deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'main' into CC-Update-Jan-2024

Browse Source
This commit is contained in:
Robert Durff 2024-01-26 07:44:41 -08:00 committed by GitHub
commit 596bddd52f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 571 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/application-management/includes/app-v-end-life-statement.md
View File

@ -4,9 +4,7 @@ ms.author: aaroncz
manager: aaroncz
ms.date: 09/20/2021
ms.topic: include
ms.prod: w10
ms.collection: tier1
ms.reviewer:
ms.service: windows-client
---
Application Virtualization will be [end of life in April 2026](/lifecycle/announcements/mdop-extended). We recommend looking at Azure Virtual Desktop with MSIX app attach. For more information, see [What is Azure Virtual Desktop?](/azure/virtual-desktop/overview) and [Set up MSIX app attach with the Azure portal](/azure/virtual-desktop/app-attach-azure-portal).

2
windows/configuration/includes/multi-app-kiosk-support-windows11.md
View File

@ -4,7 +4,7 @@ ms.author: aaroncz
ms.date: 09/21/2021
ms.reviewer:
manager: aaroncz
ms.prod: w10
ms.service: windows-client
ms.topic: include
---

7
windows/configuration/kiosk-methods.md
View File

@ -24,7 +24,7 @@ ms.date: 12/31/2017
Some desktop devices in an enterprise serve a special purpose. For example, a PC in the lobby that customers use to see your product catalog. Or, a PC displaying visual content as a digital sign. Windows client offers two different locked-down experiences for public or specialized use:
- **A single-app kiosk**: Runs a single Universal Windows Platform (UWP) app in full screen above the lock screen. People using the kiosk can see only that app. When the kiosk account (a local standard user account) signs in, the kiosk app will launch automatically, and you can configure the kiosk account to sign in automatically as well. If the kiosk app is closed, it will automatically restart.
- **A single-app kiosk**: Runs a single Universal Windows Platform (UWP) app in full screen above the lock screen. People using the kiosk can see only that app. When the kiosk account (a local standard user account) signs in, the kiosk app launches automatically, and you can configure the kiosk account to sign in automatically as well. If the kiosk app is closed, it will automatically restart.
A single-app kiosk is ideal for public use. Using [Shell Launcher](kiosk-shelllauncher.md), you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on. This type of single-app kiosk doesn't run above the lock screen.
@ -32,10 +32,7 @@ Some desktop devices in an enterprise serve a special purpose. For example, a PC
- **A multi-app kiosk**: Runs one or more apps from the desktop. People using the kiosk see a customized Start that shows only the tiles for the apps that are allowed. With this approach, you can configure a locked-down experience for different account types.
> [!NOTE]
> [!INCLUDE [Multi-app kiosk mode not supported on Windows 11](./includes/multi-app-kiosk-support-windows11.md)]
A multi-app kiosk is appropriate for devices that are shared by multiple people. When you configure a multi-app kiosk, [specific policies are enforced](kiosk-policies.md) that will affect **all** non-administrator users on the device.
A multi-app kiosk is appropriate for devices that are shared by multiple people. When you configure a multi-app kiosk, [specific policies are enforced](kiosk-policies.md) that affects **all** non-administrator users on the device.
![Illustration of a kiosk Start screen that runs multiple apps on a Windows client device.](images/kiosk-desktop.png)

7
windows/configuration/start-secondary-tiles.md
View File

@ -41,9 +41,10 @@ In Windows 10, version 1703, by using the PowerShell cmdlet `export-StartLayoutE
**Example of secondary tiles in XML generated by Export-StartLayout**
```xml
<start:SecondaryTile
AppUserModelID="Microsoft.Windows.Edge_cw5n1h2txyewy!Microsoft.Edge.Edge"
AppUserModelID="Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe!App"
TileID="-9513911450"
DisplayName="Bing"
Size="2x2"
@ -57,8 +58,6 @@ In Windows 10, version 1703, by using the PowerShell cmdlet `export-StartLayoutE
/>
```
## Export Start layout and assets
1. Follow the instructions in [Customize and export Start layout](customize-and-export-start-layout.md#customize-the-start-screen-on-your-test-computer) to customize the Start screen on your test computer.
@ -130,6 +129,7 @@ In Microsoft Intune, you create a device restrictions policy to apply to device
The **export-StartLayout** and **export-StartLayoutEdgeAssets** cmdlets produce XML files. Because Windows Configuration Designer produces a customizations.xml file that contains the configuration settings, adding the Start layout and Edge assets sections to the customizations.xml file directly would result in an XML file embedded in an XML file. Before you add the Start layout and Edge assets sections to the customizations.xml file, you must replace the markup characters in your layout.xml with escape characters.
1. Copy the contents of layout.xml into an online tool that escapes characters.
2. Copy the contents of assets.xml into an online tool that escapes characters.
@ -139,6 +139,7 @@ The **export-StartLayout** and **export-StartLayoutEdgeAssets** cmdlets produce
#### Create a provisioning package that contains a customized Start layout
Use the Windows Configuration Designer tool to create a provisioning package. [Learn how to install Windows Configuration Designer.](provisioning-packages/provisioning-install-icd.md)
>[!IMPORTANT]

