deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merged PR 14011: merging to live

Browse Source
This commit is contained in:
Justin Hall 2019-01-28 18:09:55 +00:00
commit 58952212cc
32 changed files with 61 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
devices/surface/microsoft-surface-brightness-control.md
View File

@ -49,12 +49,12 @@ documentation](https://docs.microsoft.com/windows/desktop/sysinfo/registry).
| Registry Setting | Data| Description
|-----------|------------|---------------
| Brightness Control Enabled | Default: 01 <br> Option: 01, 00 | This setting allows you to turn Surface Brightness Control on or off. To disable Surface Brightness Control, set the value to 00. If you do not configure this setting, Surface Brightness Control is on. |
| Brightness Control On Power Enabled| Default: 01 <br> Options: 01, 00 | This setting allows you to turn off Surface Brightness Control when the device is directly connected to power. To disable Surface Brightness Control when power is plugged in, set the value to 00. If you do not configure this setting, Surface Brightness Control is on. |
| Dimmed Brightness | Default: 20 <br>Option: Range of 0-100 percent of screen brightness <br> Data Type: Positive integer | This setting allows you to manage brightness range during periods of inactivity. If you do not configure this setting, the brightness level will drop to 20 percent of full brightness after 30 seconds of inactivity. |
Full Brightness | Default: 100 <br>Option: Range of 0-100 percent of screen brightness <br> Data Type: Positive integer | This setting allows you to manage the maximum brightness range for the device. If you do not configure this setting, the maximum brightness range is 100 percent.|
| Inactivity Timeout| Default: 30 seconds <br>Option: Any numeric value <br>Data Type: Integer | This setting allows you to manage the period of inactivity before dimming the device. If you do not configure this setting, the inactivity timeout is 30 seconds.|
| Telemetry Enabled | Default: 01 <br>Option: 01, 00 | This setting allows you to manage the sharing of app usage information to improve software and provide better user experience. To disable telemetry, set the value to 00. If you do not configure this setting, telemetry information is shared with Microsoft in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). |
| Brightness Control Enabled | Default: 01 <br> Option: 01, 00 <br> Type: REG_BINARY | This setting allows you to turn Surface Brightness Control on or off. To disable Surface Brightness Control, set the value to 00. If you do not configure this setting, Surface Brightness Control is on. |
| Brightness Control On Power Enabled| Default: 01 <br> Options: 01, 00 <br> Type: REG_BINARY | This setting allows you to turn off Surface Brightness Control when the device is directly connected to power. To disable Surface Brightness Control when power is plugged in, set the value to 00. If you do not configure this setting, Surface Brightness Control is on. |
| Dimmed Brightness | Default: 20 <br>Option: Range of 0-100 percent of screen brightness <br> Data Type: Positive integer <br> Type: REG_DWORD | This setting allows you to manage brightness range during periods of inactivity. If you do not configure this setting, the brightness level will drop to 20 percent of full brightness after 30 seconds of inactivity. |
Full Brightness | Default: 100 <br>Option: Range of 0-100 percent of screen brightness <br> Data Type: Positive integer <br> Type: REG_DWORD | This setting allows you to manage the maximum brightness range for the device. If you do not configure this setting, the maximum brightness range is 100 percent.|
| Inactivity Timeout| Default: 30 seconds <br>Option: Any numeric value <br>Data Type: Integer <br> Type: REG_DWORD | This setting allows you to manage the period of inactivity before dimming the device. If you do not configure this setting, the inactivity timeout is 30 seconds.|
| Telemetry Enabled | Default: 01 <br>Option: 01, 00 <br> Type: REG_BINARY | This setting allows you to manage the sharing of app usage information to improve software and provide better user experience. To disable telemetry, set the value to 00. If you do not configure this setting, telemetry information is shared with Microsoft in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). |

2
mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md
View File

@ -14,7 +14,7 @@ ms.date: 07/25/2017
# Deploying Microsoft Office 2016 by Using App-V
Use the information in this article to use Microsoft Application Virtualization 5.0, or later versions, to deliver Microsoft Office 2016 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2013 by Using App-V](deploying-microsoft-office-2013-by-using-app-v.md). For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by Using App-V](deploying-microsoft-office-2010-by-using-app-v.md).
Use the information in this article to use Microsoft Application Virtualization 5.0, or later versions, to deliver Microsoft Office 2016 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2013, see [Deploying Microsoft Office 2013 by Using App-V](deploying-microsoft-office-2013-by-using-app-v.md). For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by Using App-V](deploying-microsoft-office-2010-by-using-app-v.md).
This topic contains the following sections:

