deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 05:13:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into atp-powerbi-update

Browse Source
This commit is contained in:
Joey Caparas
2018-11-26 12:50:19 -08:00
parent ff2434eb5e c42da285e5
commit 586c5c51ce
31 changed files with 376 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
View File

@ -16,7 +16,7 @@ To install the management server on a standalone computer and connect it to the
1. Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation, run **appv\_server\_setup.exe** as an administrator, then select **Install**.
2. On the **Getting Started** page, review and accept the license terms, then select **Next**.
3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft Udpate, select **Use Microsoft Update when I check for updates (recommended)**. To disable Microsoft Update, select **I dont want to use Microsoft Update**, then select **Next**.
3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft Update, select **Use Microsoft Update when I check for updates (recommended)**. To disable Microsoft Update, select **I dont want to use Microsoft Update**, then select **Next**.
4. On the **Feature Selection** page, select the **Management Server** checkbox, then select **Next**.
5. On the **Installation Location** page, accept the default location, then select **Next**.
6. On the **Configure Existing Management Database** page, select **Use a remote SQL Server**, then enter the computer running Microsoft SQL's machine name, such as ```SqlServerMachine```.

1
windows/client-management/TOC.md
View File

@ -16,5 +16,6 @@
### [Advanced troubleshooting 802.1x authentication](advanced-troubleshooting-802-authentication.md)
### [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)
### [Advanced troubleshooting Wireless Network Connectivity](advanced-troubleshooting-wireless-network-connectivity.md)
### [Advanced troubleshooting for Windows-based computer freeze issues](troubleshoot-windows-freeze.md)
## [Mobile device management for solution providers](mdm/index.md)
## [Change history for Client management](change-history-for-client-management.md)

6
windows/client-management/change-history-for-client-management.md
View File

@ -16,6 +16,12 @@ ms.date: 09/12/2017
This topic lists new and updated topics in the [Client management](index.md) documentation for Windows 10 and Windows 10 Mobile.
## November 2018
New or changed topic | Description
--- | ---
[Advanced troubleshooting for Windows-based computer freeze issues](troubleshoot-windows-freeze.md) | New
## RELEASE: Windows 10, version 1709
The topics in this library have been updated for Windows 10, version 1709 (also known as the Fall Creators Update).

8
windows/client-management/mdm/diagnosticlog-ddf.md
View File

@ -25,7 +25,7 @@ The content below are the latest versions of the DDF files:
## <a href="" id="version-1-2"></a>DiagnosticLog CSP version 1.2
``` syntax
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
"http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
@ -502,7 +502,7 @@ The content below are the latest versions of the DDF files:
<Replace />
</AccessType>
<DefaultValue>4</DefaultValue>
<Description>This node is used for setting or getting the block size (in Kilobytes) for the download of assoicated log file. The value range is 1~16. Default value is 4.</Description>
<Description>This node is used for setting or getting the block size (in Kilobytes) for the download of associated log file. The value range is 1~16. Default value is 4.</Description>
<DFFormat>
<int />
</DFFormat>
@ -634,7 +634,7 @@ The content below are the latest versions of the DDF files:
## <a href="" id="version-1-3"></a>DiagnosticLog CSP version 1.3
``` syntax
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
"http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
@ -1153,7 +1153,7 @@ The content below are the latest versions of the DDF files:
<Replace />
</AccessType>
<DefaultValue>4</DefaultValue>
<Description>This node is used for setting or getting the block size (in Kilobytes) for the download of assoicated log file. The value range is 1~16. Default value is 4.</Description>
<Description>This node is used for setting or getting the block size (in Kilobytes) for the download of associated log file. The value range is 1~16. Default value is 4.</Description>
<DFFormat>
<int />
</DFFormat>

4
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -1255,7 +1255,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
<li>WindowsDefenderSecurityCenter/HideSecureBoot</li>
<li>WindowsDefenderSecurityCenter/HideTPMTroubleshooting</li>
</ul>
<p>Security/RequireDeviceEncrption - updated to show it is supported in desktop.</p>
<p>Security/RequireDeviceEncryption - updated to show it is supported in desktop.</p>
</tr>
<tr class="odd">
<td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
@ -2335,7 +2335,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
<li>Settings/AllowOnlineTips</li>
<li>System/DisableEnterpriseAuthProxy </li>
</ul>
<p>Security/RequireDeviceEncrption - updated to show it is supported in desktop.</p>
<p>Security/RequireDeviceEncryption - updated to show it is supported in desktop.</p>
</tr>
<tr class="odd">
<td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>

