intune, you must:
1. Know a generated policy's GUID, which can be found in the policy xml as `
The product name is first part of the PackageFullName followed by the version number. In the Windows Camera example, the ProductName is Microsoft.WindowsCamera.|
|Publisher|Publisher|
-|Version|Version
This can be used either in the HighSection or LowSection of the BinaryVersionRange.
HighSection defines the highest version number and LowSection defines the lowest version number that should be trusted. You can use a wildcard for both versions to make a version- independent rule. Using a wildcard for one of the values will provide higher than or lower than a specific version semantics.|
+|Version|Version
The version can be used either in the HighSection or LowSection of the BinaryVersionRange.
HighSection defines the highest version number and LowSection defines the lowest version number that should be trusted. You can use a wildcard for both versions to make a version- independent rule. Using a wildcard for one of the values will provide higher than or lower than a specific version semantics.|
-Here is an example AppLocker publisher rule:
+Here's an example AppLocker publisher rule:
```xml
This value will only be present if there is a XAP package associated with the app in the Store.
If this value is populated then the simple thing to do to cover both the AppX and XAP package would be to create two rules for the app. One rule for AppX using the packageIdentityName and publisherCertificateName value and another one using the windowsPhoneLegacyId value.|
+|windowsPhoneLegacyId|Same value maps to the ProductName and Publisher name.
This value will only be present if there's a XAP package associated with the app in the Store.
If this value is populated, then the simple thing to do to cover both the AppX and XAP package would be to create two rules for the app. One rule for AppX using the packageIdentityName and publisherCertificateName value and another one using the windowsPhoneLegacyId value.|
## Settings apps that rely on splash apps
-These apps are blocked unless they are explicitly added to the list of allowed apps. The following table shows the subset of Settings apps that rely on splash apps.
+These apps are blocked unless they're explicitly added to the list of allowed apps. The following table shows the subset of Settings apps that rely on splash apps.
The product name is first part of the PackageFullName followed by the version number.
@@ -526,7 +526,7 @@ The following example blocks the usage of the map application.
```
-The following example disables the Mixed Reality Portal. In the example, the **Id** can be any generated GUID and the **Name** can be any name you choose. Note that `BinaryName="*"` allows you to block any app executable in the Mixed Reality Portal package. **Binary/VersionRange**, as shown in the example, will block all versions of the Mixed Reality Portal app.
+The following example disables the Mixed Reality Portal. In the example, the **Id** can be any generated GUID and the **Name** can be any name you choose. `BinaryName="*"` allows you to block any app executable in the Mixed Reality Portal package. **Binary/VersionRange**, as shown in the example, will block all versions of the Mixed Reality Portal app.
```xml
[DiagnosticLog DDF](diagnosticlog-ddf.md)|Added version 1.4 of the CSP in Windows 10, version 1903. Added the new 1.4 version of the DDF. Added the following new nodes:
Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelName/MaximumFileSize, Policy/Channels/ChannelName/SDDL, Policy/Channels/ChannelName/ActionWhenFull, Policy/Channels/ChannelName/Enabled, DiagnosticArchive, DiagnosticArchive/ArchiveDefinition, DiagnosticArchive/ArchiveResults.|
-|[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Enhanced the article to include additional reference links and the following two topics:
Verify auto-enrollment requirements and settings, Troubleshoot auto-enrollment of devices.|
+|[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Enhanced the article to include more reference links and the following two topics:
Verify auto-enrollment requirements and settings, Troubleshoot auto-enrollment of devices.|
## July 2019
@@ -111,7 +111,7 @@ This article lists new and updated articles for the Mobile Device Management (MD
|[ApplicationControl CSP](applicationcontrol-csp.md)|Added new CSP in Windows 10, version 1903.|
|[PassportForWork CSP](passportforwork-csp.md)|Added the following new nodes in Windows 10, version 1903:
SecurityKey, SecurityKey/UseSecurityKeyForSignin|
|[Policy CSP - Privacy](policy-csp-privacy.md)|Added the following new policies:
LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock|
-|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported:
Create a custom configuration service provider
Design a custom configuration service provider
IConfigServiceProvider2
IConfigServiceProvider2::ConfigManagerNotification
IConfigServiceProvider2::GetNode
ICSPNode
ICSPNode::Add
ICSPNode::Clear
ICSPNode::Copy
ICSPNode::DeleteChild
ICSPNode::DeleteProperty
ICSPNode::Execute
ICSPNode::GetChildNodeNames
ICSPNode::GetProperty
ICSPNode::GetPropertyIdentifiers
ICSPNode::GetValue
ICSPNode::Move
ICSPNode::SetProperty
ICSPNode::SetValue
ICSPNodeTransactioning
ICSPValidate
Samples for writing a custom configuration service provider.|
+|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs isn't currently supported:
Create a custom configuration service provider
Design a custom configuration service provider
IConfigServiceProvider2
IConfigServiceProvider2::ConfigManagerNotification
IConfigServiceProvider2::GetNode
ICSPNode
ICSPNode::Add
ICSPNode::Clear
ICSPNode::Copy
ICSPNode::DeleteChild
ICSPNode::DeleteProperty
ICSPNode::Execute
ICSPNode::GetChildNodeNames
ICSPNode::GetProperty
ICSPNode::GetPropertyIdentifiers