4
windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
View File

@ -309,7 +309,7 @@ The following table shows local and roaming locations when folder redirection ha
The current App-V Client VFS driver can't write to network locations, so the App-V Client detects the presence of folder redirection and copies the data on the local drive during publishing and when the virtual environment starts. After the user closes the App-V application and the App-V Client closes the virtual environment, the local storage of the VFS AppData is copied back to the network, enabling roaming to additional machines, where the process will be repeated. Here's what happens during the process:
1. During publishing or virtual environment startup, the App-V Client detects the location of the AppData directory.
2. If the roaming AppData path is local or ino AppData\\Roaming location is mapped, nothing happens.
2. If the roaming AppData path is local or no AppData\\Roaming location is mapped, nothing happens.
3. If the roaming AppData path is not local, the VFS AppData directory is mapped to the local AppData directory.
This process solves the problem of a non-local %AppData% that is not supported by the App-V Client VFS driver. However, the data stored in this new location is not roamed with folder redirection. All changes during the running of the application happen to the local AppData location and must be copied to the redirected location. The process does the following things:
@ -399,7 +399,7 @@ The process then configures the client for package or connection group additions
7. Create the **Registry.dat** file from the package store to **%ProgramData%\\Microsoft\\AppV\\Client\\VReg\\{VersionGUID}.dat**.
8. Register the package with the App-V Kernal Mode Driver at **HKLM\\Microsoft\\Software\\AppV\\MAV**.
8. Register the package with the App-V Kernel Mode Driver at **HKLM\\Microsoft\\Software\\AppV\\MAV**.
9. Invoke scripting from the **AppxManifest.xml** or **DeploymentConfig.xml** file for Package Add timing.

4
windows/application-management/app-v/appv-auto-batch-updating.md
View File

@ -80,7 +80,7 @@ Updating multiple apps at the same time requires that you create a **ConfigFile*
## Update multiple apps with the App-V Sequencer interface
Updating multipe apps at the same time requires that you create a **ConfigFile** to collect all of the info related to each round of updating. This file is then used by the App-V Sequencer interface after creating a "clean" checkpoint on your VM.
Updating multiple apps at the same time requires that you create a **ConfigFile** to collect all of the info related to each round of updating. This file is then used by the App-V Sequencer interface after creating a "clean" checkpoint on your VM.
### Create your ConfigFile for use by the App-V Sequencer interface
@ -93,7 +93,7 @@ Updating multipe apps at the same time requires that you create a **ConfigFile**
- ```<Installer>```. The file name for the app executable. This will typically be an .exe or .msi file.
- ```<Package>```. The file path to the location of your App-V packages. These packages were created when you sequenced your apps.
- ```<TimeoutInMinutes>```. The maximum amount of time, in minutes, the cmdlet should wait for updating to complete. You can enter a different value for each app, based on the size and complexity of the app itself.
- ```<Cmdlet>```. Determines whether the sequencer uses the cmdlet or the App-V Sequencer interface. **True** tells the sequencer to usea cmdlet-based updating, while **False** tells the sequencer to use the App-V Sequencer interface. You can use both the cmdlet and the interface together in the same ConfigFile, for different apps.
- ```<Cmdlet>```. Determines whether the sequencer uses the cmdlet or the App-V Sequencer interface. **True** tells the sequencer to use cmdlet-based updating, while **False** tells the sequencer to use the App-V Sequencer interface. You can use both the cmdlet and the interface together in the same ConfigFile, for different apps.
- ```<Enabled>```. Indicates whether the app should be sequenced. **True** includes the app, while **False** ignores it. You can include as many apps as you want in the batch file, but optionally enable only a few of them.
**Example:**

2
windows/application-management/app-v/appv-capacity-planning.md
View File

@ -182,7 +182,7 @@ Discounting scaling and fault-tolerance requirements, the minimum number of serv
Ignoring scaling requirements, the minimum number of servers that a fault-tolerant implementation needs to function is four. The management server and Microsoft SQL Server roles support placement in fault-tolerant configurations. The management server service can be combined with any of the roles, but remains a single point of failure.
Although there are many fault-tolerance strategies and technologies you can use, not all are applicable to a given service. Additionally, if App-V roles are combined, the resulting incompatabilities could cause certain fault-tolerance options to stop working.
Although there are many fault-tolerance strategies and technologies you can use, not all are applicable to a given service. Additionally, if App-V roles are combined, the resulting incompatibilities could cause certain fault-tolerance options to stop working.
## Have a suggestion for App-V?

2
windows/application-management/app-v/appv-client-configuration-settings.md
View File

@ -14,7 +14,7 @@ ms.date: 04/18/2018
The Microsoft Application Virtualization (App-V) client stores its configuration in the registry. Understanding how the register's format for data works can help you better understand the client, as you can configure many client actions by changing registry entries. This topic lists the App-V client configuration settings and explains their uses. You can use Windows PowerShell to modify the client configuration settings. For more information about using Windows PowerShell and App-V see [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md).
You can use Group Policy to configure App-V client settings by navigating to the **Group Policy managment console** at **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
You can use Group Policy to configure App-V client settings by navigating to the **Group Policy management console** at **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
## App-V Client Configuration Settings: Windows PowerShell

2
windows/application-management/app-v/appv-connection-group-file.md
View File

@ -95,7 +95,7 @@ You can use the connection group file to configure each connection group by usin
The priority field is required when a running virtual application initiates from a native application request, such as Microsoft Windows Explorer. The App-V client uses the priority to determine which connection group virtual environment the application should run in. This situation occurs if a virtual application is part of multiple connection groups.
If a virtual application is opened using another virtual application, the client will use the orignal virtual application's virtual environment. The priority field is not used in this case.
If a virtual application is opened using another virtual application, the client will use the original virtual application's virtual environment. The priority field is not used in this case.
The following is an example of priority configuration:

2
windows/application-management/app-v/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
View File

@ -24,7 +24,7 @@ Here are some important things to know before you get started:
- If you add user-published packages in globally entitled connection groups, the connection group will fail.
- Track the connection groups where you've used a non-optional package before removing it with the **Unpublish-AppvClientPackage <</span>package> -global** cmdlet.
In situations where you have a gobally published package that's listed as non-optional in a user-published connection group that also appears in other packages, running **Unpublish-AppvClientPackage <</span>package> -global** cmdlet can unpublish the package from every connection group containing that package. Tracking connection groups can help you avoid unintentionally unpublishing non-optional packages.
In situations where you have a globally published package that's listed as non-optional in a user-published connection group that also appears in other packages, running **Unpublish-AppvClientPackage <</span>package> -global** cmdlet can unpublish the package from every connection group containing that package. Tracking connection groups can help you avoid unintentionally unpublishing non-optional packages.
## How to use Windows PowerShell cmdlets to create user-entitled connection groups

11
windows/application-management/app-v/appv-deploy-the-appv-server-with-a-script.md
View File

@ -413,12 +413,11 @@ To use a custom instance of Microsoft SQL Server, use these parameters:
### Example for using a custom instance of Microsoft SQL Server for installing the Reporting database on a different computer than the Reporting server
```SQL
Using a custom instance of Microsoft SQL Server example:<br>
/appv_server_setup.exe /QUIET<br>
/DB_PREDEPLOY_REPORTING<br>
/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
/REPORTING_DB_NAME="AppVReporting"<br>
/REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT="Domain\MachineAccount"<br>
/appv_server_setup.exe /QUIET
/DB_PREDEPLOY_REPORTING
/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"
/REPORTING_DB_NAME="AppVReporting"
/REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT="Domain\MachineAccount"
/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount"
```