2
windows/client-management/mdm/policy-csp-power.md
View File

@ -664,7 +664,7 @@ If you enable this policy setting, you must provide a value, in seconds, indicat
If you disable or do not configure this policy setting, users control this setting.
If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occurring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
<!--/Description-->
> [!TIP]

287
windows/client-management/troubleshoot-windows-freeze.md Normal file
View File

@ -0,0 +1,287 @@
---
title: Advanced troubleshooting for Windows-based computer freeze issues
description: Learn how to troubleshoot computer freeze issues.
ms.prod: w10
ms.mktglfcycl:
ms.sitesec: library
ms.topic: troubleshooting
author: kaushika-msft
ms.localizationpriority: medium
ms.author: elizapo
ms.date: 11/26/2018
---
# Advanced troubleshooting for Windows-based computer freeze issues
This article describes how to troubleshoot freeze issues on Windows-based computers and servers. It also provides methods for collecting data that will help administrators or software developers diagnose, identify, and fix these issues.
> [!Note]
> The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
## Identify the problem
* Which computer is freezing? (Example: The impacted computer is a physical server, virtual server, and so on.)
* What operation was being performed when the freezes occurred? (Example: This issue occurs when you shut down GUI, perform one or more operations, and so on.)
* How often do the errors occur? (Example: This issue occurs every night at 7 PM, every day around 7 AM, and so on.)
* On how many computers does this occur? (Example: All computers, only one computer, 10 computers, and so on.)
## Troubleshoot the freeze issues
To troubleshoot the freeze issues, check the current status of your computer, and follow one of the following methods.
### For the computer that's still running in a frozen state
If the physical computer or the virtual machine is still freezing, use one or more of the following methods for troubleshooting:
* Try to access the computer through Remote Desktop, Citrix, and so on.
* Use the domain account or local administrator account to log on the computer by using one of the Remote Physical Console Access features, such as Dell Remote Access Card (DRAC), HP Integrated Lights-Out (iLo), or IBM Remote supervisor adapter (RSA).
* Test ping to the computer. Packet dropping and high network latency may be observed.
* Access administrative shares (\\\\**ServerName**\\c$).
* Press Ctrl + Alt + Delete command and check response.
* Try to use Remote Admin tools such as Computer Management, remote Server Manager, and Wmimgmt.msc.
### For the computer that is no longer frozen
If the physical computer or virtual machine froze but is now running in a good state, use one or more of the following methods for troubleshooting.
#### For a physical computer
* Review the System and Application logs from the computer that is having the issue. Check the event logs for the relevant Event ID:
- Application event log : Application Error (suggesting Crash or relevant System Process)
- System Event logs, Service Control Manager Error event IDs for Critical System Services
- Error Event IDs 2019/2020 with source Srv/Server
* Generate a System Diagnostics report by running the perfmon /report command.
#### For a virtual machine
* Review the System and Application logs from the computer that is having the issue.
* Generate a System Diagnostics report by running the perfmon /report command.
* Check history in virtual management monitoring tools.
## More Information
### Collect data for the freeze issues
To collect data for a server freeze, check the following table, and use one or more of the suggested methods.
|Computer type and state |Data collection method |
|-------------------------|--------------------|
|A physical computer that's running in a frozen state|[Use a memory dump file to collect data](#use-memory-dump-to-collect-data-for-the-physical-computer-thats-running-in-a-frozen-state). Or use method 2, 3, or 4. These methods are listed later in this section.|
|A physical computer that is no longer frozen|Use method 1, 2, 3, or 4. These methods are listed later in this section. And [use Pool Monitor to collect data](#use-pool-monitor-to-collect-data-for-the-physical-computer-that-is-no-longer-frozen).|
|A virtual machine that's running in a frozen state|Hyper-V or VMware: [Use a memory dump file to collect data for the virtual machine that's running in a frozen state](#use-memory-dump-to-collect-data-for-the-virtual-machine-thats-running-in-a-frozen-state). <br /> XenServer: Use method 1, 2, 3, or 4. These methods are listed later in this section.|
|A virtual machine that is no longer frozen|Use method 1, 2, 3, or 4. These methods are listed later in this section.|
#### Method 1: Memory dump
> [!Note]
> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur.
A complete memory dump file records all the contents of system memory when the computer stops unexpectedly. A complete memory dump file may contain data from processes that were running when the memory dump file was collected.
If the computer is no longer frozen and now is running in a good state, use the following steps to enable memory dump so that you can collect memory dump when the freeze issue occurs again. If the virtual machine is still running in a frozen state, use the following steps to enable and collect memory dump.
> [!Note]
> If you have a restart feature that is enabled on the computer, such as the Automatic System Restart (ASR) feature in Compaq computers, disable it. This setting is usually found in the BIOS. With this feature enabled, if the BIOS doesn't detect a heartbeat from the operating system, it will restart the computer. The restart can interrupt the dump process.
1. Make sure that the computer is set up to get a complete memory dump file. To do this, follow these steps:
1. Go to **Run** and enter `Sysdm.cpl`, and then press enter.
