deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #7796 from MicrosoftDocs/repo_sync_working_branch

Browse Source 
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/windows-itpro-docs (branch public)
This commit is contained in:
Stephanie Savell 2023-01-30 11:34:50 -06:00 committed by GitHub
commit 52274cf44e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md
View File

@ -28,6 +28,7 @@ Describes the best practices, location, values, policy management, and security
## Reference ## Reference
The **Act as part of the operating system** policy setting determines whether a process can assume the identity of any user and thereby gain access to the resources that the user is authorized to access. Typically, only low-level authentication services require this user right. Potential access isn't limited to what is associated with the user by default. The calling process may request that arbitrary extra privileges be added to the access token. The calling process may also build an access token that doesn't provide a primary identity for auditing in the system event logs. The **Act as part of the operating system** policy setting determines whether a process can assume the identity of any user and thereby gain access to the resources that the user is authorized to access. Typically, only low-level authentication services require this user right. Potential access isn't limited to what is associated with the user by default. The calling process may request that arbitrary extra privileges be added to the access token. The calling process may also build an access token that doesn't provide a primary identity for auditing in the system event logs.
Constant: SeTcbPrivilege Constant: SeTcbPrivilege
### Possible values ### Possible values

6
windows/security/threat-protection/security-policy-settings/create-symbolic-links.md
View File

@ -29,9 +29,11 @@ Describes the best practices, location, values, policy management, and security
This user right determines if users can create a symbolic link from the device they're logged on to. This user right determines if users can create a symbolic link from the device they're logged on to.
A symbolic link is a file-system object that points to another file-system object that is called the target. Symbolic links are transparent to users. The links appear as normal files or directories, and they can be acted upon by the user or application in exactly the same manner. Symbolic links are designed to aid in migration and application compatibility with UNIX operating systems. Microsoft has implemented symbolic links to function just like UNIX links. A symbolic link is a file system object that points to another file system object that is called the target. Symbolic links are transparent to users. The links appear as normal files or directories, and they can be acted upon by the user or application in exactly the same manner. Symbolic links are designed to aid in migration and application compatibility with UNIX operating systems. Microsoft has implemented symbolic links to function just like UNIX links.
> [!WARNING]
> This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them.
>**Warning:**   This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them.
Constant: SeCreateSymbolicLinkPrivilege Constant: SeCreateSymbolicLinkPrivilege
### Possible values ### Possible values

3
windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md
View File

@ -33,7 +33,8 @@ Normally, an application running on Windows can negotiate for more physical memo
Enabling this policy setting for a specific account (a user account or a process account for an application) prevents paging of the data. Thereby, the amount of memory that Windows can reclaim under pressure is limited. This limitation could lead to performance degradation. Enabling this policy setting for a specific account (a user account or a process account for an application) prevents paging of the data. Thereby, the amount of memory that Windows can reclaim under pressure is limited. This limitation could lead to performance degradation.
>**Note:**  By configuring this policy setting, the performance of the Windows operating system will differ depending on if applications are running on 32-bit or 64-bit systems, and if they are virtualized images. Performance will also differ between earlier and later versions of the Windows operating system. > [!NOTE]
> By configuring this policy setting, the performance of the Windows operating system will differ depending on if applications are running on 32-bit or 64-bit systems, and if they are virtualized images. Performance will also differ between earlier and later versions of the Windows operating system.
Constant: SeLockMemoryPrivilege Constant: SeLockMemoryPrivilege

2
windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
View File

@ -76,6 +76,7 @@ Enables or disables networking in the sandbox. You can disable network access to
`<Networking>value</Networking>` `<Networking>value</Networking>`
Supported values: Supported values:
- *Enable*: Enables networking in the sandbox.
- *Disable*: Disables networking in the sandbox. - *Disable*: Disables networking in the sandbox.
- *Default*: This value is the default value for networking support. This value enables networking by creating a virtual switch on the host and connects the sandbox to it via a virtual NIC. - *Default*: This value is the default value for networking support. This value enables networking by creating a virtual switch on the host and connects the sandbox to it via a virtual NIC.
@ -184,6 +185,7 @@ Enables or disables sharing of the host clipboard with the sandbox.
`<ClipboardRedirection>value</ClipboardRedirection>` `<ClipboardRedirection>value</ClipboardRedirection>`
Supported values: Supported values:
- *Enable*: Enables sharing of the host clipboard with the sandbox.
- *Disable*: Disables clipboard redirection in the sandbox. If this value is set, copy/paste in and out of the sandbox will be restricted. - *Disable*: Disables clipboard redirection in the sandbox. If this value is set, copy/paste in and out of the sandbox will be restricted.
- *Default*: This value is the default value for clipboard redirection. Currently, copy/paste between the host and sandbox are permitted under *Default*. - *Default*: This value is the default value for clipboard redirection. Currently, copy/paste between the host and sandbox are permitted under *Default*.