2
windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
View File

@ -255,7 +255,7 @@ Deploy the App-V package for Office 2013 by using the same methods you use for a
### How to publish an Office package
Run the following command to publish an Office package globally, wtih the bracketed value replaced by the path to the App-V package:
Run the following command to publish an Office package globally, with the bracketed value replaced by the path to the App-V package:
```PowerShell
Add-AppvClientPackage <Path_to_AppV_Package> | Publish-AppvClientPackage global

2
windows/application-management/app-v/appv-deployment-checklist.md
View File

@ -12,7 +12,7 @@ ms.date: 04/18/2018
>Applies to: Windows 10, version 1607
This checklist outlines the recommended steps and items to consider when deploying App-V features. Use it to organize your priorites while you deploy App-V. You can copy this checklist into a spreadsheet program and customize it for your use.
This checklist outlines the recommended steps and items to consider when deploying App-V features. Use it to organize your priorities while you deploy App-V. You can copy this checklist into a spreadsheet program and customize it for your use.
|Status|Task|References|Notes|
|---|---|---|---|

4
windows/application-management/app-v/appv-dynamic-configuration.md
View File

@ -186,7 +186,7 @@ All shortcuts in the manifest will be ignored and no shortcuts will be integrate
</Shortcuts>
```
**File Type Associations**: Associates file types with programs to open by default as well as setup the context menu. (MIME types can also be set up with this susbsystem). The following is an example of a FileType association:
**File Type Associations**: Associates file types with programs to open by default as well as setup the context menu. (MIME types can also be set up with this subsystem). The following is an example of a FileType association:
```xml
<FileTypeAssociations Enabled="true">
@ -252,7 +252,7 @@ All shortcuts in the manifest will be ignored and no shortcuts will be integrate
</FileTypeAssociations>
```
**URL Protocols**: This controls the URL Protocols integrated into the local registry of the client machine. The following example illustrates the “mailto:” ptrotocol.
**URL Protocols**: This controls the URL Protocols integrated into the local registry of the client machine. The following example illustrates the “mailto:” protocol.
```xml
<URLProtocols Enabled="true">

6
windows/application-management/app-v/appv-performance-guidance.md
View File

@ -587,7 +587,7 @@ If, during sequencer monitoring, an SxS Assembly (such as a VC++ Runtime) is ins
**Client Side**:
When publishing a virtual application package, the App-V Client will detect if a required SxS dependency is already installed. If the dependency is unavailable on the computer and it is included in the package, a traditional Windows Insataller (.**msi**) installation of the SxS assembly will be initiated. As previously documented, simply install the dependency on the computer running the client to ensure that the Windows Installer (.msi) installation will not occur.
When publishing a virtual application package, the App-V Client will detect if a required SxS dependency is already installed. If the dependency is unavailable on the computer and it is included in the package, a traditional Windows Installer (.**msi**) installation of the SxS assembly will be initiated. As previously documented, simply install the dependency on the computer running the client to ensure that the Windows Installer (.msi) installation will not occur.
<table>
<colgroup>
@ -618,7 +618,7 @@ When publishing a virtual application package, the App-V Client will detect if a
 
### Disabling a Dynamic Configuration by using Windows Powershell
### Disabling a Dynamic Configuration by using Windows PowerShell
- For already published packages, you can use `Set-AppVClientPackage Name Myapp Path c:\Packages\Apps\MyApp.appv` without
@ -725,7 +725,7 @@ The following terms are used when describing concepts and actions related to App
- From the point that users initiate a log-in to when they are able to manipulate the desktop.
- From the point where the desktop can be interacted with to the point a publishing refresh begins (in Windows PowerShell terms, sync) when using the App-V full server infrastructure. In standalone instances, it is when the **Add-AppVClientPackage** and **Publish-AppVClientPackage** Windows Powershell commands are initiated.
- From the point where the desktop can be interacted with to the point a publishing refresh begins (in Windows PowerShell terms, sync) when using the App-V full server infrastructure. In standalone instances, it is when the **Add-AppVClientPackage** and **Publish-AppVClientPackage** Windows PowerShell commands are initiated.
- From start to completion of the publishing refresh. In standalone instances, this is the first to last virtual application published.

2
windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
View File

@ -37,7 +37,7 @@ For more information, see [Application publishing and client interaction](appv-a
## Unsupported scenarios for App-V folder redirection
The following scenatios aren't supported by App-V:
The following scenarios aren't supported by App-V:
* Configuring %LocalAppData% as a network drive.
* Redirecting the Start menu to a single folder for multiple users.

2
windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
View File

@ -77,7 +77,7 @@ The connection string on the management server can be modified to include ```fai
Use the following steps to modify the connection string to include ```failover partner = <server2>```:
>[!IMPORTANT]
>This process involves changing the Windows registry with Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. Always make a backup copy of the registry files (**System.dat** and **User.dat**) before chagning the registry. Microsoft can't guarantee that problems caused by changing the registry can be resolved, so change the registry at your own risk.
>This process involves changing the Windows registry with Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. Always make a backup copy of the registry files (**System.dat** and **User.dat**) before changing the registry. Microsoft can't guarantee that problems caused by changing the registry can be resolved, so change the registry at your own risk.
1. Log in to the management server and open **regedit**.
2. Navigate to **HKEY\_LOCAL\_MACHINE** \\ **Software** \\ **Microsoft** \\ **AppV** \\ **Server** \\ **ManagementService**.

2
windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
View File

@ -30,7 +30,7 @@ Ideally, you should install the sequencer on a computer running as a virtual mac
3. Take a “snapshot” of the environment.
>[!IMPORTANT]
>Your corporate security team should review and approve the sequencing process plan before implementing it. For security reasons, it's a good idea to keep sequencer operations in a lab separate from the production environment. The sequencing computers must be capapble of connecting to the corporate network to copy finished packages to the production servers. However, because the sequencing computers are typically operated without antivirus protection, they shouldn't remail on the corporate network unprotected. You can protect your sequencing computers by operating them on an isolated network, behind a firewall, or by using virtual machines on an isolated virtual network. Make sure your solution follows your company's corporate security policies.
>Your corporate security team should review and approve the sequencing process plan before implementing it. For security reasons, it's a good idea to keep sequencer operations in a lab separate from the production environment. The sequencing computers must be capable of connecting to the corporate network to copy finished packages to the production servers. However, because the sequencing computers are typically operated without antivirus protection, they shouldn't remain on the corporate network unprotected. You can protect your sequencing computers by operating them on an isolated network, behind a firewall, or by using virtual machines on an isolated virtual network. Make sure your solution follows your company's corporate security policies.
## Planning for App-V client deployment

4
windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
View File

@ -26,7 +26,7 @@ You can use the App-V Sequencer to create plug-in packages for language packs, l
For a list of supported Office products, see [Microsoft Office Product IDs that App-V supports](https://support.microsoft.com/help/2842297/product-ids-that-are-supported-by-the-office-deployment-tool-for-click).
>[!NOTE]
>You must use the Office Deployment Tool instead of the App-V Sequencer to create App-V packages for Office 365 ProPlus. App-V does not support package creation for volume-licensed versions of Office Professional Plus or Office Standard. Support for the [Office 2013 version of Office 365 ended in Februrary 2017](https://support.microsoft.com/kb/3199744).
>You must use the Office Deployment Tool instead of the App-V Sequencer to create App-V packages for Office 365 ProPlus. App-V does not support package creation for volume-licensed versions of Office Professional Plus or Office Standard. Support for the [Office 2013 version of Office 365 ended in February 2017](https://support.microsoft.com/kb/3199744).
## Using App-V with coexisting versions of Office
@ -90,7 +90,7 @@ To bypass the auto-registration operation for native Word 2010, follow these ste
* In Windows 8.1 or Windows 10, enter **regedit**, select **Enter** on the Start page, then select the Enter key.
If you're prompted for an administrator password, enter the password. If you're propmted for a confirmation, select **Continue**.
If you're prompted for an administrator password, enter the password. If you're prompted for a confirmation, select **Continue**.
3. Locate and then select the following registry subkey:
``` syntax