2. In **System Properties**, on the **Advanced** tab, select **Performance** \> **Settings** \> **Advanced**, and then check or change the virtual memory by clicking **Change**.
2. Go back to **System Properties** \> **Advanced** \> **Settings** in **Startup and Recovery**.
3. In the **Write Debugging Information** section, select **Complete Memory Dump**.
> [!Note]
> For Windows versions that are earlier than Windows 8 or Windows Server 2012, the Complete Memory Dump type isn't available in the GUI. You have to change it in Registry Editor. To do this, change the value of the following **CrashDumpEnabled** registry entry to **1** (REG_DWORD):
><br**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled**
4. Select **Overwrite any existing file**.
5. Make sure that there's a paging file (pagefile.sys) on the system drive and that its at least 100 megabytes (MB) over the installed RAM (Initial and Maximum Size).
Additionally, you can use the workaround for [space limitations on the system drive in Windows Server 2008](#space-limitations-on-the-system-drive-in-windows-server-2008).
6. Make sure that there's more freed-up space on the hard disk drives than there is physical RAM.
2. Enable the CrashOnCtrlScroll registry value to allow the system to generate a dump file by using the keyboard. To do this, follow these steps:
1. Go to Registry Editor, and then locate the following registry keys:
* `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters`
* `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters`
2. Create the following CrashOnCtrlScroll registry entry in the two registry keys:
- **Value Name**: `CrashOnCtrlScroll`
- **Data Type**: `REG_DWORD`
- **Value**: `1`
3. Exit Registry Editor.
4. Restart the computer.
3. On some physical computers, you may generate a nonmakeable interruption (NMI) from the Web Interface feature (such as DRAC, iLo, and RSA). However, by default, this setting will stop the system without creating a memory dump.
To allow the operating system to generate a memory dump file at an NMI interruption, set the value of the [NMICrashDump](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc783271(v=ws.10)) registry entry to `1` (REG_DWORD). Then, restart the computer to apply this change.
> [!Note]
> This is applicable only for Windows 7, Windows Server 2008 R2, and earlier versions of Windows. For Windows 8 Windows Server 2012, and later versions of Windows, the NMICrashDump registry key is no longer required, and an NMI interruption will result in [a Stop error that follows a memory dump data collection](https://support.microsoft.com/help/2750146).
4. When the computer exhibits the problem, hold down the right **Ctrl** key, and press the **Scroll Lock** key two times to generate a memory dump file.
> [!Note]
> By default, the dump file is located in the following path:<br />
> %SystemRoot%\MEMORY.DMP
#### Method 2: Data sanity check
Use the Dump Check Utility (Dumpchk.exe) to read a memory dump file or verify that the file was created correctly. You can use the Microsoft DumpChk (Crash Dump File Checker) tool to verify that the memory dump files are not corrupted or invalid.
- [Using DumpChk]( https://docs.microsoft.com/windows-hardware/drivers/debugger/dumpchk)
- [Download DumpCheck](https://developer.microsoft.com/windows/downloads/windows-10-sdk)
Learn how to use Dumpchk.exe to check your dump files:
> [!video https://www.youtube-nocookie.com/embed/xN7tOfgNKag]
#### Method 3: Performance Monitor
You can use Windows Performance Monitor to examine how programs that you run affect your computer's performance, both in real time and by collecting log data for later analysis. To create performance counter and event trace log collections on local and remote systems, run the following commands in a command prompt as administrator:
```cmd
Logman create counter LOGNAME_Long -u DOMAIN\USERNAME * -f bincirc -v mmddhhmm -max 500 -c "\\COMPUTERNAME\LogicalDisk(*)\*" "\\COMPUTERNAME\Memory\*" "\\COMPUTERNAME\Network Interface(*)\*" "\\COMPUTERNAME\Paging File(*)\*" "\\COMPUTERNAME\PhysicalDisk(*)\*" "\\COMPUTERNAME\Process(*)\*" "\\COMPUTERNAME\Redirector\*" "\\COMPUTERNAME\Server\*" "\\COMPUTERNAME\System\*" "\\COMPUTERNAME\Terminal Services\*" "\\COMPUTERNAME\Processor(*)\*" "\\COMPUTERNAME\Cache\*" -si 00:05:00
```
```cmd
Logman create counter LOGNAME_Short -u DOMAIN\USERNAME * -f bincirc -v mmddhhmm -max 500 -c "\\COMPUTERNAME\LogicalDisk(*)\*" "\\COMPUTERNAME\Memory\*" "\\COMPUTERNAME\Network Interface(*)\*" "\\COMPUTERNAME\Paging File(*)\*" "\\COMPUTERNAME\PhysicalDisk(*)\*" "\\COMPUTERNAME\Process(*)\*" "\\COMPUTERNAME\Redirector\*" "\\COMPUTERNAME\Server\*" "\\COMPUTERNAME\System\*" "\\COMPUTERNAME\Terminal Services\*" "\\COMPUTERNAME\Processor(*)\*" "\\COMPUTERNAME\Cache\*" -si 00:00:10
```
Then, you can start or stop the log by running the following commands:
```cmd
logman start LOGNAME_Long / LOGNAME_Short
logman stop LOGNAME_Long / LOGNAME_Short
```
The Performance Monitor log is located in the path: C:\PERFLOGS
#### Method 4: Microsoft Support Diagnostics
1. In the search box of the [Microsoft Support Diagnostics Self-Help Portal](https://home.diagnostics.support.microsoft.com/selfhelp), type Windows Performance Diagnostic.
2. In the search results, select **Windows Performance Diagnostic**, and then click **Create**.
3. Follow the steps of the diagnostic.
### Additional methods to collect data
#### Use memory dump to collect data for the physical computer that's running in a frozen state
> [!Warning]
> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur.
If the physical computer is still running in a frozen state, follow these steps to enable and collect memory dump:
1. Make sure that the computer is set up to get a complete memory dump file and that you can access it through the network. To do this, follow these steps:
> [!Note]