ICSPNode::GetValue
ICSPNode::Move
ICSPNode::SetProperty
ICSPNode::SetValue
ICSPNodeTransactioning
ICSPValidate
Samples for writing a custom configuration service provider.|
## June 2019
@@ -141,7 +141,7 @@ This article lists new and updated articles for the Mobile Device Management (MD
| New or updated article | Description |
|-------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md) | Added the following warning at the end of the Overview section:
Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it does not. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined. |
+| [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md) | Added the following warning at the end of the Overview section:
Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it doesn't. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined. |
| [Policy CSP - UserRights](policy-csp-userrights.md) | Added a note stating if you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag () to wrap the data fields. |
## March 2019
@@ -193,12 +193,12 @@ This article lists new and updated articles for the Mobile Device Management (MD
|New or updated article|Description|
|--- |--- |
-|[AssignedAccess CSP](assignedaccess-csp.md)|Added the following note:
You can only assign one single app kiosk profile to an individual user account on a device. The single app profile does not support domain groups.|
+|[AssignedAccess CSP](assignedaccess-csp.md)|Added the following note:
You can only assign one single app kiosk profile to an individual user account on a device. The single app profile doesn't support domain groups.|
|[PassportForWork CSP](passportforwork-csp.md)|Added new settings in Windows 10, version 1809.|
|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added NonRemovable setting under AppManagement node in Windows 10, version 1809.|
|[Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)|Added new configuration service provider in Windows 10, version 1809.|
|[WindowsLicensing CSP](windowslicensing-csp.md)|Added S mode settings and SyncML examples in Windows 10, version 1809.|
-|[SUPL CSP](supl-csp.md)|Added 3 new certificate nodes in Windows 10, version 1809.|
+|[SUPL CSP](supl-csp.md)|Added three new certificate nodes in Windows 10, version 1809.|
|[Defender CSP](defender-csp.md)|Added a new node Health/ProductStatus in Windows 10, version 1809.|
|[BitLocker CSP](bitlocker-csp.md)|Added a new node AllowStandardUserEncryption in Windows 10, version 1809.|
|[DevDetail CSP](devdetail-csp.md)|Added a new node SMBIOSSerialNumber in Windows 10, version 1809.|
@@ -211,7 +211,7 @@ This article lists new and updated articles for the Mobile Device Management (MD
|[Wifi CSP](wifi-csp.md)|Added a new node WifiCost in Windows 10, version 1809.|
|[Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md)|Recent changes:
Added the following new policies in Windows 10, version 1809:
Added the following new policies in Windows 10, version 1809:
The following existing policies were updated:
Added a new section:
The following existing policies were updated:
Added a new section:
Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (1st gen) Commercial Suite. Added example for HoloLens (1st gen) Commercial Suite.|
+|[AssignedAccess CSP](assignedaccess-csp.md)|Added the following nodes in Windows 10, version 1803:
Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (first gen) Commercial Suite. Added example for HoloLens (first gen) Commercial Suite.|
|[MultiSIM CSP](multisim-csp.md)|Added a new CSP in Windows 10, version 1803.|
|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following node in Windows 10, version 1803:
Added the following policies the were added in Windows 10, version 1709
Security/RequireDeviceEncryption - updated to show it is supported in desktop.|
+|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
Added the following policies in Windows 10, version 1709
Security/RequireDeviceEncryption - updated to show it's supported in desktop.|
|[BitLocker CSP](bitlocker-csp.md)|Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.|
|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added new node MaintainProcessorArchitectureOnUpdate in Windows 10, next major update.|
|[DMClient CSP](dmclient-csp.md)|Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:
Devices that are joined to an on-premises Active Directory can enroll into MDM via the Work access page in Settings. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.|
|[CM_CellularEntries CSP](cm-cellularentries-csp.md)|Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.|
-|[EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)|Updated the Settings/EDPEnforcementLevel values to the following:
Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.
Changed the names of the following policies:
Added links to the additional [ADMX-backed BitLocker policies](policy-csp-bitlocker.md).
There were issues reported with the previous release of the following policies. These issues were fixed in Windows 10, version 1709:
Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.
Changed the names of the following policies:
Added links to the extra [ADMX-backed BitLocker policies](policy-csp-bitlocker.md).
There were issues reported with the previous release of the following policies. These issues were fixed in Windows 10, version 1709:
This policy setting controls whether or not complex list settings configured by a local administrator are merged with managed settings. This setting applies to lists such as threats and exclusions.
-If you disable or do not configure this setting, unique items defined in preference settings configured by the local administrator will be merged into the resulting effective policy. In the case of conflicts, management settings will override preference settings.