2
windows/application-management/app-v/appv-security-considerations.md
View File

@ -60,7 +60,7 @@ Consider the following additional information:
The following will help you plan how to ensure that virtualized packages are secure.
* If an application installer applies an access control list (ACL) to a file or directory, then that ACL is not persisted in the package. If thje file or directory is modified by a user when the package is deployed, the modified file or directory will either inherit the ACL in the **%userprofile%** or inherit the ACL of the target computers directory. The former occurs if the file or directory does not exist in a virtual file system location; the latter occurs if the file or directory exists in a virtual file system location, such as **%windir%**.
* If an application installer applies an access control list (ACL) to a file or directory, then that ACL is not persisted in the package. If the file or directory is modified by a user when the package is deployed, the modified file or directory will either inherit the ACL in the **%userprofile%** or inherit the ACL of the target computers directory. The former occurs if the file or directory does not exist in a virtual file system location; the latter occurs if the file or directory exists in a virtual file system location, such as **%windir%**.
## App-V log files

2
windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
View File

@ -84,7 +84,7 @@ In your publishing metadata query, enter the string values that correspond to th
<tr class="header">
<th align="left">Operating system</th>
<th align="left">Architecture</th>
<th align="left">Operating string string value</th>
<th align="left">String value</th>
</tr>
</thead>
<tbody>

4
windows/application-management/deploy-app-upgrades-windows-10-mobile.md
View File

@ -20,7 +20,7 @@ There are two steps to deploy an app upgrade:
1. [Define the supersedence](#define-app-supersedence) - this lets Configuration Manager know that the old version should be replaced by the new version.
2. [Deploy the upgrade](#deploy-the-app-upgrade) to your users.
The following steps walk you through the upgrade deployment process - we have an upgraded version of the Walking Scorer app (moving from version 12.23.2.0 to 12.23.3.0). Becasuse we previously used Configuration Manager to deploy the existing version, we'll use it now to upgrade the app.
The following steps walk you through the upgrade deployment process - we have an upgraded version of the Walking Scorer app (moving from version 12.23.2.0 to 12.23.3.0). Because we previously used Configuration Manager to deploy the existing version, we'll use it now to upgrade the app.
Before you can deploy the upgrade, make sure you import the new version of the app and distribute it to your manage.microsoft.com distribution point.
@ -42,7 +42,7 @@ Before you can deploy the upgrade, make sure you import the new version of the a
> Do **NOT** select **Uninstall**. This tells Configuration Manager to uninstall the old version, but it does **NOT** then install the new version.
6. Click **OK**.
7. If you have other versions of the same app, repeate steps 4-6 for each version. Click **OK** when you're done.
7. If you have other versions of the same app, repeat steps 4-6 for each version. Click **OK** when you're done.
> [!NOTE]
> Need to remove a supersedence? (Maybe the new version turned out to be flaky and you don't want users to get it yet.) On the **Supersedence** tab for the *new* version of the app, double-click the older version in the list of supersedence rules, and then change the **New Deployment Type** to **Do not replace**.

2
windows/application-management/msix-app-packaging-tool.md
View File

@ -15,7 +15,7 @@ ms.date: 12/03/2018
MSIX is a packaging format built to be safe, secure and reliable, based on a combination of .msi, .appx, App-V and ClickOnce installation technologies. You can [use the MSIX packaging tool](https://docs.microsoft.com/windows/msix/packaging-tool/create-app-package-msi-vm) to repackage your existing Win32 applications to the MSIX format.
You can either run your installer interactivly (through the UI) or create a package from the command line. Either way, you can convert an application without having the source code. Then, you can make your app available through the Microsoft Store.
You can either run your installer interactively (through the UI) or create a package from the command line. Either way, you can convert an application without having the source code. Then, you can make your app available through the Microsoft Store.
- [Package your favorite application installer](https://docs.microsoft.com/windows/msix/packaging-tool/create-app-package-msi-vm) interactively (msi, exe, App-V 5.x and ClickOnce) in MSIX format.
- Create a [modification package](https://docs.microsoft.com/windows/msix/packaging-tool/package-editor) to update an existing MSIX package.

2
windows/application-management/svchost-service-refactoring.md
View File

@ -68,7 +68,7 @@ For example, this is the registry key configuration for BFE:
## Memory footprint
Be aware that separating services increases the total number of SvcHost instances, which increases memory utlization. (Service grouping provided a modest reduction to the overall resource footprint of the services involved.)
Be aware that separating services increases the total number of SvcHost instances, which increases memory utilization. (Service grouping provided a modest reduction to the overall resource footprint of the services involved.)
Consider the following:

8
windows/client-management/data-collection-for-802-authentication.md
View File

@ -39,9 +39,10 @@ Use the following steps to collect wireless and wired logs on Windows and Window
netsh trace start scenario=lan globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wired_cli.etl
```
3. Run the following command to enable CAPI2 logging:
3. Run the following command to enable CAPI2 logging and increase the size :
```
wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:true
wevtutil sl Microsoft-Windows-CAPI2/Operational /ms:104857600
```
4. Create C:\MSLOG on the NPS to store captured logs.
@ -66,9 +67,10 @@ Use the following steps to collect wireless and wired logs on Windows and Window
netsh trace start scenario=lan globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wired_nps.etl
```
6. Run the following command to enable CAPI2 logging:
6. Run the following command to enable CAPI2 logging and increase the size :
```
wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:true
wevtutil sl Microsoft-Windows-CAPI2/Operational /ms:104857600
```
7. Run the following command from the command prompt on the client machine and start PSR to capture screen images:
@ -363,7 +365,7 @@ Use the following steps to collect wireless and wired logs on Windows and Window
reg save HKLM\System\CurrentControlSet\Services\CertSvc c:\MSLOG\%COMPUTERNAME%_CertSvc.hiv
reg export HKLM\System\CurrentControlSet\Services\CertSvc c:\MSLOG\%COMPUTERNAME%_CertSvc.txt
reg save HKLM\SOFTWARE\Microsoft\Cryptography c:\MSLOG\%COMPUTERNAME%_Cryptography.hiv
reg export HKLM\SOFTWARE\Microsoft\Cryptography c:\MSLOG\%COMPUTERNAME%_Cryptography.tx
reg export HKLM\SOFTWARE\Microsoft\Cryptography c:\MSLOG\%COMPUTERNAME%_Cryptography.txt
```
3. Copy the following files, if exist, to C:\MSLOG: %windir%\CAPolicy.inf
4. Log on to a domain controller and create C:\MSLOG to store captured logs.

8
windows/client-management/mdm/policy-csp-settings.md
View File

@ -239,10 +239,10 @@ The following list shows the supported values:
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
</tr>

2
windows/deployment/windows-autopilot/autopilot-faq.md
View File

@ -9,7 +9,6 @@ ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
ms.author: greg-lindsay
ms.date: 11/05/2018
---
# Windows Autopilot FAQ
@ -27,6 +26,7 @@ A [glossary](#glossary) of abbreviations used in this topic is provided at the e
| --- | --- |
| In the Partner Center, does the Tenant ID need to be provided with every device file upload? Is this needed to allow the business customer to access their devices in MSfB? | No. Providing the Tenant ID is a one-time entry in the Partner Center that can be re-used with future device uploads. |
| How does the customer or tenant know that their devices are ready to be claimed in MSfB? | After the device file upload is completed in the Partner Center, the tenant can see the devices available for Windows Autopilot setup in MSfB. The OEM would need to advise the tenant to access MSfB. Auto-notification from MSfB to the tenant is being developed. |
| How does a customer authorize an OEM or Channel Partner to register Autopilot devices on the customers behalf? | Before an OEM or Channel Partner can register a device for Autopilot on behalf of a customer, the customer must first give them consent. The consent process begins with the OEM or Channel Partner sending a link to the customer, which directs the customer to a consent page in Microsoft Store for Business. The steps explaining this process are [here](registration-auth.md). |
| Are there any restrictions if a business customer has registered devices in MSfB and later wants those devices to be managed by a CSP via the Partner Center? | The devices will need to be deleted in MSfB by the business customer before the CSP can upload and manage them in the Partner Center. |
| Does Windows Autopilot support removing the option to enable a local administrator account? | Windows Autopilot doesnt support removing the local admin account. However, it does support restricting the user performing AAD domain join in OOBE to a standard account (versus admin account by default).|
| How can I test the Windows Autopilot CSV file in the Partner Center? | Only CSP Partners have access to the Partner Center portal. If you are a CSP, you can create a Sales agent user account which has access to “Devices” for testing the file. This can be done today in the Partner Center. <br><br>Go [here](https://msdn.microsoft.com/partner-center/createuseraccounts-and-set-permissions) for more information. |

2
windows/deployment/windows-autopilot/registration-auth.md
View File

@ -67,7 +67,7 @@ Each OEM has a unique link to provide to their respective customers, which the O
![Not global admin](images/csp7.png)
3. Customer selects the **Yes** checkbox, followed by the **Accept** button, and theyre done. Authorization happens instantaneously.
4. The OEM can use the Validate Device Submission Data API to verify the consent has completed. This API is discussed in the latest version of the API Whitepaper, p. 14ff (https://devicepartner.microsoft.com/en-gb/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx). **Note**: this link is only accessible by Microsoft Device Partners. As discussed in this whitepaper, its a best practice recommendation for OEM partners to run the API check to confirm theyve received customer consent before attempting to register devices, thus avoiding errors in the registration process.
4. The OEM can use the Validate Device Submission Data API to verify the consent has completed. This API is discussed in the latest version of the API Whitepaper, p. 14ff [https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx](https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx). **Note**: this link is only accessible by Microsoft Device Partners. As discussed in this whitepaper, its a best practice recommendation for OEM partners to run the API check to confirm theyve received customer consent before attempting to register devices, thus avoiding errors in the registration process.
## Summary

4
windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
View File

@ -1915,8 +1915,8 @@ If you're not running Windows 10, version 1607 or later, you can use the other o
- **Personalization** > **Lock screen** > **Background** > **Windows spotlight**, select a different background, and turn off **Get fun facts, tips, tricks and more on your lock screen**.
> [!NOTE]