> If it isn't possible to access the affected computer through the network, try to generate a memory dump file through NMI interruption. The result of the action may not collect a memory dump file if some of the following settings aren't qualified.
1. Try to access the desktop of the computer by any means.
> [!Note]
> In case accessing the operating system isn't possible, try to access Registry Editor on the computer remotely in order to check the type of memory dump file and page file with which the computer is currently configured.
2. From a remote computer that is preferably in the same network and subnet, go to **Registry Editor** \> **Connect Network Registry**. Then, connect to the concerned computer, and verify the following settings:
* ` `*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\CrashDumpEnabled`
Make sure that the [CrashDumpEnabled](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-2000-server/cc976050(v=technet.10)) registry entry is `1`.
* `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\NMICrashDump`
On some physical servers, if the NMICrashDump registry entry exists and its value is `1`, you may take advantage of the NMI from the remote management capabilities (such as DRAC, iLo, and RSA).
* `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PagingFiles and ExistingPageFiles`
If the value of the **Pagefile** registry entry is system managed, the size won't be reflected in the registry (Example value: ?:\pagefile.sys).
If the page file is customized, the size will be reflected in the registry, such as ?:\pagefile.sys 1024 1124 where 1024 is the initial size and 1124 is the max size.
> [!Note]
> If the size isn't reflected in the Registry, try to access an Administrative share where the page file is located (such as \\\\**ServerName**\C$).
3. Make sure that there's a paging file (pagefile.sys) on the system drive of the computer, and it's at least 100 MB over the installed RAM.
4. Make sure that there's more free space on the hard disk drives of the computer than there is physical RAM.
2. Enable the **CrashOnCtrlScroll** registry value on the computer to allow the system to generate a dump file by using the keyboard. To do this, follow these steps:
1. From a remote computer preferably in the same network and subnet, go to Registry Editor \> Connect Network Registry. Connect to the concerned computer and locate the following registry keys:
* `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters`
* `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters`
2. Create the following CrashOnCtrlScroll registry entry in the two registry keys:
**Value Name**: `CrashOnCtrlScroll`
**Data Type**: `REG_DWORD`
**Value**: `1`
3. Exit Registry Editor.
4. Restart the computer.
3. When the computer exhibits the problem, hold down the right **CTRL** key, and press the **Scroll Lock** key two times to generate a memory dump.
> [!Note]
> By default, the dump file is located in the path: %SystemRoot%\MEMORY.DMP
#### Use Pool Monitor to collect data for the physical computer that is no longer frozen
Pool Monitor shows you the number of allocations and outstanding bytes of allocation by type of pool and the tag that is passed into calls of ExAllocatePoolWithTag.
Learn [how to use Pool Monitor](https://support.microsoft.com/help/177415) and how to [use the data to troubleshoot pool leaks](http://blogs.technet.com/b/markrussinovich/archive/2009/03/26/3211216.aspx).
#### Use memory dump to collect data for the virtual machine that's running in a frozen state
Use the one of the following methods for the application on which the virtual machine is running.
##### Microsoft Hyper-V
If the virtual machine is running Windows 8, Windows Server 2012, or a later version of Windows on Microsoft Hyper-V Server 2012, you can use the built-in NMI feature through a [Debug-VM](https://docs.microsoft.com/previous-versions/windows/powershell-scripting/dn464280(v=wps.630)) cmdlet to debug and get a memory dump.
To debug the virtual machines on Hyper-V, run the following cmdlet in Windows PowerShell:
```powershell
Debug-VM -Name "VM Name" -InjectNonMaskableInterrupt -ComputerName Hostname
```
> [!Note]
> This method is applicable only to Windows 8, Windows Server 2012, and later versions of Windows virtual machines. For the earlier versions of Windows, see methods 1 through 4 that are described earlier in this section.
##### VMware
You can use VMware Snapshots or suspend state and extract a memory dump file equivalent to a complete memory dump file. By using [Checkpoint To Core Tool (vmss2core)](https://labs.vmware.com/flings/vmss2core), you can convert both suspend (.vmss) and snapshot (.vmsn) state files to a dump file and then analyze the file by using the standard Windows debugging tools.
##### Citrix XenServer
The memory dump process occurs by pressing the RIGHT CTRL + SCROLL LOCK + SCROLL LOCK keyboard combination that's described in Method 1 and on [the Citrix site](http://support.citrix.com/article/ctx123177).
## Space limitations on the system drive in Windows Server 2008
On Windows Server 2008, you may not have enough free disk space to generate a complete memory dump file on the system volume. There's a [hotfix](https://support.microsoft.com/help/957517) that allows for the data collection even though there isn't sufficient space on the system drive to store the memory dump file.
Additionally, on Windows Server 2008 Service Pack (SP2), there's a second option if the system drive doesn't have sufficient space. Namely, you can use the DedicatedDumpFile registry entry. To learn how to use the registry entry, see [New behavior in Windows Vista and Windows Server 2008](https://support.microsoft.com/help/969028).
For more information, see [How to use the DedicatedDumpFile registry value to overcome space limitations on the system drive](http://blogs.msdn.com/b/ntdebugging/archive/2010/04/02/how-to-use-the-dedicateddumpfile-registry-value-to-overcome-space-limitations-on-the-system-drive-when-capturing-a-system-memory-dump.aspx).

