deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 21:33:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

fix merge conflicts

Browse Source
This commit is contained in:
doshnid
2022-09-14 18:05:21 -07:00
parent 8c06834537 e9086f050f
commit 56bf82a111
2172 changed files with 31680 additions and 28736 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
windows/application-management/add-apps-and-features.md
View File

@ -2,12 +2,12 @@
title: Add or hide optional apps and features on Windows devices | Microsoft Docs
description: Learn how to add Windows 10 and Windows 11 optional features using the Apps & features page in the Settings app. Also see the group policy objects (GPO) and MDM policies that show or hide Apps and Windows Features in the Settings app. Use Windows PowerShell to show or hide specific features in Windows Features.
ms.prod: w10
ms.author: aaroncz
author: aczechowski
author: nicholasswhite
ms.author: nwhite
manager: aaroncz
ms.localizationpriority: medium
ms.date: 08/30/2021
ms.reviewer:
manager: dougeby
ms.topic: article
ms.collection: highpri
---

6
windows/application-management/app-v/appv-about-appv.md
View File

@ -58,11 +58,7 @@ For more information about how to configure an existing App-V installation after
## Support for System Center
App-V supports System Center 2016 and System Center 2012 R2 Configuration Manager SP1. See [Planning for App-V Integration with Configuration Manager](/previous-versions/system-center/system-center-2012-R2/jj822982(v=technet.10)) to learn more about how to integrate your App-V environment with Configuration Manager.
App-V supports System Center 2016 and Configuration Manager SP1. See [Planning for App-V Integration with Configuration Manager](/previous-versions/system-center/system-center-2012-R2/jj822982(v=technet.10)) to learn more about how to integrate your App-V environment with Configuration Manager.
## Related articles

4
windows/application-management/app-v/appv-auto-provision-a-vm.md
View File

@ -33,7 +33,7 @@ Provisioning your new VM includes creating a VHD file, setting up a user account
#### Create a VHD file
For this process to work, you must have a base operating system available as a VHD image file, we recommend using the [Convert-WindowsImage.ps1](https://gallery.technet.microsoft.com/scriptcenter/Convert-WindowsImageps1-0fe23a8f) command-line tool.
For this process to work, you must have a base operating system available as a VHD image file, we recommend using the [Convert-WindowsImage.ps1](https://www.powershellgallery.com/packages/Convert-WindowsImage/10.0) command-line tool.
#### Create a VHD file with the Convert-WindowsImage command-line tool
@ -122,6 +122,6 @@ After you sequence your packages, you can automatically clean up any unpublished
### Related articles
- [Download the **Convert-WindowsImage** tool](https://www.powershellgallery.com/packages/Convert-WindowsImage/10.0)
- [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
- [Download the Windows ADK](/windows-hardware/get-started/adk-install)
- [How to install the App-V Sequencer](appv-install-the-sequencer.md)
- [Learn about Hyper-V on Windows Server 2016](/windows-server/virtualization/hyper-v/Hyper-V-on-Windows-Server)

2
windows/application-management/app-v/appv-capacity-planning.md
View File

@ -34,7 +34,7 @@ You can also manage your App-V environment using an electronic software distribu
* **Standalone model**—The standalone model allows virtual applications to be Windows Installer-enabled for distribution without streaming. App-V in Standalone mode only needs the sequencer and the client; no extra components are required. Applications are prepared for virtualization using a process called sequencing. For more information, see [Planning for the App-V Sequencer and Client deployment](appv-planning-for-sequencer-and-client-deployment.md). The standalone model is recommended for the following scenarios:
* When there are disconnected remote users who can't connect to the App-V infrastructure.
* When you're running a software management system, such as System Center 2012 Configuration Manager.
* When you're running a software management system, such as Configuration Manager.
* When network bandwidth limitations inhibit electronic software distribution.
* **Full infrastructure model**—The full infrastructure model provides for software distribution, management, and reporting capabilities; it also includes the streaming of applications across the network. The App-V full infrastructure model consists of one or more App-V management servers that can be used to publish applications to all clients. Publishing places the virtual application icons and shortcuts on the target computer. It can also stream applications to local users. For more information about how to install the management server, see [Planning for App-V Server deployment](appv-planning-for-appv-server-deployment.md). The full infrastructure model is recommended for the following scenarios:

31
windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
View File

@ -1,5 +1,5 @@
---
title: Deploying Microsoft Office 2010 by Using App-V (Windows 10/11)
title: Deploying Microsoft Office 2010 by Using App-V
description: Create Office 2010 packages for Microsoft Application Virtualization (App-V) using the App-V Sequencer or the App-V Package Accelerator.
author: aczechowski
ms.prod: w10
@ -31,16 +31,7 @@ The following table shows the App-V versions, methods of Office package creation
## Creating Office 2010 App-V using the sequencer
Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. Microsoft has provided a detailed recipe through a Knowledge Base article. For detailed instructions about how to create an Office 2010 package on App-V, see [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/kb/2830069).
## Creating Office 2010 App-V packages using package accelerators
Office 2010 App-V packages can be created through package accelerators. Microsoft has provided package accelerators for creating Office 2010 on Windows 10/11, Windows 8, and Windows 7. The following pages will show you which package accelerator is best for creating Office 2010 App-V packages on your version of Windows:
* [App-V 5.0 Package Accelerator for Office Professional Plus 2010 Windows 8](https://gallery.technet.microsoft.com/App-V-50-Package-a29410db)
* [App-V 5.0 Package Accelerator for Office Professional Plus 2010 Windows 7](https://gallery.technet.microsoft.com/App-V-50-Package-e7ef536b)
For detailed instructions on how to create virtual application packages using App-V package accelerators, see [How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md).
Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. For more information, see [How to Sequence a New Application with App-V 5.0](/microsoft-desktop-optimization-pack/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030).
## Deploying the Microsoft Office package for App-V
@ -73,29 +64,13 @@ The following table provides a full list of supported integration points for Off
|Primary Interop Assemblies|Support managed add-ins||
|Office Document Cache Handler|Allows Document Cache for Office applications||
|Outlook Protocol Search handler|User can search in Outlook|Yes|
|Active X Controls:<br>- Groove.SiteClient<br>- PortalConnect.PersonalSite<br>- SharePoint.openDocuments<br>- SharePoint.ExportDatabase<br>- SharePoint.SpreadSheetLauncher<br>- SharePoint.StssyncHander<br>- SharePoint.DragUploadCtl<br>- SharePoint.DragDownloadCtl<br>- Sharpoint.OpenXMLDocuments<br> - Sharepoint.ClipboardCtl<br>- WinProj.Activator<br>- Name.NameCtrl<br>- STSUPld.CopyCtl<br>- CommunicatorMeetingJoinAx.JoinManager<br>- LISTNET.Listnet<br>- OneDrive Pro Browser Helper|Active X Control. <br><br>For more information about ActiveX controls, see the [ActiveX Control API Reference](<https://msdn.microsoft.com/library/office/ms440037(v=office.14).aspx>).||
|Active X Controls:<br>- Groove.SiteClient<br>- PortalConnect.PersonalSite<br>- SharePoint.openDocuments<br>- SharePoint.ExportDatabase<br>- SharePoint.SpreadSheetLauncher<br>- SharePoint.StssyncHander<br>- SharePoint.DragUploadCtl<br>- SharePoint.DragDownloadCtl<br>- Sharpoint.OpenXMLDocuments<br> - Sharepoint.ClipboardCtl<br>- WinProj.Activator<br>- Name.NameCtrl<br>- STSUPld.CopyCtl<br>- CommunicatorMeetingJoinAx.JoinManager<br>- LISTNET.Listnet<br>- OneDrive Pro Browser Helper|Active X Control. <br><br>For more information about ActiveX controls, see the [ActiveX Control API Reference](/previous-versions/office/developer/sharepoint-2010/ms440037(v=office.14)).||
|OneDrive Pro Icon Overlays|Windows explorer shell icon overlays when users look at folders OneDrive Pro folders||
## Additional resources
### Office 2013 App-V Packages Additional Resources
* [Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/kb/2772509)
### Office 2010 App-V Packages
* [Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/download/details.aspx?id=38399)
* [Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/kb/2828619)
* [How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/kb/2830069)
### Connection Groups
* [Managing Connection Groups](appv-managing-connection-groups.md)
* [Connection groups on the App-V team blog](https://blogs.msdn.microsoft.com/gladiator/tag/connection-groups/)
### Dynamic Configuration
* [About App-V Dynamic Configuration](appv-dynamic-configuration.md)