> In Windows 10, version 1507 and Windows 10, version 1511, this setting was named **Show me tips, tricks, and more on the lock screen**.
> [!NOTE]
> In Windows 10, version 1507 and Windows 10, version 1511, this setting was named **Show me tips, tricks, and more on the lock screen**.
- **Personalization** &gt; **Start** &gt; **Occasionally show suggestions in Start**.

2
windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
View File

@ -66,7 +66,7 @@ Sign-in using _Enterprise Admin_ equivalent credentials on Windows Server 2012 o
3. Use the following command to configure the Certificate Authority using a basic certificate authority configuration.
```PowerShell
Install-AdcsCertificateAuthority
Install-AdcsCertificationAuthority
```
## Configure a Production Public Key Infrastructure

2
windows/security/identity-protection/vpn/vpn-conditional-access.md
View File

@ -52,7 +52,7 @@ The following client-side components are also required:
- Trusted Platform Module (TPM)
## VPN device compliance
At this time, the Azure AD certificates issued to users do not contain a CRL Distribution Point (CDP) and are not suitable for Key Distribution Centers (KDCs) to issue Kerberos tokens. For users to gain access to on-premises resources such as files on a network share, client authentication certificates must be deployed to the Windows profiles of the users, and their VPNv2 profiles must contain the <SSO> section.
At this time, the Azure AD certificates issued to users do not contain a CRL Distribution Point (CDP) and are not suitable for Key Distribution Centers (KDCs) to issue Kerberos tokens. For users to gain access to on-premises resources such as files on a network share, client authentication certificates must be deployed to the Windows profiles of the users, and their VPNv2 profiles must contain the &lt;SSO&gt; section.
Server-side infrastructure requirements to support VPN device compliance include:

6
windows/security/information-protection/bitlocker/bitlocker-overview.md
View File

@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: brianlic-msft
ms.date: 10/16/2017
ms.date: 01/26/2018
---
# BitLocker
@ -42,7 +42,7 @@ BitLocker control panel, and they are appropriate to use for automated deploymen
## <a href="" id="bkmk-new"></a>New and changed functionality
To find out what's new in BitLocker for Windows 10, such as support for the XTS-AES encryption algorithm, see the [BitLocker](https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511#bitlocker) section in "What's new in Windows 10, versions 1507 and 1511."
To find out what's new in BitLocker for Windows 10, such as support for the XTS-AES encryption algorithm, see the [BitLocker](https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511#bitlocker) section in "What's new in Windows 10."
 
## System requirements
@ -71,7 +71,7 @@ When installing the BitLocker optional component on a server you will also need
| [BitLocker frequently asked questions (FAQ)](bitlocker-frequently-asked-questions.md) | This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.|
| [Prepare your organization for BitLocker: Planning and policies](prepare-your-organization-for-bitlocker-planning-and-policies.md)| This topic for the IT professional explains how can you plan your BitLocker deployment. |
| [BitLocker basic deployment](bitlocker-basic-deployment.md) | This topic for the IT professional explains how BitLocker features can be used to protect your data through drive encryption. |
| [BitLocker: How to deploy on Windows Server 2012 and later](bitlocker-how-to-deploy-on-windows-server.md)| This topic for the IT professional explains how to deploy BitLocker and Windows Server 2012 and later.|
| [BitLocker: How to deploy on Windows Server](bitlocker-how-to-deploy-on-windows-server.md)| This topic for the IT professional explains how to deploy BitLocker on Windows Server.|
| [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) | This topic for the IT professional describes how BitLocker Network Unlock works and how to configure it. |
| [BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker](bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md)| This topic for the IT professional describes how to use tools to manage BitLocker.|
| [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker-use-bitlocker-recovery-password-viewer.md) | This topic for the IT professional describes how to use the BitLocker Recovery Password Viewer. |

8
windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md
View File

@ -7,8 +7,6 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: brianlic-msft
ms.date: 08/17/2017
---
# BitLocker recovery guide
@ -26,7 +24,7 @@ This article does not detail how to configure AD DS to store the BitLocker reco
## <a href="" id="bkmk-whatisrecovery"></a>What is BitLocker recovery?
BitLocker recovery is the process by which you can restore access to a BitLocker-protected drive in the event that you cannot unlock the drive normally. In a recovery scenario you have the following options to restore access to the drive:
BitLocker recovery is the process by which you can restore access to a BitLocker-protected drive in the event that you cannot unlock the drive normally. In a recovery scenario, you have the following options to restore access to the drive:
- The user can supply the recovery password. If your organization allows users to print or store recovery passwords, the user can type in the 48-digit recovery password that they printed or stored on a USB drive or with your Microsoft Account online. (Saving a recovery password with your Microsoft Account online is only allowed when BitLocker is used on a PC that is not a member of a domain).
- A data recovery agent can use their credentials to unlock the drive. If the drive is an operating system drive, the drive must be mounted as a data drive on another computer for the data recovery agent to unlock it.
@ -36,7 +34,7 @@ BitLocker recovery is the process by which you can restore access to a BitLocker
The following list provides examples of specific events that will cause BitLocker to enter recovery mode when attempting to start the operating system drive:
- On PCs that use BitLocker, or on devices such as tablets or phones that use Device Encryption only, when an attack is detected, the device will immediately reboot and enter into BitLocker recovery mode. To take advantage of this functionality Administrators can set the **Interactive logon: Machine account lockout threshold** Group Policy setting located in **\\Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options** in the Local Group Policy Editor, or use the **MaxFailedPasswordAttempts** policy of [Exchange ActiveSync](https://technet.microsoft.com/library/aa998357.aspx) (also configurable through [Windows Intune](https://technet.microsoft.com/library/jj733621.aspx)), to limit the number of failed password attempts before the device goes into Device Lockout.
- On PCs that use BitLocker Drive Encryption, or on devices such as tablets or phones that use [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md) only, when an attack is detected, the device will immediately reboot and enter into BitLocker recovery mode. To take advantage of this functionality Administrators can set the **Interactive logon: Machine account lockout threshold** Group Policy setting located in **\\Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options** in the Local Group Policy Editor, or use the **MaxFailedPasswordAttempts** policy of [Exchange ActiveSync](https://technet.microsoft.com/library/aa998357.aspx) (also configurable through [Windows Intune](https://technet.microsoft.com/library/jj733621.aspx)), to limit the number of failed password attempts before the device goes into Device Lockout.
- On devices with TPM 1.2, changing the BIOS or firmware boot device order causes BitLocker recovery. However, devices with TPM 2.0 do not start BitLocker recovery in this case. TPM 2.0 does not consider a firmware change of boot device order as a security threat because the OS Boot Loader is not compromised.
- Having the CD or DVD drive before the hard drive in the BIOS boot order and then inserting or removing a CD or DVD.
- Failing to boot from a network drive before booting from the hard drive.
@ -245,7 +243,7 @@ This error might occur if you updated the firmware. As a best practice you shoul
## Windows RE and BitLocker Device Encryption
Windows Recovery Environment (RE) can be used to recover access to a drive protected by BitLocker Device Encryption. If a PC is unable to boot after two failures, Startup Repair will automatically start. When Startup Repair is launched automatically due to boot failures, it will only execute operating system and driver file repairs, provided that the boot logs or any available crash dump point to a specific corrupted file. In Windows 8.1 and later, devices that include firmware to support specific TPM measurements for PCR\[7\] the TPM can validate that Windows RE is a trusted operating environment and will unlock any BitLocker-protected drives if Windows RE has not been modified. If the Windows RE environment has been modified, for example the TPM has been disabled, the drives will stay locked until the BitLocker recovery key is provided. If Startup Repair is not able to be run automatically from the PC and instead Windows RE is manually started from a repair disk, the BitLocker recovery key must be provided to unlock the BitLockerprotected drives.
Windows Recovery Environment (RE) can be used to recover access to a drive protected by [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md). If a PC is unable to boot after two failures, Startup Repair will automatically start. When Startup Repair is launched automatically due to boot failures, it will only execute operating system and driver file repairs, provided that the boot logs or any available crash dump point to a specific corrupted file. In Windows 8.1 and later, devices that include firmware to support specific TPM measurements for PCR\[7\] the TPM can validate that Windows RE is a trusted operating environment and will unlock any BitLocker-protected drives if Windows RE has not been modified. If the Windows RE environment has been modified, for example the TPM has been disabled, the drives will stay locked until the BitLocker recovery key is provided. If Startup Repair is not able to be run automatically from the PC and instead Windows RE is manually started from a repair disk, the BitLocker recovery key must be provided to unlock the BitLockerprotected drives.
## <a href="" id="bkmk-usingaddrecovery"></a>Using additional recovery information

4
windows/security/information-protection/tpm/tpm-recommendations.md
View File

@ -87,7 +87,7 @@ For end consumers, TPM is behind the scenes but is still very relevant. TPM is u
### Windows 10 for desktop editions (Home, Pro, Enterprise, and Education)
- Since July 28, 2016, all new device models, lines or series (or if you are updating the hardware configuration of a existing model, line or series with a major update, such as CPU, graphic cards) must implement and enable by default TPM 2.0 (details in section 3.7 of the [Minimum hardware requirements](https://msdn.microsoft.com/library/windows/hardware/dn91508.aspx) page). The requirement to enable TPM 2.0 only applies to the manufacturing of new devices. For TPM recommendations for specific Windows features, see [TPM and Windows Features](#tpm-and-windows-features).
- Since July 28, 2016, all new device models, lines or series (or if you are updating the hardware configuration of a existing model, line or series with a major update, such as CPU, graphic cards) must implement and enable by default TPM 2.0 (details in section 3.7 of the [Minimum hardware requirements](https://docs.microsoft.com/windows-hardware/design/minimum/minimum-hardware-requirements-overview) page). The requirement to enable TPM 2.0 only applies to the manufacturing of new devices. For TPM recommendations for specific Windows features, see [TPM and Windows Features](#tpm-and-windows-features).
### IoT Core
@ -104,7 +104,7 @@ The following table defines which Windows features require TPM support.
| Windows Features | TPM Required | Supports TPM 1.2 | Supports TPM 2.0 | Details |
|-------------------------|--------------|--------------------|--------------------|----------|
| Measured Boot | Yes | Yes | Yes | Measured Boot requires TPM 1.2 or 2.0 and UEFI Secure Boot |
| BitLocker | Yes | Yes | Yes | TPM 1.2 or 2.0 is required |
| BitLocker | Yes | Yes | Yes | TPM 1.2 or 2.0 is required, but [Automatic Device Encryption requires Modern Standby](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) including TPM 2.0 support |
| Device Encryption | Yes | N/A | Yes | Device Encryption requires Modern Standby/Connected Standby certification, which requires TPM 2.0. |
| Windows Defender Application Control (Device Guard) | No | Yes | Yes | |
| Windows Defender Exploit Guard | No | N/A | N/A | |