+If you disable or don't configure this setting, unique items defined in preference settings configured by the local administrator will be merged into the resulting effective policy. If conflicts occur, management settings will override preference settings.
If you enable this setting, only items defined by management will be used in the resulting effective policy. Managed settings will override preference settings configured by the local administrator.
> [!NOTE]
-> Applying this setting will not remove exclusions from the device registry, it will only prevent them from being applied/used. This is reflected in **Get-MpPreference**.
+> Applying this setting won't remove exclusions from the device registry, it will only prevent them from being applied/used. This is reflected in **Get-MpPreference**.
Supported OS versions: Windows 10
@@ -630,14 +630,14 @@ Valid values are:
- 0 (default) – Disable.
**Configuration/HideExclusionsFromLocalAdmins**
-This policy setting controls whether or not exclusions are visible to Local Admins. For end users (that are not Local Admins) exclusions are not visible, whether or not this setting is enabled.
+This policy setting controls whether or not exclusions are visible to Local Admins. For end users (that aren't Local Admins) exclusions aren't visible, whether or not this setting is enabled.
-If you disable or do not configure this setting, Local Admins will be able to see exclusions in the Windows Security App, in the registry, and via PowerShell.
+If you disable or don't configure this setting, Local Admins will be able to see exclusions in the Windows Security App, in the registry, and via PowerShell.
If you enable this setting, Local Admins will no longer be able to see the exclusion list in the Windows Security app, in the registry, or via PowerShell.
> [!NOTE]
-> Applying this setting will not remove exclusions, it will only prevent them from being visible to Local Admins. This is reflected in **Get-MpPreference**.
+> Applying this setting won't remove exclusions, it will only prevent them from being visible to Local Admins. This is reflected in **Get-MpPreference**.
Supported OS versions: Windows 10
@@ -650,7 +650,7 @@ Valid values are:
- 0 (default) – Disable.
**Configuration/DisableCpuThrottleOnIdleScans**
-Indicates whether the CPU will be throttled for scheduled scans while the device is idle. This feature is enabled by default and will not throttle the CPU for scheduled scans performed when the device is otherwise idle, regardless of what ScanAvgCPULoadFactor is set to. For all other scheduled scans this flag will have no impact and normal throttling will occur.
+Indicates whether the CPU will be throttled for scheduled scans while the device is idle. This feature is enabled by default and won't throttle the CPU for scheduled scans performed when the device is otherwise idle, regardless of what ScanAvgCPULoadFactor is set to. For all other scheduled scans, this flag will have no impact and normal throttling will occur.
The data type is integer.
@@ -691,7 +691,7 @@ Supported operations are Add, Delete, Get, Replace.
**Configuration/EnableFileHashComputation**
Enables or disables file hash computation feature.
-When this feature is enabled Windows Defender will compute hashes for files it scans.
+When this feature is enabled, Windows Defender will compute hashes for files it scans.
The data type is integer.
@@ -710,11 +710,11 @@ Supported operations are Add, Delete, Get, Replace.
Intune Support log location setting UX supports three states:
-- Not configured (default) - Does not have any impact on the default state of the device.
+- Not configured (default) - Doesn't have any impact on the default state of the device.
- 1 - Enabled. Enables the Support log location feature. Requires admin to set custom file path.
- 0 - Disabled. Turns off the Support log location feature.
-When enabled or disabled exists on the client and admin moves the setting to not configured, it will not have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly.
+When enabled or disabled exists on the client and admin moves the setting to be configured not , it won't have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly.
More details:
@@ -734,7 +734,7 @@ Current Channel (Broad): Devices will be offered updates only after the gradual
Critical: Devices will be offered updates with a 48-hour delay. Suggested for critical environments only
-If you disable or do not configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices.
+If you disable or don't configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices.
The data type is integer.
@@ -767,7 +767,7 @@ Current Channel (Broad): Devices will be offered updates only after the gradual
Critical: Devices will be offered updates with a 48-hour delay. Suggested for critical environments only
-If you disable or do not configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices.
+If you disable or don't configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices.
The data type is integer.
@@ -793,7 +793,7 @@ Current Channel (Staged): Devices will be offered updates after the release cycl
Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%).
-If you disable or do not configure this policy, the device will stay up to date automatically during the daily release cycle. Suitable for most devices.
+If you disable or don't configure this policy, the device will stay up to date automatically during the daily release cycle. Suitable for most devices.
The data type is integer.
Supported operations are Add, Delete, Get, Replace.
@@ -810,12 +810,12 @@ More details:
**Configuration/DisableGradualRelease**
Enable this policy to disable gradual rollout of monthly and daily Microsoft Defender updates.
-Devices will be offered all Microsoft Defender updates after the gradual release cycle completes. This is best for datacenters that only receive limited updates.
+Devices will be offered all Microsoft Defender updates after the gradual release cycle completes. This facility for devices is best for datacenters that only receive limited updates.
> [!NOTE]
> This setting applies to both monthly as well as daily Microsoft Defender updates and will override any previously configured channel selections for platform and engine updates.