51
windows/application-management/app-v/appv-performance-guidance.md
View File

@ -1,5 +1,5 @@
---
title: Performance Guidance for Application Virtualization (Windows 10/11)
title: Performance Guidance for Application Virtualization
description: Learn how to configure App-V for optimal performance, optimize virtual app packages, and provide a better user experience with RDS and VDI.
author: aczechowski
ms.prod: w10
@ -36,11 +36,11 @@ You should read and understand the following information before reading this doc
Finally, this document will provide you with the information to configure the computer running App-V client and the environment for optimal performance. Optimize your virtual application packages for performance using the sequencer, and to understand how to use User Experience Virtualization (UE-V) or other user environment management technologies to provide the optimal user experience with App-V in both Remote Desktop Services (RDS) and non-persistent virtual desktop infrastructure (VDI).
To help determine what information is relevant to your environment, you should review each sections brief overview and applicability checklist.
To help determine what information is relevant to your environment, you should review each section's brief overview and applicability checklist.
## <a href="" id="---------app-v-5-1-in-stateful--non-persistent-deployments"></a> App-V in stateful\* non-persistent deployments
This section provides information about an approach that helps ensure a user will have access to all virtual applications within seconds after logging in. This access is achieved by uniquely addressing the often long-running App-V publishing refresh. As you'll discover the basis of the approach, the fastest publishing refresh, is one that doesnt have to actually do anything. Many conditions must be met and steps followed to provide the optimal user experience.
This section provides information about an approach that helps ensure a user will have access to all virtual applications within seconds after logging in. This access is achieved by uniquely addressing the often long-running App-V publishing refresh. As you'll discover the basis of the approach, the fastest publishing refresh, is one that doesn't have to actually do anything. Many conditions must be met and steps followed to provide the optimal user experience.
Use the information in the following section for more information:
@ -54,7 +54,7 @@ Use the information in the following section for more information:
- Steps to Prepare the Base Image Whether in a non-persistent VDI or RDSH environment, only a few steps must be completed in the base image to enable this approach.
- Use UE-V as the User Profile Management (UPM) solution for the App-V approach the cornerstone of this approach is the ability of a UEM solution to persist the contents of just a few registry and file locations. These locations constitute the user integrations\*. Be sure to review the specific requirements for the UPM solution.
- Use UE-V as the User Profile Management (UPM) solution for the App-V approach the cornerstone of this approach is the ability of a UEM solution to persist the contents of just a few registry and file locations. These locations constitute the user integrations\*. Be sure to review the specific requirements for the UPM solution.
[User Experience Walk-through](#bkmk-uewt)
@ -122,8 +122,7 @@ The following information displays the required steps to prepare the base image
- Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md).
- Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.
- Configure for Shared Content Store (SCS) mode. For more information, see [Deploying the
App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).
- Configure for Shared Content Store (SCS) mode. For more information, see [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).
- Configure Preserve User Integrations on Login Registry DWORD.
- Pre-configure all global-targeted packages, for example, **Add-AppvClientPackage**.
- Pre-configure all global-targeted connection groups, for example, **Add-AppvClientConnectionGroup**.
@ -144,7 +143,7 @@ For critical App-V Client configurations and for a little more context and how-t
For every package that meets the above conditions, effectively twice the work will be done during publishing/refresh.
If you dont plan to pre-configure every available user package in the base image, use this setting.
If you don't plan to pre-configure every available user package in the base image, use this setting.
- Configure in the Registry under `HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Integration`.
- Create the DWORD value **PreserveUserIntegrationsOnLogin** with a value of 1.
@ -170,12 +169,10 @@ For more information, see:
- [Get Started with UE-V](/windows/configuration/ue-v/uev-getting-started)
In essence all that is required is to enable the UE-V service and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](https://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information about UE-V templates, see [User Experience Virtualization (UE-V) for Windows client overview](/windows/configuration/ue-v/uev-for-windows).
> [!Note]
> Without performing an additional configuration step, User Environment Virtualization (UE-V) won't be able to synchronize the Start menu shortcuts (.lnk files) on the target computer. The .lnk file type is excluded by default.
UE-V will only support removing the .lnk file type from the exclusion list in the RDS and VDI scenarios, where every users device will have the same set of applications installed to the same location and every .lnk file is valid for all the users devices. For example, UE-V wouldn't currently support the following two scenarios, because the net result will be that the shortcut will be valid on one but not all devices.
UE-V will only support removing the .lnk file type from the exclusion list in the RDS and VDI scenarios, where every user's device will have the same set of applications installed to the same location and every .lnk file is valid for all the users' devices. For example, UE-V wouldn't currently support the following two scenarios, because the net result will be that the shortcut will be valid on one but not all devices.
- If a user has an application installed on one device with .lnk files enabled and the same native application installed on another device to a different installation root with .lnk files enabled.
@ -306,7 +303,7 @@ This following process is a step-by-step walk-through of the App-V and UPM opera
Upgrading a package is a crucial aspect of the package lifecycle. To help guarantee users have access to the appropriate upgraded (published) or downgraded (unpublished) virtual application packages, it's recommended you update the base image to reflect these changes. To understand why review the following section:
App-V 5.0 SP2 introduced the concept of pending states. In the past,
App-V 5.0 SP2 introduced the concept of pending states. In the past,
- If an administrator changed entitlements or created a new version of a package (upgraded) and during a publishing/refresh that package was in-use, the unpublish or publish operation, respectively, would fail.
@ -318,37 +315,23 @@ In a non-persistent environment, it's unlikely these pended operations will be p
The following section contains lists with information about Microsoft documentation and downloads that may be useful when optimizing your environment for performance.
<!-- Following bold text used to say **.NET NGEN Blog and Script (Highly Recommended)** but the script doesn't seem to exist any more. The link to the script was [Script](https://aka.ms/DrainNGenQueue) -->
#### Windows Server
**.NET NGEN Blog (Highly Recommended)**
Server performance tuning guidelines for [Microsoft Windows Server 2012 R2](/previous-versions/dn529133(v=vs.85))
- [How to speed up NGEN optimization](https://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx)
#### Server roles
**Windows Server and Server Roles**
- [Remote Desktop Virtualization Host](/previous-versions/dn567643(v=vs.85))
Server Performance Tuning Guidelines for
- [Remote Desktop Session Host](/previous-versions/dn567648(v=vs.85))
- [Microsoft Windows Server 2012 R2](/previous-versions//dn529133(v=vs.85))
- [Microsoft Windows Server 2012](https://download.microsoft.com/download/0/0/B/00BE76AF-D340-4759-8ECD-C80BC53B6231/performance-tuning-guidelines-windows-server-2012.docx)
- [Microsoft Windows Server 2008 R2](https://download.microsoft.com/download/6/B/2/6B2EBD3A-302E-4553-AC00-9885BBF31E21/Perf-tun-srv-R2.docx)
**Server Roles**
- [Remote Desktop Virtualization Host](/previous-versions//dn567643(v=vs.85))
- [Remote Desktop Session Host](/previous-versions//dn567648(v=vs.85))
- [IIS Relevance: App-V Management, Publishing, Reporting Web Services](/previous-versions//dn567678(v=vs.85))
- [IIS Relevance: App-V Management, Publishing, Reporting Web Services](/previous-versions/dn567678(v=vs.85))
- [File Server (SMB) Relevance: If used for App-V Content Storage and Delivery in SCS Mode](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134210(v=ws.11))
**Windows Client (Guest OS) Performance Tuning Guidance**
#### Windows Client (guest OS) performance tuning guidance
- [Optimization Script: (Provided by Microsoft Support)](/archive/blogs/jeff_stokes/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density)
- [Microsoft Windows 8](https://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf)
- [The Microsoft Premier Field Engineer (PFE) view on Virtual Desktop (VDI) Density](/archive/blogs/jeff_stokes/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density)
- [Optimization Script: (Provided by Microsoft Support)](/archive/blogs/jeff_stokes/hot-off-the-presses-get-it-now-the-windows-8-vdi-optimization-script-courtesy-of-pfe)
@ -404,7 +387,7 @@ Removing FB1 doesn't require the original application installer. After completin
### Creating a new virtual application package on the sequencer
If, during sequencer monitoring, an SxS Assembly (such as a VC++ Runtime) is installed as part of an applications installation, SxS Assembly will be automatically detected and included in the package. The administrator will be notified and will have the option to exclude the SxS Assembly.
If, during sequencer monitoring, an SxS Assembly (such as a VC++ Runtime) is installed as part of an application's installation, SxS Assembly will be automatically detected and included in the package. The administrator will be notified and will have the option to exclude the SxS Assembly.
**Client Side**:

2
windows/application-management/app-v/appv-supported-configurations.md
View File

@ -119,7 +119,7 @@ See the Windows or Windows Server documentation for the hardware requirements.
## Supported versions of Microsoft Endpoint Configuration Manager
The App-V client works with Configuration Manager versions starting with Technical Preview for System Center Configuration Manager, version 1606.
The App-V client works with Configuration Manager versions starting with Technical Preview for Configuration Manager, version 1606.
## Related articles

8
windows/application-management/apps-in-windows-10.md
View File

@ -1,11 +1,11 @@
---
title: Learn about the different app types in Windows 10/11 | Microsoft Docs
ms.reviewer:
manager: dougeby
description: Learn more and understand the different types of apps that run on Windows 10 and Windows 11. For example, learn more about UWP, WPF, Win32, and Windows Forms apps, including the best way to install these apps.
ms.prod: w10
ms.author: aaroncz
author: aczechowski
author: nicholasswhite
ms.author: nwhite
manager: aaroncz
ms.reviewer:
ms.localizationpriority: medium
ms.topic: article
ms.collection: highpri

1
windows/application-management/docfx.json
View File

@ -21,6 +21,7 @@
"files": [
"**/*.png",
"**/*.jpg",
"**/*.svg",
"**/*.gif"
],
"exclude": [

10
windows/application-management/enterprise-background-activity-controls.md
View File

@ -1,13 +1,13 @@
---
author: aczechowski
title: Remove background task resource restrictions
description: Allow enterprise background tasks unrestricted access to computer resources.
ms.author: aaroncz
ms.prod: w10
author: nicholasswhite
ms.author: nwhite
manager: aaroncz
ms.date: 10/03/2017
ms.reviewer:
manager: dougeby
ms.topic: article
ms.prod: w10
---
# Remove background task resource restrictions
@ -43,7 +43,7 @@ Starting with Windows 10, version 1703, enterprises can control background activ
`./Vendor/Microsoft/Policy/Config/Privacy/LetAppsRunInBackground_ForceDenyTheseApps` 
`./Vendor/Microsoft/Policy/Config/Privacy/LetAppsRunInBackground_UserInControlOfTheseApps`
These policies control the background activity battery settings for Universal Windows Platform (UWP) apps. They enable apps to not be managed by the Windows system policies and not be restricted when battery saver is active. Applying these policies to a device will disable the user controls for the applications specified in the policies in the **Settings** app. See [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider#privacy-letappsruninbackground) for more information about these policies.
These policies control the background activity battery settings for Universal Windows Platform (UWP) apps. They enable apps to not be managed by the Windows system policies and not be restricted when battery saver is active. Applying these policies to a device will disable the user controls for the applications specified in the policies in the **Settings** app. For more information about these policies, visit [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider#privacy-letappsruninbackground).
An app can determine which settings are in place for itself by using [BackgroundExecutionManager.RequestAccessAsync](/uwp/api/Windows.ApplicationModel.Background.BackgroundAccessStatus) before any background activity is attempted, and then examining the returned [BackgroundAccessStatus](/uwp/api/windows.applicationmodel.background.backgroundaccessstatus) enumeration. The values of this enumeration correspond to settings in the **battery usage by App** settings page: 
 

6
windows/application-management/includes/app-v-end-life-statement.md
View File

@ -1,9 +1,9 @@
---
author: aczechowski
ms.author: aaroncz
author: nicholasswhite
ms.author: nwhite
manager: aaroncz
ms.date: 09/20/2021
ms.reviewer:
manager: dougeby
ms.prod: w10
ms.topic: include
---

6
windows/application-management/includes/applies-to-windows-client-versions.md
View File

@ -1,9 +1,9 @@
---
author: aczechowski
ms.author: aaroncz
author: nicholasswhite
ms.author: nwhite
manager: aaroncz
ms.date: 09/28/2021
ms.reviewer:
manager: dougeby
ms.prod: w10
ms.topic: include
---

6
windows/application-management/index.yml
View File

@ -13,9 +13,9 @@ metadata:
ms.collection:
- windows-10
- highpri
author: aczechowski
ms.author: aaroncz
manager: dougeby
author: nicholasswhite
ms.author: nwhite
manager: aaroncz
ms.date: 08/24/2021 #Required; mm/dd/yyyy format.
ms.localizationpriority : medium