2
windows/client-management/windows-version-search.md
View File

@ -15,7 +15,7 @@ ms.date: 04/30/2018
To determine if your device is enrolled in the [Long-Term Servicing Channel](https://docs.microsoft.com/windows/deployment/update/waas-overview#servicing-channels) (LTSC, formerly LTSB) or the [Semi-Annual Channel](https://docs.microsoft.com/windows/deployment/update/waas-overview#servicing-channels) (SAC) you'll need to know what version of Windows 10 you're running. There are a few ways to figure this out. Each method provides a different set of details, so its useful to learn about all of them.
## System Properties
Click **Start** > **Settings** > **Settings** > click **About** from the bottom of the left-hand menu
Click **Start** > **Settings** > **System** > click **About** from the bottom of the left-hand menu
You'll now see **Edition**, **Version**, and **OS Build** information. Something like this:

2
windows/configuration/kiosk-policies.md
View File

@ -61,7 +61,7 @@ Remove All Programs list from the Start Menu | Enabled Remove and disable s
Prevent access to drives from My Computer | Enabled - Restrict all drivers
>[!NOTE]
>When **Prevent access to drives from My Computer** is enabled, users can browse the directory structure in File Explorer, but they cannot open folders and access the contents. Also, they cannot use the **Run** dialog box or the **Map Network Drive** dialog box to view the directories on these drives. The icons representing the specified drives still appear in File Explorer, but if users double-click the icons, a message appears expalining that a setting prevents the action. This setting does not prevent users from using programs to access local and network drives. It does not prevent users from using the Disk Management snap-in to view and change drive characteristics.
>When **Prevent access to drives from My Computer** is enabled, users can browse the directory structure in File Explorer, but they cannot open folders and access the contents. Also, they cannot use the **Run** dialog box or the **Map Network Drive** dialog box to view the directories on these drives. The icons representing the specified drives still appear in File Explorer, but if users double-click the icons, a message appears explaining that a setting prevents the action. This setting does not prevent users from using programs to access local and network drives. It does not prevent users from using the Disk Management snap-in to view and change drive characteristics.