-If you disable or do not configure this policy, the device will remain in Current Channel (Default) unless specified otherwise in specific channels for platform and engine updates. Stay up to date automatically during the gradual release cycle. Suitable for most devices.
+If you disable or don't configure this policy, the device will remain in Current Channel (Default) unless specified otherwise in specific channels for platform and engine updates. Stay up to date automatically during the gradual release cycle. Suitable for most devices.
The data type is integer.
diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md
index c964ed065c..9768af70a3 100644
--- a/windows/client-management/mdm/devicemanageability-csp.md
+++ b/windows/client-management/mdm/devicemanageability-csp.md
@@ -17,9 +17,9 @@ ms.date: 11/01/2017
The DeviceManageability configuration service provider (CSP) is used to retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607.
-For performance reasons, DeviceManageability CSP directly reads the CSP version from the registry. Specifically, the value csp\_version is used to determine each of the CSP versions. The csp\_version is a value under each of the CSP registration keys. To have consistency on the CSP version, the CSP GetProperty implementation for CFGMGR\_PROPERTY\_SEMANTICTYPE has to be updated to read from the registry as well, so that the both paths return the same information.
+For performance reasons, DeviceManageability CSP directly reads the CSP version from the registry. Specifically, the value csp\_version is used to determine each of the CSP versions. The csp\_version is a value under each of the CSP registration keys. To have consistency on the CSP version, the CSP GetProperty implementation for CFGMGR\_PROPERTY\_SEMANTICTYPE has to be updated to read from the registry as well, so that both the paths return the same information.
-The following shows the DeviceManageability configuration service provider in a tree format.
+The following example shows the DeviceManageability configuration service provider in a tree format.
```
./Device/Vendor/MSFT
DeviceManageability
@@ -46,14 +46,14 @@ Added in Windows 10, version 1709. Interior node.
Added in Windows 10, version 1709. Provider ID of the configuration source. ProviderID should be unique among the different config sources.
**Provider/_ProviderID_/ConfigInfo**
-Added in Windows 10, version 1709. Configuration information string value set by the configuration source. Recommended to be used during sync session.
+Added in Windows 10, version 1709. Configuration information string value set by the configuration source. Recommended to use during sync session.
ConfigInfo value can only be set by the provider that owns the ProviderID. The value is readable by other config sources.
Data type is string. Supported operations are Add, Get, Delete, and Replace.
**Provider/_ProviderID_/EnrollmentInfo**
-Added in Windows 10, version 1709. Enrollment information string value set by the configuration source and sent during MDM enrollment. It is readable by MDM server during sync session.
+Added in Windows 10, version 1709. Enrollment information string value set by the configuration source and sent during MDM enrollment. It's readable by MDM server during sync session.
Data type is string. Supported operations are Add, Get, Delete, and Replace.
diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index f87acbed2e..17cb3d7424 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -17,7 +17,7 @@ ms.date: 06/25/2021
The DeviceStatus configuration service provider is used by the enterprise to keep track of device inventory and query the state of compliance of these devices with their enterprise policies.
-The following shows the DeviceStatus configuration service provider in tree format.
+The following example shows the DeviceStatus configuration service provider in tree format.
```
./Vendor/MSFT
DeviceStatus
@@ -67,7 +67,7 @@ DeviceStatus
The root node for the DeviceStatus configuration service provider.
**DeviceStatus/SecureBootState**
-Indicates whether secure boot is enabled. The value is one of the following:
+Indicates whether secure boot is enabled. The value is one of the following values:
- 0 - Not supported
- 1 - Enabled
@@ -136,7 +136,7 @@ Boolean value that indicates whether the network card associated with the MAC ad
Supported operation is Get.
**DeviceStatus/NetworkIdentifiers/*MacAddress*/Type**
-Type of network connection. The value is one of the following:
+Type of network connection. The value is one of the following values:
- 2 - WLAN (or other Wireless interface)
- 1 - LAN (or other Wired interface)
@@ -148,7 +148,7 @@ Supported operation is Get.
Node for the compliance query.
**DeviceStatus/Compliance/EncryptionCompliance**
-Boolean value that indicates compliance with the enterprise encryption policy for OS (system) drives. The value is one of the following:
+Boolean value that indicates compliance with the enterprise encryption policy for OS (system) drives. The value is one of the following values:
- 0 - Not encrypted
- 1 - Encrypted
@@ -194,9 +194,9 @@ Added in Windows, version 1607. Integer that specifies the status of the antivi
Valid values:
-- 0 - The security software reports that it is not the most recent version.
-- 1 (default) - The security software reports that it is the most recent version.
-- 2 – Not applicable. This is returned for devices like the phone that do not have an antivirus (where the API doesn’t exist.)
+- 0 - The security software reports that it isn't the most recent version.
+- 1 (default) - The security software reports that it's the most recent version.
+- 2 – Not applicable. This value is returned for devices like the phone that don't have an antivirus (where the API doesn’t exist.)
Supported operation is Get.