104
windows/application-management/manage-windows-mixed-reality.md
View File

@ -1,104 +0,0 @@
---
title: Enable or block Windows Mixed Reality apps in the enterprise (Windows 10/11)
description: Learn how to enable Windows Mixed Reality apps in WSUS or block the Windows Mixed Reality portal in enterprises.
ms.reviewer:
manager: dougeby
ms.prod: w10
ms.localizationpriority: medium
author: aczechowski
ms.author: aaroncz
ms.topic: article
---
# Enable or block Windows Mixed Reality apps in enterprises
[!INCLUDE [Applies to Windows client versions](./includes/applies-to-windows-client-versions.md)]
[Windows Mixed Reality](https://blogs.windows.com/windowsexperience/2017/10/03/the-era-of-windows-mixed-reality-begins-october-17/) was introduced in Windows 10, version 1709 (also known as the Fall Creators Update), as a [Windows Feature on Demand (FOD)](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). Features on Demand are Windows feature packages that can be added at any time. When a Windows client needs a new feature, it can request the feature package from Windows Update.
Organizations that use Windows Server Update Services (WSUS) must take action to [enable Windows Mixed Reality](#enable-windows-mixed-reality-in-wsus). Any organization that wants to prohibit use of Windows Mixed Reality can [block the installation of the Mixed Reality Portal](#block-the-mixed-reality-portal).
## Enable Windows Mixed Reality in WSUS
1. [Check your version of Windows.](https://support.microsoft.com/help/13443/windows-which-operating-system)
>[!NOTE]
>You must be on at least Windows 10, version 1709, to run Windows Mixed Reality.
2. Windows Mixed Reality Feature on Demand (FOD) is downloaded from Windows Update. If access to Windows Update is blocked, you must manually install the Windows Mixed Reality FOD.
1. Download the FOD .cab file:
- [Windows 11, version 21H2](https://software-download.microsoft.com/download/sg/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd_64~~.cab)
- [Windows 10, version 2004](https://software-download.microsoft.com/download/pr/6cf73b63/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab)
- [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab)
- [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab)
- [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab)
- [Windows 10, version 1709](https://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab)
> [!NOTE]
> You must download the FOD .cab file that matches your operating system version.
1. Use `Dism` to add Windows Mixed Reality FOD to the image.
```powershell
Dism /Online /Add-Package /PackagePath:(path)
```
> [!NOTE]
> On Windows 10 and 11, you must rename the FOD .CAB file to: **Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab**
1. In **Settings** > **Update & Security** > **Windows Update**, select **Check for updates**.
IT admins can also create [Side by side feature store (shared folder)](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127275(v=ws.11)) to allow access to the Windows Mixed Reality FOD.
## Block the Mixed Reality Portal
You can use the [AppLocker configuration service provider (CSP)](/windows/client-management/mdm/applocker-csp) to block the Mixed Reality software.
In the following example, the **Id** can be any generated GUID and the **Name** can be any name you choose. Note that `BinaryName="*"` allows you to block any app executable in the Mixed Reality Portal package. **Binary/VersionRange**, as shown in the example, will block all versions of the Mixed Reality Portal app.
```xml
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Add>
<CmdID>$CmdID$</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/PolicyManager/My/ApplicationManagement/ApplicationRestrictions</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
<Type xmlns="syncml:metinf">text/plain</Type>
</Meta>
<Data>
<RuleCollection Type="Appx" EnforcementMode="Enabled">
<FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*">
<BinaryVersionRange LowSection="0.0.0.0" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="d26da4e7-0b01-484d-a8d3-d5b5341b2d55" Name="Block Mixed Reality Portal" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.HolographicFirstRun" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
</RuleCollection>>
</Data>
</Item>
</Add>
<Final/>
</SyncBody>
</SyncML>
```
## Related articles
- [Mixed reality](https://developer.microsoft.com/windows/mixed-reality/mixed_reality)

32
windows/application-management/per-user-services-in-windows.md
View File

@ -2,11 +2,11 @@
title: Per-user services in Windows 10 and Windows Server
description: Learn about per-user services, how to change the template service Startup Type, and manage per-user services through Group Policy and security templates.
ms.prod: w10
ms.author: aaroncz
author: aczechowski
author: nicholasswhite
ms.author: nwhite
manager: aaroncz
ms.date: 09/14/2017
ms.reviewer:
manager: dougeby
---
# Per-user services in Windows 10 and Windows Server
@ -41,7 +41,7 @@ Before you disable any of these services, review the **Description** column in t
| 1803 | DevicePickerUserSvc | DevicePicker | Manual | | Device Picker |
| 1703 | DevicesFlowUserSvc | DevicesFlow | Manual | | Device Discovery and Connecting |
| 1703 | MessagingService | MessagingService | Manual | | Service supporting text messaging and related functionality |
| 1607 | OneSyncSvc | Sync Host | Auto (delayed) | | Synchronizes mail, contacts, calendar, and other user data. Mail and other applications dependent on this service don't work correctly when this service is not running. |
| 1607 | OneSyncSvc | Sync Host | Auto (delayed) | | Synchronizes mail, contacts, calendar, and other user data. Mail and other applications dependent on this service don't work correctly when this service isn't running. |
| 1607 | PimIndexMaintenanceSvc | Contact Data | Manual | UnistoreSvc | Indexes contact data for fast contact searching. If you stop or disable this service, search results might not display all contacts. |
| 1709 | PrintWorkflowUserSvc | PrintWorkflow | Manual | | Print Workflow |
| 1607 | UnistoreSvc | User Data Storage | Manual | | Handles storage of structured user data, including contact info, calendars, and messages. If you stop or disable this service, apps that use this data might not work correctly. |
@ -71,7 +71,7 @@ In light of these restrictions, you can use the following methods to manage per-
### Manage template services using a security template
You can manage the CDPUserSvc and OneSyncSvc per-user services with a [security template](/windows/device-security/security-policy-settings/administer-security-policy-settings#bkmk-sectmpl). See [Administer security policy settings](/windows/device-security/security-policy-settings/administer-security-policy-settings) for more information.
You can manage the CDPUserSvc and OneSyncSvc per-user services with a [security template](/windows/device-security/security-policy-settings/administer-security-policy-settings#bkmk-sectmpl). For more information, visit [Administer security policy settings](/windows/device-security/security-policy-settings/administer-security-policy-settings).
For example:
@ -87,13 +87,13 @@ Revision=1
### Manage template services using Group Policy preferences
If a per-user service can't be disabled using a the security template, you can disable it by using Group Policy preferences.
If a per-user service can't be disabled using the security template, you can disable it by using Group Policy preferences.
1. On a Windows Server domain controller or Windows 10 PC that has the [Remote Server Administration Tools (RSAT)](https://www.microsoft.com/download/details.aspx?id=45520) installed, click **Start**, type GPMC.MSC, and then press **Enter** to open the **Group Policy Management Console**.
1. On a Windows Server domain controller or Windows 10 PC that has the [Remote Server Administration Tools (RSAT)](https://www.microsoft.com/download/details.aspx?id=45520) installed, select **Start**, type GPMC.MSC, and then press **Enter** to open the **Group Policy Management Console**.
2. Create a new Group Policy Object (GPO) or use an existing GPO.
3. Right-click the GPO and click **Edit** to launch the Group Policy Object Editor.
3. Right-click the GPO and select **Edit** to launch the Group Policy Object Editor.
4. Depending on how you want to target the Group Policy, under **Computer configuration** or **User configuration** browse to Preferences\Windows Settings\Registry.
@ -101,23 +101,23 @@ If a per-user service can't be disabled using a the security template, you can d
![Group Policy preferences disabling per-user services.](media/gpp-per-user-services.png)
6. Make sure that HKEY_Local_Machine is selected for Hive and then click ... (the ellipses) next to Key Path.
6. Make sure that HKEY_Local_Machine is selected for Hive and then select ... (the ellipses) next to Key Path.
![Choose HKLM.](media/gpp-hklm.png)
7. Browse to **System\CurrentControlSet\Services\PimIndexMaintenanceSvc**. In the list of values, highlight **Start** and click **Select**.
7. Browse to **System\CurrentControlSet\Services\PimIndexMaintenanceSvc**. In the list of values, highlight **Start** and select **Select**.
![Select Start.](media/gpp-svc-start.png)
8. Change **Value data** from **00000003** to **00000004** and click **OK**. Note setting the Value data to **4** = **Disabled**.
8. Change **Value data** from **00000003** to **00000004** and select **OK**. Note setting the Value data to **4** = **Disabled**.
![Startup Type is Disabled.](media/gpp-svc-disabled.png)
9. To add the other services that cannot be managed with a Group Policy templates, edit the policy and repeat steps 5-8.
9. To add the other services that can't be managed with a Group Policy templates, edit the policy and repeat steps 5-8.
### Managing Template Services with reg.exe
If you cannot use Group Policy Preferences to manage the per-user services, you can edit the registry with reg.exe.
If you can't use Group Policy Preferences to manage the per-user services, you can edit the registry with reg.exe.
To disable the Template Services, change the Startup Type for each service to 4 (disabled).
For example:
@ -135,7 +135,7 @@ REG.EXE ADD HKLM\System\CurrentControlSet\Services\WpnUserService /v Start /t RE
### Managing Template Services with regedit.exe
If you cannot use Group Policy preferences to manage the per-user services, you can edit the registry with regedit.exe. To disable the template services, change the Startup Type for each service to 4 (disabled):
If you can't use Group Policy preferences to manage the per-user services, you can edit the registry with regedit.exe. To disable the template services, change the Startup Type for each service to 4 (disabled):
![Using Regedit to change servive Starup Type.](media/regedit-change-service-startup-type.png)
@ -159,7 +159,7 @@ Sample script using [sc.exe](/previous-versions/windows/it-pro/windows-server-20
```
sc.exe configure <service name> start= disabled
```
Note that the space after "=" is intentional.
The space after "=" is intentional.
Sample script using the [Set-Service PowerShell cmdlet](/previous-versions/windows/it-pro/windows-powershell-1.0/ee176963(v=technet.10)):
@ -169,7 +169,7 @@ Set-Service <service name> -StartupType Disabled
## View per-user services in the Services console (services.msc)
As mentioned you can't view the template services in the Services console, but you can see the user-specific per-user services - they are displayed using the \<service name>_LUID format (where LUID is the locally unique identifier).
As mentioned you can't view the template services in the Services console, but you can see the user-specific per-user services - they're displayed using the \<service name>_LUID format (where LUID is the locally unique identifier).
For example, you might see the following per-user services listed in the Services console:

8
windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
View File

@ -1,11 +1,11 @@
---
title: Use the Company Portal app for your private app repo on Windows 11 devices | Microsoft Docs
description: Use the Company Portal app in Windows 11 devices to access the private app repository for your organization or company apps. Add apps to an MDM/MAM provider, and deploy the apps to Windows devices using policies. The Company Portal app replaces Microsoft Store for Business private store on Windows 11 devices.
manager: dougeby
ms.author: aaroncz
author: nicholasswhite
ms.author: nwhite
manager: aaroncz
ms.reviewer: amanh
ms.prod: w11
author: aczechowski
ms.date: 09/15/2021
ms.localizationpriority: medium
---
@ -26,7 +26,7 @@ This article discusses the Company Portal app installation options, adding organ
## Before you begin
The Company Portal app is included with Microsoft Endpoint Manager (MEM). Endpoint Manager is a Mobile Device Management (MDM) and Mobile Application manager (MAM) provider. It help manages your devices, and manage apps on your devices.
The Company Portal app is included with Microsoft Endpoint Manager. Endpoint Manager is a Mobile Device Management (MDM) and Mobile Application manager (MAM) provider. It help manages your devices, and manage apps on your devices.
If you're not managing your devices using an MDM provider, the following resources may help you get started:

8
windows/application-management/provisioned-apps-windows-client-os.md
View File

@ -1,11 +1,11 @@
---
title: Get the provisioned apps on Windows client operating system | Microsoft Docs
ms.reviewer:
manager: dougeby
author: nicholasswhite
ms.author: nwhite
manager: aaroncz
description: Use the Windows PowerShell Get-AppxProvisionedPackage command to get a list off the provisioned apps installed in Windows OS. See a list of some common provisioned apps installed a Windows Enterprise client computer or device, including Windows 10/11.
ms.prod: w10
ms.author: aaroncz
author: aczechowski
ms.localizationpriority: medium
ms.topic: article
---
@ -17,7 +17,7 @@ ms.topic: article
- Windows 10
- Windows 11
Provisioned apps are included with the OS, and automatically installed when a user signs into a Windows device the first time. They are per-user apps, and typically installed in the `C:\Program Files\WindowsApps` folder. On your Windows devices, you can use Windows PowerShell to see the provisioned apps automatically installed.
Provisioned apps are included with the OS, and automatically installed when a user signs into a Windows device the first time. They're per-user apps, and typically installed in the `C:\Program Files\WindowsApps` folder. On your Windows devices, you can use Windows PowerShell to see the provisioned apps automatically installed.
This article lists some of the built-in provisioned apps on the different Windows client OS versions, and lists the Windows PowerShell command to get a list.