4
windows/configuration/lock-down-windows-10-to-specific-apps.md
View File

@ -315,7 +315,7 @@ The following example hides the taskbar:
```
>[!IMPORTANT]
>The kiosk profile is designed for public-facing kiosk devices. We recommend that you use a local, non-administrator account. If the device is connected to your company network, using a domain or Azure Active Direcotry account could potentially compromise confidential information.
>The kiosk profile is designed for public-facing kiosk devices. We recommend that you use a local, non-administrator account. If the device is connected to your company network, using a domain or Azure Active Directory account could potentially compromise confidential information.
#### Configs
@ -619,7 +619,7 @@ Remove All Programs list from the Start Menu | Enabled Remove and disable s
Prevent access to drives from My Computer | Enabled - Restrict all drivers
>[!NOTE]
>When **Prevent access to drives from My Computer** is enabled, users can browse the directory structure in File Explorer, but they cannot open folders and access the contents. Also, they cannot use the **Run** dialog box or the **Map Network Drive** dialog box to view the directories on these drives. The icons representing the specified drives still appear in File Explorer, but if users double-click the icons, a message appears expalining that a setting prevents the action. This setting does not prevent users from using programs to access local and network drives. It does not prevent users from using the Disk Management snap-in to view and change drive characteristics.
>When **Prevent access to drives from My Computer** is enabled, users can browse the directory structure in File Explorer, but they cannot open folders and access the contents. Also, they cannot use the **Run** dialog box or the **Map Network Drive** dialog box to view the directories on these drives. The icons representing the specified drives still appear in File Explorer, but if users double-click the icons, a message appears explaining that a setting prevents the action. This setting does not prevent users from using programs to access local and network drives. It does not prevent users from using the Disk Management snap-in to view and change drive characteristics.

2
windows/deployment/deploy-whats-new.md
View File

@ -26,7 +26,7 @@ This topic provides an overview of new solutions and online content related to d
## The Modern Desktop Deployment Center
The [Modern Destop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home) has launched with tons of content to help you with large-scale deployment of Windows 10 and Office 365 ProPlus.
The [Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home) has launched with tons of content to help you with large-scale deployment of Windows 10 and Office 365 ProPlus.
## Windows 10 servicing and support

2
windows/deployment/planning/windows-10-enterprise-faq-itpro.md
View File

@ -1,7 +1,7 @@
---
title: Windows 10 Enterprise FAQ for IT pros (Windows 10)
description: Get answers to common questions around compatibility, installation, and support for Windows 10 Enterprise.
keywords: Windows 10 Enterprise, download, system requirements, drivers, appcompat, manage udpates, Windows as a service, servicing channels, deployment tools
keywords: Windows 10 Enterprise, download, system requirements, drivers, appcompat, manage updates, Windows as a service, servicing channels, deployment tools
ms.prod: w10
ms.mktglfcycl: plan
ms.localizationpriority: medium

4
windows/deployment/update/waas-servicing-differences.md
View File

@ -51,7 +51,7 @@ This cumulative update model for Windows 10 has helped provide the Windows ecosy
- Windows 7 and other legacy operating systems have cumulative updates that operate differently than in Windows 10 (see next section).
## Windows 7 and legacy OS versions
While Windows 10 updates could have been controlled as cumulative from "Day 1," the legacy OS ecosystem for both client and server was highly fragmented. Recognizing the challenges of update quality in aa fragmented environment, we moved Windows 7 to a cumulative update model in October 2016.
While Windows 10 updates could have been controlled as cumulative from "Day 1," the legacy OS ecosystem for both client and server was highly fragmented. Recognizing the challenges of update quality in a fragmented environment, we moved Windows 7 to a cumulative update model in October 2016.
Customers saw the LCU model used for Windows 10 as having packages that were too large and represented too much of a change for legacy operating systems, so a different model was implemented. Windows instead offered two cumulative package types for all legacy operating systems: Monthly Rollups and Security-only updates.
@ -103,4 +103,4 @@ In closing, I hope this overview of the update model across current and legacy W
- [Simplified servicing for Windows 7 and Windows 8.1: the latest improvements](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/Simplified-servicing-for-Windows-7-and-Windows-8-1-the-latest/ba-p/166798)
- [Windows Server 2008 SP2 servicing changes](https://cloudblogs.microsoft.com/windowsserver/2018/06/12/windows-server-2008-sp2-servicing-changes/)
- [Windows 10 update servicing cadence](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376)
- [Windows 7 servicing stack updates: managing change and appreciating cumulative updates](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-7-servicing-stack-updates-managing-change-and/ba-p/260434)
- [Windows 7 servicing stack updates: managing change and appreciating cumulative updates](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-7-servicing-stack-updates-managing-change-and/ba-p/260434)

2
windows/deployment/volume-activation/activate-using-key-management-service-vamt.md
View File

@ -52,7 +52,7 @@ To enable KMS functionality, a KMS key is installed on a KMS host; then, the hos