@@ -213,9 +213,9 @@ Valid values:
- 0 – Antivirus is on and monitoring.
- 1 – Antivirus is disabled.
-- 2 – Antivirus is not monitoring the device/PC or some options have been turned off.
+- 2 – Antivirus isn't monitoring the device/PC or some options have been turned off.
- 3 (default) – Antivirus is temporarily not completely monitoring the device/PC.
-- 4 – Antivirus not applicable for this device. This is returned for devices like the phone that do not have an antivirus (where the API doesn’t exist.)
+- 4 – Antivirus not applicable for this device. This value is returned for devices like the phone that don't have an antivirus (where the API doesn’t exist.)
Supported operation is Get.
@@ -229,9 +229,9 @@ Added in Windows, version 1607. Integer that specifies the status of the antisp
Valid values:
-- 0 - The security software reports that it is not the most recent version.
-- 1 - The security software reports that it is the most recent version.
-- 2 - Not applicable. This is returned for devices like the phone that do not have an antivirus (where the API doesn’t exist.)
+- 0 - The security software reports that it isn't the most recent version.
+- 1 - The security software reports that it's the most recent version.
+- 2 - Not applicable. This value is returned for devices like the phone that don't have an antivirus (where the API doesn’t exist.)
Supported operation is Get.
@@ -246,10 +246,10 @@ Added in Windows, version 1607. Integer that specifies the status of the antisp
Valid values:
-- 0 - The status of the security provider category is good and does not need user attention.
-- 1 - The status of the security provider category is not monitored by Windows Security.
+- 0 - The status of the security provider category is good and doesn't need user attention.
+- 1 - The status of the security provider category isn't monitored by Windows Security.
- 2 - The status of the security provider category is poor and the computer may be at risk.
-- 3 - The security provider category is in snooze state. Snooze indicates that the Windows Security Service is not actively protecting the computer.
+- 3 - The security provider category is in snooze state. Snooze indicates that the Windows Security Service isn't actively protecting the computer.
Supported operation is Get.
@@ -265,9 +265,9 @@ Valid values:
- 0 – Firewall is on and monitoring.
- 1 – Firewall has been disabled.
-- 2 – Firewall is not monitoring all networks or some rules have been turned off.
+- 2 – Firewall isn't monitoring all networks or some rules have been turned off.
- 3 (default) – Firewall is temporarily not monitoring all networks.
-- 4 – Not applicable. This is returned for devices like the phone that do not have an antivirus (where the API doesn’t exist.)
+- 4 – Not applicable. This value is returned for devices like the phone that don't have an antivirus (where the API doesn’t exist.)
Supported operation is Get.
@@ -292,21 +292,21 @@ Added in Windows, version 1607. Integer that specifies the status of the batter
Supported operation is Get.
**DeviceStatus/Battery/EstimatedChargeRemaining**
-Added in Windows, version 1607. Integer that specifies the estimated battery charge remaining. This is the value returned in **BatteryLifeTime** in [SYSTEM\_POWER\_STATUS structure](/windows/win32/api/winbase/ns-winbase-system_power_status).
+Added in Windows, version 1607. Integer that specifies the estimated battery charge remaining. This value is the one that is returned in **BatteryLifeTime** in [SYSTEM\_POWER\_STATUS structure](/windows/win32/api/winbase/ns-winbase-system_power_status).
-The value is the number of seconds of battery life remaining when the device is not connected to an AC power source. When it is connected to a power source, the value is -1. When the estimation is unknown, the value is -1.
+The value is the number of seconds of battery life remaining when the device isn't connected to an AC power source. When it's connected to a power source, the value is -1. When the estimation is unknown, the value is -1.
Supported operation is Get.
**DeviceStatus/Battery/EstimatedRuntime**
-Added in Windows, version 1607. Integer that specifies the estimated runtime of the battery. This is the value returned in **BatteryLifeTime** in [SYSTEM\_POWER\_STATUS structure](/windows/win32/api/winbase/ns-winbase-system_power_status).
+Added in Windows, version 1607. Integer that specifies the estimated runtime of the battery. This value is the one that is returned in **BatteryLifeTime** in [SYSTEM\_POWER\_STATUS structure](/windows/win32/api/winbase/ns-winbase-system_power_status).
-The value is the number of seconds of battery life remaining when the device is not connected to an AC power source. When it is connected to a power source, the value is -1. When the estimation is unknown, the value is -1.
+The value is the number of seconds of battery life remaining when the device isn't connected to an AC power source. When it's connected to a power source, the value is -1. When the estimation is unknown, the value is -1.
Supported operation is Get.
**DeviceStatus/DomainName**
-Added in Windows, version 1709. Returns the fully qualified domain name of the device (if any). If the device is not domain-joined, it returns an empty string.
+Added in Windows, version 1709. Returns the fully qualified domain name of the device (if any). If the device isn't domain-joined, it returns an empty string.
Supported operation is Get.