8
windows/application-management/remove-provisioned-apps-during-update.md
View File

@ -2,17 +2,17 @@
title: How to keep apps removed from Windows 10 from returning during an update
description: How to keep provisioned apps that were removed from your machine from returning during an update.
ms.prod: w10
ms.author: aaroncz
author: aczechowski
author: nicholasswhite
ms.author: nwhite
manager: aaroncz
ms.date: 05/25/2018
ms.reviewer:
manager: dougeby
---
# How to keep apps removed from Windows 10 from returning during an update
> Applies to: Windows 10 (General Availability Channel)
When you update a computer running Windows 10, version 1703 or 1709, you might see provisioned apps that you previously removed return post-update. This can happen if the computer was offline when you removed the apps. This issue was fixed in Windows 10, version 1803.
When you update a computer running Windows 10, version 1703 or 1709, you might see provisioned apps that you previously removed post-update. This can happen if the computer was offline when you removed the apps. Windows 10, version 1803 has fixed this issue.
>[!NOTE]
>* This issue only occurs after a feature update (from one version to the next), not monthly updates or security-related updates.

6
windows/application-management/sideload-apps-in-windows-10.md
View File

@ -2,10 +2,10 @@
title: Sideload LOB apps in Windows client OS | Microsoft Docs
description: Learn how to sideload line-of-business (LOB) apps in Windows client operating systems, including Windows 10/11. When you sideload an app, you deploy a signed app package to a device.
ms.reviewer:
manager: dougeby
ms.author: aaroncz
author: nicholasswhite
ms.author: nwhite
manager: aaroncz
ms.prod: w10
author: aczechowski
ms.localizationpriority: medium
---

6
windows/application-management/svchost-service-refactoring.md
View File

@ -2,11 +2,11 @@
title: Service Host service refactoring in Windows 10 version 1703
description: Learn about the SvcHost Service Refactoring introduced in Windows 10 version 1703.
ms.prod: w10
ms.author: aaroncz
author: aczechowski
author: nicholasswhite
ms.author: nwhite
manager: aaroncz
ms.date: 07/20/2017
ms.reviewer:
manager: dougeby
---
# Changes to Service Host grouping in Windows 10

6
windows/application-management/system-apps-windows-client-os.md
View File

@ -1,11 +1,11 @@
---
title: Get the system apps on Windows client operating system | Microsoft Docs
ms.reviewer:
manager: dougeby
author: nicholasswhite
ms.author: nwhite
manager: aaroncz
description: Use the Windows PowerShell Get-AppxPackage command to get a list off the system apps installed in Windows OS. See a list of some common system apps installed a Windows Enterprise client computer or device, including Windows 10/11.
ms.prod: w10
ms.author: aaroncz
author: aczechowski
ms.localizationpriority: medium
ms.topic: article
---

8
windows/client-management/administrative-tools-in-windows-10.md
View File

@ -2,11 +2,9 @@
title: Windows Tools/Administrative Tools
description: The folders for Windows Tools and Administrative Tools are folders in the Control Panel that contain tools for system administrators and advanced users.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: aczechowski
ms.author: aaroncz
manager: dougeby
author: vinaypamnani-msft
ms.author: vinpa
manager: aaroncz
ms.localizationpriority: medium
ms.date: 03/28/2022
ms.topic: article

3
windows/client-management/advanced-troubleshooting-802-authentication.md
View File

@ -2,10 +2,7 @@
title: Advanced Troubleshooting 802.1X Authentication
ms.reviewer:
description: Troubleshoot authentication flow by learning how 802.1X Authentication works for wired and wireless clients.
keywords: advanced troubleshooting, 802.1X authentication, troubleshooting, authentication, Wi-Fi
ms.prod: w10
ms.mktglfcycl:
ms.sitesec: library
author: aczechowski
ms.author: aaroncz
manager: dougeby

245
windows/client-management/advanced-troubleshooting-boot-problems.md
View File