For more information, see the information for Windows 7 in [Deploy KMS Activation](https://go.microsoft.com/fwlink/p/?LinkId=717032).
## Key Management Service in Windows Server 2012 R2
Installing a KMS host key on a computer running Windows Server allows you to activate computers running Windows Server 2012 R2, Windows Sever 2008 R2, Windows Server 2008, Windows 10, Windows 8.1, Windows 7, and Windows Vista.
Installing a KMS host key on a computer running Windows Server allows you to activate computers running Windows Server 2012 R2, Windows Server 2008 R2, Windows Server 2008, Windows 10, Windows 8.1, Windows 7, and Windows Vista.
**Note**  
You cannot install a client KMS key into the KMS in Windows Server.

46
windows/deployment/windows-autopilot/intune-connector.md
View File

@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
ms.author: greg-lindsay
ms.date: 11/13/2018
ms.date: 11/26/2018
---
@ -23,44 +23,30 @@ In this preview version of the Intune Connector, you might receive an error mess
**0x80070658 - Error applying transforms. Verify that the specified transform paths are valid.**
See the following example:
![Connector error](images/connector-fail.png)
An [example](#example) of the error message is displayed at the bottom of this topic.
This error can be resolved by ensuring that the member server where Intune Connector is running has one of the following language packs installed and configured to be the default keyboard layout:
en-US<br>
cs-CZ<br>
da-DK<br>
de-DE<br>
el-GR<br>
es-ES<br>
fi-FI<br>
fr-FR<br>
hu-HU<br>
it-IT<br>
ja-JP<br>
ko-KR<br>
nb-NO<br>
nl-NL<br>
pl-PL<br>
pt-BR<br>
ro-RO<br>
ru-RU<br>
sv-SE<br>
tr-TR<br>
zh-CN<br>
zh-TW
| | | | | | | | | | | |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| en-US | cs-CZ | da-DK | de-DE | el-GR | es-ES | fi-FI | fr-FR | hu-HU | it-IT | ja-JP |
| ko-KR | nb-NO | nl-NL | pl-PL | pt-BR | ro-RO | ru-RU | sv-SE | tr-TR | zh-CN | zh-TW |
This solution is a workaround and will be fully resolved in a future release of the Intune Connector.
>[!NOTE]
>After installing the Intune Connector, you can restore the keyboard layout to its previous settings.<br>
>This solution is a workaround and will be fully resolved in a future release of the Intune Connector.
To change the default keyboard layout:
1. Click **Settings > Time & language > Region and language**
2. Select one of the languages listed above and choose **Set as default**.
Note: If the language you need isn't listed, you can add additional languages by selecting **Add a language**.
If the language you need isn't listed, you can add additional languages by selecting **Add a language**.
## Example
The following is an example of the error message that can be displayed if one of the listed languages is not used during setup:
![Connector error](images/connector-fail.png)

2
windows/hub/index.md
View File

@ -71,7 +71,7 @@ The Windows 10 operating system introduces a new way to build, deploy, and servi
These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time.
- [Read more about Windows as a Service](/windows/deployment/update/waas-overview)
- [Read how much space does Windows 10 take](https://www.microsoft.com/en-us/windows/windows-10-specifications)
## Related topics
[Windows 10 TechCenter](https://go.microsoft.com/fwlink/?LinkId=620009)

4
windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md
View File

@ -19,7 +19,7 @@ Windows Hello for Business authentication is passwordless, two-factor authentica
Azure Active Directory joined devices authenticate to Azure during sign-in and can optional authenticate to Active Directory. Hybrid Azure Active Directory joined devices authenticate to Active Directory during sign-in, and authenticate to Azure Active Directory in the background.<br>
[Azure AD join authentication to Azure Active Directory](#Azure-AD-join-authentication-to-Azure-Active-Directory)<br>
[Azure AD join authentication to Active Direcotry using a Key](#Azure-AD-join-authentication-to-Active-Direcotry-using-a-Key)<br>
[Azure AD join authentication to Active Directory using a Key](#Azure-AD-join-authentication-to-Active-Directory-using-a-Key)<br>
[Azure AD join authentication to Active Directory using a Certificate](#Azure-AD-join-authentication-to-Active-Directory-using-a-Certificate)<br>
[Hybrid Azure AD join authentication using a Key](#Hybrid-Azure-AD-join-authentication-using-a-Key)<br>
[Hybrid Azure AD join authentication using a Certificate](#Hybrid-Azure-AD-join-authentication-using-a-Certificate)<br>
@ -38,7 +38,7 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c
[Return to top](#Windows-Hello-for-Business-and-Authentication)
## Azure AD join authentication to Active Directory using a Key
![Azure AD join authentication to Active Direotory using a Key](images/howitworks/auth-aadj-keytrust-kerb.png)
![Azure AD join authentication to Active Directory using a Key](images/howitworks/auth-aadj-keytrust-kerb.png)
| Phase | Description |

2
windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
View File

@ -65,7 +65,7 @@ To create a WDAC policy, copy each of the following commands into an elevated Wi
ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin
```
After you complete these steps, the WDAC binary file (DeviceGuardPolicy.bin) and original .xml file (IntialScan.xml) will be available on your desktop. You can use the binary file as a WDAC policy or sign it for additional security.
After you complete these steps, the WDAC binary file (DeviceGuardPolicy.bin) and original .xml file (InitialScan.xml) will be available on your desktop. You can use the binary file as a WDAC policy or sign it for additional security.
> [!Note]
> We recommend that you keep the original .xml file of the policy for use when you need to merge the WDAC policy with another policy or update its rule options. Alternatively, you would have to create a new policy from a new scan for servicing. For more information about how to merge WDAC policies, see [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md).