@@ -322,15 +322,15 @@ Added in Windows, version 1709. Virtualization-based security hardware requirem
- 0x1: SecureBoot required
- 0x2: DMA Protection required
- 0x4: HyperV not supported for Guest VM
-- 0x8: HyperV feature is not available
+- 0x8: HyperV feature isn't available
Supported operation is Get.
**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus**
-Added in Windows, version 1709. Virtualization-based security status. Value is one of the following:
+Added in Windows, version 1709. Virtualization-based security status. Value is one of the following values:
- 0 - Running
- 1 - Reboot required
-- 2 - 64 bit architecture required
+- 2 - 64-bit architecture required
- 3 - Not licensed
- 4 - Not configured
- 5 - System doesn't meet hardware requirements
diff --git a/windows/client-management/mdm/devinfo-csp.md b/windows/client-management/mdm/devinfo-csp.md
index 670c0d736e..ef7c93a036 100644
--- a/windows/client-management/mdm/devinfo-csp.md
+++ b/windows/client-management/mdm/devinfo-csp.md
@@ -1,6 +1,6 @@
---
title: DevInfo CSP
-description: Learn now the DevInfo configuration service provider handles the managed object which provides device information to the OMA DM server.
+description: Learn how the DevInfo configuration service provider handles the managed object that provides device information to the OMA DM server.
ms.assetid: d3eb70db-1ce9-4c72-a13d-651137c1713c
ms.reviewer:
manager: dansimp
@@ -15,16 +15,16 @@ ms.date: 06/26/2017
# DevInfo CSP
-The DevInfo configuration service provider handles the managed object which provides device information to the OMA DM server. This device information is automatically sent to the OMA DM server at the beginning of each OMA DM session.
+The DevInfo configuration service provider handles the managed object that provides device information to the OMA DM server. This device information is automatically sent to the OMA DM server at the beginning of each OMA DM session.
> [!NOTE]
> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_ADMIN capabilities to be accessed from a network configuration application.
-For the DevInfo CSP, you cannot use the Replace command unless the node already exists.
+For the DevInfo CSP, you can't use the Replace command unless the node already exists.
-The following shows the DevInfo configuration service provider management object in tree format as used by OMA Device Management. The OMA Client provisioning protocol is not supported by this configuration service provider.
+The following example shows the DevInfo configuration service provider management object in tree format as used by OMA Device Management. The OMA Client provisioning protocol isn't supported by this configuration service provider.
```
.
DevInfo
@@ -52,14 +52,14 @@ The **UseHWDevID** parm of the [DMAcc configuration service provider](dmacc-csp.
**Man**
Required. Returns the name of the OEM. For Windows 10 for desktop editions, it returns the SystemManufacturer as defined in HKEY\_LOCAL\_MACHINE\\HARDWARE\\DESCRIPTION\\System\\BIOS\\SystemManufacturer.
-If no name is found, this returns "Unknown".
+If no name is found, the value returned is "Unknown".
Supported operation is Get.
**Mod**
Required. Returns the name of the hardware device model as specified by the mobile operator. For Windows 10 for desktop editions, it returns the SystemProductName as defined in HKEY\_LOCAL\_MACHINE\\HARDWARE\\DESCRIPTION\\System\\BIOS\\SystemProductName.
-If no name is found, this returns "Unknown".
+If no name is found, the value returned is "Unknown".
Supported operation is Get.
diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
index 5dc126771b..057030f5f3 100644
--- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
+++ b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
@@ -19,7 +19,7 @@ To help diagnose enrollment or device management issues in Windows 10 devices m
## Download the MDM Diagnostic Information log from Windows 10 PCs
-1. On your managed device go to **Settings** > **Accounts** > **Access work or school**.
+1. On your managed device, go to **Settings** > **Accounts** > **Access work or school**.
1. Click your work or school account, then click **Info.**
@@ -88,7 +88,7 @@ You can open the log files (.evtx files) in the Event Viewer on a Windows 10 PC
## Collect logs remotely from Windows 10 PCs
-When the PC is already enrolled in MDM, you can remotely collect logs from the PC through the MDM channel if your MDM server supports this. The [DiagnosticLog CSP](diagnosticlog-csp.md) can be used to enable an event viewer channel by full name. Here are the Event Viewer names for the Admin and Debug channels:
+When the PC is already enrolled in MDM, you can remotely collect logs from the PC through the MDM channel if your MDM server supports this facility. The [DiagnosticLog CSP](diagnosticlog-csp.md) can be used to enable an event viewer channel by full name. Here are the Event Viewer names for the Admin and Debug channels:
- Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FAdmin
- Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FDebug
@@ -234,7 +234,7 @@ After the logs are collected on the device, you can retrieve the files through t
## View logs
-For best results, ensure that the PC or VM on which you are viewing logs matches the build of the OS from which the logs were collected.
+For best results, ensure that the PC or VM on which you're viewing logs matches the build of the OS from which the logs were collected.
1. Open eventvwr.msc.
2. Right-click on **Event Viewer(Local)** and select **Open Saved Log**.
@@ -256,7 +256,7 @@ For best results, ensure that the PC or VM on which you are viewing logs matches
-7. Now you are ready to start reviewing the logs.