6
windows/deployment/upgrade/resolve-windows-upgrade-errors.md
View File

@ -6,8 +6,8 @@ description: Resolve Windows upgrade errors for ITPros. Technical information fo
author: frankroj
ms.localizationpriority: medium
ms.topic: article
ms.prod: windows-client
ms.technology: itpro-deploy
ms.service: windows-client
ms.subservice: itpro-deploy
ms.date: 01/18/2024
appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
@ -37,7 +37,7 @@ See the following articles in this section:
- [Quick fixes](/troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 100\ Steps to take to eliminate many Windows upgrade errors.
- [SetupDiag](setupdiag.md): \Level 300\ SetupDiag is a new tool to help isolate the root cause of an upgrade failure.
- [Troubleshooting upgrade errors](/troubleshoot/windows-client/deployment/windows-upgrade-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 300\ General advice and techniques for troubleshooting Windows upgrade errors, and an explanation of phases used during the upgrade process.
- [Troubleshooting upgrade errors](/troubleshoot/windows-client/deployment/windows-10-upgrade-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 300\ General advice and techniques for troubleshooting Windows upgrade errors, and an explanation of phases used during the upgrade process.
- [Windows Error Reporting](windows-error-reporting.md): \Level 300\ How to use Event Viewer to review details about a Windows upgrade.
- [Upgrade error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json): \Level 400\ The components of an error code are explained.
- [Result codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes): Information about result codes.

638
windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md
View File

File diff suppressed because it is too large Load Diff

22
windows/security/application-security/application-control/windows-defender-application-control/design/wdac-wizard-parsing-event-logs.md
View File