@ -2,11 +2,11 @@
title: Advanced troubleshooting for Windows boot problems
description: Learn to troubleshoot when Windows can't boot. This article includes advanced troubleshooting techniques intended for use by support agents and IT professionals.
ms.prod: w10
ms.sitesec: library
author: aczechowski
ms.technology: windows
ms.localizationpriority: medium
ms.date: 06/02/2022
author: aczechowski
ms.author: aaroncz
ms.date: 11/16/2018
ms.reviewer:
manager: dougeby
ms.topic: troubleshooting
@ -15,16 +15,15 @@ ms.collection: highpri
# Advanced troubleshooting for Windows boot problems
<p class="alert is-flex is-primary"><span class="has-padding-left-medium has-padding-top-extra-small"><a class="button is-primary" href="https://vsa.services.microsoft.com/v1.0/?partnerId=7d74cf73-5217-4008-833f-87a1a278f2cb&flowId=DMC&initialQuery=boot" target='_blank'><b>Try our Virtual Agent</b></a></span><span class="has-padding-small"> - It can help you quickly identify and fix common Windows boot issues</span>
<p class="alert is-flex is-primary"><span class="has-padding-left-medium has-padding-top-extra-small"><a class="button is-primary" href="https://vsa.services.microsoft.com/v1.0/?partnerId=7d74cf73-5217-4008-833f-87a1a278f2cb&flowId=DMC&initialQuery=boot" target='_blank'><b>Try our Virtual Agent</b></a></span><span class="has-padding-small"> - It can help you quickly identify and fix common Windows boot issues.</span>
> [!NOTE]
> This article is intended for use by support agents and IT professionals. If you're looking for more general information about recovery options, see [Recovery options in Windows 10](https://support.microsoft.com/help/12415).
> This article is intended for use by support agents and IT professionals. If you're looking for more general information about recovery options, see [Recovery options in Windows 10](https://support.microsoft.com/windows/recovery-options-in-windows-31ce2444-7de3-818c-d626-e3b5a3024da5).
## Summary
There are several reasons why a Windows-based computer may have problems during startup. To troubleshoot boot problems, first determine in which of the following phases the computer gets stuck:
| Phase | Boot Process | BIOS | UEFI |
|-----------|----------------------|------------------------------------|-----------------------------------|
| 1 | PreBoot | MBR/PBR (Bootstrap Code) | UEFI Firmware |
@ -32,31 +31,21 @@ There are several reasons why a Windows-based computer may have problems during
| 3 | Windows OS Loader | %SystemRoot%\system32\winload.exe | %SystemRoot%\system32\winload.efi |
| 4 | Windows NT OS Kernel | %SystemRoot%\system32\ntoskrnl.exe | |
**1. PreBoot**
1. **PreBoot**: The PC's firmware initiates a power-on self test (POST) and loads firmware settings. This pre-boot process ends when a valid system disk is detected. Firmware reads the master boot record (MBR), and then starts Windows Boot Manager.
The PCs firmware initiates a Power-On Self Test (POST) and loads firmware settings. This pre-boot process ends when a valid system disk is detected. Firmware reads the master boot record (MBR), and then starts Windows Boot Manager.
2. **Windows Boot Manager**: Windows Boot Manager finds and starts the Windows loader (Winload.exe) on the Windows boot partition.
**2. Windows Boot Manager**
3. **Windows operating system loader**: Essential drivers required to start the Windows kernel are loaded and the kernel starts to run.
Windows Boot Manager finds and starts the Windows loader (Winload.exe) on the Windows boot partition.
4. **Windows NT OS Kernel**: The kernel loads into memory the system registry hive and other drivers that are marked as BOOT_START.
**3. Windows operating system loader**
Essential drivers required to start the Windows kernel are loaded and the kernel starts to run.
**4. Windows NT OS Kernel**
The kernel loads into memory the system registry hive and other drivers that are marked as BOOT_START.
The kernel passes control to the session manager process (Smss.exe) which initializes the system session, and loads and starts the devices and drivers that aren't marked BOOT_START.
Here's a summary of the boot sequence, what will be seen on the display, and typical boot problems at that point in the sequence. Before starting troubleshooting, you have to understand the outline of the boot process and display status to ensure that the issue is properly identified at the beginning of the engagement.
![thumbnail of boot sequence flowchart.](images/boot-sequence-thumb.png)<br>
[Click to enlarge](img-boot-sequence.md)<br>
The kernel passes control to the session manager process (Smss.exe) which initializes the system session, and loads and starts the devices and drivers that aren't marked BOOT_START.
<a name="boot-sequence"></a>
Here's a summary of the boot sequence, what will be seen on the display, and typical boot problems at that point in the sequence. Before you start troubleshooting, you have to understand the outline of the boot process and display status to ensure that the issue is properly identified at the beginning of the engagement. Select the thumbnail to view it larger.
:::image type="content" source="images/boot-sequence-thumb.png" alt-text="Diagram of the boot sequence flowchart." lightbox="images/boot-sequence.png":::
Each phase has a different approach to troubleshooting. This article provides troubleshooting techniques for problems that occur during the first three phases.
@ -69,7 +58,6 @@ Each phase has a different approach to troubleshooting. This article provides tr
>
> `Bcdedit /set {default} bootmenupolicy legacy`
## BIOS phase
To determine whether the system has passed the BIOS phase, follow these steps:
@ -86,26 +74,25 @@ To determine whether the system has passed the BIOS phase, follow these steps:
If the screen is black except for a blinking cursor, or if you receive one of the following error codes, this status indicates that the boot process is stuck in the Boot Loader phase:
- Boot Configuration Data (BCD) missing or corrupted
- Boot file or MBR corrupted
- Operating system Missing
- Boot sector missing or corrupted
- Bootmgr missing or corrupted
- Unable to boot due to system hive missing or corrupted
To troubleshoot this problem, use Windows installation media to start the computer, press Shift+F10 for a command prompt, and then use any of the following methods.
- Boot Configuration Data (BCD) missing or corrupted
- Boot file or MBR corrupted
- Operating system Missing
- Boot sector missing or corrupted
- Bootmgr missing or corrupted
- Unable to boot due to system hive missing or corrupted
To troubleshoot this problem, use Windows installation media to start the computer, press **Shift** + **F10** for a command prompt, and then use any of the following methods.
### Method 1: Startup Repair tool
The Startup Repair tool automatically fixes many common problems. The tool also lets you quickly diagnose and repair more complex startup problems. When the computer detects a startup problem, the computer starts the Startup Repair tool. When the tool starts, it performs diagnostics. These diagnostics include analyzing startup log files to determine the cause of the problem. When the Startup Repair tool determines the cause, the tool tries to fix the problem automatically.
To do this task of invoking the Startup Repair tool, follow these steps.
To do this task of invoking the Startup Repair tool, follow these steps.
> [!NOTE]
> For additional methods to start WinRE, see [Windows Recovery Environment (Windows RE)](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#span-identrypointsintowinrespanspan-identrypointsintowinrespanspan-identrypointsintowinrespanentry-points-into-winre).
> For additional methods to start WinRE, see [Windows Recovery Environment (Windows RE)](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#entry-points-into-winre).
1. Start the system to the installation media for the installed version of Windows. For more information, see [Create installation media for Windows](https://support.microsoft.com/help/15088).
1. Start the system to the installation media for the installed version of Windows. For more information, see [Create installation media for Windows](https://support.microsoft.com/windows/create-installation-media-for-windows-99a58364-8c02-206f-aa6f-40c3b507420d).
2. On the **Install Windows** screen, select **Next** > **Repair your computer**.
@ -117,28 +104,26 @@ To do this task of invoking the Startup Repair tool, follow these steps.
The Startup Repair tool generates a log file to help you understand the startup problems and the repairs that were made. You can find the log file in the following location:
**%windir%\System32\LogFiles\Srt\Srttrail.txt**
For more information, see [A Stop error occurs, or the computer stops responding when you try to start Windows Vista or Windows 7](https://support.microsoft.com/help/925810/a-stop-error-occurs-or-the-computer-stops-responding-when-you-try-to-s)
`%windir%\System32\LogFiles\Srt\Srttrail.txt`
For more information, see [Troubleshoot blue screen errors](https://support.microsoft.com/sbs/windows/troubleshoot-blue-screen-errors-5c62726c-6489-52da-a372-3f73142c14ad).
### Method 2: Repair Boot Codes
To repair boot codes, run the following command:
```console
```command
BOOTREC /FIXMBR
```
To repair the boot sector, run the following command:
```console
```command
BOOTREC /FIXBOOT
```
> [!NOTE]
> Running **BOOTREC** together with **Fixmbr** overwrites only the master boot code. If the corruption in the MBR affects the partition table, running **Fixmbr** may not fix the problem.
> Running `BOOTREC` together with `Fixmbr` overwrites only the master boot code. If the corruption in the MBR affects the partition table, running `Fixmbr` may not fix the problem.
### Method 3: Fix BCD errors
@ -146,15 +131,15 @@ If you receive BCD-related errors, follow these steps:
1. Scan for all the systems that are installed. To do this step, run the following command:
```console
```command
Bootrec /ScanOS
```
2. Restart the computer to check whether the problem is fixed.
3. If the problem isn't fixed, run the following commands:
```console
```command
bcdedit /export c:\bcdbackup
attrib c:\boot\bcd -r -s -h
@ -172,128 +157,116 @@ If methods 1, 2 and 3 don't fix the problem, replace the Bootmgr file from drive
1. At a command prompt, change the directory to the System Reserved partition.
2. Run the **attrib** command to unhide the file:
2. Run the `attrib` command to unhide the file:
```console
```command
attrib -r -s -h
```
3. Navigate to the system drive and run the same command:
```console
```command
attrib -r -s -h
```
4. Rename the Bootmgr file as Bootmgr.old:
4. Rename the `bootmgr` file as `bootmgr.old`:
```console
```command
ren c:\bootmgr bootmgr.old
```
5. Navigate to the system drive.
6. Copy the Bootmgr file, and then paste it to the System Reserved partition.
6. Copy the `bootmgr` file, and then paste it to the System Reserved partition.
7. Restart the computer.
### Method 5: Restore System Hive
### Method 5: Restore system hive
If Windows can't load the system registry hive into memory, you must restore the system hive. To do this step,, use the Windows Recovery Environment or use Emergency Repair Disk (ERD) to copy the files from the C:\Windows\System32\config\RegBack to C:\Windows\System32\config.
If Windows can't load the system registry hive into memory, you must restore the system hive. To do this step, use the Windows Recovery Environment or use the Emergency Repair Disk (ERD) to copy the files from the `C:\Windows\System32\config\RegBack` directory to `C:\Windows\System32\config`.
If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced.
> [!NOTE]
> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder)
> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more information, see [The system registry is no longer backed up to the RegBack folder starting in Windows 10 version 1803](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder).
## Kernel Phase
If the system gets stuck during the kernel phase, you experience multiple symptoms or receive multiple error messages. These error messages include, but aren't limited to, the following examples:
- A Stop error appears after the splash screen (Windows Logo screen).
- A Stop error appears after the splash screen (Windows Logo screen).
- Specific error code is displayed.
- Specific error code is displayed. For example, `0x00000C2` , `0x0000007B` , or `inaccessible boot device`.
- [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md)
- [Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first"](troubleshoot-event-id-41-restart.md)
For example, "0x00000C2" , "0x0000007B" , "inaccessible boot device" and so on.
- [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md)
- [Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first"](troubleshoot-event-id-41-restart.md)
- The screen is stuck at the "spinning wheel" (rolling dots) "system busy" icon.
- The screen is stuck at the "spinning wheel" (rolling dots) "system busy" icon.
- A black screen appears after the splash screen.
- A black screen appears after the splash screen.
To troubleshoot these problems, try the following recovery boot options one at a time.
**Scenario 1: Try to start the computer in Safe mode or Last Known Good Configuration**
### Scenario 1: Try to start the computer in Safe mode or Last Known Good Configuration
On the **Advanced Boot Options** screen, try to start the computer in **Safe Mode** or **Safe Mode with Networking**. If either of these options works, use Event Viewer to help identify and diagnose the cause of the boot problem. To view events that are recorded in the event logs, follow these steps:
1. Use one of the following methods to open Event Viewer:
1. Use one of the following methods to open Event Viewer:
- Click **Start**, point to **Administrative Tools**, and then click
**Event Viewer**.
- Go to the **Start** menu, select **Administrative Tools**, and then select **Event Viewer**.
- Start the Event Viewer snap-in in Microsoft Management Console (MMC).
- Start the Event Viewer snap-in in Microsoft Management Console (MMC).
2. In the console tree, expand Event Viewer, and then click the log that you
want to view. For example, click **System log** or **Application log**.
2. In the console tree, expand Event Viewer, and then select the log that you want to view. For example, choose **System log** or **Application log**.
3. In the details pane, double-click the event that you want to view.
3. In the details pane, open the event that you want to view.
4. On the **Edit** menu, click **Copy**, open a new document in the program in
which you want to paste the event (for example, Microsoft Word), and then
click **Paste**.
5. Use the Up Arrow or Down Arrow key to view the description of the previous
or next event.
4. On the **Edit** menu, select **Copy**. Open a new document in the program in which you want to paste the event. For example, Microsoft Word. Then select **Paste**.
5. Use the up arrow or down arrow key to view the description of the previous or next event.
### Clean boot
To troubleshoot problems that affect services, do a clean boot by using System Configuration (msconfig).
To troubleshoot problems that affect services, do a clean boot by using System Configuration (`msconfig`).
Select **Selective startup** to test the services one at a time to determine which one is causing the problem. If you can't find the cause, try including system services. However, in most cases, the problematic service is third-party.
Disable any service that you find to be faulty, and try to start the computer again by selecting **Normal startup**.
For detailed instructions, see [How to perform a clean boot in Windows](https://support.microsoft.com/help/929135/how-to-perform-a-clean-boot-in-windows).
For detailed instructions, see [How to perform a clean boot in Windows](https://support.microsoft.com/topic/how-to-perform-a-clean-boot-in-windows-da2f9573-6eec-00ad-2f8a-a97a1807f3dd).
If the computer starts in Disable Driver Signature mode, start the computer in Disable Driver Signature Enforcement mode, and then follow the steps that are documented in the following article to determine which drivers or files require driver signature enforcement:
[Troubleshooting boot problem caused by missing driver signature (x64)](/archive/blogs/askcore/troubleshooting-boot-issues-due-to-missing-driver-signature-x64)
[Troubleshooting boot problem caused by missing driver signature (x64)](/archive/blogs/askcore/troubleshooting-boot-issues-due-to-missing-driver-signature-x64)
> [!NOTE]
> If the computer is a domain controller, try Directory Services Restore mode (DSRM).
>
> This method is an important step if you encounter Stop error "0xC00002E1" or "0xC00002E2"
**Examples**
#### Examples
> [!WARNING]
> Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these
problems can be solved. Modify the registry at your own risk.
> Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft can't guarantee that these problems can be solved. Modify the registry at your own risk.
*Error code INACCESSIBLE_BOOT_DEVICE (STOP 0x7B)*
To troubleshoot this Stop error, follow these steps to filter the drivers:
1. Go to Windows Recovery Environment (WinRE) by putting an ISO disk of the system in the disk drive. The ISO should be of the same version of Windows or a later version.
1. Go to Windows Recovery Environment (WinRE) by putting an ISO disk of the system in the disk drive. The ISO should be of the same version of Windows or a later version.
2. Open the registry.
2. Open the registry.
3. Load the system hive, and name it as "test."
3. Load the system hive, and name it **test**.
4. Under the following registry subkey, check for lower filter and upper filter items for Non-Microsoft Drivers:
**HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class**
5. For each third-party driver that you locate, click the upper or lower filter, and then delete the value data.
4. Under the following registry subkey, check for lower filter and upper filter items for non-Microsoft drivers:
6. Search through the whole registry for similar items. Process as an appropriate, and then unload the registry hive.
`HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class`
7. Restart the server in Normal mode.
5. For each third-party driver that you locate, select the upper or lower filter, and then delete the value data.
For more troubleshooting steps, see the following articles:
6. Search through the whole registry for similar items. Process as appropriate, and then unload the registry hive.
- [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md)
7. Restart the server in Normal mode.
For more troubleshooting steps, see [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md).
To fix problems that occur after you install Windows updates, check for pending updates by using these steps:
@ -301,16 +274,15 @@ To fix problems that occur after you install Windows updates, check for pending
2. Run the command:
```console
```command
DISM /image:C:\ /get-packages
```
3. If there are any pending updates, uninstall them by running the following commands:
```console
```command
DISM /image:C:\ /remove-package /packagename: name of the package
```
```console
DISM /Image:C:\ /Cleanup-Image /RevertPendingActions
```
@ -318,72 +290,67 @@ To fix problems that occur after you install Windows updates, check for pending
If the computer doesn't start, follow these steps:
1. Open A Command Prompt window in WinRE, and start a text editor, such as Notepad.
1. Open a command prompt window in WinRE, and start a text editor, such as Notepad.
2. Navigate to the system drive, and search for windows\winsxs\pending.xml.
2. Navigate to the system drive, and search for `windows\winsxs\pending.xml`.
3. If the Pending.xml file is found, rename the file as Pending.xml.old.
3. If the pending.xml file is found, rename the file as `pending.xml.old`.
4. Open the registry, and then load the component hive in HKEY_LOCAL_MACHINE as a test.
4. Open the registry, and then load the component hive in HKEY_LOCAL_MACHINE as test.
5. Highlight the loaded test hive, and then search for the **pendingxmlidentifier** value.
5. Highlight the loaded test hive, and then search for the `pendingxmlidentifier` value.
6. If the **pendingxmlidentifier** value exists, delete the value.
6. If the `pendingxmlidentifier` value exists, delete it.
7. Unload the test hive.
7. Unload the test hive.
8. Load the system hive, name it as "test".
8. Load the system hive, name it **test**.
9. Navigate to the following subkey:
**HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\TrustedInstaller**
10. Change the **Start** value from **1** to **4**
9. Navigate to the following subkey:
`HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstaller`
10. Change the **Start** value from `1` to `4`.
11. Unload the hive.
12. Try to start the computer.
If the Stop error occurs late in the startup process, or if the Stop error is still being generated, you can capture a memory dump. A good memory dump can help determine the root cause of the Stop error. For details, see the following articles:
If the Stop error occurs late in the startup process, or if the Stop error is still being generated, you can capture a memory dump. A good memory dump can help determine the root cause of the Stop error. For more information, see [Generate a kernel or complete crash dump](./generate-kernel-or-complete-crash-dump.md).
- [Generate a kernel or complete crash dump](./generate-kernel-or-complete-crash-dump.md)
For more information about page file problems in Windows 10 or Windows Server 2016, see [Introduction to page files](./introduction-page-file.md).
For more information about page file problems in Windows 10 or Windows Server 2016, see the following article:
- [Introduction to page files](./introduction-page-file.md)
For more information about Stop errors, see [Advanced troubleshooting for Stop error or blue screen error issue](./troubleshoot-stop-errors.md).
For more information about Stop errors, see the following Knowledge Base article:
- [Advanced troubleshooting for Stop error or blue screen error issue](./troubleshoot-stop-errors.md)
Sometimes the dump file shows an error that's related to a driver. For example, `windows\system32\drivers\stcvsm.sys` is missing or corrupted. In this instance, follow these guidelines:
If the dump file shows an error that is related to a driver (for example, windows\system32\drivers\stcvsm.sys is missing or corrupted), follow these guidelines:
- Check the functionality that is provided by the driver. If the driver is a third-party boot driver, make sure that you understand what it does.
- Check the functionality that's provided by the driver. If the driver is a third-party boot driver, make sure that you understand what it does.
- If the driver isn't important and has no dependencies, load the system hive, and then disable the driver.
- If the stop error indicates system file corruption, run the system file checker in offline mode.
- To do this, open WinRE, open a command prompt, and then run the following command:
- To do this action, open WinRE, open a command prompt, and then run the following command:
```console
SFC /Scannow /OffBootDir=C:\ /OffWinDir=C:\Windows
```
```command
SFC /Scannow /OffBootDir=C:\ /OffWinDir=C:\Windows
```
For more information, see [Using System File Checker (SFC) To Fix Issues](/archive/blogs/askcore/using-system-file-checker-sfc-to-fix-issues)
For more information, see [Using system file checker (SFC) to fix issues](/archive/blogs/askcore/using-system-file-checker-sfc-to-fix-issues).
- If there's disk corruption, run the check disk command:
- If there's disk corruption, run the check disk command:
```console
chkdsk /f /r
```
```command
chkdsk /f /r
```
- If the Stop error indicates general registry corruption, or if you believe that new drivers or services were installed, follow these steps:
- If the Stop error indicates general registry corruption, or if you believe that new drivers or services were installed, follow these steps:
1. Start WinRE, and open a Command Prompt window.
2. Start a text editor, such as Notepad.
3. Navigate to C:\Windows\System32\Config\.
4. Rename the all five hives by appending ".old" to the name.
5. Copy all the hives from the Regback folder, paste them in the Config folder, and then try to start the computer in Normal mode.
1. Start WinRE, and open a command prompt window.
2. Start a text editor, such as Notepad.
3. Navigate to `C:\Windows\System32\Config\`.
4. Rename the all five hives by appending `.old` to the name.
5. Copy all the hives from the `Regback` folder, paste them in the `Config` folder, and then try to start the computer in Normal mode.
> [!NOTE]
> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder).
> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more information, see [The system registry is no longer backed up to the RegBack folder starting in Windows 10 version 1803](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder).