+7. Now you're ready to start reviewing the logs.
diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md
index cef5ea62ca..ded51dd0fa 100644
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@@ -18,16 +18,16 @@ The DiagnosticLog configuration service provider (CSP) provides the following fe
- [DiagnosticArchive area](#diagnosticarchive-area). Capture and upload event logs, log files, and registry values for troubleshooting.
- [Policy area](#policy-area). Configure Windows event log policies, such as maximum log size.
- [EtwLog area](#etwlog-area). Control ETW trace sessions.
-- [DeviceStateData area](#devicestatedata-area). Provide additional device information.
+- [DeviceStateData area](#devicestatedata-area). Provide more device information.
- [FileDownload area](#filedownload-area). Pull trace and state data directly from the device.
-The following are the links to different versions of the DiagnosticLog CSP DDF files:
+The links to different versions of the DiagnosticLog CSP DDF files are:
- [DiagnosticLog CSP version 1.4](diagnosticlog-ddf.md#version-1-4)
- [DiagnosticLog CSP version 1.3](diagnosticlog-ddf.md#version-1-3)
- [DiagnosticLog CSP version 1.2](diagnosticlog-ddf.md#version-1-2)
-The following shows the DiagnosticLog CSP in tree format.
+The following example shows the DiagnosticLog CSP in tree format.
```
./Vendor/MSFT/DiagnosticLog
@@ -92,7 +92,7 @@ Set and Execute are functionality equivalent, and each accepts a `Collection` XM
With Windows 10 KB5011543, Windows 11 KB5011563 we have added support for an additional element which will determine whether the output file generated by the CSP is a flattened folder structure, instead of having individual folders for each directive in the XML.
-The following is an example of a `Collection` XML.
+The following example shows a `Collection` XML:
``` xml
Node for power-related configrations
+Node for power-related configurations
**PowerSettings/MaxSkippedSessionsInLowPowerState**Maximum number of continuous skipped sync sessions when the device is in low-power state.
diff --git a/windows/client-management/mdm/dynamicmanagement-csp.md b/windows/client-management/mdm/dynamicmanagement-csp.md index 37a56ed643..355e5d1e79 100644 --- a/windows/client-management/mdm/dynamicmanagement-csp.md +++ b/windows/client-management/mdm/dynamicmanagement-csp.md @@ -14,11 +14,11 @@ ms.collection: highpri # DynamicManagement CSP -Windows 10 allows you to manage devices differently depending on location, network, or time. In Windows 10, version 1703 the focus is on the most common areas of concern expressed by organizations. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country to avoid roaming charges, or the wireless network can be disabled when the device is not within the corporate building or campus. Once configured, these settings will be enforced even if the device can’t reach the management server when the location or network changes. The Dynamic Management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs. +Windows 10 allows you to manage devices differently depending on location, network, or time. In Windows 10, version 1703 the focus is on the most common areas of concern expressed by organizations. For example, managed devices can have cameras disabled when at a work location, the cellular service can be disabled when outside the country to avoid roaming charges, or the wireless network can be disabled when the device isn't within the corporate building or campus. Once configured, these settings will be enforced even if the device can’t reach the management server when the location or network changes. The Dynamic Management CSP enables configuration of policies that change how the device is managed in addition to setting the conditions on which the change occurs. This CSP was added in Windows 10, version 1703. -The following shows the DynamicManagement configuration service provider in tree format. +The following example shows the DynamicManagement configuration service provider in tree format. ``` ./Device/Vendor/MSFT DynamicManagement @@ -85,7 +85,7 @@ DynamicManagementValue type is integer. Supported operation is Get.
**Altitude** -A value that determines how to handle conflict resolution of applying multiple contexts on the device. This is required and must be distinct of other priorities.
+A value that determines how to handle conflict resolution of applying multiple contexts on the device. This value is required and must be distinct of other priorities.
Value type is integer. Supported operations are Add, Get, Delete, and Replace.
**AlertsEnabled** diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md index 37f0269edb..9f9d1ab88c 100644 --- a/windows/client-management/mdm/eap-configuration.md +++ b/windows/client-management/mdm/eap-configuration.md @@ -34,7 +34,7 @@ To get the EAP configuration from your desktop using the rasphone tool that is s  -1. Enter an Internet address and connection name. These can be fake since it does not impact the authentication parameters. +1. Enter an Internet address and connection name. These details can be fake since it doesn't impact the authentication parameters.  @@ -60,7 +60,7 @@ To get the EAP configuration from your desktop using the rasphone tool that is s Get-VpnConnection -Name Test ``` - Here is an example output. + Here's an example output. ``` syntax Name : Test @@ -88,7 +88,7 @@ To get the EAP configuration from your desktop using the rasphone tool that is s $a.EapConfigXmlStream.InnerXml ``` - Here is an example output. + Here's an example output. ```xmlSupported operations are Add, Get, Delete, and Replace.