8
windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md
View File

@ -17,7 +17,7 @@ ms.date: 12/08/2017
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
[!include[Prerelease<EFBFBD>information](prerelease.md)]
[!include[Prerelease information](prerelease.md)]
Represents an alert entity in WDATP.
@ -51,12 +51,12 @@ assignedTo | String | Owner of the alert
classification | String | Specification of the alert. The property values are: 'Unknown', 'FalsePositive', 'TruePositive'.
determination | String | Specifies the determination of the alert. The property values are: 'NotAvailable', 'Apt', 'Malware', 'SecurityPersonnel', 'SecurityTesting', 'UnwantedSoftware', 'Other'
resolvedTime | DateTimeOffset | The date and time in which the status of the alert was changed to 'Resolved'.
lastEventTime | DateTimeOffset | The last occurance of the event that triggered the alert on the same machine.
firstEventTime | DateTimeOffset | The first occurance of the event that triggered the alert on that machine.
lastEventTime | DateTimeOffset | The last occurrence of the event that triggered the alert on the same machine.
firstEventTime | DateTimeOffset | The first occurrence of the event that triggered the alert on that machine.
machineId | String | ID of a [machine](machine-windows-defender-advanced-threat-protection-new.md) entity that is associated with the alert.
# JSON representation
```
```json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Alerts",
"id": "636688558380765161_2136280442",

4
windows/security/threat-protection/windows-defender-atp/files-windows-defender-advanced-threat-protection-new.md
View File

@ -15,7 +15,7 @@ ms.date: 12/08/2017
# File resource type
[!include[Prerelease<EFBFBD>information](prerelease.md)]
[!include[Prerelease information](prerelease.md)]
Represent a file entity in WDATP.
@ -34,7 +34,7 @@ Property | Type | Description
sha1 | String | Sha1 hash of the file content
sha256 | String | Sha256 hash of the file content
md5 | String | md5 hash of the file content
globalPrevalence | Integer | File prevalence accross organization
globalPrevalence | Integer | File prevalence across organization
globalFirstObserved | DateTimeOffset | First time the file was observed.
globalLastObserved | DateTimeOffset | Last time the file was observed.
size | Integer | Size of the file.

2
windows/whats-new/whats-new-windows-10-version-1803.md
View File

@ -234,4 +234,4 @@ Support in [Windows Defender Application Guard](#windows-defender-application-gu
[What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See whats new in other versions of Windows 10.<br>
[What's new in Windows 10, version 1709](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See whats new in Windows 10 hardware.<br>
[Windows 10 Fall Creators Update Next Generation Security](https://www.youtube.com/watch?v=JDGMNFwyUg8): YouTube video about Windows Defender ATP in Windows 10, version 1709.
[How to take a screenshot on pc without any app](https://rahulit.com/how-to-take-a-screenshot-on-a-dell-laptop/)