3
windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
View File

@ -3,10 +3,7 @@ title: Advanced Troubleshooting Wireless Network Connectivity
ms.reviewer:
manager: dougeby
description: Learn how to troubleshoot Wi-Fi connections. Troubleshooting Wi-Fi connections requires understanding the basic flow of the Wi-Fi autoconnect state machine.
keywords: troubleshooting, wireless network connectivity, wireless, Wi-Fi
ms.prod: w10
ms.mktglfcycl:
ms.sitesec: library
author: aczechowski
ms.localizationpriority: medium
ms.author: aaroncz

12
windows/client-management/change-default-removal-policy-external-storage-media.md
View File

@ -1,15 +1,15 @@
---
title: Windows 10 default media removal policy
description: In Windows 10, version 1809, the default removal policy for external storage media changed from "Better performance" to "Quick removal."
description: In Windows 10, version 1809, the default removal policy for external storage media changed from Better performance to Quick removal.
ms.prod: w10
author: Teresa-Motiv
ms.author: dougeby
author: vinaypamnani-msft
ms.author: vinpa
ms.date: 11/25/2020
ms.topic: article
ms.custom:
- CI 111493
- CI 125140
- CSSTroubleshooting
- CI 111493
- CI 125140
- CSSTroubleshooting
audience: ITPro
ms.localizationpriority: medium
manager: kaushika

15
windows/client-management/connect-to-remote-aadj-pc.md
View File

@ -1,17 +1,13 @@
---
title: Connect to remote Azure Active Directory-joined PC (Windows)
description: You can use Remote Desktop Connection to connect to an Azure AD-joined PC.
keywords: ["MDM", "device management", "RDP", "AADJ"]
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: devices
author: dansimp
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.author: dansimp
ms.author: vinpa
ms.date: 01/18/2022
ms.reviewer:
manager: dansimp
manager: aaroncz
ms.topic: article
ms.collection: highpri
---
@ -66,7 +62,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
- Adding users using policy
Starting in Windows 10, version 2004, you can add users to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview).
Starting in Windows 10, version 2004, you can add users to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD-joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview).
> [!TIP]
> When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com.
@ -87,6 +83,9 @@ The table below lists the supported configurations for remotely connecting to an
> [!NOTE]
> If the RDP client is running Windows Server 2016 or Windows Server 2019, to be able to connect to Azure Active Directory-joined PCs, it must [allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities](/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities).
> [!NOTE]
> When an Azure Active Directory group is added to the Remote Desktop Users group on a Windows device, it isn't honoured when the user that belongs to the Azure AD group logs in through Remote Desktop Protocol (they can't sign in using Remote Desktop Connection). In this scenario, Network Level Authentication should be disabled to run the connection.
## Related topics
[How to use Remote Desktop](https://support.microsoft.com/windows/how-to-use-remote-desktop-5fe128d5-8fb1-7a23-3b8a-41e636865e8c)

3
windows/client-management/data-collection-for-802-authentication.md
View File

@ -3,10 +3,7 @@ title: Data collection for troubleshooting 802.1X authentication
ms.reviewer:
manager: dansimp
description: Use the steps in this article to collect data that can be used to troubleshoot 802.1X authentication issues.
keywords: troubleshooting, data collection, data, 802.1X authentication, authentication, data
ms.prod: w10
ms.mktglfcycl:
ms.sitesec: library
author: dansimp
ms.localizationpriority: medium
ms.author: dansimp

1
windows/client-management/determine-appropriate-page-file-size.md
View File

@ -2,7 +2,6 @@
title: How to determine the appropriate page file size for 64-bit versions of Windows
description: Learn how to determine the appropriate page file size for 64-bit versions of Windows.
ms.prod: w10
ms.sitesec: library
ms.topic: troubleshooting
author: Deland-Han
ms.localizationpriority: medium

3
windows/client-management/docfx.json
View File

@ -21,6 +21,7 @@
"files": [
"**/*.png",
"**/*.jpg",
"**/*.svg",
"**/*.gif"
],
"exclude": [
@ -41,7 +42,7 @@
"manager": "dansimp",
"feedback_system": "GitHub",
"feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
"feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
"feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
"_op_documentIdPathDepotMapping": {
"./": {
"depot_name": "MSDN.win-client-management",

1
windows/client-management/generate-kernel-or-complete-crash-dump.md
View File

@ -2,7 +2,6 @@
title: Generate a kernel or complete crash dump
description: Learn how to generate a kernel or complete crash dump, and then use the output to troubleshoot several issues.
ms.prod: w10
ms.sitesec: library
ms.topic: troubleshooting
author: Deland-Han
ms.localizationpriority: medium

8
windows/client-management/group-policies-for-enterprise-and-education-editions.md
View File

@ -2,14 +2,12 @@
title: Group Policy settings that apply only to Windows 10 Enterprise and Education Editions (Windows 10)
description: Use this topic to learn about Group Policy settings that apply only to Windows 10 Enterprise and Windows 10 Education.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: dansimp
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/14/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
manager: aaroncz
ms.author: vinpa
ms.topic: troubleshooting
---

BIN
windows/client-management/images/quick-assist-get.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.1 KiB

17
windows/client-management/img-boot-sequence.md
View File

@ -1,17 +0,0 @@
---
title: Boot sequence flowchart
description: View a full-sized view of the boot sequence flowchart. Use the link to return to the Advanced troubleshooting for Windows boot problems article.
ms.date: 11/16/2018
ms.reviewer:
manager: dansimp
ms.author: dansimp
author: dansimp
ms.topic: article
ms.prod: w10
---
# Boot sequence flowchart
Return to: [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)<br>
![Full-sized boot sequence flowchart.](images/boot-sequence.png)

1
windows/client-management/includes/allow-a-shared-books-folder-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

1
windows/client-management/includes/allow-address-bar-drop-down-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

1
windows/client-management/includes/allow-adobe-flash-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

1
windows/client-management/includes/allow-clearing-browsing-data-on-exit-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

1
windows/client-management/includes/allow-configuration-updates-for-books-library-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

1
windows/client-management/includes/allow-cortana-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

1
windows/client-management/includes/allow-developer-tools-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

1
windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

22
windows/client-management/includes/allow-extensions-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
Microsoft Edge allows users to add or personalize extensions in Microsoft Edge by default. With this policy, you can configure Microsoft to prevent users from adding or personalizing extensions.

1
windows/client-management/includes/allow-fullscreen-mode-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

22
windows/client-management/includes/allow-inprivate-browsing-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
By default, Microsoft Edge allows InPrivate browsing, and after closing all InPrivate tabs, Microsoft Edge deletes the browsing data from the device. With this policy, you can configure Microsoft Edge to prevent InPrivate web browsing.

22
windows/client-management/includes/allow-microsoft-compatibility-list-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
During browser navigation, Microsoft Edge checks the Microsoft Compatibility List for websites with known compatibility issues. If found, users are prompted to use Internet Explorer, where the site loads and displays correctly. Periodically during browser navigation, Microsoft Edge downloads the latest version of the list and applies the updates. With this policy, you can configure Microsoft Edge to ignore the compatibility list. You can view the compatibility list at about:compat.

22
windows/client-management/includes/allow-prelaunch-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start Microsoft Edge. You can also configure Microsoft Edge to prevent from pre-launching.

22
windows/client-management/includes/allow-printing-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
Microsoft Edge allows users to print web content by default. With this policy, you can configure Microsoft Edge to prevent users from printing web content.

1
windows/client-management/includes/allow-saving-history-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

1
windows/client-management/includes/allow-search-engine-customization-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

1
windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

22
windows/client-management/includes/allow-tab-preloading-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
Microsoft Edge allows preloading of the Start and New Tab pages during Windows sign-in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab. With this policy, you can configure Microsoft Edge to prevent preloading of tabs.

22
windows/client-management/includes/allow-web-content-on-new-tab-page-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 11/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 11/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
By default, Microsoft Edge loads the default New Tab page and lets the users make changes. If you disable this policy, a blank page loads instead of the New Tab page and prevents users from changing it.