@ -3,7 +3,7 @@ title: Windows Defender Application Control Wizard WDAC Event Parsing
description: Creating WDAC policy rules from the WDAC event logs and the MDE Advanced Hunting WDAC events.
ms.localizationpriority: medium
ms.topic: conceptual
ms.date: 02/01/2023
ms.date: 01/24/2024
---
# Creating WDAC Policy Rules from WDAC Events in the Wizard
@ -21,11 +21,11 @@ As of [version 2.2.0.0](https://webapp-wdac-wizard.azurewebsites.net/archives.ht
To create rules from the WDAC event logs on the system:
1. Select **Policy Editor** from the WDAC Wizard main page.
1. Select **Policy Editor** from the main page.
2. Select **Convert Event Log to a WDAC Policy**.
3. Select the **Parse Event Logs** button under the **Parse Event Logs from the System Event Viewer to Policy** header.
The Wizard will parse the relevant audit and block events from the CodeIntegrity (WDAC) Operational and AppLocker MSI and Script logs. You'll see a notification when the Wizard successfully finishes reading the events.
The Wizard parses the relevant audit and block events from the CodeIntegrity (WDAC) Operational and AppLocker MSI and Script logs. You see a notification when the Wizard successfully finishes reading the events.
> [!div class="mx-imgBorder"]
> [![Parse WDAC and AppLocker event log system events](../images/wdac-wizard-event-log-system.png)](../images/wdac-wizard-event-log-system-expanded.png)
@ -37,12 +37,12 @@ To create rules from the WDAC event logs on the system:
To create rules from the WDAC `.EVTX` event logs files on the system:
1. Select **Policy Editor** from the WDAC Wizard main page.
1. Select **Policy Editor** from the main page.
2. Select **Convert Event Log to a WDAC Policy**.
3. Select the **Parse Log File(s)** button under the **Parse Event Log evtx Files to Policy** header.
4. Select the WDAC CodeIntegrity Event log EVTX file(s) from the disk to parse.
The Wizard will parse the relevant audit and block events from the selected log files. You'll see a notification when the Wizard successfully finishes reading the events.
The Wizard parses the relevant audit and block events from the selected log files. You see a notification when the Wizard successfully finishes reading the events.
> [!div class="mx-imgBorder"]
> [![Parse evtx file WDAC events](../images/wdac-wizard-event-log-files.png)](../images/wdac-wizard-event-log-files-expanded.png)
@ -57,7 +57,7 @@ To create rules from the WDAC events in [MDE Advanced Hunting](../operations/que
1. Navigate to the Advanced Hunting section within the MDE console and query the WDAC events. **The Wizard requires the following fields** in the Advanced Hunting csv file export:
```KQL
| project Timestamp, DeviceId, DeviceName, ActionType, FileName, FolderPath, SHA1, SHA256, IssuerName, IssuerTBSHash, PublisherName, PublisherTBSHash, AuthenticodeHash, PolicyId, PolicyName
| project-keep Timestamp, DeviceId, DeviceName, ActionType, FileName, FolderPath, SHA1, SHA256, IssuerName, IssuerTBSHash, PublisherName, PublisherTBSHash, AuthenticodeHash, PolicyId, PolicyName
```
The following Advanced Hunting query is recommended:
@ -76,7 +76,7 @@ To create rules from the WDAC events in [MDE Advanced Hunting](../operations/que
| extend PolicyId = parsejson(AdditionalFields).PolicyID
| extend PolicyName = parsejson(AdditionalFields).PolicyName
// Keep only required fields for the WDAC Wizard
| project Timestamp,DeviceId,DeviceName,ActionType,FileName,FolderPath,SHA1,SHA256,IssuerName,IssuerTBSHash,PublisherName,PublisherTBSHash,AuthenticodeHash,PolicyId,PolicyName
| project-keep Timestamp,DeviceId,DeviceName,ActionType,FileName,FolderPath,SHA1,SHA256,IssuerName,IssuerTBSHash,PublisherName,PublisherTBSHash,AuthenticodeHash,PolicyId,PolicyName
```
2. Export the WDAC event results by selecting the **Export** button in the results view.
@ -84,12 +84,12 @@ To create rules from the WDAC events in [MDE Advanced Hunting](../operations/que
> [!div class="mx-imgBorder"]
> [![Export the MDE Advanced Hunting results to CSV](../images/wdac-wizard-event-log-mde-ah-export.png)](../images/wdac-wizard-event-log-mde-ah-export-expanded.png)
3. Select **Policy Editor** from the WDAC Wizard main page.
3. Select **Policy Editor** from the main page.
4. Select **Convert Event Log to a WDAC Policy**.
5. Select the **Parse Log File(s)** button under the "Parse MDE Advanced Hunting Events to Policy" header.
6. Select the WDAC MDE Advanced Hunting export CSV files from the disk to parse.
The Wizard will parse the relevant audit and block events from the selected Advanced Hunting log files. You'll see a notification when the Wizard successfully finishes reading the events.
The Wizard will parse the relevant audit and block events from the selected Advanced Hunting log files. You see a notification when the Wizard successfully finishes reading the events.
> [!div class="mx-imgBorder"]
> [![Parse the Advanced Hunting CSV WDAC event files](../images/wdac-wizard-event-log-mde-ah-parsing.png)](../images/wdac-wizard-event-log-mde-ah-parsing-expanded.png)
@ -99,14 +99,14 @@ To create rules from the WDAC events in [MDE Advanced Hunting](../operations/que
## Creating Policy Rules from the Events
On the "Configure Event Log Rules" page, the unique WDAC log events will be shown in the table. Event Ids, filenames, product names, the policy name that audited or blocked the file, and the file publisher are all shown in the table. The table can be sorted alphabetically by clicking on any of the headers.
On the "Configure Event Log Rules" page, the unique WDAC log events are shown in the table. Event Ids, filenames, product names, the policy name that audited or blocked the file, and the file publisher are all shown in the table. The table can be sorted alphabetically by clicking on any of the headers.
To create a rule and add it to the WDAC policy:
1. Select an audit or block event in the table by selecting the row of interest.
2. Select a rule type from the dropdown. The Wizard supports creating Publisher, Path, File Attribute, Packaged App and Hash rules.
3. Select the attributes and fields that should be added to the policy rules using the checkboxes provided for the rule type.
4. Select the **Add Allow Rule** button to add the configured rule to the policy generated by the Wizard. The "Added to policy" label will be added to the selected row confirming that the rule will be generated.
4. Select the **Add Allow Rule** button to add the configured rule to the policy generated by the Wizard. The "Added to policy" label is shown in the selected row confirming that the rule will be generated.
> [!div class="mx-imgBorder"]
> [![Adding a publisher rule to the WDAC policy](../images/wdac-wizard-event-rule-creation.png)](../images/wdac-wizard-event-rule-creation-expanded.png)