**EnterpriseAPN/*ConnectionName*/IPType** -This value can be one of the following:
+This value can be one of the following values:
- IPv4 - only IPV4 connection type - IPv6 - only IPv6 connection type @@ -67,12 +67,12 @@ EnterpriseAPNSupported operations are Add, Get, Delete, and Replace.
**EnterpriseAPN/*ConnectionName*/ClassId** -GUID that defines the APN class to the modem. This is the same as the OEMConnectionId in CM_CellularEntries CSP. Normally this setting is not present. It is only required when IsAttachAPN is true and the attach APN is not only used as the Internet APN.
+GUID that defines the APN class to the modem. This GUID is the same as the OEMConnectionId in CM_CellularEntries CSP. Normally this setting isn't present. It's only required when IsAttachAPN is true and the attach APN isn't only used as the Internet APN.
Supported operations are Add, Get, Delete, and Replace.
**EnterpriseAPN/*ConnectionName*/AuthType** -Authentication type. This value can be one of the following:
+Authentication type. This value can be one of the following values:
- None (default) - Auto @@ -93,7 +93,7 @@ EnterpriseAPNSupported operations are Add, Get, Delete, and Replace.
**EnterpriseAPN/*ConnectionName*/IccId** -Integrated Circuit Card ID (ICCID) associated with the cellular connection profile. If this node is not present, the connection is created on a single-slot device using the ICCID of the UICC and on a dual-slot device using the ICCID of the UICC that is active for data.
+Integrated Circuit Card ID (ICCID) associated with the cellular connection profile. If this node isn't present, the connection is created on a single-slot device using the ICCID of the UICC and on a dual-slot device using the ICCID of the UICC that is active for data.
Supported operations are Add, Get, Delete, and Replace.
diff --git a/windows/client-management/mdm/enterpriseappmanagement-csp.md b/windows/client-management/mdm/enterpriseappmanagement-csp.md index 4192b8bdcc..b59fc137e1 100644 --- a/windows/client-management/mdm/enterpriseappmanagement-csp.md +++ b/windows/client-management/mdm/enterpriseappmanagement-csp.md @@ -21,7 +21,7 @@ The EnterpriseAppManagement enterprise configuration service provider is used to > The EnterpriseAppManagement CSP is only supported in Windows 10 IoT Core. -The following shows the EnterpriseAppManagement configuration service provider in tree format. +The following example shows the EnterpriseAppManagement configuration service provider in tree format. ```console ./Vendor/MSFT @@ -52,7 +52,7 @@ EnterpriseAppManagement ``` ***EnterpriseID*** -Optional. A dynamic node that represents the EnterpriseID as a GUID. It is used to enroll or unenroll enterprise applications. +Optional. A dynamic node that represents the EnterpriseID as a GUID. It's used to enroll or unenroll enterprise applications. Supported operations are Add, Delete, and Get. @@ -190,11 +190,11 @@ Supported operation is Exec. ### Install and Update Line of Business (LOB) applications -A workplace can automatically install and update Line of Business applications during a management session. Line of Business applications support a variety of file types including XAP (8.0 and 8.1), AppX, and AppXBundles. A workplace can also update applications from XAP file formats to Appx and AppxBundle formats through the same channel. For more information, see the Examples section. +A workplace can automatically install and update Line of Business applications during a management session. Line of Business applications support various file types including XAP (8.0 and 8.1), AppX, and AppXBundles. A workplace can also update applications from XAP file formats to Appx and AppxBundle formats through the same channel. For more information, see the Examples section. ### Uninstall Line of Business (LOB) applications -A workplace can also remotely uninstall Line of Business applications on the device. It is not possible to use this mechanism to uninstall Store applications on the device or Line of Business applications that are not installed by the enrolled workplace (for side-loaded application scenarios). For more information, see the Examples section +A workplace can also remotely uninstall Line of Business applications on the device. It's not possible to use this mechanism to uninstall Store applications on the device or Line of Business applications that aren't installed by the enrolled workplace (for side-loaded application scenarios). For more information, see the Examples section. ### Query installed Store application @@ -242,7 +242,7 @@ All node values under the ProviderID interior node represent the policy values t - An Add or Replace command on those nodes returns success in both of the following cases: - - The value is actually applied to the device. + - The value is applied to the device. - The value isn’t applied to the device because the device has a more secure value set already. @@ -252,9 +252,9 @@ From a security perspective, the device complies with the policy request that is - If a Replace command fails, the node value is set to be the previous value before Replace command was applied. -- If an Add command fails, the node is not created. +- If an Add command fails, the node isn't created. -The value actually applied to the device can be queried via the nodes under the DeviceValue interior node. +The value applied to the device can be queried via the nodes under the DeviceValue interior node. ## OMA DM examples @@ -303,7 +303,7 @@ Update the enrollment token (for example, to update an expired application enrol ``` -Query all installed applications that belong to enterprise id “4000000001”: +Query all installed applications that belong to enterprise ID “4000000001”: ```xml