22
windows/client-management/includes/allow-windows-app-to-share-data-users-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
With this policy, you can configure Windows 10 to share application data among multiple users on the system and with other instances of that app. Data shared through the SharedLocal folder is available through the Windows.Storage API. If you previously enabled this policy and now want to disable it, any shared app data remains in the SharedLocal folder.

22
windows/client-management/includes/always-show-books-library-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
Microsoft Edge shows the Books Library only in countries or regions where supported. With this policy, you can configure Microsoft Edge to show the Books Library regardless of the devices country or region.

1
windows/client-management/includes/configure-additional-search-engines-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

22
windows/client-management/includes/configure-adobe-flash-click-to-run-setting-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
Microsoft Edge supports Adobe Flash as a built-in feature rather than as an external add-on and updates automatically via Windows Update. By default, Microsoft Edge prevents Adobe Flash content from loading automatically, requiring action from the user, for example, clicking the **Click-to-Run** button. Depending on how often the content loads and runs, the sites for the content gets added to the auto-allowed list. Disable this policy if you want Adobe Flash content to load automatically.

22
windows/client-management/includes/configure-autofill-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
By default, users can choose to use the Autofill feature to populate the form fields automatically. With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill.

1
windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

22
windows/client-management/includes/configure-cookies-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
Microsoft Edge allows all cookies from all websites by default. With this policy, you can configure Microsoft to block only 3rd-party cookies or block all cookies.

1
windows/client-management/includes/configure-do-not-track-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

22
windows/client-management/includes/configure-enterprise-mode-site-list-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and switch to IE11 automatically. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode.

22
windows/client-management/includes/configure-favorites-bar-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
Microsoft Edge hides the favorites bar by default but shows it on the Start and New Tab pages. Also, by default, the Favorites Bar toggle, in Settings, is set to Off but enabled letting users make changes. With this policy, you can configure Microsoft Edge to either show or hide the Favorites Bar on all pages.

22
windows/client-management/includes/configure-favorites-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
Discontinued in Windows 10, version 1809. Use the **[Provision Favorites](../available-policies.md#provision-favorites)** policy instead.

22
windows/client-management/includes/configure-home-button-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the home button to load the New Tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button.

1
windows/client-management/includes/configure-kiosk-mode-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

22
windows/client-management/includes/configure-kiosk-reset-after-idle-timeout-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
You can configure Microsoft Edge kiosk mode to reset to the configured start experience after a specified amount of idle time in minutes (0-1440). The reset timer begins after the last user interaction. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge kiosk mode resets after 30 seconds. Resetting to the configured start experience deletes the current users browsing data.

1
windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

22
windows/client-management/includes/configure-password-manager-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
By default, Microsoft Edge uses Password Manager automatically, allowing users to manager passwords locally. Disabling this policy restricts Microsoft Edge from using Password Manager. Dont configure this policy if you want to let users choose to save and manage passwords locally using Password Manager.

24
windows/client-management/includes/configure-pop-up-blocker-shortdesc.md
View File

@ -1,12 +1,12 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
By default, Microsoft Edge turns off Pop-up Blocker, which opens pop-up windows. Enabling this policy turns on Pop-up Blocker preventing pop-up windows from opening. If you want users to choose to use Pop-up Blocker, dont configure this policy.
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
By default, Microsoft Edge turns off Pop-up Blocker, which opens pop-up windows. Enabling this policy turns on Pop-up Blocker preventing pop-up windows from opening. If you want users to choose to use Pop-up Blocker, dont configure this policy.

22
windows/client-management/includes/configure-search-suggestions-in-address-bar-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
By default, users can choose to see search suggestions in the Address bar of Microsoft Edge. Disabling this policy hides the search suggestions and enabling this policy shows the search suggestions.

1
windows/client-management/includes/configure-start-pages-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

1
windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

1
windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

22
windows/client-management/includes/do-not-sync-browser-settings-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
By default, the “browser” group syncs automatically between users devices and allowing users to choose to make changes. The “browser” group uses the _Sync your Settings_ option in Settings to sync information like history and favorites. Enabling this policy prevents the “browser” group from using the Sync your Settings option. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option.

22
windows/client-management/includes/do-not-sync-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
By default, Microsoft Edge turns on the _Sync your settings_ toggle in **Settings > Device sync settings** letting users choose what to sync on their devices. Enabling this policy turns off and disables the _Sync your settings_ toggle preventing the syncing of users settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the _Allow users to turn syncing on_ option.

22
windows/client-management/includes/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
By default, Microsoft Edge does not sync the users favorites between IE and Microsoft Edge. Enabling this policy syncs favorites between Internet Explorer and Microsoft Edge. Changes to favorites in one browser reflect in the other, including additions, deletions, modifications, and ordering of favorites.

1
windows/client-management/includes/microsoft-browser-extension-policy-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 04/23/2020
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

1
windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

22
windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious files, allowing them to continue downloading the unverified file(s). Enabling this policy prevents users from bypassing the warnings, blocking them from downloading of the unverified file(s).

22
windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious sites, allowing them to continue to the site. With this policy though, you can configure Microsoft Edge to prevent users from bypassing the warnings, blocking them from continuing to the site.

22
windows/client-management/includes/prevent-certificate-error-overrides-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
Microsoft Edge, by default, allows overriding of the security warnings to sites that have SSL errors, bypassing or ignoring certificate errors. Enabling this policy prevents overriding of the security warnings.

22
windows/client-management/includes/prevent-changes-to-favorites-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
By default, users can add, import, and make changes to the Favorites list in Microsoft Edge. Enabling this policy locks down the Favorites list in Microsoft Edge, preventing users from making changes. When enabled, Microsoft Edge turns off the Save a Favorite, Import settings, and context menu items, such as Create a new folder. Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.

22
windows/client-management/includes/prevent-edge-from-gathering-live-tile-info-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
By default, Microsoft Edge collects the Live Tile metadata and sends it to Microsoft to help provide users a complete experience when they pin Live Tiles to the Start menu. However, with this policy, you can configure Microsoft Edge to prevent Microsoft from collecting Live Tile metadata, providing users with a limited experience.

22
windows/client-management/includes/prevent-first-run-webpage-from-opening-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
By default, when launching Microsoft Edge for the first time, the First Run webpage (a welcome page) hosted on Microsoft.com loads automatically via an FWLINK. The welcome page lists the new features and helpful tips of Microsoft Edge. With this policy, you can configure Microsoft Edge to prevent loading the welcome page on first explicit user-launch.

1
windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

22
windows/client-management/includes/prevent-users-to-turn-on-browser-syncing-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
By default, the “browser” group syncs automatically between the users devices, letting users make changes. With this policy, though, you can prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. For this policy to work correctly, you must enable the Do not sync browser policy.

1
windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

1
windows/client-management/includes/provision-favorites-shortdesc.md
View File

@ -3,7 +3,6 @@ author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include

22
windows/client-management/includes/search-provider-discovery-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar.

22
windows/client-management/includes/send-all-intranet-sites-to-ie-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
By default, all websites, including intranet sites, open in Microsoft Edge automatically. Only enable this policy if there are known compatibility problems with Microsoft Edge. Enabling this policy loads only intranet sites in Internet Explorer 11 automatically.

22
windows/client-management/includes/set-default-search-engine-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
By default, Microsoft Edge uses the search engine specified in App settings, letting users make changes at any time unless the Allow search engine customization policy is disabled, which restricts users from making changes. With this policy, you can either remove or use the policy-set search engine. When you remove the policy-set search engine, Microsoft Edge uses the specified search engine for the market, which lets users make changes to the default search engine. You can use the policy-set search engine specified in the OpenSearch XML, which prevents users from making changes.

22
windows/client-management/includes/set-home-button-url-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home Button policy with the _Show home button & set a specific page_ option selected, a custom URL loads when the user clicks the home button.

22
windows/client-management/includes/set-new-tab-url-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
Microsoft Edge loads the default New Tab page by default. Enabling this policy lets you set a New Tab page URL in Microsoft Edge, preventing users from changing it. When you enable this policy, and you disable the Allow web content on New Tab page policy, Microsoft Edge ignores any URL specified in this policy and opens about:blank.

21
windows/client-management/includes/show-message-when-opening-sites-in-ie-shortdesc.md
View File

@ -1,10 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge. If you want users to continue in Microsoft Edge, enable this policy to show the _Keep going in Microsoft Edge_ link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both.

22
windows/client-management/includes/unlock-home-button-shortdesc.md
View File

@ -1,11 +1,11 @@
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
audience: itpro
manager: dansimp
ms.prod: edge
ms.topic: include
---
---
author: dansimp
ms.author: dansimp
ms.date: 10/02/2018
ms.reviewer:
manager: dansimp
ms.prod: edge
ms.topic: include
---
By default, when you enable the Configure Home Button policy or provide a URL in the Set Home Button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home Button or Set Home Button URL policies.

4
windows/client-management/index.yml
View File

@ -18,7 +18,7 @@ metadata:
manager: dougeby
ms.date: 03/28/2022 #Required; mm/dd/yyyy format.
localization_priority: medium
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
landingContent:
@ -34,7 +34,7 @@ landingContent:
- text: Create mandatory user profiles
url: mandatory-user-profile.md
- text: Mobile device management (MDM)
url: mdm/index.md
url: mdm/index.yml
- text: MDM for device updates
url: mdm/device-update-management.md
- text: Mobile device enrollment

1
windows/client-management/introduction-page-file.md
View File

@ -2,7 +2,6 @@
title: Introduction to the page file
description: Learn about the page files in Windows. A page file is an optional, hidden system file on a hard disk.
ms.prod: w10
ms.sitesec: library
ms.topic: troubleshooting
author: Deland-Han
ms.localizationpriority: medium

20
windows/client-management/manage-corporate-devices.md
View File

@ -1,16 +1,12 @@
---
title: Manage corporate devices
description: You can use the same management tools to manage all device types running Windows 10 or Windows 11 desktops, laptops, tablets, and phones.
ms.assetid: 62D6710C-E59C-4077-9C7E-CE0A92DFC05D
ms.reviewer:
manager: dansimp
ms.author: dansimp
keywords: ["MDM", "device management"]
manager: aaroncz
ms.author: vinpa
keywords: [MDM, device management]
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: devices
author: dansimp
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/14/2021
ms.topic: article
@ -49,11 +45,5 @@ You can use the same management tools to manage all device types running Windows
[Windows 10 (and Windows 11) and Azure Active Directory: Embracing the Cloud](https://go.microsoft.com/fwlink/p/?LinkId=615768)
Microsoft Virtual Academy course: [System Center 2012 R2 Configuration Manager & Windows Intune](/learn/)
Microsoft Virtual Academy course: [Configuration Manager & Windows Intune](/learn/)
 

46
windows/client-management/manage-device-installation-with-group-policy.md
View File

@ -2,13 +2,11 @@
title: Manage Device Installation with Group Policy (Windows 10 and Windows 11)
description: Find out how to manage Device Installation Restrictions with Group Policy.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: aczechowski
author: vinaypamnani-msft
ms.date: 09/14/2021
ms.reviewer:
manager: dougeby
ms.author: aaroncz
manager: aaroncz
ms.author: vinpa
ms.topic: article
---
@ -20,8 +18,8 @@ ms.topic: article
- Windows 11
- Windows Server 2022
## Summary
By using Windows operating systems, administrators can determine what devices can be installed on computers they manage. This guide summarizes the device installation process and demonstrates several techniques for controlling device installation by using Group Policy.
## Introduction
@ -62,7 +60,6 @@ It's more difficult for users to make unauthorized copies of company data if use
You can ensure that users install only those devices that your technical support team is trained and equipped to support. This benefit reduces support costs and user confusion.
## Scenario Overview
The scenarios presented in this guide illustrate how you can control device installation and usage on the computers that you manage. The scenarios use Group Policy on a local machine to simplify using the procedures in a lab environment. In an environment where you manage multiple client computers, you should apply these settings using Group Policy.. With Group Policy deployed by Active Directory, you can apply settings to all computers that are members of a domain or an organizational unit in a domain. For more information about how to use Group Policy to manage your client computers, see Group Policy at the Microsoft Web site.
@ -92,7 +89,6 @@ This scenario, although similar to scenario #2, brings another layer of complexi
In this scenario, combining all previous four scenarios, you'll learn how to protect a machine from all unauthorized USB devices. The administrator wants to allow users to install only a small set of authorized USB devices while preventing any other USB device from being installed. In addition, this scenario includes an explanation of how to apply the prevent functionality to existing USB devices that have already been installed on the machine, and the administrator likes to prevent any farther interaction with them (blocking them all together). This scenario builds on the policies and structure we introduced in the first four scenarios and therefore it's preferred to go over them first before attempting this scenario.
## Technology Review
The following sections provide a brief overview of the core technologies discussed in this guide and give background information that is necessary to understand the scenarios.
@ -128,14 +124,14 @@ Hardware IDs are the identifiers that provide the exact match between a device a
Windows uses these identifiers to select a driver if the operating system can't find a match with the device ID or any of the other hardware IDs. Compatible IDs are listed in the order of decreasing suitability. These strings are optional, and, when provided, they're generic, such as Disk. When a match is made using a compatible ID, you can typically use only the most basic functions of the device.
When you install a device, such as a printer, a USB storage device, or a keyboard, Windows searches for driver packages that match the device you are attempting to install. During this search, Windows assigns a "rank" to each driver package it discovers with at least one match to a hardware or compatible ID. The rank indicates how well the driver matches the device. Lower rank numbers indicate better matches between the driver and the device. A rank of zero represents the best possible match. A match with the device ID to one in the driver package results in a lower (better) rank than a match to one of the other hardware IDs. Similarly, a match to a hardware ID results in a better rank than a match to any of the compatible IDs. After Windows ranks all of the driver packages, it installs the one with the lowest overall rank. For more information about the process of ranking and selecting driver packages, see How Setup Selects Drivers in the Microsoft Docs library.
When you install a device, such as a printer, a USB storage device, or a keyboard, Windows searches for driver packages that match the device you are attempting to install. During this search, Windows assigns a "rank" to each driver package it discovers with at least one match to a hardware or compatible ID. The rank indicates how well the driver matches the device. Lower rank numbers indicate better matches between the driver and the device. A rank of zero represents the best possible match. A match with the device ID to one in the driver package results in a lower (better) rank than a match to one of the other hardware IDs. Similarly, a match to a hardware ID results in a better rank than a match to any of the compatible IDs. After Windows ranks all of the driver packages, it installs the one with the lowest overall rank. For more information about the process of ranking and selecting driver packages, see [How Windows selects a driver package for a device](/windows-hardware/drivers/install/how-windows-selects-a-driver-for-a-device).
> [!NOTE]
> For more information about the driver installation process, see the "Technology review" section of the Step-by-Step Guide to Driver Signing and Staging.
Some physical devices create one or more logical devices when they're installed. Each logical device might handle part of the functionality of the physical device. For example, a multi-function device, such as an all-in-one scanner/fax/printer, might have a different device identification string for each function.
When you use Device Installation policies to allow or prevent the installation of a device that uses logical devices, you must allow or prevent all of the device identification strings for that device. For example, if a user attempts to install a multifunction device and you didn't allow or prevent all of the identification strings for both physical and logical devices, you could get unexpected results from the installation attempt. For more detailed information about hardware IDs, see Device Identification Strings in Microsoft Docs.
When you use Device Installation policies to allow or prevent the installation of a device that uses logical devices, you must allow or prevent all of the device identification strings for that device. For example, if a user attempts to install a multifunction device and you didn't allow or prevent all of the identification strings for both physical and logical devices, you could get unexpected results from the installation attempt. For more detailed information about hardware IDs, see [Device identification strings](/windows-hardware/drivers/install/device-identification-strings).
#### Device setup classes
@ -145,7 +141,7 @@ When you use device Classes to allow or prevent users from installing drivers, y
For example, a multi-function device, such as an all-in-one scanner/fax/printer, has a GUID for a generic multi-function device, a GUID for the printer function, a GUID for the scanner function, and so on. The GUIDs for the individual functions are "child nodes" under the multi-function device GUID. To install a child node, Windows must also be able to install the parent node. You must allow installation of the device setup class of the parent GUID for the multi-function device in addition to any child GUIDs for the printer and scanner functions.
For more information, see [Device Setup Classes](/windows-hardware/drivers/install/overview-of-device-setup-classes) in Microsoft Docs.
For more information, see [Device Setup Classes](/windows-hardware/drivers/install/overview-of-device-setup-classes).
This guide doesn't depict any scenarios that use device setup classes. However, the basic principles demonstrated with device identification strings in this guide also apply to device setup classes. After you discover the device setup class for a specific device, you can then use it in a policy to either allow or prevent installation of drivers for that class of devices.
@ -156,14 +152,13 @@ The following two links provide the complete list of Device Setup Classes. Sy
#### Removable Device Device type
Some devices could be classified as _Removable Device_. A device is considered _removable_ when the driver for the device to which it's connected indicates that the device is removable. For example, a USB device is reported to be removable by the drivers for the USB hub to which the device is connected.
Some devices could be classified as _Removable Device_. A device is considered _removable_ when the driver for the device to which it's connected indicates that the device is removable. For example, a USB device is reported to be removable by the drivers for the USB hub to which the device is connected.
### Group Policy Settings for Device Installation
Group Policy is an infrastructure that allows you to specify managed configurations for users and computers through Group Policy settings and Group Policy Preferences.
Device Installation section in Group Policy is a set of policies that control which device could or couldn't be installed on a machine. Whether you want to apply the settings to a stand-alone computer or to many computers in an Active Directory domain, you use the Group Policy Object Editor to configure and apply the policy settings. For more information, see Group Policy Object Editor Technical Reference.
Device Installation section in Group Policy is a set of policies that control which device could or couldn't be installed on a machine. Whether you want to apply the settings to a stand-alone computer or to many computers in an Active Directory domain, you use the Group Policy Object Editor to configure and apply the policy settings. For more information, see [Group Policy Object Editor](/previous-versions/windows/desktop/Policy/group-policy-object-editor).
The following passages are brief descriptions of the Device Installation policies that are used in this guide.
@ -212,12 +207,9 @@ This policy setting will change the evaluation order in which Allow and Prevent
> If you disable or don't configure this policy setting, the default evaluation is used. By default, all "Prevent installation..." policy settings have precedence over any other policy setting that allows Windows to install a device.
Some of these policies take precedence over other policies. The flowchart shown below illustrates how Windows processes them to determine whether a user can install a device or not, as shown in Figure below.
![Device Installation policies flow chart.](images/device-installation-flowchart.png)<br/>_Device Installation policies flow chart_
## Requirements for completing the scenarios
### General
@ -261,7 +253,7 @@ To find device identification strings using Device Manager
3. Device Manager starts and displays a tree representing all of the devices detected on your computer. At the top of the tree is a node with your computers name next to it. Lower nodes represent the various categories of hardware into which your computers devices are grouped.
4. Find the “Printers” section and find the target printer
![Selecting the printer in Device Manager.](images/device-installation-dm-printer-by-device.png)<br/>_Selecting the printer in Device Manager_
5. Double-click the printer and move to the Details tab.
@ -275,7 +267,7 @@ To find device identification strings using Device Manager
![Compatible ID.](images/device-installation-dm-printer-compatible-ids.png)<br/>_HWID and Compatible ID_
> [!TIP]
> You can also determine your device identification strings by using the PnPUtil command-line utility. For more information, see [PnPUtil - Windows drivers](/windows-hardware/drivers/devtest/pnputil) in Microsoft Docs.
> You can also determine your device identification strings by using the PnPUtil command-line utility. For more information, see [PnPUtil - Windows drivers](/windows-hardware/drivers/devtest/pnputil).
### Getting device identifiers using PnPUtil
@ -318,7 +310,7 @@ Setting up the environment for the scenario with the following steps:
1. Open Group Policy Editor and navigate to the Device Installation Restriction section.
2. Disable all previous Device Installation policies, except Apply layered order of evaluation—although the policy is disabled in default, this policy is recommended to be enabled in most practical applications.
2. Disable all previous Device Installation policies, except Apply layered order of evaluation—although the policy is disabled in default, this policy is recommended to be enabled in most practical applications.
3. If there are any enabled policies, changing their status to disabled, would clear them from all parameters
@ -335,7 +327,7 @@ Getting the right device identifier to prevent it from being installed:
- [System-Defined Device Setup Classes Available to Vendors - Windows drivers](/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors)
- [System-Defined Device Setup Classes Reserved for System Use - Windows drivers](/windows-hardware/drivers/install/system-defined-device-setup-classes-reserved-for-system-use)
3. Our current scenario is focused on preventing all printers from being installed, as such here's the Class GUID for most of printers in the market:
3. Our current scenario is focused on preventing all printers from being installed, as such here's the Class GUID for most of printers in the market:
> Printers\
> Class = Printer\
@ -349,7 +341,7 @@ Creating the policy to prevent all printers from being installed:
1. Open Group Policy Object Editor—either click the Start button, type mmc gpedit.msc in the Start Search box, and then press ENTER; or type in the Windows search “Group Policy Editor” and open the UI.
2. Navigate to the Device Installation Restriction page:
2. Navigate to the Device Installation Restriction page:
> Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions
@ -627,12 +619,12 @@ These devices are internal devices on the machine that define the USB port conne
> [!IMPORTANT]
> Some device in the system have several layers of connectivity to define their installation on the system. USB thumb-drives are such devices. Thus, when looking to either block or allow them on a system, it's important to understand the path of connectivity for each device. There are several generic Device IDs that are commonly used in systems and could provide a good start to build an Allow list in such cases. See below for the list:
>
> PCI\CC_0C03; PCI\CC_0C0330; PCI\VEN_8086; PNP0CA1; PNP0CA1&HOST (for Host Controllers)/
>
> PCI\CC_0C03; PCI\CC_0C0330; PCI\VEN_8086; PNP0CA1; PNP0CA1&HOST (for Host Controllers)/
> USB\ROOT_HUB30; USB\ROOT_HUB20 (for USB Root Hubs)/
> USB\USB20_HUB (for Generic USB Hubs)/
>
> Specifically for desktop machines, it's very important to list all the USB devices that your keyboards and mice are connected through in the above list. Failing to do so could block a user from accessing its machine through HID devices.
>
> Specifically for desktop machines, it's very important to list all the USB devices that your keyboards and mice are connected through in the above list. Failing to do so could block a user from accessing its machine through HID devices.
>
> Different PC manufacturers sometimes have different ways to nest USB devices in the PnP tree, but in general this is how it's done.

Some files were not shown because too many files have changed in this diff Show More